diff options
| author | David Göransson <david.goransson@mullvad.net> | 2025-03-19 09:55:33 +0100 |
|---|---|---|
| committer | David Göransson <david.goransson@mullvad.net> | 2025-03-20 14:40:35 +0100 |
| commit | 543662477b35be94b8a5476ce048878101dd2d75 (patch) | |
| tree | 578b0002e59c9362c931f21b4d3db866f314f089 /android | |
| parent | 8418dc5fe186d2ddb457308d55c647a6ac82c3f3 (diff) | |
| download | mullvadvpn-543662477b35be94b8a5476ce048878101dd2d75.tar.xz mullvadvpn-543662477b35be94b8a5476ce048878101dd2d75.zip | |
Update verification-metadata.keys.xml description
Diffstat (limited to 'android')
| -rw-r--r-- | android/gradle/verification-metadata.keys.xml | 24 |
1 files changed, 4 insertions, 20 deletions
diff --git a/android/gradle/verification-metadata.keys.xml b/android/gradle/verification-metadata.keys.xml index a1006dbcc2..28ccbbc9fc 100644 --- a/android/gradle/verification-metadata.keys.xml +++ b/android/gradle/verification-metadata.keys.xml @@ -1,26 +1,10 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- - This is a lockfile for gradle dependencies. See the following page for more information: - https://docs.gradle.org/current/userguide/dependency_verification.html + This is a lockfile with keys for gradle dependencies. This lists all the keys which all our gradle + dependencies are signed with. The packages that lacks signatures are listed as components and verified + by it's hash instead. - The easiest way to update this file is to run the following script: - <repository-root>/android/scripts/update-lockfile.sh - - The following trust group is only used for GitHub Actions: com.github.burrunan.multicache - - NOTE: - - In order to properly generate the components, no gradle caches should be present - (for example junit-bom-*). This is automatically handled by using the mentioned script. - For more information see: https://github.com/gradle/gradle/issues/19228 - - Comments after the verification-metadata opening tag will automatically be removed by gradle - when generating components. - see: https://github.com/gradle/gradle/issues/14885 - - WORKAROUNDS: - - Ignore gradle wrapper source being downloaded when running "Sync Project with Gradle Files" - https://youtrack.jetbrains.com/issue/IDEA-258328 - Line added: - <trust file="gradle-[0-9.]+-src.zip" regex="true"/> + For more information about the contents in this file see `verification-metadata.xml` --> <verification-metadata xmlns="https://schema.gradle.org/dependency-verification" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="https://schema.gradle.org/dependency-verification https://schema.gradle.org/dependency-verification/dependency-verification-1.3.xsd"> <configuration> |