Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Output a report or text file of the verification #136

Closed
mgrilvaca opened this issue Jul 11, 2020 · 3 comments · Fixed by #283
Closed

Output a report or text file of the verification #136

mgrilvaca opened this issue Jul 11, 2020 · 3 comments · Fixed by #283
Assignees
@slawekjaranowski
Labels
enhancement New feature or request.

Comments

@mgrilvaca
Copy link

Is your feature request related to a problem? Please describe.
Currently when running the plugin, the only way to see what was verified is in the command prompt window and to archive it by copying and pasting it into a document or outputting the results with the entire maven logging.

Describe the solution you'd like
When running the plugin, I'm looking for a way to output a report or even a text file to easily show the PGP verification of each dependency.

Describe alternatives you've considered
An even cooler approach would be to implement it within the maven site plugin to run in the reporting portion of maven. For instance, running "mvn site" would include a report of the pgpverify results.

Thank you!
@slawekjaranowski slawekjaranowski added the enhancement New feature or request. label Jul 11, 2020
@slawekjaranowski
Copy link
Member

My proposition in this step is produce report in json format, it will be ease to parse in next step.

Next steps which consume raport will be:

First we should confirm what data of verification process we want store for next steps.

My proposition:

[
    {
        "group": "groupId",
        "artefact": "artefactId",
        "packaging": "packaging",
        "version": "version of artefact",
        "key": {
            "finger": "key FingerPrint",
            "master": "master key FingerPrint",
            "uid": ["uid1", "uid2"] 
        },
        "signature": {
            "hash": "hash algorithm",
            "key": "key algorithm",
            "date": "date of signature",
            "status": "signature validation status"
        }
    }
]

@cobratbq
Copy link
Contributor

A few suggestions:

  1. field name artefact --> artifact (typo)
  2. I would change finger to fingerprint ... as it isn't a real abbreviation and this way it just reads nicer.
  3. Would it be possible to include the public key status? (valid, expired, revoked)
  4. In case of missing signature: field signature with null? (Same for field key.)

slawekjaranowski added a commit that referenced this issue Oct 24, 2020
@slawekjaranowski
PGPShowMojo - Show information about artifact signature.
28cd212 
connected: #169, #136
slawekjaranowski added a commit that referenced this issue Oct 24, 2020
@slawekjaranowski
PGPShowMojo - Show information about artifact signature.
2aa331d 
connected: #169, #136
@slawekjaranowski
Copy link
Member

Please see: #169 report can contain information similar to show mojo.

@slawekjaranowski slawekjaranowski self-assigned this Oct 25, 2020
slawekjaranowski added a commit that referenced this issue Jun 6, 2021
@slawekjaranowski
generate report of verification status
d5525df 
fix: #136
@slawekjaranowski slawekjaranowski linked a pull request Jun 6, 2021 that will close this issue
generate report of verification status #283
Merged
slawekjaranowski added a commit that referenced this issue Jun 6, 2021
@slawekjaranowski
generate report of verification status
3781836 
fix: #136
slawekjaranowski added a commit that referenced this issue Jun 6, 2021
@slawekjaranowski
generate report of verification status
1ab2c2f 
fix: #136
@slawekjaranowski slawekjaranowski removed a link to a pull request Jun 6, 2021
generate report of verification status #283
Merged
@slawekjaranowski slawekjaranowski linked a pull request Jun 6, 2021 that will close this issue
generate report of verification status #283
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@slawekjaranowski slawekjaranowski

Labels
enhancement New feature or request.
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

generate report of verification status s4u/pgpverify-maven-plugin
3 participants
@cobratbq @slawekjaranowski @mgrilvaca