Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Fix signing test cases

Fix signing test cases

Fix signing test cases

Fix signing test cases

Lazy illegal signing of snapshot module

Prior to this change, configuring signing in the build would always fail.

It now fails only if signing effectively happens.

    • -7
    • +8
    ./main/java/org/gradle/plugins/signing/Sign.java
Lazy illegal signing of snapshot module

Prior to this change, configuring signing in the build would always fail.

It now fails only if signing effectively happens.

    • -0
    • +34
    ./main/java/org/gradle/plugins/signing/InvalidSignature.java
    • -7
    • +8
    ./main/java/org/gradle/plugins/signing/Sign.java
Make it impossible to sign GMM file if snapshot

This commit, hopefully temporarily, makes it impossible to sign

a Gradle Module Metadata file if the version is a snapshot.

The reason is that the signature which would be produced would

be for the raw, unmodified module file. However, the final

file would be modified in case of a snapshot to include the

timestamp version instead of the `-SNAPSHOT` version for artifacts,

which means that the signature wouldn't match anymore.

To avoid this, we simply disallow signing in this case.

    • -0
    • +10
    ./main/java/org/gradle/plugins/signing/Sign.java
Make it impossible to sign GMM file if snapshot

This commit, hopefully temporarily, makes it impossible to sign

a Gradle Module Metadata file if the version is a snapshot.

The reason is that the signature which would be produced would

be for the raw, unmodified module file. However, the final

file would be modified in case of a snapshot to include the

timestamp version instead of the `-SNAPSHOT` version for artifacts,

which means that the signature wouldn't match anymore.

To avoid this, we simply disallow signing in this case.

    • -0
    • +10
    ./main/java/org/gradle/plugins/signing/Sign.java
Make it impossible to sign GMM file if snapshot

This commit, hopefully temporarily, makes it impossible to sign

a Gradle Module Metadata file if the version is a snapshot.

The reason is that the signature which would be produced would

be for the raw, unmodified module file. However, the final

file would be modified in case of a snapshot to include the

timestamp version instead of the `-SNAPSHOT` version for artifacts,

which means that the signature wouldn't match anymore.

To avoid this, we simply disallow signing in this case.

    • -0
    • +10
    ./main/java/org/gradle/plugins/signing/Sign.java
Avoid

Remove deprecated APIs

    • -1
    • +1
    ./main/java/org/gradle/plugins/signing/Sign.java
Remove use of deprecated API

Remove use of deprecated APIs in PluginBuilder

Replace use of archiveName with archiveFileName

Avoid more deprecated APIs

    • -1
    • +1
    ./main/java/org/gradle/plugins/signing/Sign.java
  1. … 62 more files in changeset.
Remove use of deprecated API

Remove use of deprecated APIs in PluginBuilder

Replace use of archiveName with archiveFileName

Avoid more deprecated APIs

  1. … 62 more files in changeset.
Remove use of deprecated API

Remove use of deprecated APIs in PluginBuilder

Replace use of archiveName with archiveFileName

Avoid more deprecated APIs

    • -1
    • +1
    ./main/java/org/gradle/plugins/signing/Sign.java
  1. … 62 more files in changeset.
Remove use of deprecated API

Remove use of deprecated APIs in PluginBuilder

Replace use of archiveName with archiveFileName

Avoid more deprecated APIs

    • -1
    • +1
    ./main/java/org/gradle/plugins/signing/Sign.java
  1. … 62 more files in changeset.
Explicitly expect auto-tested samples to use deprecatied APIs

  1. … 2 more files in changeset.
Allow deprecation warnings to be collected for :core-api and :signing

  1. … 2 more files in changeset.
Configure Javadoc and sources separately and create tasks only on demand

  1. … 32 more files in changeset.
Configure Javadoc and sources separately and create tasks only on demand

  1. … 32 more files in changeset.
Configure Javadoc and sources separately and create tasks only on demand

  1. … 33 more files in changeset.
Configure Javadoc and sources separately and create tasks only on demand

  1. … 33 more files in changeset.
Remove manual creation of sourcesJar/javadocJar tasks from test fixtures

  1. … 1 more file in changeset.
Remove manual creation of sourcesJar/javadocJar tasks from test fixtures

  1. … 1 more file in changeset.
Remove manual creation of sourcesJar/javadocJar tasks from test fixtures

  1. … 1 more file in changeset.
Merge branch 'inmem-subkey-signing' of https://github.com/szhem/gradle

* 'inmem-subkey-signing' of https://github.com/szhem/gradle:

Annotating additional useInMemoryPgpKeys that accepts keyId with @since 6.0 to respect binary compatibility checks Issue: #10363

Adding integration tests for samples which use in-memory signing subkeys Issue: #10363

Updating user guide to respect information about in-memory signing subkeys Issue: #10363

Added git issue number to the integration test according to the contribution guide Issue: #10363

Updating docs in order to show how to use in-memory subkeys Issue: #10363

Reverting back comments of useInMemoryPgpKeys Issue: #10363

Supporting in-memory signing subkeys Issue: #10363

Fix some lgtm alerts

  1. … 11 more files in changeset.
signing plugin: use SHA512 instead of SHA1 when signing artifacts

PGP signs a digest, so MITM is still possible provided an attacker can update

the artifact in such a way that its SHA1 is intact.

Relevant article is https://medium.com/@jonathan.leitschuh/many-of-these-gpg-signatures-are-signed-with-sha-1-which-is-vulnerable-to-a-second-preimage-attack-67104d827930

Signed-off-by: Vladimir Sitnikov <sitnikov.vladimir@gmail.com>

De-incubate signing pre-5.0

    • -1
    • +0
    ./main/java/org/gradle/plugins/signing/Sign.java
Fix the "signing" plugin wrt maven plugin deprecation

  1. … 1 more file in changeset.
Fix the "signing" plugin wrt maven plugin deprecation

  1. … 1 more file in changeset.