bisq-network · cbeams · Nov 15, 2018 · Nov 10, 2018 · Nov 10, 2018 · Nov 10, 2018
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,2 @@
+# Auto detect text files and perform LF normalization
+* text=auto
diff --git a/LICENSE b/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2014 Open Whisper Systems 
+Copyright (c) 2014 Open Whisper Systems
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/README.md b/README.md
@@ -33,8 +33,8 @@ In the remote directory, the artifact consists of a POM file and a jar or aar, a
 sha1sum hash values for those files.
 
 When gradle retrieves the artifact, it will also retrieve the md5sum and sha1sums to verify that
-they match the calculated md5sum and sha1sum of the retrieved files.  The problem, obviously, is 
-that if someone is able to compromise the remote maven repository and change the jar/aar for a 
+they match the calculated md5sum and sha1sum of the retrieved files.  The problem, obviously, is
+that if someone is able to compromise the remote maven repository and change the jar/aar for a
 dependency to include some malicious functionality, they could just as easily change the md5sum
 and sha1sum values the repository advertises as well.
 

diff --git a/build.gradle b/build.gradle
@@ -5,6 +5,12 @@ dependencies {
     compile localGroovy()
 }
 
-sourceCompatibility = '1.7'
-targetCompatibility = '1.7'
+tasks.withType(AbstractArchiveTask) {
+    preserveFileTimestamps = false
+    reproducibleFileOrder = true
+}
 
+jar.doLast { task ->
+    ant.checksum file: task.archivePath
+    println "md5=" + file("build/libs/gradle-witness.jar.MD5").text.trim()
+}
diff --git a/src/main/groovy/org/whispersystems/witness/WitnessPlugin.groovy b/src/main/groovy/org/whispersystems/witness/WitnessPlugin.groovy
@@ -63,4 +63,3 @@ class WitnessPlugin implements Plugin<Project> {
         }
     }
 }
-