switch to using gpg for signing in build.gradle

- avoids having to put password anywhere rather will use gpg-agent - needs "signing.gnupg.keyName" in gradle.properties or else the default gpg signing key, if any, will be used which may not be desirable
TIBCOSoftware · Oct 17, 2021 · a2ab483 · a2ab483
1 parent 436612f
commit a2ab483
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 9 deletions.
diff --git a/build.gradle b/build.gradle
@@ -803,10 +803,9 @@ subprojects {
     from javadoc
   }
   if (rootProject.hasProperty('enablePublish')) {
-    if (rootProject.hasProperty('sign')) {
-      signing {
+    signing {
+      useGpgCmd()
         sign configurations.archives
-      }
     }
 
     uploadArchives {
@@ -1227,10 +1226,10 @@ ospackage {
     into '/opt/' + packageName
   }
 
-  if (rootProject.hasProperty('enablePublish') && rootProject.hasProperty('sign')) {
-    signingKeyId = rootProject.property('signing.keyId')
-    signingKeyPassphrase = rootProject.property('signing.password')
-    signingKeyRingFile = file(rootProject.property('signing.secretKeyRingFile'))
+  if (rootProject.hasProperty('enablePublish')) {
+    // signingKeyId = rootProject.property('signing.keyId')
+    // signingKeyPassphrase = rootProject.property('signing.password')
+    // signingKeyRingFile = file(rootProject.property('signing.secretKeyRingFile'))
   }
 
   link('/usr/sbin/snappy-start-all.sh', "/opt/${packageName}/sbin/snappy-start-all.sh")

diff --git a/docs/install/building_from_source.md b/docs/install/building_from_source.md
@@ -43,6 +43,7 @@ Building SparkR with the `-PR.enable` flag requires R 3.x or 4.x to be installed
 At least the following R packages along with their dependencies also need to be installed:
 `knitr`, `markdown`, `rmarkdown`, `testthat`
 
+Official builds are published to maven using the `publishMaven` task.
 
 ## Repository Layout
 

diff --git a/docs/release_notes/release_notes.md b/docs/release_notes/release_notes.md
@@ -295,7 +295,7 @@ The following table describes the download artifacts included in SnappyData 1.3.
 |snappydata-1.3.0-bin.tar.gz | Full product binary (includes Hadoop 3.2.0) |
 |snappydata-jdbc\_2.11-1.3.0.jar | JDBC client driver and push down JDBC data source for Spark |
 |snappydata-core\_2.11-1.3.0.jar | The single jar needed in Smart Connector mode; an alternative to --packages option |
-|snappydata-odbc\_1.3.0_win.zip | 32-bit and 64-bit ODBC client drivers for Windows |
+|snappydata-odbc\_1.3.0\_win.zip | 32-bit and 64-bit ODBC client drivers for Windows |
 |snappydata-1.3.0.sha256 | The SHA256 checksums of the product artifacts. On Linux verify using `sha256sum --check snappydata-1.3.0.sha256`. |
-|snappydata-1.3.0.sha256.gpg | GnuPG signature for snappydata-1.3.0.sha256. Get the public key using `gpg --keyserver hkps://keys.gnupg.net --recv-keys 573D42FDD455480DC33B7105F76D50B69DB1586C`. Then verify using `gpg --verify snappydata-1.3.0.sha256.gpg`. |
+|snappydata-1.3.0.sha256.asc | PGP signature for snappydata-1.3.0.sha256 in ASCII format. Get the public key using `gpg --keyserver hkps://keys.gnupg.net --recv-keys 573D42FDD455480DC33B7105F76D50B69DB1586C`. Then verify using `gpg --verify snappydata-1.3.0.sha256.asc` which should show the mentioned key in the verification with email as `[email protected]`. |
 |[snappydata-zeppelin\_2.11-0.8.2.1.jar](https://github.com/TIBCOSoftware/snappy-zeppelin-interpreter/releases/download/v0.8.2.1/snappydata-zeppelin_2.11-0.8.2.1.jar) | The Zeppelin interpreter jar for SnappyData compatible with Apache Zeppelin 0.8.2. The standard jdbc interpreter is preferred over this. See [How to Use Apache Zeppelin with SnappyData](../howto/use_apache_zeppelin_with_snappydata.md). |