From 8ff533adfb71ca0b7cf0bee480cb185620732f18 Mon Sep 17 00:00:00 2001
From: Tamas Cservenak <tamas@cservenak.net>
Date: Mon, 24 Feb 2025 20:25:50 +0100
Subject: [PATCH 1/2] Sigstore bugfix

Seems sigstore depends on TCCL that went unnoticed in
test, but explodes when this generator used as Maven
extension.
---
 .../sigstore/SigstoreSignatureArtifactGenerator.java   | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/maven-resolver-generator-sigstore/src/main/java/org/eclipse/aether/generator/sigstore/SigstoreSignatureArtifactGenerator.java b/maven-resolver-generator-sigstore/src/main/java/org/eclipse/aether/generator/sigstore/SigstoreSignatureArtifactGenerator.java
index c40c02e22..43cc27ca7 100644
--- a/maven-resolver-generator-sigstore/src/main/java/org/eclipse/aether/generator/sigstore/SigstoreSignatureArtifactGenerator.java
+++ b/maven-resolver-generator-sigstore/src/main/java/org/eclipse/aether/generator/sigstore/SigstoreSignatureArtifactGenerator.java
@@ -77,6 +77,8 @@ public Collection<? extends Artifact> generate(Collection<? extends Artifact> ge
 
             // sign relevant artifacts
             ArrayList<Artifact> result = new ArrayList<>();
+            ClassLoader originalClassLoader = Thread.currentThread().getContextClassLoader();
+            Thread.currentThread().setContextClassLoader(KeylessSigner.class.getClassLoader());
             try (KeylessSigner signer = publicStaging
                     ? KeylessSigner.builder().sigstoreStagingDefaults().build()
                     : KeylessSigner.builder().sigstorePublicDefaults().build()) {
@@ -122,6 +124,8 @@ public Collection<? extends Artifact> generate(Collection<? extends Artifact> ge
                                 signatureTempFile.toFile()));
                     }
                 }
+            } finally {
+                Thread.currentThread().setContextClassLoader(originalClassLoader);
             }
             logger.info("Signed {} artifacts with Sigstore", result.size());
             return result;
@@ -134,6 +138,12 @@ public Collection<? extends Artifact> generate(Collection<? extends Artifact> ge
         }
     }
 
+    private KeylessSigner getKeylessSigner() throws Exception {
+        return publicStaging
+                ? KeylessSigner.builder().sigstoreStagingDefaults().build()
+                : KeylessSigner.builder().sigstorePublicDefaults().build();
+    }
+
     @Override
     public void close() {
         signatureTempFiles.forEach(p -> {

From 1954dd727cb92dbb6394433a0abf7642a6dbf3ca Mon Sep 17 00:00:00 2001
From: Tamas Cservenak <tamas@cservenak.net>
Date: Mon, 24 Feb 2025 20:26:51 +0100
Subject: [PATCH 2/2] Drop unused

---
 .../sigstore/SigstoreSignatureArtifactGenerator.java        | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/maven-resolver-generator-sigstore/src/main/java/org/eclipse/aether/generator/sigstore/SigstoreSignatureArtifactGenerator.java b/maven-resolver-generator-sigstore/src/main/java/org/eclipse/aether/generator/sigstore/SigstoreSignatureArtifactGenerator.java
index 43cc27ca7..7e7ca6712 100644
--- a/maven-resolver-generator-sigstore/src/main/java/org/eclipse/aether/generator/sigstore/SigstoreSignatureArtifactGenerator.java
+++ b/maven-resolver-generator-sigstore/src/main/java/org/eclipse/aether/generator/sigstore/SigstoreSignatureArtifactGenerator.java
@@ -138,12 +138,6 @@ public Collection<? extends Artifact> generate(Collection<? extends Artifact> ge
         }
     }
 
-    private KeylessSigner getKeylessSigner() throws Exception {
-        return publicStaging
-                ? KeylessSigner.builder().sigstoreStagingDefaults().build()
-                : KeylessSigner.builder().sigstorePublicDefaults().build();
-    }
-
     @Override
     public void close() {
         signatureTempFiles.forEach(p -> {