signing

Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Merge branch 'inmem-subkey-signing' of https://github.com/szhem/gradle

* 'inmem-subkey-signing' of https://github.com/szhem/gradle:

Annotating additional useInMemoryPgpKeys that accepts keyId with @since 6.0 to respect binary compatibility checks Issue: #10363

Adding integration tests for samples which use in-memory signing subkeys Issue: #10363

Updating user guide to respect information about in-memory signing subkeys Issue: #10363

Added git issue number to the integration test according to the contribution guide Issue: #10363

Updating docs in order to show how to use in-memory subkeys Issue: #10363

Reverting back comments of useInMemoryPgpKeys Issue: #10363

Supporting in-memory signing subkeys Issue: #10363

Fix some lgtm alerts

  1. … 11 more files in changeset.
signing plugin: use SHA512 instead of SHA1 when signing artifacts

PGP signs a digest, so MITM is still possible provided an attacker can update

the artifact in such a way that its SHA1 is intact.

Relevant article is https://medium.com/@jonathan.leitschuh/many-of-these-gpg-signatures-are-signed-with-sha-1-which-is-vulnerable-to-a-second-preimage-attack-67104d827930

Signed-off-by: Vladimir Sitnikov <sitnikov.vladimir@gmail.com>

De-incubate signing pre-5.0

Fix the "signing" plugin wrt maven plugin deprecation

  1. … 1 more file in changeset.
Fix the "signing" plugin wrt maven plugin deprecation

  1. … 1 more file in changeset.
Fix the "signing" plugin wrt maven plugin deprecation

  1. … 1 more file in changeset.
Annotating additional useInMemoryPgpKeys that accepts keyId with @since 6.0 to respect binary compatibility checks Issue: #10363

Signed-off-by: Sergey Zhemzhitsky <szhemzhitski@gmail.com>

Adding integration tests for samples which use in-memory signing subkeys Issue: #10363

Signed-off-by: Sergey Zhemzhitsky <szhemzhitski@gmail.com>

Added git issue number to the integration test according to the contribution guide Issue: #10363

Signed-off-by: Sergey Zhemzhitsky <szhemzhitski@gmail.com>

Reverting back comments of useInMemoryPgpKeys Issue: #10363

Signed-off-by: Sergey Zhemzhitsky <szhemzhitski@gmail.com>

Supporting in-memory signing subkeys Issue: #10363

Signed-off-by: Sergey Zhemzhitsky <szhemzhitski@gmail.com>

Merge branch 'release'

  1. … 5 more files in changeset.
Merge remote-tracking branch 'origin/master-test' into release-test

  1. … 4 more files in changeset.
Deduplicate sign task inputs

Multiple inputs can be defined that point at the same file.

Merge pull request #10292 from gradle/gh/deprecations/taskcontainer

Make deprecated task container methods an error

Remove references to task removal

  1. … 1 more file in changeset.
Make public type SignOperation abstract

Make public type SignOperation abstract

  1. … 1 more file in changeset.
Remove deprecated methods: getInputFiles() and getOutputFiles()

Adjust tests and samples to new publishing default behavior

  1. … 42 more files in changeset.
Sign task ignores missing files

This is a similar lenient behavior as in the publishing plugins.

Signing will now still work if Gradle Module Metadata was disabled

by disabling the corresponding 'generateMetadataFileFor...' task.

Sign task ignores missing files

This is a similar lenient behavior as in the publishing plugins.

Signing will now still work if Gradle Module Metadata was disabled

by disabling the corresponding 'generateMetadataFileFor...' task.

Sign task ignores missing files

This is a similar lenient behavior as in the publishing plugins.

Signing will now still work if Gradle Module Metadata was disabled

by disabling the corresponding 'generateMetadataFileFor...' task.

Sign task ignores missing files

This is a similar lenient behavior as in the publishing plugins.

Signing will now still work if Gradle Module Metadata was disabled

by disabling the corresponding 'generateMetadataFileFor...' task.

Sign task ignores missing files

This is a similar lenient behavior as in the publishing plugins.

Signing will now still work if Gradle Module Metadata was disabled

by disabling the corresponding 'generateMetadataFileFor...' task.

Adjust tests and samples to new publishing default behavior

  1. … 16 more files in changeset.
Adjust tests and samples to new publishing default behavior

  1. … 16 more files in changeset.
Adjust tests and samples to new publishing default behavior

  1. … 16 more files in changeset.
Adjust tests following Gradle Module Metadata feature preview removal

  1. … 29 more files in changeset.