Re: [maven-gpg-plugin] Unable to sign artifacts with SHA-256 or higher

2021-05-27 Thread Konrad Windszus
Look at https://issues.apache.org/jira/browse/MPOM-244 which should solve this for ASF projects. Konrad > On 27. May 2021, at 13:29, Janardhan wrote: > > Thank you, for the generous response. > > The file hashes are created by maven-resolver,

Re: [maven-gpg-plugin] Unable to sign artifacts with SHA-256 or higher

2021-05-27 Thread Janardhan
Thank you, for the generous response. The file hashes are created by maven-resolver, which supports SHA-512 since > version 1.5.0 ( https://issues.apache.org/jira/browse/MRESOLVER-56 ). > If I remember correctly maven-resolver 1.5+ is included since Maven 3.8.1. > So you would have to update your

Re: [maven-gpg-plugin] Unable to sign artifacts with SHA-256 or higher

2021-05-27 Thread Michael Osipov
Am 2021-05-26 um 09:14 schrieb Janardhan: Hi Maven team, TL;DR: Can we sign (SHA-512) artifacts with gpg plugin and how?. Thanks. This is not signing, this is just a checksum for transport bitrot. If you need SHA-2 hashes use Resolver's new property for this.

Re: [maven-gpg-plugin] Unable to sign artifacts with SHA-256 or higher

2021-05-26 Thread Frederik Boster
Hi Janardhan, The maven-gpg-plugin is only responsible for creating the "asc" files which contain the PGP signature. The file hashes are created by maven-resolver, which supports SHA-512 since version 1.5.0 ( https://issues.apache.org/jira/browse/MRESOLVER-56 ). If I remember correctly

[maven-gpg-plugin] Unable to sign artifacts with SHA-256 or higher

2021-05-26 Thread Janardhan
Hi Maven team, TL;DR: Can we sign (SHA-512) artifacts with gpg plugin and how?. Thanks. 1. We are trying to sign Apache SystemDS[0] release artifacts with gpg-plugin, we are only receiving the `.md5` and `.sha1` without the `-Daether.checksums.algorithms=SHA-512` flag as per [1][4]. 2. With