Prepare re-signing pgm's ueberjar to avoid SecurityException

Since we now sign all build artifacts immediately after creating them
we need to re-sign the ueberjar created for jgit command line tool
because the signatures of the individual jars are invalidated when
repacking them into the ueberjar. Hence we need to exclude the
signatures of the individual jars when using maven-shade-plugin to
create the ueberjar.

Also install the shaded plugin into maven repository and exclude osgi
framework sources which were included unintentionally.

See http://dev.eclipse.org/mhonarc/lists/jgit-dev/msg02277.html

Change-Id: Ia302e68a4b2a9399cb18025274574e31d3d3e407
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>

1 files changed, 14 insertions, 0 deletions

diff --git a/org.eclipse.jgit.pgm/pom.xml b/org.eclipse.jgit.pgm/pom.xml
index ff80bebf0d..93ac8fd4f3 100644
--- a/org.eclipse.jgit.pgm/pom.xml
+++ b/org.eclipse.jgit.pgm/pom.xml
@@ -178,6 +178,20 @@
                   </manifestEntries>
                 </transformer>
               </transformers>
+              <filters>
+                <!-- exclude the signing data for individual jars, ueberjar will be signed again -->
+                <filter>
+                  <artifact>*:*</artifact>
+                  <excludes>
+                    <exclude>META-INF/*.SF</exclude>
+                    <exclude>META-INF/*.DSA</exclude>
+                    <exclude>META-INF/*.RSA</exclude>
+                    <exclude>OSGI-OPT/**</exclude>
+                  </excludes>
+                </filter>
+              </filters>
+              <shadedArtifactAttached>true</shadedArtifactAttached>
+              <shadedClassifierName>shaded</shadedClassifierName> <!-- Any name that makes sense -->
             </configuration>
           </execution>
         </executions>