Sign the maven build artifacts #4614
Description
Is your feature request related to a problem? Please describe.
In order for apps using wallet-core to be included in F-Droid, wallet-core needs to be published to a maven repository which F-Droid trusts, one option being mavenCentral. I did some testing using the artifacts from GitHub and found that they are not signed while mavenCentral requires all artifacts to be signed.
Describe the solution you'd like
Please create an OpenPGP key (probably an ECC key would be most future-proof) for the email address provided in the metadata added according to #4613 and upload it to:
Make sure to click the confirmation link in the verification email.
Use this key to generate .asc signature files for all your maven build artifacts. Example command:
for i in $(ls *.aar *.pom *.module *.json *.jar *.klib); do gpg -ab --yes $i; done
Publish these signatures somewhere.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Checklist
- Generate OpenPGP key
- Publish to keyservers
- https://keyserver.ubuntu.com/
- https://keys.openpgp.org/
- Click link in confirmation email
- https://pgp.mit.edu/
- Create signature files
- Publish signature files
Resources
https://github.com/trustwallet/wallet-core/packages/700258
https://github.com/trustwallet/wallet-core/packages/1838567
https://github.com/trustwallet/wallet-core/packages/1784044
https://github.com/trustwallet/wallet-core/packages/1784039
https://github.com/trustwallet/wallet-core/packages/1784043
https://github.com/trustwallet/wallet-core/packages/1937616
Additional context
The email address needs to match the one defined in the .pom file. See: #4613