be5bdf3219
This fully replaces gradle-witness and goes far beyond what it offered. As far as I can tell, this actually will verify every single artifact that gradle downloads and uses. This was generated in two passes to get both the PGP and the SHA256 info: ``` ./gradlew --write-verification-metadata pgp,sha256 build connectedFullDebugAndroidTest --export-keys ./gradlew --write-verification-metadata sha256 build connectedFullDebugAndroidTest ``` Thanks to @vlsi who made me aware of this, and helped make it possible. closes !837
2 lines
23 B
Plaintext
2 lines
23 B
Plaintext
*.gpg binary
|