sbt-pgp v2.0.0 Release Notes
Release Date: 2019-09-15 // over 4 years ago-
๐ The documentation for sbt-pgp is moved to https://github.com/sbt/sbt-pgp (README on GitHub).
๐ฅ Breaking change: Default to use GnuPG (useGpg := true)
sbt-pgp 1.x had
useGpg
set tofalse
, which used Bouncy Castle a Java library for signing etc.0๏ธโฃ Instead, sbt-pgp 2.0.0 flips the default to use the locally installed
gpg
.
#146 by @eed3si9nThis is overridable from the system property
SBT_PGP_USE_GPG
:$ sbt -DSBT_PGP_USE_GPG=false
0๏ธโฃ In addition,
useGpgAgent
setting also defaults totrue
, which should reduce the need to store passphrases in the plain.๐ Breaking change: Bouncy Castle mode is now deprecated
๐ We no longer recommend the Bouncy Castle mode. Related,
pgp-cmd
command has been removed.
๐ See Importing key pair on how to migrate old key pair intogpg
.๐ฅ Breaking change: camel case key name
๐ sbt-pgp 1.x had camelCase in the
build.sbt
, but kebab-case in the sbt shell.
sbt-pgp 2.0.0 unifies them to camelCase.๐ฅ Breaking change: package name change
๐ The package name is changed from
com.typesafe.sbt.pgp
tocom.jsuereth.sbtpgp
to match the organization of the artifact. If the build user enables sbt-pgp 2.0.0 globally, this might show up as:[error] /Users/xxx/work/playframework/project/BuildSettings.scala:7:21: object sbt is not a member of package com.typesafe [error] import com.typesafe.sbt.pgp.PgpKeys [error] ^
Signing Key
0๏ธโฃ By default, all signing operations will use gpg's default key. Following the convention set by jodersky/sbt-gpg, specific key can now be used by setting sbt
Credentials
for the host"gpg"
, instead ofusePgpKeyHex(...)
:credentials += Credentials( "GnuPG Key ID", "gpg", "2BE67AC00D699E04E840B7FE29967E804D85663F", // key identifier"ignored" // this field is ignored; passwords are supplied by pinentry)
pgpKeyRing key
0๏ธโฃ Instead of reusing Bouncy Castle settings, sbt-pgp 2.0.0 adds a new optional key
pgpKeyRing
to override the key ring. This is set toNone
by default. #166 by @eed3si9nPGP_PASSPHRASE environment variable
๐ Following the convention set by olafurpg/sbt-ci-release, sbt-pgp 2.0.0 will automatically use the value set to
PGP_PASSPHRASE
as the passphrase. #165 by @eed3si9n๐ป sbt-pgp 1.x has provided ways of storing passphrase using
pgpPassphrase
or in the credentials, but we no longer recommend using these methods on your laptop.๐ pinentry support
โ Adds a pinentry option to sbt-pgp, by using the
--pinentry-mode loopback
option.โ Adds a
useGpgPinentry
boolean key that if set withuseGpg
anduseGpgAgent
set, will use a specialized signerCommandLineGpgPinentrySigner
. #142 by @wsargentCommits