Skip to content

Fix Gradle project sync error#16119

Merged
alperozturk96 merged 1 commit into
nextcloud:masterfrom
PhilLab:add_gradle_signing_key
Dec 11, 2025
Merged

Fix Gradle project sync error#16119
alperozturk96 merged 1 commit into
nextcloud:masterfrom
PhilLab:add_gradle_signing_key

Conversation

@PhilLab

@PhilLab PhilLab commented Dec 11, 2025

Copy link
Copy Markdown
Contributor

The commit 5fd2e29 introduced stricter dependency verification, but this resulted in the Gradle project syncing to fail with the error:

Multiple build operations failed.
Dependency verification failed for configuration ':app:androidTestUtil':

  • On artifact gradle-9.2.1-src.zip (gradle:gradle:9.2.1) in repository
    'Gradle distributions': Artifact was signed with key 'E2F38302C8075E3D'
    but it wasn't found in any key server so it couldn't be verified
    This can indicate that a dependency has been compromised. Please
    carefully verify the signatures and checksums

This happened independent of the used gradle version..

The followup 32545d4 added the key's fingerprint, but this was not enough to establish trust. Adding the public key to the keyring. The key was taken from
https://github.com/gradle/gradle/blob/b99fe7d304e68b978011840c31c08068f671f794/KEYS.md
and cross-checked with https://gradle.org/keys/

  • Tests written, or not not needed

The commit 5fd2e29 introduced stricter
dependency verification, but this resulted in the Gradle project syncing
to fail with the error:
> Multiple build operations failed.
> Dependency verification failed for configuration ':app:androidTestUtil':
>   - On artifact gradle-9.2.1-src.zip (gradle:gradle:9.2.1) in repository
> 'Gradle distributions': Artifact was signed with key 'E2F38302C8075E3D'
> but it wasn't found in any key server so it couldn't be verified
> This can indicate that a dependency has been compromised. Please
> carefully verify the signatures and checksums

This happened inpedendent of the used gradle version..

The followup 32545d4 added the key's
fingerprint, but this was not enough to establish trust. Adding the public
key to the keyring. The key was taken from
https://github.com/gradle/gradle/blob/b99fe7d304e68b978011840c31c08068f671f794/KEYS.md
and cross-checked with https://gradle.org/keys/

Signed-off-by: Philipp Hasper <vcs@hasper.info>
@PhilLab

PhilLab commented Dec 11, 2025

Copy link
Copy Markdown
Contributor Author

@alperozturk96 I am unsure why this didn't cause issues for more developers but at least for me, building was impossible on two different machines

@alperozturk96 alperozturk96 merged commit 49c3be8 into nextcloud:master Dec 11, 2025
15 of 19 checks passed
@AndyScherzinger AndyScherzinger added this to the Nextcloud App 3.36.0 milestone Dec 11, 2025
@PhilLab PhilLab deleted the add_gradle_signing_key branch December 22, 2025 22:08
@github-actions

Copy link
Copy Markdown

Hello there,
Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.

We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.

Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6

Thank you for contributing to Nextcloud and we hope to hear from you soon!

(If you believe you should not receive this message, you can add yourself to the blocklist.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants