Could not determine the dependencies of task ':src:bshclient:checkstyleMain'. > Checksum/PGP violations detected on resolving configuration :src:bshclient:checkstyle No PGP signature (.asc file) found for artifact: com.google.collections:google-collections:1.0 (pgp=[], sha512=[5741BCDF5C2D54DAA53A60972D61D0FB3ACB68A31AB4A913832DE71C47B4ABD59B85E760A335D7EFDE55D4E309824839B09F9224A43C124BD54C634A87A9B7F7]) No trusted PGP keys are configured for group org.apache.maven.doxia: org.apache.maven.doxia:doxia-core:1.12.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) org.apache.maven.doxia:doxia-logging-api:1.12.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) org.apache.maven.doxia:doxia-module-xdoc:1.12.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) org.apache.maven.doxia:doxia-sink-api:1.12.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) No trusted PGP keys are configured for group org.codehaus.plexus: org.codehaus.plexus:plexus-classworlds:2.6.0 (pgp=[b02137d875d833d9b23392ecae5a7fb608a0221c], sha512=[computation skipped]) org.codehaus.plexus:plexus-component-annotations:2.1.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) org.codehaus.plexus:plexus-container-default:2.1.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) org.codehaus.plexus:plexus-utils:3.3.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) Trusted PGP keys for group org.apache.commons are [12d16069219c90212a974d119ae296fd02e9f65b, 2db4f1ef0fa761ecc4ea935c86fdc7e2a11262cb, 3692c12c7e3d336a452beb254e066e0459cd109b, 41a1a08c62fca78b79d3081164a16faaec16a4be, ce8075a251547bee249bc151a2115ae15f6b8b72, d6f1bc78607808ec8e9f69437a8860944fad5f62], however artifact is signed by [b6e73d84ea4fcc47166087253faad2cd5ecbb314] only: org.apache.commons:commons-lang3:3.8.1 (pgp=[b6e73d84ea4fcc47166087253faad2cd5ecbb314], sha512=[computation skipped]) org.apache.commons:commons-text:1.3 (pgp=[b6e73d84ea4fcc47166087253faad2cd5ecbb314], sha512=[computation skipped]) Trusted PGP keys for group org.apache.xbean are [82d8419ba697f0e7fb85916ee91287822fdb81b1, c758f9cc982ac877e7b295dd6e97418b04b11dcb], however artifact is signed by [223d3a74b068eca354dc385ce126833f9cf64915] only: org.apache.xbean:xbean-reflect:3.7 (pgp=[223d3a74b068eca354dc385ce126833f9cf64915], sha512=[computation skipped]) There might be more checksum violations, however, current configuration specifies the build to fail on the first violation. You might use the following properties: * -PchecksumIgnore temporary disables checksum-dependency-plugin (e.g. to try new dependencies) * -PchecksumUpdate updates checksum.xml and it will fail after the first violation so you can review the diff * -PchecksumUpdateAll (insecure) updates checksum.xml with all the new discovered checksums * -PchecksumFailOn=build_finish (insecure) It will postpone the failure till the build finish It will collect all the violations, however untrusted code might be executed (e.g. from a plugin) You can find updated checksum.xml file at D:\a\jmeter\jmeter\build\checksum\checksum.xml. You might add -PchecksumUpdate to update root checksum.xml file.

Could not determine the dependencies of task ':src:bshclient:checkstyleMain'. > Checksum/PGP violations detected on resolving configuration :src:bshclient:checkstyle No PGP signature (.asc file) found for artifact: com.google.collections:google-collections:1.0 (pgp=[], sha512=[5741BCDF5C2D54DAA53A60972D61D0FB3ACB68A31AB4A913832DE71C47B4ABD59B85E760A335D7EFDE55D4E309824839B09F9224A43C124BD54C634A87A9B7F7]) No trusted PGP keys are configured for group org.apache.maven.doxia: org.apache.maven.doxia:doxia-core:1.12.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) org.apache.maven.doxia:doxia-logging-api:1.12.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) org.apache.maven.doxia:doxia-module-xdoc:1.12.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) org.apache.maven.doxia:doxia-sink-api:1.12.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) No trusted PGP keys are configured for group org.codehaus.plexus: org.codehaus.plexus:plexus-classworlds:2.6.0 (pgp=[b02137d875d833d9b23392ecae5a7fb608a0221c], sha512=[computation skipped]) org.codehaus.plexus:plexus-component-annotations:2.1.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) org.codehaus.plexus:plexus-container-default:2.1.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) org.codehaus.plexus:plexus-utils:3.3.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) Trusted PGP keys for group org.apache.commons are [12d16069219c90212a974d119ae296fd02e9f65b, 2db4f1ef0fa761ecc4ea935c86fdc7e2a11262cb, 3692c12c7e3d336a452beb254e066e0459cd109b, 41a1a08c62fca78b79d3081164a16faaec16a4be, ce8075a251547bee249bc151a2115ae15f6b8b72, d6f1bc78607808ec8e9f69437a8860944fad5f62], however artifact is signed by [b6e73d84ea4fcc47166087253faad2cd5ecbb314] only: org.apache.commons:commons-lang3:3.8.1 (pgp=[b6e73d84ea4fcc47166087253faad2cd5ecbb314], sha512=[computation skipped]) org.apache.commons:commons-text:1.3 (pgp=[b6e73d84ea4fcc47166087253faad2cd5ecbb314], sha512=[computation skipped]) Trusted PGP keys for group org.apache.xbean are [82d8419ba697f0e7fb85916ee91287822fdb81b1, c758f9cc982ac877e7b295dd6e97418b04b11dcb], however artifact is signed by [223d3a74b068eca354dc385ce126833f9cf64915] only: org.apache.xbean:xbean-reflect:3.7 (pgp=[223d3a74b068eca354dc385ce126833f9cf64915], sha512=[computation skipped]) There might be more checksum violations, however, current configuration specifies the build to fail on the first violation. You might use the following properties: * -PchecksumIgnore temporary disables checksum-dependency-plugin (e.g. to try new dependencies) * -PchecksumUpdate updates checksum.xml and it will fail after the first violation so you can review the diff * -PchecksumUpdateAll (insecure) updates checksum.xml with all the new discovered checksums * -PchecksumFailOn=build_finish (insecure) It will postpone the failure till the build finish It will collect all the violations, however untrusted code might be executed (e.g. from a plugin) You can find updated checksum.xml file at /Users/runner/work/jmeter/jmeter/build/checksum/checksum.xml. You might add -PchecksumUpdate to update root checksum.xml file.

Could not determine the dependencies of task ':src:bshclient:checkstyleMain'. > Checksum/PGP violations detected on resolving configuration :src:bshclient:checkstyle No PGP signature (.asc file) found for artifact: com.google.collections:google-collections:1.0 (pgp=[], sha512=[5741BCDF5C2D54DAA53A60972D61D0FB3ACB68A31AB4A913832DE71C47B4ABD59B85E760A335D7EFDE55D4E309824839B09F9224A43C124BD54C634A87A9B7F7]) No trusted PGP keys are configured for group org.apache.maven.doxia: org.apache.maven.doxia:doxia-core:1.12.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) org.apache.maven.doxia:doxia-logging-api:1.12.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) org.apache.maven.doxia:doxia-module-xdoc:1.12.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) org.apache.maven.doxia:doxia-sink-api:1.12.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) No trusted PGP keys are configured for group org.codehaus.plexus: org.codehaus.plexus:plexus-classworlds:2.6.0 (pgp=[b02137d875d833d9b23392ecae5a7fb608a0221c], sha512=[computation skipped]) org.codehaus.plexus:plexus-component-annotations:2.1.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) org.codehaus.plexus:plexus-container-default:2.1.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) org.codehaus.plexus:plexus-utils:3.3.0 (pgp=[fa77dcfef2ee6eb2debedd2c012579464d01c06a], sha512=[computation skipped]) Trusted PGP keys for group org.apache.commons are [12d16069219c90212a974d119ae296fd02e9f65b, 2db4f1ef0fa761ecc4ea935c86fdc7e2a11262cb, 3692c12c7e3d336a452beb254e066e0459cd109b, 41a1a08c62fca78b79d3081164a16faaec16a4be, ce8075a251547bee249bc151a2115ae15f6b8b72, d6f1bc78607808ec8e9f69437a8860944fad5f62], however artifact is signed by [b6e73d84ea4fcc47166087253faad2cd5ecbb314] only: org.apache.commons:commons-lang3:3.8.1 (pgp=[b6e73d84ea4fcc47166087253faad2cd5ecbb314], sha512=[computation skipped]) org.apache.commons:commons-text:1.3 (pgp=[b6e73d84ea4fcc47166087253faad2cd5ecbb314], sha512=[computation skipped]) Trusted PGP keys for group org.apache.xbean are [82d8419ba697f0e7fb85916ee91287822fdb81b1, c758f9cc982ac877e7b295dd6e97418b04b11dcb], however artifact is signed by [223d3a74b068eca354dc385ce126833f9cf64915] only: org.apache.xbean:xbean-reflect:3.7 (pgp=[223d3a74b068eca354dc385ce126833f9cf64915], sha512=[computation skipped]) There might be more checksum violations, however, current configuration specifies the build to fail on the first violation. You might use the following properties: * -PchecksumIgnore temporary disables checksum-dependency-plugin (e.g. to try new dependencies) * -PchecksumUpdate updates checksum.xml and it will fail after the first violation so you can review the diff * -PchecksumUpdateAll (insecure) updates checksum.xml with all the new discovered checksums * -PchecksumFailOn=build_finish (insecure) It will postpone the failure till the build finish It will collect all the violations, however untrusted code might be executed (e.g. from a plugin) You can find updated checksum.xml file at D:\a\jmeter\jmeter\build\checksum\checksum.xml. You might add -PchecksumUpdate to update root checksum.xml file.