Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
WIP - Generate HTML report for verification errors

    • -141
    • +10
    ./ChecksumAndSignatureVerificationOverride.java
    • -0
    • +36
    ./RepositoryAwareVerificationFailure.java
    • -0
    • +229
    ./report/DependencyVerificationReportWriter.java
Performance optimization for verification

Dependency verification may produce a number of

verification events which are only relevant if,

eventually, a fatal verification failure occurs.

If it's not the case, there will not be any

verification failure, therefore it's unnecessary

to perform formatting of an error message.

Previously, we would always check for verification

failures even if, in the end, there would only

be non fatal ones, which slows down IDE syncing.

    • -23
    • +26
    ./ChecksumAndSignatureVerificationOverride.java
  1. … 2 more files in changeset.
Performance optimization for verification

Dependency verification may produce a number of

verification events which are only relevant if,

eventually, a fatal verification failure occurs.

If it's not the case, there will not be any

verification failure, therefore it's unnecessary

to perform formatting of an error message.

Previously, we would always check for verification

failures even if, in the end, there would only

be non fatal ones, which slows down IDE syncing.

    • -23
    • +26
    ./ChecksumAndSignatureVerificationOverride.java
  1. … 2 more files in changeset.
Performance optimization for verification

Dependency verification may produce a number of

verification events which are only relevant if,

eventually, a fatal verification failure occurs.

If it's not the case, there will not be any

verification failure, therefore it's unnecessary

to perform formatting of an error message.

Previously, we would always check for verification

failures even if, in the end, there would only

be non fatal ones, which slows down IDE syncing.

    • -23
    • +26
    ./ChecksumAndSignatureVerificationOverride.java
  1. … 2 more files in changeset.
Performance optimization for verification

Dependency verification may produce a number of

verification events which are only relevant if,

eventually, a fatal verification failure occurs.

If it's not the case, there will not be any

verification failure, therefore it's unnecessary

to perform formatting of an error message.

Previously, we would always check for verification

failures even if, in the end, there would only

be non fatal ones, which slows down IDE syncing.

    • -23
    • +25
    ./ChecksumAndSignatureVerificationOverride.java
  1. … 1 more file in changeset.
Performance optimization for verification

Dependency verification may produce a number of

verification events which are only relevant if,

eventually, a fatal verification failure occurs.

If it's not the case, there will not be any

verification failure, therefore it's unnecessary

to perform formatting of an error message.

Previously, we would always check for verification

failures even if, in the end, there would only

be non fatal ones, which slows down IDE syncing.

    • -15
    • +19
    ./ChecksumAndSignatureVerificationOverride.java
Hacky reformat of verification failure

    • -7
    • +7
    ./ChecksumAndSignatureVerificationOverride.java
Tweak error messages

    • -4
    • +4
    ./ChecksumAndSignatureVerificationOverride.java
  1. … 3 more files in changeset.
Merge branch 'release' into cc/dm/issue-11971-merge

    • -13
    • +3
    ./DependencyVerificationOverride.java
    • -4
    • +8
    ./writer/WriteDependencyVerificationFile.java
  1. … 2 more files in changeset.
Fix incorrect Gradle root build directory location

This would cause a couple of bugs:

- a `gradle` directory would be created for each build even if

they didn't have one

- a `gradle` directory would be created for subprojects if the

gradle command was executed from this directory (#11971)

In addition, this would cause the verification metadata file to be

ignored if running from a subproject directory.

    • -11
    • +2
    ./DependencyVerificationOverride.java
    • -4
    • +6
    ./WriteDependencyVerificationFile.java
  1. … 4 more files in changeset.
Fix incorrect Gradle root build directory location

This would cause a couple of bugs:

- a `gradle` directory would be created for each build even if

they didn't have one

- a `gradle` directory would be created for subprojects if the

gradle command was executed from this directory (#11971)

In addition, this would cause the verification metadata file to be

ignored if running from a subproject directory.

    • -11
    • +2
    ./DependencyVerificationOverride.java
    • -4
    • +6
    ./WriteDependencyVerificationFile.java
  1. … 4 more files in changeset.
Fix incorrect Gradle root build directory location

This would cause a couple of bugs:

- a `gradle` directory would be created for each build even if

they didn't have one

- a `gradle` directory would be created for subprojects if the

gradle command was executed from this directory (#11971)

In addition, this would cause the verification metadata file to be

ignored if running from a subproject directory.

    • -11
    • +2
    ./DependencyVerificationOverride.java
    • -4
    • +6
    ./WriteDependencyVerificationFile.java
  1. … 4 more files in changeset.
Fix incorrect Gradle root build directory location

This would cause a couple of bugs:

- a `gradle` directory would be created for each build even if

they didn't have one

- a `gradle` directory would be created for subprojects if the

gradle command was executed from this directory (#11971)

In addition, this would cause the verification metadata file to be

ignored if running from a subproject directory.

    • -11
    • +2
    ./DependencyVerificationOverride.java
    • -4
    • +6
    ./WriteDependencyVerificationFile.java
  1. … 4 more files in changeset.
Lambda-ification of the dependency management project

This makes the code base easier to read.

  1. … 64 more files in changeset.
Lambda-ification of the dependency management project

This makes the code base easier to read.

  1. … 64 more files in changeset.
Lambda-ification of the dependency management project

This makes the code base easier to read.

  1. … 64 more files in changeset.
Lambda-ification of the dependency management project

This makes the code base easier to read.

  1. … 64 more files in changeset.
Make some error messages clearer

    • -8
    • +16
    ./ChecksumAndSignatureVerificationOverride.java
  1. … 4 more files in changeset.
Make some error messages clearer

    • -8
    • +16
    ./ChecksumAndSignatureVerificationOverride.java
  1. … 4 more files in changeset.
Fix verification of dependencies resolved in buildFinished

Previously it was possible that a user hook (buildFinished)

was executed _after_ the verification code was done. With

this commit this is no longer possible.

    • -3
    • +9
    ./ChecksumAndSignatureVerificationOverride.java
    • -1
    • +0
    ./writer/WriteDependencyVerificationFile.java
  1. … 9 more files in changeset.
Fix verification of dependencies resolved in buildFinished

Previously it was possible that a user hook (buildFinished)

was executed _after_ the verification code was done. With

this commit this is no longer possible.

    • -0
    • +6
    ./ChecksumAndSignatureVerificationOverride.java
  1. … 7 more files in changeset.
Fix verification of dependencies resolved in buildFinished

Previously it was possible that a user hook (buildFinished)

was executed _after_ the verification code was done. With

this commit this is no longer possible.

    • -3
    • +9
    ./ChecksumAndSignatureVerificationOverride.java
    • -1
    • +0
    ./writer/WriteDependencyVerificationFile.java
  1. … 9 more files in changeset.
Rework error message in case verification loading fails

As #11775 shows that dependency verification initialization

may fail for a different reason than not being able to parse

the file, the exception is more generic and the cause will

give the details.

    • -0
    • +2
    ./ChecksumAndSignatureVerificationOverride.java
  1. … 2 more files in changeset.
Rework error message in case verification loading fails

As #11775 shows that dependency verification initialization

may fail for a different reason than not being able to parse

the file, the exception is more generic and the cause will

give the details.

    • -0
    • +2
    ./ChecksumAndSignatureVerificationOverride.java
  1. … 2 more files in changeset.
Add support for key fingerprints

In order to provide maximum security, it's now possible to use full key

fingerprints, in addition to long (64-bit) key ids, in trusted or ignored

keys.

It doesn't matter what format is used: if a trusted key uses a long id,

then it's possible that if there's a key collision, an artifact would be

trusted even if it shouldn't. If a fingerprint is used instead, then we

would use the full fingerprint for verification.

It's worth nothing that PGP doesn't provide the full fingerprint in signatures

for the key issuer. This means that when we're going to download keys, we

will still use the long ids.

Fixes #11770

    • -6
    • +31
    ./writer/WriteDependencyVerificationFile.java
    • -4
    • +3
    ./writer/WriterSignatureVerificationResult.java
  1. … 18 more files in changeset.
Add support for key fingerprints

In order to provide maximum security, it's now possible to use full key

fingerprints, in addition to long (64-bit) key ids, in trusted or ignored

keys.

It doesn't matter what format is used: if a trusted key uses a long id,

then it's possible that if there's a key collision, an artifact would be

trusted even if it shouldn't. If a fingerprint is used instead, then we

would use the full fingerprint for verification.

It's worth nothing that PGP doesn't provide the full fingerprint in signatures

for the key issuer. This means that when we're going to download keys, we

will still use the long ids.

Fixes #11770

    • -6
    • +31
    ./writer/WriteDependencyVerificationFile.java
    • -4
    • +3
    ./writer/WriterSignatureVerificationResult.java
  1. … 18 more files in changeset.
Add API to disable dependency verification

This commit adds an API to disable verification on a specific

configuration (using `resolutionStrategy.disableDependencyVerification`.

This would let tasks which perform special dependency resolution (like

checking newer versions of dependencies) to pass even if dependency

verification is enabled.

    • -1
    • +2
    ./ChecksumAndSignatureVerificationOverride.java
    • -1
    • +2
    ./writer/WriteDependencyVerificationFile.java
  1. … 9 more files in changeset.
Add API to disable dependency verification

This commit adds an API to disable verification on a specific

configuration (using `resolutionStrategy.disableDependencyVerification`.

This would let tasks which perform special dependency resolution (like

checking newer versions of dependencies) to pass even if dependency

verification is enabled.

    • -1
    • +2
    ./ChecksumAndSignatureVerificationOverride.java
    • -1
    • +2
    ./writer/WriteDependencyVerificationFile.java
  1. … 9 more files in changeset.
Add API to disable dependency verification

This commit adds an API to disable verification on a specific

configuration (using `resolutionStrategy.disableDependencyVerification`.

This would let tasks which perform special dependency resolution (like

checking newer versions of dependencies) to pass even if dependency

verification is enabled.

    • -1
    • +2
    ./ChecksumAndSignatureVerificationOverride.java
    • -1
    • +2
    ./writer/WriteDependencyVerificationFile.java
  1. … 9 more files in changeset.
Add API to disable dependency verification

This commit adds an API to disable verification on a specific

configuration (using `resolutionStrategy.disableDependencyVerification`.

This would let tasks which perform special dependency resolution (like

checking newer versions of dependencies) to pass even if dependency

verification is enabled.

    • -1
    • +2
    ./ChecksumAndSignatureVerificationOverride.java
    • -1
    • +2
    ./writer/WriteDependencyVerificationFile.java
  1. … 9 more files in changeset.