Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to Gradle 5.3.1 and fix signing issue #734

Merged
merged 1 commit into from
Apr 11, 2019
Merged

Upgrade to Gradle 5.3.1 and fix signing issue #734

merged 1 commit into from
Apr 11, 2019

Conversation

ob-stripe
Copy link
Contributor

@ob-stripe ob-stripe commented Apr 10, 2019
edited
Loading

r? @mickjermsurawong-stripe
cc @stripe/api-libraries @hans-stripe

This fixes the signature issue we ran into yesterday. The problem is described in this comment:

The com.vanniktech.maven.publish unconditionally adds the jar task to configurations.archives.artifacts where it has already been added by the java plugin thus causing the duplicate.

We're not using the com.vanniktech.maven.publish plugin, but we had the same issue: we manually added the jar task to configurations.archives.artifacts.

After removing the jar task from configurations.archives.artifacts, I've verified that things work as expected:

$ GNUPGHOME="/path/to/gnupg" GRADLE_OPTS="-Dorg.gradle.project.signing.gnupg.keyName=C33033E4B583FE612EDE877C05D02D3D57ABFF46" ./gradlew clean sign
...
BUILD SUCCESSFUL in 50s
8 actionable tasks: 7 executed, 1 up-to-date

$ ls -l build/libs
total 15848
-rw-r--r--  1 ob  staff  5201573 Apr 10 10:31 stripe-java-9.0.0-javadoc.jar
-rw-r--r--  1 ob  staff      508 Apr 10 10:31 stripe-java-9.0.0-javadoc.jar.asc
-rw-r--r--  1 ob  staff   795820 Apr 10 10:31 stripe-java-9.0.0-sources.jar
-rw-r--r--  1 ob  staff      508 Apr 10 10:31 stripe-java-9.0.0-sources.jar.asc
-rw-r--r--  1 ob  staff  1763670 Apr 10 10:30 stripe-java-9.0.0.jar
-rw-r--r--  1 ob  staff      508 Apr 10 10:31 stripe-java-9.0.0.jar.asc

$ gpg --verify build/libs/stripe-java-9.0.0.jar.asc build/libs/stripe-java-9.0.0.jar
gpg: Signature made Wed Apr 10 10:31:27 2019 PDT
gpg:                using RSA key C33033E4B583FE612EDE877C05D02D3D57ABFF46
gpg: Good signature from "Stripe <[email protected]>" [expired]
gpg:                 aka "Stripe <[email protected]>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: C330 33E4 B583 FE61 2EDE  877C 05D0 2D3D 57AB FF46

$ gpg --verify build/libs/stripe-java-9.0.0-sources.jar.asc build/libs/stripe-java-9.0.0-sources.jar
gpg: Signature made Wed Apr 10 10:31:27 2019 PDT
gpg:                using RSA key C33033E4B583FE612EDE877C05D02D3D57ABFF46
gpg: Good signature from "Stripe <[email protected]>" [expired]
gpg:                 aka "Stripe <[email protected]>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: C330 33E4 B583 FE61 2EDE  877C 05D0 2D3D 57AB FF46

$ gpg --verify build/libs/stripe-java-9.0.0-javadoc.jar.asc build/libs/stripe-java-9.0.0-javadoc.jar
gpg: Signature made Wed Apr 10 10:31:27 2019 PDT
gpg:                using RSA key C33033E4B583FE612EDE877C05D02D3D57ABFF46
gpg: Good signature from "Stripe <[email protected]>" [expired]
gpg:                 aka "Stripe <[email protected]>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: C330 33E4 B583 FE61 2EDE  877C 05D0 2D3D 57AB FF46

Fixes #733.

@mickjermsurawong-stripe
Copy link
Contributor

Thank you ob for digging further into this!
LGTM

@mickjermsurawong-stripe mickjermsurawong-stripe merged commit d515547 into master Apr 11, 2019
@ob-stripe ob-stripe deleted the ob-fix-733 branch April 12, 2019 17:27
dtreskunov pushed a commit to dtreskunov/easyssl that referenced this pull request Apr 16, 2019
try and fix "Task :signArchives FAILED"
eb020b6 
`Duplicate key Signature easyssl:jar.asc:asc:`
gradle/gradle#8213

This commit is applying the same fix as
stripe/stripe-java#734
@manosbatsis
Copy link

This helped fix my (irrelevant) build guys, thanks a bunch

@manosbatsis manosbatsis mentioned this pull request Feb 13, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@ob-stripe ob-stripe

Labels
approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix signature issue and upgrade to latest Gradle
3 participants
@ob-stripe @mickjermsurawong-stripe @manosbatsis