-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a system property to disable publishing of SHA-256 #11358
Conversation
This commit adds an internal system property which can be used as a workaround whenever the remote repository doesn't accept SHA-256 and SHA-512 checksums. Gradle is fail-safe when it cannot upload those files, however, in some situations, the remote repository may not allow promoting the release if it finds such files. This is the case in older repositories, or currently with Maven Central. To disable publication of both SHA-256 and SHA-512 checksums, either: - add `-Dorg.gradle.internal.publish.checksums.insecure` to the CLI or - add `org.gradle.internal.publish.checksums.insecure=true` to your `gradle.properties` file Fixes #11308
3a55fe2
to
f8f851d
Compare
Does this prevent maven-metadata.xml.sha512 as well? |
yes |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
If the workaround stays for too long, we should probably replace this with an API on repository declaration to express supported checksums. |
I added |
@autonomousapps seems like there was a clarification made in another issue. |
Maven Central actually fixed the root problem, so this isn't needed anymore. |
This commit adds an internal system property which can be used as
a workaround whenever the remote repository doesn't accept SHA-256
and SHA-512 checksums. Gradle is fail-safe when it cannot upload
those files, however, in some situations, the remote repository may
not allow promoting the release if it finds such files. This is the
case in older repositories, or currently with Maven Central.
To disable publication of both SHA-256 and SHA-512 checksums, either:
-Dorg.gradle.internal.publish.checksums.insecure
to the CLI ororg.gradle.internal.publish.checksums.insecure=true
to yourgradle.properties
fileFixes #11308