Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Make it possible to disable metadata verification

This commit introduces basic configuration for dependency

verification. The only thing that is configurable now is

the ability to disable verification of metadata. This can

be useful whenever the user only wants to trust artifacts,

because addition of metadata in verification files can

be quite verbose.

    • -1
    • +49
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
    • -0
    • +107
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 13 more files in changeset.
Make it possible to disable metadata verification

This commit introduces basic configuration for dependency

verification. The only thing that is configurable now is

the ability to disable verification of metadata. This can

be useful whenever the user only wants to trust artifacts,

because addition of metadata in verification files can

be quite verbose.

    • -0
    • +49
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
    • -0
    • +106
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 13 more files in changeset.
Fix verification of alternate checksums

    • -0
    • +33
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
  1. … 1 more file in changeset.
Fix writing/verification of alternate checksums

    • -0
    • +33
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
    • -1
    • +60
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 2 more files in changeset.
Fix writing/verification of alternate checksums

    • -0
    • +33
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
    • -1
    • +60
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 2 more files in changeset.
Fix writing/verification of alternate checksums

    • -0
    • +33
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
    • -1
    • +60
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 2 more files in changeset.
Make verification model more resilient to real world projects

Dogfooding the Gradle build with dependenvy verification proved to

be helpful. There are quite a few cases where we discover dependencies

which come from different repositories. Reposiories can also be mirrored

and sometimes the mirror doesn't mirror what is was supposed to.

The problem is that working around, for example by fixing the mirrors

or figuring out how to fetch a dependency from the right place can be

tricky. It's often easier to go and check the dependency and/or metadata

and approve it.

For this purpose, the verification metadata file now includes the

ability to have "alternate", trusted checksums. It also adds the ability

to tell where a checksum comes from, as indication to the reader. Checksums

generated by Gradle will be marked as such, and therefore a reader can

see that they are less "trustworthy" than checksums fetched by a human.

    • -24
    • +23
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 12 more files in changeset.
Make verification model more resilient to real world projects

Dogfooding the Gradle build with dependenvy verification proved to

be helpful. There are quite a few cases where we discover dependencies

which come from different repositories. Reposiories can also be mirrored

and sometimes the mirror doesn't mirror what is was supposed to.

The problem is that working around, for example by fixing the mirrors

or figuring out how to fetch a dependency from the right place can be

tricky. It's often easier to go and check the dependency and/or metadata

and approve it.

For this purpose, the verification metadata file now includes the

ability to have "alternate", trusted checksums. It also adds the ability

to tell where a checksum comes from, as indication to the reader. Checksums

generated by Gradle will be marked as such, and therefore a reader can

see that they are less "trustworthy" than checksums fetched by a human.

    • -24
    • +23
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 12 more files in changeset.
Make verification model more resilient to real world projects

Dogfooding the Gradle build with dependenvy verification proved to

be helpful. There are quite a few cases where we discover dependencies

which come from different repositories. Reposiories can also be mirrored

and sometimes the mirror doesn't mirror what is was supposed to.

The problem is that working around, for example by fixing the mirrors

or figuring out how to fetch a dependency from the right place can be

tricky. It's often easier to go and check the dependency and/or metadata

and approve it.

For this purpose, the verification metadata file now includes the

ability to have "alternate", trusted checksums. It also adds the ability

to tell where a checksum comes from, as indication to the reader. Checksums

generated by Gradle will be marked as such, and therefore a reader can

see that they are less "trustworthy" than checksums fetched by a human.

    • -24
    • +23
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 12 more files in changeset.
Make verification model more resilient to real world projects

Dogfooding the Gradle build with dependenvy verification proved to

be helpful. There are quite a few cases where we discover dependencies

which come from different repositories. Reposiories can also be mirrored

and sometimes the mirror doesn't mirror what is was supposed to.

The problem is that working around, for example by fixing the mirrors

or figuring out how to fetch a dependency from the right place can be

tricky. It's often easier to go and check the dependency and/or metadata

and approve it.

For this purpose, the verification metadata file now includes the

ability to have "alternate", trusted checksums. It also adds the ability

to tell where a checksum comes from, as indication to the reader. Checksums

generated by Gradle will be marked as such, and therefore a reader can

see that they are less "trustworthy" than checksums fetched by a human.

    • -24
    • +23
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 12 more files in changeset.
De-duplicate entries based on file name instead of artifact id

Because Gradle internally sometimes uses `DefaultModuleComponentArtifactIdentifier`

or `ModuleComponentFileArtifactIdentifier` for the same artifact depending on the

context, we can't rely on equality here. This commit changes the internal verification

structure to rely on the file name which is more consistent and fixes duplication

issues.

    • -0
    • +81
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 8 more files in changeset.
De-duplicate entries based on file name instead of artifact id

Because Gradle internally sometimes uses `DefaultModuleComponentArtifactIdentifier`

or `ModuleComponentFileArtifactIdentifier` for the same artifact depending on the

context, we can't rely on equality here. This commit changes the internal verification

structure to rely on the file name which is more consistent and fixes duplication

issues.

    • -0
    • +81
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 8 more files in changeset.
De-duplicate entries based on file name instead of artifact id

Because Gradle internally sometimes uses `DefaultModuleComponentArtifactIdentifier`

or `ModuleComponentFileArtifactIdentifier` for the same artifact depending on the

context, we can't rely on equality here. This commit changes the internal verification

structure to rely on the file name which is more consistent and fixes duplication

issues.

    • -0
    • +81
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 8 more files in changeset.
De-duplicate entries based on file name instead of artifact id

Because Gradle internally sometimes uses `DefaultModuleComponentArtifactIdentifier`

or `ModuleComponentFileArtifactIdentifier` for the same artifact depending on the

context, we can't rely on equality here. This commit changes the internal verification

structure to rely on the file name which is more consistent and fixes duplication

issues.

    • -0
    • +81
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 8 more files in changeset.
Restore accidentally deleted code

    • -13
    • +13
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
    • -22
    • +22
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 1 more file in changeset.
Sort conflict participants

In some corner cases, it matters to select first the conflict winner

before attempting any other selection.

Fixes #11569

    • -0
    • +10
    ./resolve/rules/ComponentReplacementIntegrationTest.groovy
  1. … 1 more file in changeset.
Sort conflict participants

In some corner cases, it matters to select first the conflict winner

before attempting any other selection.

Fixes #11569

    • -0
    • +10
    ./resolve/rules/ComponentReplacementIntegrationTest.groovy
  1. … 1 more file in changeset.
Recompute selected component when removing selector

Previously, once a component was selected, removing a selector would not

change the resolution result, potentially keeping a selection that no

longer applied.

Now upon removal of a selector, the selected component may be updated.

In order to prevent infinite loops in some cases, the recompute on

removal only happens once per SelectorState instance.

Fixes #6567

    • -11
    • +34
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
  1. … 7 more files in changeset.
Recompute selected component when removing selector

Previously, once a component was selected, removing a selector would not

change the resolution result, potentially keeping a selection that no

longer applied.

Now upon removal of a selector, the selected component may be updated.

In order to prevent infinite loops in some cases, the recompute on

removal only happens once per SelectorState instance.

Fixes #6567

    • -11
    • +34
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
  1. … 7 more files in changeset.
Recompute selected component when removing selector

Previously, once a component was selected, removing a selector would not

change the resolution result, potentially keeping a selection that no

longer applied.

Now upon removal of a selector, the selected component may be updated.

In order to prevent infinite loops in some cases, the recompute on

removal only happens once per SelectorState instance.

Fixes #6567

    • -11
    • +35
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
  1. … 7 more files in changeset.
Recompute selected component when removing selector

Previously, once a component was selected, removing a selector would not

change the resolution result, potentially keeping a selection that no

longer applied.

Now upon removal of a selector, the selected component may be updated.

In order to prevent infinite loops in some cases, the recompute on

removal only happens once per SelectorState instance.

Fixes #6567

    • -11
    • +35
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
  1. … 7 more files in changeset.
Recompute selected component when removing selector

Previously, once a component was selected, removing a selector would not

change the resolution result, potentially keeping a selection that no

longer applied.

Now upon removal of a selector, the selected component may be updated.

In order to prevent infinite loops in some cases, the recompute on

removal only happens once per SelectorState instance.

Fixes #6567

    • -11
    • +34
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
  1. … 6 more files in changeset.
Recompute selected component when removing selector

Previously, once a component was selected, removing a selector would not

change the resolution result, potentially keeping a selection that no

longer applied.

Now upon removal of a selector, the selected component may be updated.

In order to prevent infinite loops in some cases, the recompute on

removal only happens once per SelectorState instance.

Fixes #6567

    • -11
    • +35
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
  1. … 7 more files in changeset.
Recompute selected component when removing selector

Previously, once a component was selected, removing a selector would not

change the resolution result, potentially keeping a selection that no

longer applied.

Now upon removal of a selector, the selected component may be updated.

In order to prevent infinite loops in some cases, the recompute on

removal only happens once per SelectorState instance.

Fixes #6567

    • -11
    • +35
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
  1. … 7 more files in changeset.
Recompute selected component when removing selector

Previously, once a component was selected, removing a selector would not

change the resolution result, potentially keeping a selection that no

longer applied.

Now upon removal of a selector, the selected component may be updated.

In order to prevent infinite loops in some cases, the recompute on

removal only happens once per SelectorState instance.

Fixes #6567

    • -11
    • +35
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
  1. … 7 more files in changeset.
Recompute selected component when removing selector

Previously, once a component was selected, removing a selector would not

change the resolution result, potentially keeping a selection that no

longer applied.

Now upon removal of a selector, the selected component may be updated.

In order to prevent infinite loops in some cases, the recompute on

removal only happens once per SelectorState instance.

Fixes #6567

    • -11
    • +34
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
  1. … 7 more files in changeset.
Recompute selected component when removing selector

Previously, once a component was selected, removing a selector would not

change the resolution result, potentially keeping a selection that no

longer applied.

Now upon removal of a selector, the selected component may be updated.

In order to prevent infinite loops in some cases, the recompute on

removal only happens once per SelectorState instance.

Fixes #6567

    • -11
    • +35
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
  1. … 7 more files in changeset.
Recompute selected component when removing selector

Previously, once a component was selected, removing a selector would not

change the resolution result, potentially keeping a selection that no

longer applied.

Now upon removal of a selector, the selected component may be updated.

In order to prevent infinite loops in some cases, the recompute on

removal only happens once per SelectorState instance.

Fixes #6567

    • -11
    • +35
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
  1. … 7 more files in changeset.
Add lenient version of ComponentMetadataDetails.addVariant()

    • -10
    • +90
    ./resolve/rules/VariantFilesMetadataRulesIntegrationTest.groovy
  1. … 10 more files in changeset.
Introduce a checksum file cache service

This service is responsible for caching the checksums computed from

local file system. Because it's also used for dependency verification

writing and checking, this cache uses the existing infrastructure which

makes sure that if a file is updated locally, we expire the entry in

the cache.

This is done because there are lots of places in the code where we

used the legacy `HashUtil` class, which has no caching whatsoever.

It's, however, quite common to have a build which generates sha1

checksums multiple times for the same file. For example, during

publication.

    • -6
    • +9
    ./resolve/caching/CachedDependencyResolutionIntegrationTest.groovy
    • -3
    • +3
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 101 more files in changeset.