Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Split the `signing` module

This commit splits the `signing` module into another `security`

project so that we can reuse some code for dependency verification.

It's worth noting that some of the classes had to remain in the `plugins`

package because they were public APIs.

Further effort to split them out may be done later.

  1. … 69 more files in changeset.
Split the `signing` module

This commit splits the `signing` module into another `security`

project so that we can reuse some code for dependency verification.

It's worth noting that some of the classes had to remain in the `plugins`

package because they were public APIs.

Further effort to split them out may be done later.

  1. … 69 more files in changeset.
Fix some lgtm alerts

  1. … 11 more files in changeset.
signing plugin: use SHA512 instead of SHA1 when signing artifacts

PGP signs a digest, so MITM is still possible provided an attacker can update

the artifact in such a way that its SHA1 is intact.

Relevant article is https://medium.com/@jonathan.leitschuh/many-of-these-gpg-signatures-are-signed-with-sha-1-which-is-vulnerable-to-a-second-preimage-attack-67104d827930

Signed-off-by: Vladimir Sitnikov <sitnikov.vladimir@gmail.com>

Apply `Explicit type can be replaced with <>` inspection the whole project

  1. … 908 more files in changeset.
Remove synthetic accessors for internal private symbol references

  1. … 902 more files in changeset.
Remove synthetic accessors for internal private symbol references

  1. … 902 more files in changeset.
Remove synthetic accessors for internal private symbol references

  1. … 890 more files in changeset.
Remove synthetic accessors for internal private symbol references

  1. … 897 more files in changeset.
Remove synthetic accessors for internal private symbol references

  1. … 902 more files in changeset.
Remove synthetic accessors for internal private symbol references

  1. … 902 more files in changeset.
Add missing @Override to all modules

Signed-off-by: Paul Merlin <paul@gradle.com>

  1. … 1005 more files in changeset.
Add missing @Override to all modules

Signed-off-by: Paul Merlin <paul@gradle.com>

  1. … 999 more files in changeset.
spelling: strictly

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

Fix handling of InterruptedExceptions

These exceptions were handled incorrectly throughout the whole

codebase, usually rethrown without restoring the interrupt status

or discarded entirely. This means that the system would not stop

executing even though the user wanted it to. In some cases this

also left the system in an inconsistent state, leading to deadlocks.

The most notable changes include:

- UncheckedException.rethrow automatically restores the interrupt status

- AsyncDispatch is guaranteed to deliver its messages, even when interrupted

- ExecHandle cancels the started process if it is interrupted while waiting

- ExecHandle disconnects from the process' output before killing it

- The worker API cancels the started work items if it is interrupted

- ManagedExecutors shut down immediately if they are interrupted while stopping

- We no longer log exceptions caused by interruption to the console

- Interrupting our caches no longer leaks file locks

  1. … 38 more files in changeset.
Polish up integration tests for gpg cmd

Signed-off-by: Bo Zhang <bo@gradle.com>

  1. … 12 more files in changeset.
Rename Signatory.getInputProperty() to getKeyId()

The new name collides with an already existing method in PgpSignatory

which returned the key in a different format. Since this method was only

used in a two test cases, these have been modified to work with the new

method instead.

  1. … 4 more files in changeset.
Improve readability of PgpSignatoryFactory.getPropertySafely()

Polish changes from pull request #2268

  1. … 3 more files in changeset.
Adds a check for null values in signing properties (#2268)

  1. … 2 more files in changeset.
Replace usages of org.gradle.api.Nullable

With javax.annotation.Nullable.

  1. … 460 more files in changeset.
Remove direct use of PgpSignatory in the Sign task

Conceptually, the signing plugin allows for using multiple signatories

that implement different signing methods. However, in practice the Sign

task always casts the signatory instance returned by Sign.getSignatory()

into a PgpSignatory. This makes it impossible to use a signatory that is

not derived from PgpSignatory.

The Sign task needs to access the PgpSignatory in order to retrieve the

key id which serves as task input value for the signatory property.

This commit fixes this direct dependency by adding the method

getInputValue() to the Signatory interface. This method returns a value

representing the input value of the signatory property. The Sign task

can then use this method for retrieving a value that represents the

signatory property for a specific signatory implementation.

  1. … 2 more files in changeset.
Move Java sources from src/main/groovy to src/main/java

There are no Groovy sources left, so there's no need to keep these files in src/main/groovy.

    • -0
    • +121
    ./PgpSignatory.java
    • -0
    • +167
    ./PgpSignatoryFactory.java
    • -0
    • +52
    ./PgpSignatoryProvider.java
  1. … 46 more files in changeset.