Fix Gradle project sync error#16119
Conversation
The commit 5fd2e29 introduced stricter dependency verification, but this resulted in the Gradle project syncing to fail with the error: > Multiple build operations failed. > Dependency verification failed for configuration ':app:androidTestUtil': > - On artifact gradle-9.2.1-src.zip (gradle:gradle:9.2.1) in repository > 'Gradle distributions': Artifact was signed with key 'E2F38302C8075E3D' > but it wasn't found in any key server so it couldn't be verified > This can indicate that a dependency has been compromised. Please > carefully verify the signatures and checksums This happened inpedendent of the used gradle version.. The followup 32545d4 added the key's fingerprint, but this was not enough to establish trust. Adding the public key to the keyring. The key was taken from https://github.com/gradle/gradle/blob/b99fe7d304e68b978011840c31c08068f671f794/KEYS.md and cross-checked with https://gradle.org/keys/ Signed-off-by: Philipp Hasper <vcs@hasper.info>
|
@alperozturk96 I am unsure why this didn't cause issues for more developers but at least for me, building was impossible on two different machines |
|
Hello there, We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process. Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6 Thank you for contributing to Nextcloud and we hope to hear from you soon! (If you believe you should not receive this message, you can add yourself to the blocklist.) |
The commit 5fd2e29 introduced stricter dependency verification, but this resulted in the Gradle project syncing to fail with the error:
This happened independent of the used gradle version..
The followup 32545d4 added the key's fingerprint, but this was not enough to establish trust. Adding the public key to the keyring. The key was taken from
https://github.com/gradle/gradle/blob/b99fe7d304e68b978011840c31c08068f671f794/KEYS.md
and cross-checked with https://gradle.org/keys/