Retrieving the GPG signature for an artifact


(Ryan J. McDonough) #1

I’m just getting started with Gradle plugin development and so far things are going well. One of the things I’d like to be able to do is have Gradle pull down the signature (.asc) for a published artifact if it is available. Pretty much every path I take to find this information brings to details on how to sign and publish an artifact. In fact, I want to be able to do the exact opposite: I want to download the signature and verify it.

If there’s no defined mechanism to do this, is there a mechanism within Gradle to determine the URL that a given dependency was pulled from? Form there, I could create a URL to download the signature.