Skip to content

Commit 18ea643

Browse files
jjohannesjjohannes
committed
Activate 'verify-signatures' by TRUE (upper case)
Do this so that Renovate does not attempt to update the file. We do it manually if necessary.
1 parent 212330d commit 18ea643

File tree

1 file changed

+5
-11
lines changed

1 file changed

+5
-11
lines changed

gradle/verification-metadata.xml

Lines changed: 5 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,17 @@
22
<verification-metadata xmlns="https://schema.gradle.org/dependency-verification" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="https://schema.gradle.org/dependency-verification https://schema.gradle.org/dependency-verification/dependency-verification-1.3.xsd">
33
<configuration>
44
<verify-metadata>false</verify-metadata>
5-
<verify-signatures>true</verify-signatures>
5+
<!-- use 'TRUE' instead of 'true' so that Renovate ignores it: https://github.com/renovatebot/renovate/discussions/39029 -->
6+
<verify-signatures>TRUE</verify-signatures>
67
<keyring-format>armored</keyring-format>
78
<key-servers enabled="false"/>
89
<trusted-artifacts>
910
<trust file=".*-javadoc[.]jar" regex="true"/>
1011
<trust file=".*-sources[.]jar" regex="true"/>
1112
<trust file="^gradle-\d+\.\d+(?:\.\d+)?(?:-(?:rc|milestone)-\d+)?-src\.zip$" regex="true"/>
13+
<!-- explicitly trust unsigned artifacts -->
14+
<trust file="asciidoctor-gradle-base-4.0.5.jar"/>
15+
<trust file="asciidoctor-gradle-jvm-4.0.5.jar"/>
1216
</trusted-artifacts>
1317
<trusted-keys>
1418
<!-- BUILD: CONVENTIONS -->
@@ -144,15 +148,5 @@
144148
</trusted-keys>
145149
</configuration>
146150
<components>
147-
<component group="org.asciidoctor" name="asciidoctor-gradle-base" version="4.0.5">
148-
<artifact name="asciidoctor-gradle-base-4.0.5.jar">
149-
<sha256 value="3b0a5c953c98977da3cec1bfd66c0f7438e3e07c06bda00abae8c53e4dd2185a" origin="Downloaded the file from https://plugins.gradle.org/m2/org/asciidoctor/asciidoctor-gradle-base/4.0.5 and generated the checksum locally" reason="Artifact is not signed"/>
150-
</artifact>
151-
</component>
152-
<component group="org.asciidoctor" name="asciidoctor-gradle-jvm" version="4.0.5">
153-
<artifact name="asciidoctor-gradle-jvm-4.0.5.jar">
154-
<sha256 value="3e020e7f350cb6ff2658ff124ea63d42da3dacf6da3b71efe4c7670413369ce9" origin="Downloaded the file from https://plugins.gradle.org/m2/org/asciidoctor/asciidoctor-gradle-jvm/4.0.5 and generated the checksum locally" reason="Artifact is not signed"/>
155-
</artifact>
156-
</component>
157151
</components>
158152
</verification-metadata>

0 commit comments

Comments
 (0)