DependencyVerificationFixture.groovy

Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Add API to disable dependency verification

This commit adds an API to disable verification on a specific

configuration (using `resolutionStrategy.disableDependencyVerification`.

This would let tasks which perform special dependency resolution (like

checking newer versions of dependencies) to pass even if dependency

verification is enabled.

    • -0
    • +6
    ./DependencyVerificationFixture.groovy
  1. … 11 more files in changeset.
Add API to disable dependency verification

This commit adds an API to disable verification on a specific

configuration (using `resolutionStrategy.disableDependencyVerification`.

This would let tasks which perform special dependency resolution (like

checking newer versions of dependencies) to pass even if dependency

verification is enabled.

    • -0
    • +6
    ./DependencyVerificationFixture.groovy
  1. … 11 more files in changeset.
Add API to disable dependency verification

This commit adds an API to disable verification on a specific

configuration (using `resolutionStrategy.disableDependencyVerification`.

This would let tasks which perform special dependency resolution (like

checking newer versions of dependencies) to pass even if dependency

verification is enabled.

    • -0
    • +6
    ./DependencyVerificationFixture.groovy
  1. … 11 more files in changeset.
Add API to disable dependency verification

This commit adds an API to disable verification on a specific

configuration (using `resolutionStrategy.disableDependencyVerification`.

This would let tasks which perform special dependency resolution (like

checking newer versions of dependencies) to pass even if dependency

verification is enabled.

    • -0
    • +6
    ./DependencyVerificationFixture.groovy
  1. … 11 more files in changeset.
Add API to disable dependency verification

This commit adds an API to disable verification on a specific

configuration (using `resolutionStrategy.disableDependencyVerification`.

This would let tasks which perform special dependency resolution (like

checking newer versions of dependencies) to pass even if dependency

verification is enabled.

    • -0
    • +6
    ./DependencyVerificationFixture.groovy
  1. … 11 more files in changeset.
Add an XML schema for the verification file

    • -0
    • +4
    ./DependencyVerificationFixture.groovy
  1. … 4 more files in changeset.
Add an XML schema for the verification file

    • -0
    • +4
    ./DependencyVerificationFixture.groovy
  1. … 4 more files in changeset.
Add an XML schema for the verification file

    • -0
    • +4
    ./DependencyVerificationFixture.groovy
  1. … 4 more files in changeset.
Allow signature verification file generation

This commit adds the ability to generate a verification file which relies

on PGP signature verification. With this mode, Gradle will download the

signatures and verify them. Depending on the result of verification,

Gradle will either:

- automatically add trusted keys if verification passed

- automatically ignore keys if they couldn't be downloaded

- automatically ignore keys if verification failed

If verification failed or that a key couldn't be downloaded, a

WARNING will be issued to encourage the user to verify what

happened.

In order to reduce the size of the verification file, Gradle will

also automatically perform "normalization" of verifications by

configuring globally trusted keys for artifacts which share the same

group or a common super group.

    • -0
    • +16
    ./DependencyVerificationFixture.groovy
  1. … 22 more files in changeset.
Allow signature verification file generation

This commit adds the ability to generate a verification file which relies

on PGP signature verification. With this mode, Gradle will download the

signatures and verify them. Depending on the result of verification,

Gradle will either:

- automatically add trusted keys if verification passed

- automatically ignore keys if they couldn't be downloaded

- automatically ignore keys if verification failed

If verification failed or that a key couldn't be downloaded, a

WARNING will be issued to encourage the user to verify what

happened.

In order to reduce the size of the verification file, Gradle will

also automatically perform "normalization" of verifications by

configuring globally trusted keys for artifacts which share the same

group or a common super group.

    • -0
    • +16
    ./DependencyVerificationFixture.groovy
  1. … 22 more files in changeset.
Allow signature verification file generation

This commit adds the ability to generate a verification file which relies

on PGP signature verification. With this mode, Gradle will download the

signatures and verify them. Depending on the result of verification,

Gradle will either:

- automatically add trusted keys if verification passed

- automatically ignore keys if they couldn't be downloaded

- automatically ignore keys if verification failed

If verification failed or that a key couldn't be downloaded, a

WARNING will be issued to encourage the user to verify what

happened.

In order to reduce the size of the verification file, Gradle will

also automatically perform "normalization" of verifications by

configuring globally trusted keys for artifacts which share the same

group or a common super group.

    • -0
    • +16
    ./DependencyVerificationFixture.groovy
  1. … 22 more files in changeset.
Allow signature verification file generation

This commit adds the ability to generate a verification file which relies

on PGP signature verification. With this mode, Gradle will download the

signatures and verify them. Depending on the result of verification,

Gradle will either:

- automatically add trusted keys if verification passed

- automatically ignore keys if they couldn't be downloaded

- automatically ignore keys if verification failed

If verification failed or that a key couldn't be downloaded, a

WARNING will be issued to encourage the user to verify what

happened.

In order to reduce the size of the verification file, Gradle will

also automatically perform "normalization" of verifications by

configuring globally trusted keys for artifacts which share the same

group or a common super group.

    • -0
    • +16
    ./DependencyVerificationFixture.groovy
  1. … 22 more files in changeset.
Allow signature verification file generation

This commit adds the ability to generate a verification file which relies

on PGP signature verification. With this mode, Gradle will download the

signatures and verify them. Depending on the result of verification,

Gradle will either:

- automatically add trusted keys if verification passed

- automatically ignore keys if they couldn't be downloaded

- automatically ignore keys if verification failed

If verification failed or that a key couldn't be downloaded, a

WARNING will be issued to encourage the user to verify what

happened.

In order to reduce the size of the verification file, Gradle will

also automatically perform "normalization" of verifications by

configuring globally trusted keys for artifacts which share the same

group or a common super group.

    • -0
    • +16
    ./DependencyVerificationFixture.groovy
  1. … 22 more files in changeset.
Add ability to ignore keys for a specific artifact

The use case for this is whenever signature for an artifact fails, but

for some reason the user still trusts the artifact. For example, a POM

file is different between different repositories because it happened

to be published twice with different timestamps.

In this case it is recommended to ignore the signature, however we

_will_ fallback on checksum verification.

    • -2
    • +20
    ./DependencyVerificationFixture.groovy
  1. … 13 more files in changeset.
Add ability to ignore keys for a specific artifact

The use case for this is whenever signature for an artifact fails, but

for some reason the user still trusts the artifact. For example, a POM

file is different between different repositories because it happened

to be published twice with different timestamps.

In this case it is recommended to ignore the signature, however we

_will_ fallback on checksum verification.

    • -2
    • +20
    ./DependencyVerificationFixture.groovy
  1. … 13 more files in changeset.
Add ability to ignore keys for a specific artifact

The use case for this is whenever signature for an artifact fails, but

for some reason the user still trusts the artifact. For example, a POM

file is different between different repositories because it happened

to be published twice with different timestamps.

In this case it is recommended to ignore the signature, however we

_will_ fallback on checksum verification.

    • -2
    • +20
    ./DependencyVerificationFixture.groovy
  1. … 13 more files in changeset.
Add ability to ignore keys for a specific artifact

The use case for this is whenever signature for an artifact fails, but

for some reason the user still trusts the artifact. For example, a POM

file is different between different repositories because it happened

to be published twice with different timestamps.

In this case it is recommended to ignore the signature, however we

_will_ fallback on checksum verification.

    • -2
    • +20
    ./DependencyVerificationFixture.groovy
  1. … 13 more files in changeset.
Add ability to ignore keys for a specific artifact

The use case for this is whenever signature for an artifact fails, but

for some reason the user still trusts the artifact. For example, a POM

file is different between different repositories because it happened

to be published twice with different timestamps.

In this case it is recommended to ignore the signature, however we

_will_ fallback on checksum verification.

    • -2
    • +20
    ./DependencyVerificationFixture.groovy
  1. … 13 more files in changeset.
Add ability to ignore keys for a specific artifact

The use case for this is whenever signature for an artifact fails, but

for some reason the user still trusts the artifact. For example, a POM

file is different between different repositories because it happened

to be published twice with different timestamps.

In this case it is recommended to ignore the signature, however we

_will_ fallback on checksum verification.

    • -2
    • +20
    ./DependencyVerificationFixture.groovy
  1. … 13 more files in changeset.
Add a signature verification cache

This cache avoids re-checking signatures on every build, or even for

the same file multiple times during a build.

    • -0
    • +6
    ./DependencyVerificationFixture.groovy
  1. … 10 more files in changeset.
Add a signature verification cache

This cache avoids re-checking signatures on every build, or even for

the same file multiple times during a build.

    • -0
    • +6
    ./DependencyVerificationFixture.groovy
  1. … 12 more files in changeset.
Add a signature verification cache

This cache avoids re-checking signatures on every build, or even for

the same file multiple times during a build.

    • -0
    • +6
    ./DependencyVerificationFixture.groovy
  1. … 12 more files in changeset.
Add support for globally trusted keys

A globally trusted key can be used to trust a number of

modules and greatly simplifies configuration: instead of

having to specify checksums for all modules, a user can

declare the keys they trust and use a similar syntax to

trusted artifacts to say to what group/name/version the

key applies.

It's often the case that the same keys are used for

several artifacts of the same group or same company, so

this makes it possible to avoid a lot of boilerplate as

long as the artifacts are signed by the same keys.

    • -0
    • +4
    ./DependencyVerificationFixture.groovy
  1. … 9 more files in changeset.
Add support for globally trusted keys

A globally trusted key can be used to trust a number of

modules and greatly simplifies configuration: instead of

having to specify checksums for all modules, a user can

declare the keys they trust and use a similar syntax to

trusted artifacts to say to what group/name/version the

key applies.

It's often the case that the same keys are used for

several artifacts of the same group or same company, so

this makes it possible to avoid a lot of boilerplate as

long as the artifacts are signed by the same keys.

    • -0
    • +4
    ./DependencyVerificationFixture.groovy
  1. … 9 more files in changeset.
Add support for globally trusted keys

A globally trusted key can be used to trust a number of

modules and greatly simplifies configuration: instead of

having to specify checksums for all modules, a user can

declare the keys they trust and use a similar syntax to

trusted artifacts to say to what group/name/version the

key applies.

It's often the case that the same keys are used for

several artifacts of the same group or same company, so

this makes it possible to avoid a lot of boilerplate as

long as the artifacts are signed by the same keys.

    • -0
    • +4
    ./DependencyVerificationFixture.groovy
  1. … 9 more files in changeset.
Add support for globally trusted keys

A globally trusted key can be used to trust a number of

modules and greatly simplifies configuration: instead of

having to specify checksums for all modules, a user can

declare the keys they trust and use a similar syntax to

trusted artifacts to say to what group/name/version the

key applies.

It's often the case that the same keys are used for

several artifacts of the same group or same company, so

this makes it possible to avoid a lot of boilerplate as

long as the artifacts are signed by the same keys.

    • -0
    • +4
    ./DependencyVerificationFixture.groovy
  1. … 9 more files in changeset.
Add support for globally trusted keys

A globally trusted key can be used to trust a number of

modules and greatly simplifies configuration: instead of

having to specify checksums for all modules, a user can

declare the keys they trust and use a similar syntax to

trusted artifacts to say to what group/name/version the

key applies.

It's often the case that the same keys are used for

several artifacts of the same group or same company, so

this makes it possible to avoid a lot of boilerplate as

long as the artifacts are signed by the same keys.

    • -0
    • +4
    ./DependencyVerificationFixture.groovy
  1. … 9 more files in changeset.
Add support for globally trusted keys

A globally trusted key can be used to trust a number of

modules and greatly simplifies configuration: instead of

having to specify checksums for all modules, a user can

declare the keys they trust and use a similar syntax to

trusted artifacts to say to what group/name/version the

key applies.

It's often the case that the same keys are used for

several artifacts of the same group or same company, so

this makes it possible to avoid a lot of boilerplate as

long as the artifacts are signed by the same keys.

    • -0
    • +4
    ./DependencyVerificationFixture.groovy
  1. … 9 more files in changeset.
Add support for ignored keys

Ignored keys can be used in case verification of a signature isn't

possible because a key isn't available anymore (lost, not published

to a key server, ...).

It's worth noting that if a component cannot be verified by at least

one public key, then verification will fallback to checksum verification.

    • -0
    • +4
    ./DependencyVerificationFixture.groovy
  1. … 17 more files in changeset.
Add support for ignored keys

Ignored keys can be used in case verification of a signature isn't

possible because a key isn't available anymore (lost, not published

to a key server, ...).

It's worth noting that if a component cannot be verified by at least

one public key, then verification will fallback to checksum verification.

    • -0
    • +4
    ./DependencyVerificationFixture.groovy
  1. … 17 more files in changeset.