I’ve created a new class (org.MySignatory) in buildSrc that extends org.gradle.plugins.signing.signatory.SignatorySupport.
I would like to use it to sign a jar, but have not been able to set it as the signatory for a project.
The following seems the most consistent with the user guide examples and DSL documentation, but the script fails during evaluation with “Could not find method signatory() for arguments [org.MySignatory@2ddc50] on project”
There is no signatoryProvider method, I think that you meant
signing.signatories = new MySignatoryProvider()
Using this, I am able to pass MySignatory via MySignatoryProvider.
But it seems that PgpSignatory is still active.
First of all, gradle complains because my Signatory is missing a keyId property of type PgpKeyId (which is required regardless of signature type at Sign.groovy:69). Also, an .asc file is generated to the build/libs directory.
Once I added the keyId to my Signatory, my sign(in, out) method is called, being given the jar to be signed in the input stream. But the output stream is ignored.
Even when the sign method of MySignatory is just the following, the output jar is the original unsigned jar:
OK, the problem was that I needed to define the signatureTypes as well, and make MySignatureType the default.
signing.signatureTypes = new MySignatureTypeProvider()
Now I have a different question:
Is there any reasonable way to replace the jar that is generated by the jar task with the jar I’ve just signed using my Signatory in the signArchives task?
I didn’t want to make a signature file; rather I wanted to have the jar output signed. Most important is that I don’t want gradle to recreate the jar on every build.