Start validating signatures of androidx.compose.compiler
This is still a no-op until we move away from using project dependency
of androidx.compose.compiler
Test: ./gradlew compose:runtime:runtime:assembleDebug -> still works, no
change
Change-Id: I3a2cce9614d15d81d498c3bacdb305e9955495d6
diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
index 7fc0903..2ae8411 100644
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@@ -22,7 +22,7 @@
<trust group="gradle" name="gradle"/>
<trust file=".*-javadoc[.]jar" regex="true"/>
<trust file=".*-sources[.]jar" regex="true"/>
- <trust group="^androidx($|([.].*))" regex="true" reason="not signed yet"/>
+ <trust group="^androidx(?!\.compose.compiler\b)\..*" regex="true" reason="not signed yet"/>
<trust group="^com[.]android($|([.].*))" regex="true" reason="b/215430394"/>
</trusted-artifacts>
<trusted-keys>
@@ -277,7 +277,7 @@
<trusted-key id="82F833963889D7ED06F1E4DC6525FD70CC303655" group="org.codehaus.mojo"/>
<trusted-key id="835A685C8C6F49C54980E5CAF406F31BC1468EBA" group="org.jcodec"/>
<trusted-key id="842AFB86375D805422835BFD82B5574242C20D6F" group="org.antlr"/>
- <trusted-key id="8461EFA0E74ABAE010DE66994EB27DB2A3B88B8B" group="^androidx[.]test($|([.].*))" regex="true"/>
+ <trusted-key id="8461EFA0E74ABAE010DE66994EB27DB2A3B88B8B" group="^androidx\..*" regex="true"/>
<trusted-key id="84789D24DF77A32433CE1F079EB80E92EB2135B1">
<trusting group="org.apache"/>
<trusting group="org.apache.maven" name="maven-parent"/>
