Plugin providing the ability to sign artifacts and pom before uploading to a repository.
Homepage Repository Maven Groovy Download
I just released 0.0.4 of the 'sign' plugin so it is compatible with 1.0-milestone-5 of Gradle. Originally, I didn't plan to update this plugin since Gradle 1.0-milestone-5 includes a similar plugin natively. See http://gradle.org/current/docs/userguide/userguide_single.html#signing_plugin But since stigkj was so kind to provide the necessary changes, I didn't have any excuses anymore. ;) Thank you, Stig! Beside that, the pgp-plugin won't be actively supported anymore! See http://jira.codehaus.org/browse/GRADLE-1172 - Add PGP signature support to the maven plugin http://jira.codehaus.org/browse/GRADLE-1035 - Provide a 'maven central' plugin to ease deployment of artifacts and ensure well-formed poms for related Gradle issues. This plugin works like the maven-gpg-plugin. It signs all artifacts - including the pom - before uploading them. This plugin requires Gradle 0.9.2 or newer. In the project that would like to use this plugin, add the following: buildscript { repositories { mavenCentral() } dependencies { classpath 'de.huxhorn.gradle:de.huxhorn.gradle.pgp-plugin:0.0.3' } } You can then apply plugin: allprojects { // below doesn't work yet... // apply plugin: 'sign' apply plugin: de.huxhorn.gradle.pgp.PgpPlugin pgp { secretKeyRingFile = new File("${System.properties['user.home']}/.gnupg/secring.gpg") keyId = '740A1840' } } Configuration is either done by the pgp convention like this: pgp { secretKeyRingFile = new File("${System.properties['user.home']}/.gnupg/secring.gpg") keyId = '740A1840' password = 'youShouldNotDoThis' } or using gradle properties: -PpgpKeyId -PpgpSecretKeyRingFile=/path/to/file -PpgpPassword=youShoudlntDoThisEither Information in the pgp convention overrides gradle properties! Concerning the password, the best idea would probably be to define it neither in convention nor by properties. In that case it is asked once at the start of the signing process. Keep in mind that you can also define the above gradle properties in the file ~/.gradle/gradle.properties See http://www.gradle.org/0.9-rc-2/docs/userguide/tutorial_this_and_that.html#sec:gradle_properties_and_system_properties The current version has several issues: - If no password is given using either the gradle property 'pgpPassword' or password in the convention above (which would actually both be a rather bad idea concerning security) then the plugin asks once for password entry using console.readPassword. This requires Java 6. - The text output 'Enter PGP-Password: ' is mixed up with the '> Building > :foo:uploadArchives' text. The password is prompted for after the later one. (- The configuration used for signing is always 'default') To build this plugin yourself, clone this repository and execute 'gradle'. To perform a release you have to call gradle -Drelease=true Then you need to delete the ivy cache: rm -rf ~/.gradle/cache Signing can (or should) be performed calling gradle -Drelease=true -Dsign=true The buildscript of your project needs to look like this if you want to use your locally built version: buildscript { localReleaseRepo = new File("${System.properties.'user.home'}/local-gradle-repository/release").toURL().toString() localSnapshotRepo = new File("${System.properties.'user.home'}/local-gradle-repository/snapshot").toURL().toString() repositories { mavenCentral() mavenRepo urls: localReleaseRepo mavenRepo urls: localSnapshotRepo } dependencies { classpath 'de.huxhorn.gradle:de.huxhorn.gradle.pgp-plugin:0.0.4-SNAPSHOT' } } I'd appreciate any input and suggestions concerning this plugin, the issues above or general ideas how to enhance it. Changes: 0.0.3: Fixed reentering of password. Forgot to lower-case keyId before comparison. 0.0.2: Initial release.