tycho & jar signing
You can see a working example in The Mylyn-Mantis connector pom.xml . I have a special profile for signing:
<profile>
<id>sign</id>
<activation>
<property>
<name>jarsigner.alias</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<version>1.2</version>
<executions>
<execution>
<id>sign</id>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
Typically I invoke the sign command as mvn clean package -Djarsigner.alias=... -Djarsigner.storepass=... -Djarsigner.keypass=....
.
You also need to have a code signing certificate, whcih you will import using keytool -trustcacerts -importcert -file $CERTIFICATE -alias $ALIAS -keystore keystore.jks
.