Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Clean up warnings

This includes cleaning up compilation warnings and other warnings from

IDE inspection.

One large area of changes was around having proper @Nullable /

@NonNullApi to clarify nullability.

    • -4
    • +5
    ./DependencyVerificationConfiguration.java
  1. … 325 more files in changeset.
Clean up warnings

This includes cleaning up compilation warnings and other warnings from

IDE inspection.

One large area of changes was around having proper @Nullable /

@NonNullApi to clarify nullability.

    • -4
    • +5
    ./DependencyVerificationConfiguration.java
  1. … 325 more files in changeset.
Clean up warnings

This includes cleaning up compilation warnings and other warnings from

IDE inspection.

One large area of changes was around having proper @Nullable /

@NonNullApi to clarify nullability.

    • -4
    • +5
    ./DependencyVerificationConfiguration.java
  1. … 325 more files in changeset.
Clean up warnings

This includes cleaning up compilation warnings and other warnings from

IDE inspection.

One large area of changes was around having proper @Nullable /

@NonNullApi to clarify nullability.

    • -4
    • +5
    ./DependencyVerificationConfiguration.java
  1. … 325 more files in changeset.
Clean up warnings

This includes cleaning up compilation warnings and other warnings from

IDE inspection.

One large area of changes was around having proper @Nullable /

@NonNullApi to clarify nullability.

    • -4
    • +5
    ./DependencyVerificationConfiguration.java
  1. … 325 more files in changeset.
Clean up warnings

This includes cleaning up compilation warnings and other warnings from

IDE inspection.

One large area of changes was around having proper @Nullable /

@NonNullApi to clarify nullability.

    • -4
    • +5
    ./DependencyVerificationConfiguration.java
  1. … 325 more files in changeset.
Fix a number of review comments

  1. … 15 more files in changeset.
Fix a number of review comments

  1. … 15 more files in changeset.
Remove unused code and add tests for HTML report

  1. … 3 more files in changeset.
Remove unused code and add tests for HTML report

  1. … 3 more files in changeset.
Introduce an HTML report for dependency verification

This commit introduces a dependency verification report.

This report is generated for each build which has at least

one dependency verification fatal failure. The goal is to

replace the full, plain text report with a more concise

text block, less intimidating, and redirect to the HTML

report for completeness.

Currently, this report is _always_ generated, and the

console report is left untouched. However, another commit

will replace the console report with a shorter version,

with the ability to configure to build to always use the

long console report version (in case for example it's not

simple to retrieve an HTML report from a CI build).

The HTML report explains what errors the user is facing

in context, and links to the documentation for further

details.

  1. … 13 more files in changeset.
Introduce an HTML report for dependency verification

This commit introduces a dependency verification report.

This report is generated for each build which has at least

one dependency verification fatal failure. The goal is to

replace the full, plain text report with a more concise

text block, less intimidating, and redirect to the HTML

report for completeness.

Currently, this report is _always_ generated, and the

console report is left untouched. However, another commit

will replace the console report with a shorter version,

with the ability to configure to build to always use the

long console report version (in case for example it's not

simple to retrieve an HTML report from a CI build).

The HTML report explains what errors the user is facing

in context, and links to the documentation for further

details.

  1. … 13 more files in changeset.
Introduce an HTML report for dependency verification

This commit introduces a dependency verification report.

This report is generated for each build which has at least

one dependency verification fatal failure. The goal is to

replace the full, plain text report with a more concise

text block, less intimidating, and redirect to the HTML

report for completeness.

Currently, this report is _always_ generated, and the

console report is left untouched. However, another commit

will replace the console report with a shorter version,

with the ability to configure to build to always use the

long console report version (in case for example it's not

simple to retrieve an HTML report from a CI build).

The HTML report explains what errors the user is facing

in context, and links to the documentation for further

details.

  1. … 13 more files in changeset.
Introduce an HTML report for dependency verification

This commit introduces a dependency verification report.

This report is generated for each build which has at least

one dependency verification fatal failure. The goal is to

replace the full, plain text report with a more concise

text block, less intimidating, and redirect to the HTML

report for completeness.

Currently, this report is _always_ generated, and the

console report is left untouched. However, another commit

will replace the console report with a shorter version,

with the ability to configure to build to always use the

long console report version (in case for example it's not

simple to retrieve an HTML report from a CI build).

The HTML report explains what errors the user is facing

in context, and links to the documentation for further

details.

  1. … 13 more files in changeset.
Fix duplicate entry found when building error

It was possible that the same key is checked multiple times

and reported multiple times as an error if a key is found

multiple times in a single keyring. This commit works around

the problem by collecting using a regular map then converting

to an immutable map.

Fixes #11999

  1. … 1 more file in changeset.
Fix duplicate entry found when building error

It was possible that the same key is checked multiple times

and reported multiple times as an error if a key is found

multiple times in a single keyring. This commit works around

the problem by collecting using a regular map then converting

to an immutable map.

Fixes #11999

  1. … 1 more file in changeset.
Lambda-ification of the dependency management project

This makes the code base easier to read.

  1. … 65 more files in changeset.
Lambda-ification of the dependency management project

This makes the code base easier to read.

  1. … 65 more files in changeset.
Lambda-ification of the dependency management project

This makes the code base easier to read.

  1. … 65 more files in changeset.
Lambda-ification of the dependency management project

This makes the code base easier to read.

  1. … 65 more files in changeset.
Add support for key fingerprints

In order to provide maximum security, it's now possible to use full key

fingerprints, in addition to long (64-bit) key ids, in trusted or ignored

keys.

It doesn't matter what format is used: if a trusted key uses a long id,

then it's possible that if there's a key collision, an artifact would be

trusted even if it shouldn't. If a fingerprint is used instead, then we

would use the full fingerprint for verification.

It's worth nothing that PGP doesn't provide the full fingerprint in signatures

for the key issuer. This means that when we're going to download keys, we

will still use the long ids.

Fixes #11770

    • -15
    • +22
    ./SignatureVerificationFailure.java
  1. … 18 more files in changeset.
Add support for key fingerprints

In order to provide maximum security, it's now possible to use full key

fingerprints, in addition to long (64-bit) key ids, in trusted or ignored

keys.

It doesn't matter what format is used: if a trusted key uses a long id,

then it's possible that if there's a key collision, an artifact would be

trusted even if it shouldn't. If a fingerprint is used instead, then we

would use the full fingerprint for verification.

It's worth nothing that PGP doesn't provide the full fingerprint in signatures

for the key issuer. This means that when we're going to download keys, we

will still use the long ids.

Fixes #11770

    • -15
    • +22
    ./SignatureVerificationFailure.java
  1. … 18 more files in changeset.
Verify checksums for artifacts which declare them even if signature passes

This is done because signatures are done on the hash of artifacts and

not on the artifact contents itself, so if you want to ensure both

integrity and provenance, you need to check both.

  1. … 1 more file in changeset.
Verify checksums for artifacts which declare them even if signature passes

This is done because signatures are done on the hash of artifacts and

not on the artifact contents itself, so if you want to ensure both

integrity and provenance, you need to check both.

  1. … 1 more file in changeset.
Verify checksums for artifacts which declare them even if signature passes

This is done because signatures are done on the hash of artifacts and

not on the artifact contents itself, so if you want to ensure both

integrity and provenance, you need to check both.

  1. … 1 more file in changeset.
Add information about paths to dependencies when failing verification

When dependency verification fails, it's often necessary to actually

look at the artifacts which were downloaded. Gradle will not display

the paths to the artifacts which were involved in a verification

failure, so that the user can check if they are the ones they expect

or something else.

This also gives the ability to actually delete the file from the

local cache if it makes sense.

    • -2
    • +10
    ./SignatureVerificationFailure.java
  1. … 5 more files in changeset.
Add information about paths to dependencies when failing verification

When dependency verification fails, it's often necessary to actually

look at the artifacts which were downloaded. Gradle will not display

the paths to the artifacts which were involved in a verification

failure, so that the user can check if they are the ones they expect

or something else.

This also gives the ability to actually delete the file from the

local cache if it makes sense.

    • -0
    • +31
    ./AbstractVerificationFailure.java
    • -2
    • +10
    ./SignatureVerificationFailure.java
  1. … 5 more files in changeset.
Add information about paths to dependencies when failing verification

When dependency verification fails, it's often necessary to actually

look at the artifacts which were downloaded. Gradle will not display

the paths to the artifacts which were involved in a verification

failure, so that the user can check if they are the ones they expect

or something else.

This also gives the ability to actually delete the file from the

local cache if it makes sense.

    • -0
    • +31
    ./AbstractVerificationFailure.java
    • -2
    • +10
    ./SignatureVerificationFailure.java
  1. … 5 more files in changeset.
Add information about paths to dependencies when failing verification

When dependency verification fails, it's often necessary to actually

look at the artifacts which were downloaded. Gradle will not display

the paths to the artifacts which were involved in a verification

failure, so that the user can check if they are the ones they expect

or something else.

This also gives the ability to actually delete the file from the

local cache if it makes sense.

    • -0
    • +31
    ./AbstractVerificationFailure.java
    • -2
    • +10
    ./SignatureVerificationFailure.java
  1. … 5 more files in changeset.
Add information about paths to dependencies when failing verification

When dependency verification fails, it's often necessary to actually

look at the artifacts which were downloaded. Gradle will not display

the paths to the artifacts which were involved in a verification

failure, so that the user can check if they are the ones they expect

or something else.

This also gives the ability to actually delete the file from the

local cache if it makes sense.

    • -2
    • +10
    ./SignatureVerificationFailure.java
  1. … 5 more files in changeset.