Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"useGpg := true" breaks checkPgpSignatures #102

Open
djspiewak opened this issue Jun 2, 2017 · 0 comments
Open

"useGpg := true" breaks checkPgpSignatures #102

djspiewak opened this issue Jun 2, 2017 · 0 comments

Comments

@djspiewak
Copy link

Specifically, everything seems to come up as [OK], even when a key is untrusted. Example output:

With useGpg := true

[info] ----- PGP Signature Results -----
[info]   com.github.mpilquist :     simulacrum_2.12 : 0.10.0 : jar   [OK]
[info]         org.scala-lang :       scala-library : 2.12.2 : jar   [OK]
[info]         org.scalacheck :     scalacheck_2.12 : 1.13.4 : jar   [OK]
[info]        org.scalamacros :     paradise_2.12.2 :  2.1.0 : jar   [OK]
[info]          org.scalatest :      scalatest_2.12 :  3.0.1 : jar   [OK]
[info]         org.spire-math : kind-projector_2.12 :  0.9.3 : jar   [OK]
[info]          org.typelevel :      cats-core_2.12 :  0.9.0 : jar   [OK]
[info]          org.typelevel :      cats-laws_2.12 :  0.9.0 : jar   [OK]
[info]          org.typelevel :     discipline_2.12 :  0.7.3 : jar   [OK]
[info] 	[SUCCESSFUL ] org.scala-js#scalajs-library_2.12;0.6.16!scalajs-library_2.12.jar.asc(jar) (1969ms)
[info] downloading https://repo1.maven.org/maven2/org/scala-js/scalajs-test-interface_2.12/0.6.16/scalajs-test-interface_2.12-0.6.16.jar.asc ...
[info] 	[SUCCESSFUL ] org.scala-js#scalajs-test-interface_2.12;0.6.16!scalajs-test-interface_2.12.jar.asc(jar) (365ms)
[info] Resolving org.scala-lang.modules#scala-parser-combinators_2.12;1.0.4 ...
[info] ----- PGP Signature Results -----
[info]   org.scala-lang :       scala-library : 2.12.2 : jar   [OK]
[info]   org.scalacheck :     scalacheck_2.12 : 1.13.4 : jar   [OK]
[info]    org.scalatest :      scalatest_2.12 :  3.0.1 : jar   [OK]
[info]   org.spire-math : kind-projector_2.12 :  0.9.3 : jar   [OK]
[info]    org.typelevel :      cats-laws_2.12 :  0.9.0 : jar   [OK]
[info]    org.typelevel :     discipline_2.12 :  0.7.3 : jar   [OK]
[info] ----- PGP Signature Results -----
[info]   com.github.mpilquist :      simulacrum_sjs0.6_2.12 :           0.10.0 : jar   [OK]
[info]      org.eclipse.jetty :                jetty-server : 8.1.16.v20140903 : jar   [OK]
[info]      org.eclipse.jetty :             jetty-websocket : 8.1.16.v20140903 : jar   [OK]
[info]           org.scala-js :     scalajs-compiler_2.12.2 :           0.6.16 : jar   [OK]
[info]           org.scala-js :        scalajs-library_2.12 :           0.6.16 : jar   [OK]
[info]           org.scala-js : scalajs-test-interface_2.12 :           0.6.16 : jar   [OK]
[info]         org.scala-lang :               scala-library :           2.12.2 : jar   [OK]
[info]         org.scalacheck :      scalacheck_sjs0.6_2.12 :           1.13.4 : jar   [OK]
[info]        org.scalamacros :             paradise_2.12.2 :            2.1.0 : jar   [OK]
[info]          org.scalatest :       scalatest_sjs0.6_2.12 :            3.0.1 : jar   [OK]
[info]         org.spire-math :         kind-projector_2.12 :            0.9.3 : jar   [OK]
[info]          org.typelevel :       cats-core_sjs0.6_2.12 :            0.9.0 : jar   [OK]
[info]          org.typelevel :       cats-laws_sjs0.6_2.12 :            0.9.0 : jar   [OK]
[info]          org.typelevel :      discipline_sjs0.6_2.12 :            0.7.3 : jar   [OK]
[info] ----- PGP Signature Results -----
[info]   org.eclipse.jetty :                jetty-server : 8.1.16.v20140903 : jar   [OK]
[info]   org.eclipse.jetty :             jetty-websocket : 8.1.16.v20140903 : jar   [OK]
[info]        org.scala-js :     scalajs-compiler_2.12.2 :           0.6.16 : jar   [OK]
[info]        org.scala-js :        scalajs-library_2.12 :           0.6.16 : jar   [OK]
[info]        org.scala-js : scalajs-test-interface_2.12 :           0.6.16 : jar   [OK]
[info]      org.scala-lang :               scala-library :           2.12.2 : jar   [OK]
[info]      org.scalacheck :      scalacheck_sjs0.6_2.12 :           1.13.4 : jar   [OK]
[info]       org.scalatest :       scalatest_sjs0.6_2.12 :            3.0.1 : jar   [OK]
[info]      org.spire-math :         kind-projector_2.12 :            0.9.3 : jar   [OK]
[info]       org.typelevel :       cats-laws_sjs0.6_2.12 :            0.9.0 : jar   [OK]
[info]       org.typelevel :      discipline_sjs0.6_2.12 :            0.7.3 : jar   [OK]
[info] ----- PGP Signature Results -----
[info]   org.scala-lang : scala-library : 2.12.2 : jar   [OK]
[success] Total time: 7 s, completed Jun 2, 2017 11:40:14 AM

With useGpg := false

[info] ----- PGP Signature Results -----
[info]   org.scala-lang : scala-library : 2.12.2 : jar   [OK]
[info] Resolving org.scalacheck#scalacheck_2.12;1.13.4 ...
[info] ----- PGP Signature Results -----
[info]   com.github.mpilquist :     simulacrum_2.12 : 0.10.0 : jar   [OK]
[info]         org.scala-lang :       scala-library : 2.12.2 : jar   [OK]
[info]         org.scalacheck :     scalacheck_2.12 : 1.13.4 : jar   [OK]
[info]        org.scalamacros :     paradise_2.12.2 :  2.1.0 : jar   [OK]
[info]          org.scalatest :      scalatest_2.12 :  3.0.1 : jar   [OK]
[info]         org.spire-math : kind-projector_2.12 :  0.9.3 : jar   [OK]
[info]          org.typelevel :      cats-core_2.12 :  0.9.0 : jar   [OK]
[info]          org.typelevel :      cats-laws_2.12 :  0.9.0 : jar   [OK]
[info]          org.typelevel :     discipline_2.12 :  0.7.3 : jar   [OK]
[info] Resolving org.scala-lang.modules#scala-parser-combinators_2.12;1.0.4 ...
[info] ----- PGP Signature Results -----
[info]   org.scala-lang :       scala-library : 2.12.2 : jar   [OK]
[info]   org.scalacheck :     scalacheck_2.12 : 1.13.4 : jar   [OK]
[info]    org.scalatest :      scalatest_2.12 :  3.0.1 : jar   [OK]
[info]   org.spire-math : kind-projector_2.12 :  0.9.3 : jar   [OK]
[info]    org.typelevel :      cats-laws_2.12 :  0.9.0 : jar   [OK]
[info]    org.typelevel :     discipline_2.12 :  0.7.3 : jar   [OK]
[info] ----- PGP Signature Results -----
[info]   org.eclipse.jetty :                jetty-server : 8.1.16.v20140903 : jar   [OK]
[info]   org.eclipse.jetty :             jetty-websocket : 8.1.16.v20140903 : jar   [OK]
[info]      org.scala-lang :               scala-library :           2.12.2 : jar   [OK]
[info]      org.scalacheck :      scalacheck_sjs0.6_2.12 :           1.13.4 : jar   [OK]
[info]       org.scalatest :       scalatest_sjs0.6_2.12 :            3.0.1 : jar   [OK]
[info]      org.spire-math :         kind-projector_2.12 :            0.9.3 : jar   [OK]
[info]       org.typelevel :       cats-laws_sjs0.6_2.12 :            0.9.0 : jar   [OK]
[info]       org.typelevel :      discipline_sjs0.6_2.12 :            0.7.3 : jar   [OK]
[info]        org.scala-js :     scalajs-compiler_2.12.2 :           0.6.16 : jar   [UNTRUSTED(0xc162866d)]
[info]        org.scala-js :        scalajs-library_2.12 :           0.6.16 : jar   [UNTRUSTED(0xc162866d)]
[info]        org.scala-js : scalajs-test-interface_2.12 :           0.6.16 : jar   [UNTRUSTED(0xc162866d)]
[info] ----- PGP Signature Results -----
[info]   com.github.mpilquist :      simulacrum_sjs0.6_2.12 :           0.10.0 : jar   [OK]
[info]      org.eclipse.jetty :                jetty-server : 8.1.16.v20140903 : jar   [OK]
[info]      org.eclipse.jetty :             jetty-websocket : 8.1.16.v20140903 : jar   [OK]
[info]         org.scala-lang :               scala-library :           2.12.2 : jar   [OK]
[info]         org.scalacheck :      scalacheck_sjs0.6_2.12 :           1.13.4 : jar   [OK]
[info]        org.scalamacros :             paradise_2.12.2 :            2.1.0 : jar   [OK]
[info]          org.scalatest :       scalatest_sjs0.6_2.12 :            3.0.1 : jar   [OK]
[info]         org.spire-math :         kind-projector_2.12 :            0.9.3 : jar   [OK]
[info]          org.typelevel :       cats-core_sjs0.6_2.12 :            0.9.0 : jar   [OK]
[info]          org.typelevel :       cats-laws_sjs0.6_2.12 :            0.9.0 : jar   [OK]
[info]          org.typelevel :      discipline_sjs0.6_2.12 :            0.7.3 : jar   [OK]
[info]           org.scala-js :     scalajs-compiler_2.12.2 :           0.6.16 : jar   [UNTRUSTED(0xc162866d)]
[info]           org.scala-js :        scalajs-library_2.12 :           0.6.16 : jar   [UNTRUSTED(0xc162866d)]
[info]           org.scala-js : scalajs-test-interface_2.12 :           0.6.16 : jar   [UNTRUSTED(0xc162866d)]
[trace] Stack trace suppressed: run last lawsJS/*:checkPgpSignatures for the full output.
[trace] Stack trace suppressed: run last coreJS/*:checkPgpSignatures for the full output.
[error] (lawsJS/*:checkPgpSignatures) Some artifacts have bad signatures or are signed by untrusted sources!
[error] (coreJS/*:checkPgpSignatures) Some artifacts have bad signatures or are signed by untrusted sources!
[error] Total time: 2 s, completed Jun 2, 2017 11:41:43 AM

Given that useGpg := false does not support subkey signing due to bugs in Bouncycastle, I'm sort of forced to use true, but that in turn means that I cannot verify signatures. :-(
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@djspiewak