I have the following build.gradle file with a signing plugin
BUT the resulting files should be
BUT instead there are 2 more files as well as it seems the *.asc files are being signed too after they are generated so I also end up with these 2 files
This project only compiles on jdk8 right now, and I run ./gradlew clean release -x javadoc (also, on a side note, I ended up with core-asyncserver-2.0-developer-javadoc.jar which is funny since I ran with -x javadoc).
The gradle version is defined in that project with the gradle wrapper. Anyone know why it’s signing the asc files?
It’s not. The result of signing core-asyncserver-2.0-developer.jar is the core-asyncserver-2.0-developer.jar.asc file. The .asc file is the signature.
Both of these files are uploaded to the artifact repository. Any file that is going to be uploaded to artifact repository has checksums generated (.md5 / .sha1). This guarantees the contents of the file weren’t corrupted in transmission. The checksums are generated for the files regardless of whether you sign the files you’re transmitting, and adding a signature doesn’t circumvent or add special exceptions to the normal checksum process.
BUT perhaps you are saying since core-asyncserver-2.0-developer.jar.asc is going to uploaded, then the *.asc file ALSO generates checksums core-asyncserver-2.0-developer.jar.asc.md5 and core-asyncserver-2.0-developer.jar.asc.sha1. (I expected the *.asc file, but was perplexed around the *.asc.md5 and *.asc.sha1 file since no other maven deploys I see in maven central have *.asc.md5 and *.asc.sha1). Of course, jackson and most releases are not doing this?
PLEASE NOTE: in your text, you are referring to the jar having checksums, but in this case, I am also seeing checksums on the *.asc file.
yes @jjustinic, you hit the head on the nail. I guess on my reply I should have mentioned that! To be clear, after your first answer, I went and read and went ‘ohhhh, oops, those were checksums’. Any ideas why we are doing checksums on the *.asc file? That seems a bit weird from other maven repos I checked out.