Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Add opt-out to the duplicate project name detection

This commit reworks the project with duplicate names cycle

detection fix by adding an opt-out: because the new behavior

may force existing users to set both the artifactId and groupId

to publications even if they don't publish all projects, this

could be a potential breaking change.

    • -0
    • +35
    ./resolve/ProjectDependencyResolveIntegrationTest.groovy
  1. … 6 more files in changeset.
Add opt-out to the duplicate project name detection

This commit reworks the project with duplicate names cycle

detection fix by adding an opt-out: because the new behavior

may force existing users to set both the artifactId and groupId

to publications even if they don't publish all projects, this

could be a potential breaking change.

    • -0
    • +35
    ./resolve/ProjectDependencyResolveIntegrationTest.groovy
  1. … 6 more files in changeset.
Merge remote-tracking branch 'origin/master-test' into release-test

    • -0
    • +35
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
Merge remote-tracking branch 'origin/master-test' into release-test

    • -0
    • +35
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
Merge remote-tracking branch 'origin/master-test' into release-test

    • -0
    • +35
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
Revert reselection on selector removal

The change is causing instability and will need more complete testing

and feedback from large builds.

Issue #6567

    • -0
    • +4
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
  1. … 1 more file in changeset.
Tests showing the issue with legacy artifact selection

Issue #11825

    • -0
    • +120
    ./resolve/compatibility/ArtifactAndClassifierCompatibilityIntegrationTest.groovy
Tests showing the issue with legacy artifact selection

Issue #11825

    • -0
    • +120
    ./resolve/compatibility/ArtifactAndClassifierCompatibilityIntegrationTest.groovy
Add test (not yet reproducing the issue)

    • -0
    • +37
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
Add test (not yet reproducing the issue)

    • -0
    • +37
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
Add test to reproduce exception on reselection

    • -0
    • +34
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
Fix circular dependencies when project have the same name

Before this commit, during dependency resolution, a synthetic

module version identifier was generated by project, using the

group and name of the project. However, it's possible for a

project in gradle to have the same name as another in the

same build, leading to duplicates. In this case the projects

were mixed together and lead to a circular dependency.

This commit fixes the problem by making sure we generate

distinct module version identifiers for such projects, by

using the full project path as the name instead of the short

name.

This also makes it possible to publish valid publications

when using the maven or ivy publish plugins. However, we detect

this problem early and warn the user that they should overwrite

the project identity in this case.

    • -0
    • +45
    ./resolve/ProjectDependencyResolveIntegrationTest.groovy
  1. … 14 more files in changeset.
Fix circular dependencies when project have the same name

Before this commit, during dependency resolution, a synthetic

module version identifier was generated by project, using the

group and name of the project. However, it's possible for a

project in gradle to have the same name as another in the

same build, leading to duplicates. In this case the projects

were mixed together and lead to a circular dependency.

This commit fixes the problem by making sure we generate

distinct module version identifiers for such projects, by

using the full project path as the name instead of the short

name.

This also makes it possible to publish valid publications

when using the maven or ivy publish plugins. However, we detect

this problem early and warn the user that they should overwrite

the project identity in this case.

    • -0
    • +45
    ./resolve/ProjectDependencyResolveIntegrationTest.groovy
  1. … 14 more files in changeset.
Fix circular dependencies when project have the same name

Before this commit, during dependency resolution, a synthetic

module version identifier was generated by project, using the

group and name of the project. However, it's possible for a

project in gradle to have the same name as another in the

same build, leading to duplicates. In this case the projects

were mixed together and lead to a circular dependency.

This commit fixes the problem by making sure we generate

distinct module version identifiers for such projects, by

using the full project path as the name instead of the short

name.

This also makes it possible to publish valid publications

when using the maven or ivy publish plugins. However, we detect

this problem early and warn the user that they should overwrite

the project identity in this case.

    • -0
    • +45
    ./resolve/ProjectDependencyResolveIntegrationTest.groovy
  1. … 14 more files in changeset.
Make some error messages clearer

    • -0
    • +5
    ./resolve/verification/AbstractDependencyVerificationIntegTest.groovy
    • -7
    • +3
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
    • -7
    • +7
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 2 more files in changeset.
Make some error messages clearer

    • -0
    • +5
    ./resolve/verification/AbstractDependencyVerificationIntegTest.groovy
    • -7
    • +3
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
    • -7
    • +7
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 2 more files in changeset.
Break erroneous cycle if a component depending on itself is evicted (#11811)

    • -0
    • +34
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
  1. … 1 more file in changeset.
Break erroneous cycle if a component depending on itself is evicted

    • -0
    • +34
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
  1. … 1 more file in changeset.
Update module resolve state before accessing it recursively

    • -0
    • +34
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
  1. … 1 more file in changeset.
Make sure module resolve state is correct when accessed recursively

    • -0
    • +32
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
  1. … 1 more file in changeset.
good state

    • -0
    • +32
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
Add test that reproduces #11844

    • -0
    • +35
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
Add test case for serialization issue with recursion

    • -0
    • +33
    ./resolve/VersionConflictResolutionIntegrationTest.groovy
Fix verification of dependencies resolved in buildFinished

Previously it was possible that a user hook (buildFinished)

was executed _after_ the verification code was done. With

this commit this is no longer possible.

    • -0
    • +36
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
    • -2
    • +47
    ./resolve/verification/DependencyVerificationSignatureWriteIntegTest.groovy
    • -3
    • +3
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 8 more files in changeset.
Fix verification of dependencies resolved in buildFinished

Previously it was possible that a user hook (buildFinished)

was executed _after_ the verification code was done. With

this commit this is no longer possible.

    • -0
    • +36
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
    • -2
    • +47
    ./resolve/verification/DependencyVerificationSignatureWriteIntegTest.groovy
    • -3
    • +3
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 5 more files in changeset.
Fix verification of dependencies resolved in buildFinished

Previously it was possible that a user hook (buildFinished)

was executed _after_ the verification code was done. With

this commit this is no longer possible.

    • -0
    • +36
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
    • -2
    • +47
    ./resolve/verification/DependencyVerificationSignatureWriteIntegTest.groovy
    • -3
    • +3
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 8 more files in changeset.
Rework error message in case verification loading fails

As #11775 shows that dependency verification initialization

may fail for a different reason than not being able to parse

the file, the exception is more generic and the cause will

give the details.

    • -2
    • +3
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
  1. … 2 more files in changeset.
Rework error message in case verification loading fails

As #11775 shows that dependency verification initialization

may fail for a different reason than not being able to parse

the file, the exception is more generic and the cause will

give the details.

    • -2
    • +3
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
  1. … 2 more files in changeset.
Add support for key fingerprints

In order to provide maximum security, it's now possible to use full key

fingerprints, in addition to long (64-bit) key ids, in trusted or ignored

keys.

It doesn't matter what format is used: if a trusted key uses a long id,

then it's possible that if there's a key collision, an artifact would be

trusted even if it shouldn't. If a fingerprint is used instead, then we

would use the full fingerprint for verification.

It's worth nothing that PGP doesn't provide the full fingerprint in signatures

for the key issuer. This means that when we're going to download keys, we

will still use the long ids.

Fixes #11770

    • -2
    • +3
    ./resolve/verification/AbstractSignatureVerificationIntegrationTest.groovy
    • -23
    • +131
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
    • -6
    • +5
    ./resolve/verification/DependencyVerificationSignatureWriteIntegTest.groovy
  1. … 17 more files in changeset.
Add support for key fingerprints

In order to provide maximum security, it's now possible to use full key

fingerprints, in addition to long (64-bit) key ids, in trusted or ignored

keys.

It doesn't matter what format is used: if a trusted key uses a long id,

then it's possible that if there's a key collision, an artifact would be

trusted even if it shouldn't. If a fingerprint is used instead, then we

would use the full fingerprint for verification.

It's worth nothing that PGP doesn't provide the full fingerprint in signatures

for the key issuer. This means that when we're going to download keys, we

will still use the long ids.

Fixes #11770

    • -2
    • +3
    ./resolve/verification/AbstractSignatureVerificationIntegrationTest.groovy
    • -23
    • +131
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
    • -6
    • +5
    ./resolve/verification/DependencyVerificationSignatureWriteIntegTest.groovy
  1. … 17 more files in changeset.