Skip to content

liutikas/guava-signature-repro

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
app
app
 
 
gradle
gradle
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
build.gradle.kts
build.gradle.kts
 
 
gradle.properties
gradle.properties
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle.kts
settings.gradle.kts
 
 

Repository files navigation

Reproduction of guava signature verification failure

  1. ./gradlew assembleDebug

Expected

Success

Actual

Failures in signature verification

* What went wrong:
Execution failed for task ':app:checkDebugDuplicateClasses'.
> Dependency verification failed for configuration ':app:debugRuntimeClasspath'
  One artifact failed verification: guava-32.1.3-android.jar (com.google.guava:guava:32.1.3-jre) from repository MavenRepo
  If the artifacts are trustworthy, you will need to update the gradle/verification-metadata.xml file. For more on how to do this, please refer to https://docs.gradle.org/8.7/userguide/dependency_verification.html#sec:troubleshooting-verification in the Gradle documentation.

HTML report then has details that module com.google.guava:guava:32.1.3-jre artifact guava-32.1.3-android.jar is missing checksums. That is because Gradle tries to find guava-32.1.3-android.jar.asc which is missing, so signing verification calls back to checksum verification.

It seems to happen due to guava trying to do "clever" redirect

      "files": [
        {
          "name": "guava-32.1.3-android.jar",
          "url": "../32.1.3-android/guava-32.1.3-android.jar"
        }
      ],

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages