checkPgpSignatures doesn't check all libraryDependencies

[ducwindow]

Question: checkPgpSignatures seems to skip the signature checking for the couple dependency modules. Can we force it to check all dependencies?

For example: my default xml shows 16 dependencies. However, the checkPgpSignatures only check for 8 dependencies. ./target/resolution-cache/reports/hello-world_2.10-default.xml : shows 16 dependencies:

    <module organisation="org.scalacheck" name="scalacheck_2.10">
    <module organisation="org.scala-lang" name="scala-actors">
    <module organisation="org.specs2" name="specs2_2.10">
    <module organisation="junit" name="junit">
    <module organisation="org.mockito" name="mockito-all">
    <module organisation="org.hamcrest" name="hamcrest-all">
    <module organisation="org.scala-tools.testing" name="test-interface">
    <module organisation="org.specs2" name="specs2-scalaz-core_2.10.0-RC3">
    <module organisation="org.scoverage" name="scalac-scoverage-plugin_2.10">
    <module organisation="commons-io" name="commons-io">
    <module organisation="com.sqality.scct" name="scct_2.10">
    <module organisation="org.brianmckenna" name="wartremover_2.10">
    <module organisation="org.scalamacros" name="quasiquotes_2.10">
    <module organisation="org.scala-lang" name="scala-compiler">
    <module organisation="org.scala-lang" name="scala-reflect">
    <module organisation="org.scala-lang" name="scala-library">

checkPgpSignatures reports only 8 dependencies:

[info] ----- PGP Signature Results ----- [info] com.sqality.scct : scct_2.10 : 0.3 : jar [OK] [info] org.brianmckenna : wartremover_2.10 : 0.13 : jar [OK] [info] junit : junit : 4.7 : jar [MISSING] [info] org.hamcrest : hamcrest-all : 1.1 : jar [MISSING] [info] org.mockito : mockito-all : 1.9.0 : jar [UNTRUSTED(0x8ba7b9af)] [info] org.scalacheck : scalacheck_2.10 : 1.10.1 : jar [UNTRUSTED(0xfdd5c0cd)] [info] org.scoverage : scalac-scoverage-plugin_2.10 : 0.98.2 : jar [UNTRUSTED(0xde8b1cd6)] [info] org.specs2 : specs2_2.10 : 1.12.3 : jar [UNTRUSTED(0xdcb77d02)]

[ducwindow]

I look into the below code, checkPgpSignatures gets a list of dependecies from libraryDependencies which list 9 modules. However, the checkPgpSignatures doesn't check the org.scala-lang:scala-library:2.10.4. Is it somehow filtered out?

libraryDependencies [info] List(org.brianmckenna:wartremover:0.13:plugin->default(compile), org.scala-lang:scala-library:2.10.4, com.sqality.scct:scct:0.3:scct, org.scoverage:scalac-scoverage-plugin:0.98.2:scoverage, org.specs2:specs2:1.12.3:test, org.hamcrest:hamcrest-all:1.1:test, org.mockito:mockito-all:1.9.0:test, junit:junit:4.7:test, org.scalacheck:scalacheck:1.10.1:test)

Source code

lazy val verifySettings: Seq[Setting[]] = Seq( // TODO - This is checking SBT and its plugins signatures..., maybe we can have this be a separate config or something. /*signaturesModule in updateClassifiers <<= (projectID, sbtDependency, loadedBuild, thisProjectRef) map { ( pid, sbtDep, lb, ref) => val pluginIDs: Seq[ModuleID] = lb.units(ref.build).unit.plugins.fullClasspath.flatMap( get moduleID.key) GetSignaturesModule(pid, sbtDep +: pluginIDs, Configurations.Default :: Nil) },*/ signaturesModule in updatePgpSignatures <<= (projectID, libraryDependencies) map { ( pid, deps) => GetSignaturesModule(pid, deps, Configurations.Default :: Nil) }, updatePgpSignatures <<= (ivySbt, signaturesModule in updatePgpSignatures, updateConfiguration, ivyScala, target in LocalRootProject, appConfiguration, streams) map { (is, mod, c, ivyScala, out, app, s) => PgpSignatureCheck.resolveSignatures(is, GetSignaturesConfiguration(mod, c, ivyScala), s.log) }, checkPgpSignatures <<= (updatePgpSignatures, pgpVerifier, streams) map PgpSignatureCheck.checkSignaturesTask )