sbt-pgp
sbt-pgp copied to clipboard
Published
20 hours ago •
sbt
sbt
"useGpg := true" breaks checkPgpSignatures
Specifically, everything seems to come up as [OK], even when a key is untrusted. Example output:
With useGpg := true
[info] ----- PGP Signature Results -----
[info] com.github.mpilquist : simulacrum_2.12 : 0.10.0 : jar [OK]
[info] org.scala-lang : scala-library : 2.12.2 : jar [OK]
[info] org.scalacheck : scalacheck_2.12 : 1.13.4 : jar [OK]
[info] org.scalamacros : paradise_2.12.2 : 2.1.0 : jar [OK]
[info] org.scalatest : scalatest_2.12 : 3.0.1 : jar [OK]
[info] org.spire-math : kind-projector_2.12 : 0.9.3 : jar [OK]
[info] org.typelevel : cats-core_2.12 : 0.9.0 : jar [OK]
[info] org.typelevel : cats-laws_2.12 : 0.9.0 : jar [OK]
[info] org.typelevel : discipline_2.12 : 0.7.3 : jar [OK]
[info] [SUCCESSFUL ] org.scala-js#scalajs-library_2.12;0.6.16!scalajs-library_2.12.jar.asc(jar) (1969ms)
[info] downloading https://repo1.maven.org/maven2/org/scala-js/scalajs-test-interface_2.12/0.6.16/scalajs-test-interface_2.12-0.6.16.jar.asc ...
[info] [SUCCESSFUL ] org.scala-js#scalajs-test-interface_2.12;0.6.16!scalajs-test-interface_2.12.jar.asc(jar) (365ms)
[info] Resolving org.scala-lang.modules#scala-parser-combinators_2.12;1.0.4 ...
[info] ----- PGP Signature Results -----
[info] org.scala-lang : scala-library : 2.12.2 : jar [OK]
[info] org.scalacheck : scalacheck_2.12 : 1.13.4 : jar [OK]
[info] org.scalatest : scalatest_2.12 : 3.0.1 : jar [OK]
[info] org.spire-math : kind-projector_2.12 : 0.9.3 : jar [OK]
[info] org.typelevel : cats-laws_2.12 : 0.9.0 : jar [OK]
[info] org.typelevel : discipline_2.12 : 0.7.3 : jar [OK]
[info] ----- PGP Signature Results -----
[info] com.github.mpilquist : simulacrum_sjs0.6_2.12 : 0.10.0 : jar [OK]
[info] org.eclipse.jetty : jetty-server : 8.1.16.v20140903 : jar [OK]
[info] org.eclipse.jetty : jetty-websocket : 8.1.16.v20140903 : jar [OK]
[info] org.scala-js : scalajs-compiler_2.12.2 : 0.6.16 : jar [OK]
[info] org.scala-js : scalajs-library_2.12 : 0.6.16 : jar [OK]
[info] org.scala-js : scalajs-test-interface_2.12 : 0.6.16 : jar [OK]
[info] org.scala-lang : scala-library : 2.12.2 : jar [OK]
[info] org.scalacheck : scalacheck_sjs0.6_2.12 : 1.13.4 : jar [OK]
[info] org.scalamacros : paradise_2.12.2 : 2.1.0 : jar [OK]
[info] org.scalatest : scalatest_sjs0.6_2.12 : 3.0.1 : jar [OK]
[info] org.spire-math : kind-projector_2.12 : 0.9.3 : jar [OK]
[info] org.typelevel : cats-core_sjs0.6_2.12 : 0.9.0 : jar [OK]
[info] org.typelevel : cats-laws_sjs0.6_2.12 : 0.9.0 : jar [OK]
[info] org.typelevel : discipline_sjs0.6_2.12 : 0.7.3 : jar [OK]
[info] ----- PGP Signature Results -----
[info] org.eclipse.jetty : jetty-server : 8.1.16.v20140903 : jar [OK]
[info] org.eclipse.jetty : jetty-websocket : 8.1.16.v20140903 : jar [OK]
[info] org.scala-js : scalajs-compiler_2.12.2 : 0.6.16 : jar [OK]
[info] org.scala-js : scalajs-library_2.12 : 0.6.16 : jar [OK]
[info] org.scala-js : scalajs-test-interface_2.12 : 0.6.16 : jar [OK]
[info] org.scala-lang : scala-library : 2.12.2 : jar [OK]
[info] org.scalacheck : scalacheck_sjs0.6_2.12 : 1.13.4 : jar [OK]
[info] org.scalatest : scalatest_sjs0.6_2.12 : 3.0.1 : jar [OK]
[info] org.spire-math : kind-projector_2.12 : 0.9.3 : jar [OK]
[info] org.typelevel : cats-laws_sjs0.6_2.12 : 0.9.0 : jar [OK]
[info] org.typelevel : discipline_sjs0.6_2.12 : 0.7.3 : jar [OK]
[info] ----- PGP Signature Results -----
[info] org.scala-lang : scala-library : 2.12.2 : jar [OK]
[success] Total time: 7 s, completed Jun 2, 2017 11:40:14 AM
With useGpg := false
[info] ----- PGP Signature Results -----
[info] org.scala-lang : scala-library : 2.12.2 : jar [OK]
[info] Resolving org.scalacheck#scalacheck_2.12;1.13.4 ...
[info] ----- PGP Signature Results -----
[info] com.github.mpilquist : simulacrum_2.12 : 0.10.0 : jar [OK]
[info] org.scala-lang : scala-library : 2.12.2 : jar [OK]
[info] org.scalacheck : scalacheck_2.12 : 1.13.4 : jar [OK]
[info] org.scalamacros : paradise_2.12.2 : 2.1.0 : jar [OK]
[info] org.scalatest : scalatest_2.12 : 3.0.1 : jar [OK]
[info] org.spire-math : kind-projector_2.12 : 0.9.3 : jar [OK]
[info] org.typelevel : cats-core_2.12 : 0.9.0 : jar [OK]
[info] org.typelevel : cats-laws_2.12 : 0.9.0 : jar [OK]
[info] org.typelevel : discipline_2.12 : 0.7.3 : jar [OK]
[info] Resolving org.scala-lang.modules#scala-parser-combinators_2.12;1.0.4 ...
[info] ----- PGP Signature Results -----
[info] org.scala-lang : scala-library : 2.12.2 : jar [OK]
[info] org.scalacheck : scalacheck_2.12 : 1.13.4 : jar [OK]
[info] org.scalatest : scalatest_2.12 : 3.0.1 : jar [OK]
[info] org.spire-math : kind-projector_2.12 : 0.9.3 : jar [OK]
[info] org.typelevel : cats-laws_2.12 : 0.9.0 : jar [OK]
[info] org.typelevel : discipline_2.12 : 0.7.3 : jar [OK]
[info] ----- PGP Signature Results -----
[info] org.eclipse.jetty : jetty-server : 8.1.16.v20140903 : jar [OK]
[info] org.eclipse.jetty : jetty-websocket : 8.1.16.v20140903 : jar [OK]
[info] org.scala-lang : scala-library : 2.12.2 : jar [OK]
[info] org.scalacheck : scalacheck_sjs0.6_2.12 : 1.13.4 : jar [OK]
[info] org.scalatest : scalatest_sjs0.6_2.12 : 3.0.1 : jar [OK]
[info] org.spire-math : kind-projector_2.12 : 0.9.3 : jar [OK]
[info] org.typelevel : cats-laws_sjs0.6_2.12 : 0.9.0 : jar [OK]
[info] org.typelevel : discipline_sjs0.6_2.12 : 0.7.3 : jar [OK]
[info] org.scala-js : scalajs-compiler_2.12.2 : 0.6.16 : jar [UNTRUSTED(0xc162866d)]
[info] org.scala-js : scalajs-library_2.12 : 0.6.16 : jar [UNTRUSTED(0xc162866d)]
[info] org.scala-js : scalajs-test-interface_2.12 : 0.6.16 : jar [UNTRUSTED(0xc162866d)]
[info] ----- PGP Signature Results -----
[info] com.github.mpilquist : simulacrum_sjs0.6_2.12 : 0.10.0 : jar [OK]
[info] org.eclipse.jetty : jetty-server : 8.1.16.v20140903 : jar [OK]
[info] org.eclipse.jetty : jetty-websocket : 8.1.16.v20140903 : jar [OK]
[info] org.scala-lang : scala-library : 2.12.2 : jar [OK]
[info] org.scalacheck : scalacheck_sjs0.6_2.12 : 1.13.4 : jar [OK]
[info] org.scalamacros : paradise_2.12.2 : 2.1.0 : jar [OK]
[info] org.scalatest : scalatest_sjs0.6_2.12 : 3.0.1 : jar [OK]
[info] org.spire-math : kind-projector_2.12 : 0.9.3 : jar [OK]
[info] org.typelevel : cats-core_sjs0.6_2.12 : 0.9.0 : jar [OK]
[info] org.typelevel : cats-laws_sjs0.6_2.12 : 0.9.0 : jar [OK]
[info] org.typelevel : discipline_sjs0.6_2.12 : 0.7.3 : jar [OK]
[info] org.scala-js : scalajs-compiler_2.12.2 : 0.6.16 : jar [UNTRUSTED(0xc162866d)]
[info] org.scala-js : scalajs-library_2.12 : 0.6.16 : jar [UNTRUSTED(0xc162866d)]
[info] org.scala-js : scalajs-test-interface_2.12 : 0.6.16 : jar [UNTRUSTED(0xc162866d)]
[trace] Stack trace suppressed: run last lawsJS/*:checkPgpSignatures for the full output.
[trace] Stack trace suppressed: run last coreJS/*:checkPgpSignatures for the full output.
[error] (lawsJS/*:checkPgpSignatures) Some artifacts have bad signatures or are signed by untrusted sources!
[error] (coreJS/*:checkPgpSignatures) Some artifacts have bad signatures or are signed by untrusted sources!
[error] Total time: 2 s, completed Jun 2, 2017 11:41:43 AM
Given that useGpg := false does not support subkey signing due to bugs in Bouncycastle, I'm sort of forced to use true, but that in turn means that I cannot verify signatures. :-(
