Keeps track of Gradle version used by androidx. When updating the version a new version prebuilt needs to be added to tools/external/gradle repository.
Keeps track of library and plugin dependencies used by androidx. Adding or updating a library there requires running ./development/importMaven/import_maven_artifacts.py -n myartifact:here:1.0.0
Checked-in local keyring used to avoid reachout to key servers whenever a key is required by Gradle to verify an artifact. In order to add a new key, first add it as a trusted-key to verification-metadata.xml, then run the following
./gradlew --write-verification-metadata sha256 --export-keys
This will update verification-keyring.keys and also create verification-keyring.gpg. gpg file needs to be deleted as androidx only uses the human readable keychain to track of the keys.
Configuration file for Gradle dependency verification used by androidx to make sure dependencies are signed with trusted signatures and that unsigned artifacts have expected checksums.
When adding a new artifact
verification-keyring.keys instructions above to add it to trusted-keysverification-metadata.xml:./gradlew --write-verification-metadata sha256