Versions Compared

Old Version 12

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version 13

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Element Name

Required/Default

Function

parentPomDir

Yes

This is the absolute path to the directory where the parent pom for the project is stored. This is parsed and used to

  • Establish the groupId for all artifacts (to allow signature lookup)

  • Establish which versions of the different artifacts are expected

enforcerData V2 only

Yes

Absolute path to the folder where the keys (and if required) signatures for jars is located. See below.

dataGroupId V3.0
dataArtifactId V3.0
dataVersion V3.0

Yes

Maven coordinates of the project which contains the keys (and if required) signatures for jars. See below.

Supercedes enforcerData

dataKeyRing V3.0

Yes

Absolute path to a keyring with keys which will be used to check the validity of the above specified jar file.

jarDirs V2 only

Yes

Space separated list of absolute paths to directories to be checked.

tgzFiles V3.0


One must be present

Space separated list of tar.gz files to be scanned. Supercedes jarFiles

zipFiles V3.0

Space separated list of zip files to be scanned. Supercedes jarFiles

checkSignatures

No / “true”

Whether to run signature checking on the contents

sigCheckReportPath V3.0

${project.build.directory}\signatureReport.txt

Where to write the report of the signature checking.

checkDependencies

No / “true”

Whether to run dependency analysis and report if any versions mismatch

listJarSources

No / “false”

Whether, as part of the dependency check to do a reverse look up of artefact to source (this is a slow operation)

depCheckReportPathV3.0

${project.build.directory}\dependencyReport.txt

Where to write the report of the signature checking.

artifactMap V2 only

No/ ““

An absolute path pointing to a property file which specifies the mapping from artifactId to groupId (for inherited dependencies which are not specified in the project pom files). The groupId is used to locate the keyring used to check the jar signatures.

checkM2

No/”false”

Whether all the non-source, non-test jar files in the users maven repository (~/.m2/repository) will be checked

m2ReportPath V3.0

${project.build.directory}\m2SignatureReport.txt

Where to write the report of the m2 checking.

Expand
titleAdvanced checkDependencies Configuration

The checkDependencies test will fail for several reasons. In certain circumstances, some strange configurations are required. Whether these start configurations are fatal or not can be controlled by four further Elements. Each element is a boolean (true/false) and defaults to true

  • compileRuntimeArtifactFatal. Setting this to false allows an artifact to be declared as runtime scope in some pom files and as compile scope in others. As an example, the IdP sets this element to false to cope with the logback artifacts (logback-classic and logback-core)

  • multipleJarVersionsFatal. If the sane artifact (with the same or different versions) is found in multiple places in the supplied distribution the enforcer will fail unless this element is set to false. For example until V4.1.5 the IdP shipped with jcommander in the war\WEB_INF\lib folder and the bin\lib folder.

  • pomVersionMismatchFatal. If the a declaration of the same artifact carries different versions across the pom files then the enforcer will fail unless this element is set to false. For example in the later V4.1 distributions the version of spring (set in the spring-bim file) is overridden in the idp-parent pom.

  • distVersionMismatchFatal. If the artifact is the distribution has a difference version to that specified in the pom files then the enforcer will fail unless this element is set to false. I can think of no reason why this might be anything but a misconfiguration.

The Enforcer Data jar

The jar file referenced by the dataGroupId/dataArtifactId/dataVersion coordinated contains three sets of data used by the enforcer. These are all contained below the net/shibboleth/mvn/enforcer/data/ directory.

...