ยซ Changelog History


sbt-pgp v2.0.0 Release Notes

Release Date: 2019-09-15 // over 4 years ago

  • ๐Ÿ“š The documentation for sbt-pgp is moved to https://github.com/sbt/sbt-pgp (README on GitHub).

    ๐Ÿ’ฅ Breaking change: Default to use GnuPG (useGpg := true)

    sbt-pgp 1.x had useGpg set to false, which used Bouncy Castle a Java library for signing etc.

    0๏ธโƒฃ Instead, sbt-pgp 2.0.0 flips the default to use the locally installed gpg.
    #146 by @eed3si9n

    This is overridable from the system property SBT_PGP_USE_GPG:

    $ sbt -DSBT_PGP_USE_GPG=false

    0๏ธโƒฃ In addition, useGpgAgent setting also defaults to true, which should reduce the need to store passphrases in the plain.

    ๐Ÿ—„ Breaking change: Bouncy Castle mode is now deprecated

    ๐Ÿšš We no longer recommend the Bouncy Castle mode. Related, pgp-cmd command has been removed.
    ๐Ÿ‘€ See Importing key pair on how to migrate old key pair into gpg.

    ๐Ÿ’ฅ Breaking change: camel case key name

    ๐Ÿ— sbt-pgp 1.x had camelCase in the build.sbt, but kebab-case in the sbt shell.
    sbt-pgp 2.0.0 unifies them to camelCase.

    ๐Ÿ’ฅ Breaking change: package name change

    ๐Ÿ— The package name is changed from com.typesafe.sbt.pgp to com.jsuereth.sbtpgp to match the organization of the artifact. If the build user enables sbt-pgp 2.0.0 globally, this might show up as:

    [error] /Users/xxx/work/playframework/project/BuildSettings.scala:7:21: object sbt is not a member of package com.typesafe
[error] import com.typesafe.sbt.pgp.PgpKeys
[error] ^

    Signing Key

    0๏ธโƒฃ By default, all signing operations will use gpg's default key. Following the convention set by jodersky/sbt-gpg, specific key can now be used by setting sbt Credentials for the host "gpg", instead of usePgpKeyHex(...):

    credentials += Credentials( "GnuPG Key ID", "gpg", "2BE67AC00D699E04E840B7FE29967E804D85663F", // key identifier"ignored" // this field is ignored; passwords are supplied by pinentry)

    pgpKeyRing key

    0๏ธโƒฃ Instead of reusing Bouncy Castle settings, sbt-pgp 2.0.0 adds a new optional key pgpKeyRing to override the key ring. This is set to None by default. #166 by @eed3si9n

    PGP_PASSPHRASE environment variable

    ๐Ÿš€ Following the convention set by olafurpg/sbt-ci-release, sbt-pgp 2.0.0 will automatically use the value set to PGP_PASSPHRASE as the passphrase. #165 by @eed3si9n

    ๐Ÿ’ป sbt-pgp 1.x has provided ways of storing passphrase using pgpPassphrase or in the credentials, but we no longer recommend using these methods on your laptop.

    ๐Ÿ‘ pinentry support

    โž• Adds a pinentry option to sbt-pgp, by using the --pinentry-mode loopback option.

    โž• Adds a useGpgPinentry boolean key that if set with useGpg and useGpgAgent set, will use a specialized signer CommandLineGpgPinentrySigner. #142 by @wsargent

    Commits

    v1.1.2...v2.0.0