To enable signing you need to provide a key store path (in the keystore node below), a key alias (in the
alias node below), and passwords for both the keystore and the key (in the storepass and keypass nodes
respectively).
Include the following in the pom file. If you use a hierarchical project structure then the below should be
located in the parent pom in order to sign all child poms with the same key.
<profiles>
<profile>
<id>sign</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<executions>
<execution>
<id>signing</id>
<goals>
<goal>sign</goal>
</goals>
<phase>package</phase>
<inherited>true</inherited>
<configuration>
<archiveDirectory></archiveDirectory>
<includes>
<include>target/*.apk</include>
</includes>
<keystore>path/to/keystore</keystore>
<storepass>storepasword</storepass>
<keypass>keypassword</keypass>
<alias>key-alias</alias>
<arguments>
<argument>-sigalg</argument><argument>MD5withRSA</argument>
<argument>-digestalg</argument><argument>SHA1</argument>
</arguments>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.simpligility.maven.plugins</groupId>
<artifactId>android-maven-plugin</artifactId>
<inherited>true</inherited>
<configuration>
<sign>
<debug>false</debug>
</sign>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
To trigger the profile use e.g., the following command:
The configuration will bind the jarsigner plugin to the package phase of the execution when
enabled with the -Psign switch in the build. Rather then storing the passwords in clear text
in your pom you can pass them to maven as arguments when you execute the command. Go to the
jarsigner plugins documentation
for information on how it works and how it can be configured.
