I just released 0.0.4 of the 'sign' plugin so it is compatible with 1.0-milestone-5 of Gradle.
Originally, I didn't plan to update this plugin since Gradle 1.0-milestone-5 includes a similar plugin natively.

See http://gradle.org/current/docs/userguide/userguide_single.html#signing_plugin

But since stigkj was so kind to provide the necessary changes, I didn't have any excuses anymore. ;)
Thank you, Stig!

Beside that, the pgp-plugin won't be actively supported anymore!

See 
http://jira.codehaus.org/browse/GRADLE-1172 - Add PGP signature support to the maven plugin
http://jira.codehaus.org/browse/GRADLE-1035 - Provide a 'maven central' plugin to ease deployment of artifacts and ensure well-formed poms
for related Gradle issues.


This plugin works like the maven-gpg-plugin. It signs all artifacts - including
the pom - before uploading them.

This plugin requires Gradle 0.9.2 or newer.


In the project that would like to use this plugin, add the following:

buildscript {
	repositories {
		mavenCentral()
	}
	dependencies {
		classpath 'de.huxhorn.gradle:de.huxhorn.gradle.pgp-plugin:0.0.3'
	}
}

You can then apply plugin:
allprojects {
// below doesn't work yet...
//	apply plugin: 'sign'
	apply plugin: de.huxhorn.gradle.pgp.PgpPlugin
    
	pgp {
		secretKeyRingFile = new File("${System.properties['user.home']}/.gnupg/secring.gpg")
		keyId = '740A1840'
	}
}

Configuration is either done by the pgp convention like this:
pgp {
	secretKeyRingFile = new File("${System.properties['user.home']}/.gnupg/secring.gpg")
	keyId = '740A1840'
	password = 'youShouldNotDoThis'
}
or using gradle properties:
-PpgpKeyId
-PpgpSecretKeyRingFile=/path/to/file
-PpgpPassword=youShoudlntDoThisEither

Information in the pgp convention overrides gradle properties!

Concerning the password, the best idea would probably be to define it neither in convention nor by properties.
In that case it is asked once at the start of the signing process.

Keep in mind that you can also define the above gradle properties in the file
~/.gradle/gradle.properties

See http://www.gradle.org/0.9-rc-2/docs/userguide/tutorial_this_and_that.html#sec:gradle_properties_and_system_properties

The current version has several issues:
- If no password is given using either the gradle property 'pgpPassword' or 
  password in the convention above (which would actually both be a rather bad 
  idea concerning security) then the plugin asks once for password entry using
  console.readPassword. This requires Java 6.
- The text output 'Enter PGP-Password: ' is mixed up with the '> Building > :foo:uploadArchives' text. 
  The password is prompted for after the later one.
(- The configuration used for signing is always 'default')


To build this plugin yourself, clone this repository and execute 'gradle'.

To perform a release you have to call

gradle -Drelease=true

Then you need to delete the ivy cache:
rm -rf ~/.gradle/cache

Signing can (or should) be performed calling
gradle -Drelease=true -Dsign=true

The buildscript of your project needs to look like this if you want to use your locally built version:

buildscript {
	localReleaseRepo = new File("${System.properties.'user.home'}/local-gradle-repository/release").toURL().toString()
	localSnapshotRepo = new File("${System.properties.'user.home'}/local-gradle-repository/snapshot").toURL().toString()
	repositories {
		mavenCentral()
		mavenRepo urls: localReleaseRepo
		mavenRepo urls: localSnapshotRepo
	}
	dependencies {
		classpath 'de.huxhorn.gradle:de.huxhorn.gradle.pgp-plugin:0.0.4-SNAPSHOT'
	}
}


I'd appreciate any input and suggestions concerning this plugin, the issues above or general ideas how to enhance it.


Changes:
0.0.3:
    Fixed reentering of password. Forgot to lower-case keyId before comparison.
0.0.2:
    Initial release.