Clone Tools
  • last updated a few seconds ago
Constraints: committers
Constraints: files
Constraints: dates
Mark tests as `@ToBeFixedForInstantExecution`

Fix security project configuration

    • -1
    • +1
Make sure verification and writing generate progress display names

Add a signature verification cache

This cache avoids re-checking signatures on every build, or even for

the same file multiple times during a build.

Cache missing keys for 24 hours

This commit adds caching of missing keys for 24 hours. This avoids reaching out

to key servers always when a key is missing. Instead, we cache the result for

24 hours, and it's possible to refresh the keys using the `--refresh-keys` CLI


Declare new `security` subproject

    • -0
    • +1
Mark tests as @ToBeFixedForInstantExecution

Fix unclosed resources

The Armored(Input|Output)Stream classes do _not_ close the underlying


Fix signature verification service not being closed

The lifecycle of this service is not automatically handled by the

service registry because it's created lazily via a factory (in

order to be able to configure it for different key servers)

Make sure we can verify artifacts downloaded in a previous build

Publish 6.1-20191217083745+0000

Merge pull request #11678 from gradle/vvaluckas/fix-tooling-api-sources-jar

Fix tooling-api sources jar content to include sources of submodules.

Publish 6.1-20191217025822+0000

Publish 6.1-20191217002304+0000

Initial implementation of verification of signatures

This commit introduces _signature_ verification. Signature verification

is stronger than checksum verification and must be enabled explicitly,

by adding `<signature-verification>true</signature-verification>` to the

dependency verification configuration file.

Once such verification is enabled, Gradle will do its best to verify

the signature of artifacts. This means:

- it will try to download the .asc file associated with an artifact

- if it's present, it will automatically download the public keys

of the signature and verify that the file matches the signatures

- if _any_ of the signature verification fails, fails the build

- if a public key is not trusted explicitly, fails the build

- if signature verification succeeds, no checksum verification is


Currently it's not possible to perform checksum verification for some

modules and signature verification for others. All modules must declare

all trusted keys.

If a key cannot be downloaded, verification will fail. It's not possible

to ignore a key for now. It's not possible to fallback to checksum


  1. … 48 more files in changeset.
Rebaseline LargeDependencyGraphPerformanceTest

To unblock `master`.


Publish 6.1-20191216094820+0000

Add ident settings for verification file

So IDEA does the right thing.

Don't schedule instantExecution builds on EC2 agents for now

Fix verification errors

Merge branch 'release'

Merge pull request #11634 from gradle/wolfs/vfs/test-with-partial

Enable partial VFS invalidation for all tests

Do not deprecate 'JavaPlatform'

The interface is used by the Java compile task and for transferring

Java version information from the task to the compiler.

The type is now de-incubated. In the future, we might replace

(and then deprecate) or extend it.

This commit removes documentation of the interface that refers to it's

usage in the jvm-component DSL, as this usage of the interface is indeed


Fix direct get resource for GCS (#11669)

It looks like this code path was never properly tested and working

since this was implemented. It was only working for the case

where we have a populated cache (Maven local) and probe for

metadata before downloading.

Rename `Report.activated` to `required`

Publish 6.1-20191216001045+0000

Clean up build operation listeners added by `BuildEventsListenerRegistry` at the completion of a build.

Fixes a memory leak when using gradle-profiler caused by these listeners continuing to receive and queue events without forwarding them to anything, plus the leak caused by retaining the listeners themselves.

Merge branch 'master' into vvaluckas/fix-tooling-api-sources-jar

Revert auto bucket split

    • -275
    • +0
    • -128
    • +253
    • -142140
    • +0
Revert auto bucket split

    • -275
    • +0
    • -128
    • +253
    • -142140
    • +0