Gradle

Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Fix duplicate verification when using force realize

Tweak grammar

Verify checksums for artifacts which declare them even if signature passes

This is done because signatures are done on the hash of artifacts and

not on the artifact contents itself, so if you want to ensure both

integrity and provenance, you need to check both.

Add an XML schema for the verification file

Publish 6.1-20191224000054+0000

Add safety around reading of keyring file

Regroup trusted keys for readability

If a single key is trusted multiple times for different artifacts, we

now regroup the artifact coordinates under the `trusted-key` tag.

Upgradle to latest nightly

For more VFS retention fixes.

    • -1
    • +1
    /gradle/wrapper/gradle-wrapper.properties
Add information about paths to dependencies when failing verification

When dependency verification fails, it's often necessary to actually

look at the artifacts which were downloaded. Gradle will not display

the paths to the artifacts which were involved in a verification

failure, so that the user can check if they are the ones they expect

or something else.

This also gives the ability to actually delete the file from the

local cache if it makes sense.

Notify VFS when manifest is written (#11735)

Notify VFS when manifest is written

Merge manual change to TC DSL

Rebaseline GradleInceptionPerformanceTest because of the usage of new API

Fix typo

Merge pull request #11724 from gradle/breskeby/smoke-test-test-retry-plugin

Add smoke test for test retry plugin

Publish 6.1-20191223003235+0000

Move daemon process cleanup before and after functional tests to a build service.

Upgrade to new nightly.

    • -1
    • +1
    /gradle/wrapper/gradle-wrapper.properties
Improve grouper

in order to even reduce the size of verification files

Allow `ExecOperations` and `FileSystemOperations` services to be injected into build service instances.

Update default key servers

Based on observations of the results, they seem to be more stable.

Make the various execution services available in build scope, using the build's root directory as the base directory for file resolution.

Avoid verifying the same artifact multiple times

and make sure that signature files are downloaded concurrently. This

commit adds several improvements, in particular by avoiding making

the same network requests multiple times just because we use the same

PGP key but in a different context.

Fix ignored keys not written for failed verifications

In order to generate a file which can _immediately_ be used

despite verification failures (because we fallback on checksum

verification), we need to add the ignored keys at the artifact

level.

Add local keyring file

Fetching remote keys can be quite expensive. In order to avoid lookups,

this commits introduces the ability to use a local keyrings file, found

alongside the verification metadata.

This file can either be generated using regular tools like GPG, or via

command-line by adding the `--export-keys` flag when generating the

verification metadata.

    • -0
    • +1
    /subprojects/security/security.gradle.kts
  1. … 5 more files in changeset.
Update TC token

TeamCity change in 'Gradle / Check' project: project parameters were changed

TeamCity change in 'Gradle / Util' project: project parameters were changed

Add information about the source repository in errors

Publish 6.1-20191222000026+0000

Further improve error reporting for dependency verification

This commit improves error reporting by making it more

explicit when we fallback to checksum verification.