gradle-witness
gradle-witness copied to clipboard
signalapp
A gradle plugin that enables static verification for remote dependencies.
Get dependencies from testRuntime instead of compile. Based on gradle [dependency configurations](https://docs.gradle.org/current/userguide/artifact_dependencies_tutorial.html#configurations).
Problem: WitnessPlugin used `println` to print "Verifying ..." messages forcing the output to show up at the console under all conditions. Solution: Print the same messages using `project.logger` at INFO...
When running `gradle tasks --all` it would be nice to see `calculateChecksums` under the "Verification Tasks" group and with a description. Right now it is listed under "Other tasks" with...
When applying the witness plugin I get this warning output: > Configure project : The Task.leftShift(Closure) method has been deprecated and is scheduled to be removed in Gradle 5.0. Please...
I am no Groovy or Gradle expert, but this small patch works for me.
With a project organized with several modules, I don't want to verify my own dependencies. gradle-witness doesn't allow this.
When building Signal-Android, I'm getting signature verification failures, but when I try to recalculate the checksum, it fails on that same signature: ``` ./gradlew -q calculateChecksums signing.properties not found Verifying...
Is it possible to implement a verification system that garantees that the pgp-signatures (*.asc files) are still correct and that the pgp-signer is still the same? The current implementation of...
This is a really nice idea here! However, it seems that the sha256 calculation performed by the plugin is different than want I'm getting from OSX's shasum tool ``` ➜...
