Since updating to gradle 6.2.2 the bintray publishing went nuts. Bintray shows the artifact names instead of the version numbers and the library is unuseable do to this.
Did anyone experience this or knows, why this is happening?
EDIT: Switching to a 5.6.3 gradle wrapper will upload the library as it is supposed to (without the artifact/version number naming issue)
Newer Gradle versions publish more secure checksums as well. These checksums are not recognized by Bintray and thus it assumes, there's another version of the artifact. You should notice that all semantic versions are actually complete and that you could delete the non-versions.
To suppress publishing these checksums, you could add the following to your gradle properties.
systemProp.org.gradle.internal.publish.checksums.insecure=true
Gradle team takes lead initiative in replacing .md5 & .sha1 with .sha256 & .sha512.
I don't know who give them that "right" and the proper security is only package signing, so I see no reason for that breaking change (why push Apache & Sonatype & JFrog to patch their software??).
In src/dependency-management/org/gradle/api/internal/artifacts/repositories/resolver/ExternalResourceResolver.java:
public static boolean disableExtraChecksums() {
return Boolean.getBoolean("org.gradle.internal.publish.checksums.insecure");
}
private void publishChecksums(ExternalResourceName destination, File content) {
publishChecksum(destination, content, "sha1", 40);
if (!ExternalResourceResolver.disableExtraChecksums()) {
publishPossiblyUnsupportedChecksum(destination, content, "sha-256", 64);
publishPossiblyUnsupportedChecksum(destination, content, "sha-512", 128);
}
}
So the solution is to set system property org.gradle.internal.publish.checksums.insecure to true:
gradle -D org.gradle.internal.publish.checksums.insecure=true ...systemProp.org.gradle.internal.publish.checksums.insecure = true in gradle.propertiesSystem.setProperty("org.gradle.internal.publish.checksums.insecure", "true") in settings.gradleSee:
