Run witness checksums in task and only when compiling.

fork-5.53.8
Alan Evans 2020-12-04 12:32:17 -04:00 zatwierdzone przez Greyson Parrelli
rodzic 898d92ba54
commit 67a3a30d4c
1 zmienionych plików z 58 dodań i 37 usunięć

Wyświetl plik

@ -15,16 +15,31 @@ class WitnessPluginExtension {
class WitnessPlugin implements Plugin<Project> { class WitnessPlugin implements Plugin<Project> {
static String calculateSha256(file) { static String calculateSha256(file) {
MessageDigest md = MessageDigest.getInstance("SHA-256"); MessageDigest md = MessageDigest.getInstance('SHA-256')
file.eachByte 4096, { bytes, size -> file.eachByte 4096, { bytes, size ->
md.update(bytes, 0, size); md.update(bytes, 0, size)
} }
return md.digest().collect {String.format "%02x", it}.join(); return md.digest().collect { String.format '%02x', it }.join()
} }
void apply(Project project) { void apply(Project project) {
project.extensions.create("dependencyVerification", WitnessPluginExtension) project.extensions.create('dependencyVerification', WitnessPluginExtension)
project.afterEvaluate { project.afterEvaluate {
project.tasks
.findAll { it.name =~ /compile/ }
.each {
it.dependsOn('verifyChecksums')
}
}
project.task('verifyChecksums') {
group = 'Gradle Witness'
description = 'Verify the contents of dependencyVerification block in witness-verifications.gradle file(s) match the checksums of dependencies.'
doLast {
def allArtifacts = allArtifacts(project)
project.dependencyVerification.verify.each { project.dependencyVerification.verify.each {
assertion -> assertion ->
List parts = assertion[0].tokenize(':') List parts = assertion[0].tokenize(':')
@ -32,25 +47,30 @@ class WitnessPlugin implements Plugin<Project> {
String name = parts.get(1) String name = parts.get(1)
String hash = assertion[1] String hash = assertion[1]
def artifacts = allArtifacts(project).findAll { def artifacts = allArtifacts.findAll {
return it.name.equals(name) && it.moduleVersion.id.group.equals(group) it.moduleVersion.id.group == group && it.name == name
} }
artifacts.forEach { dependency -> artifacts.forEach { dependency ->
println "Verifying " + group + ":" + name println "Verifying $group:$name"
if (dependency == null) { if (dependency == null) {
throw new InvalidUserDataException("No dependency for integrity assertion found: " + group + ":" + name) throw new InvalidUserDataException("No dependency for integrity assertion found: $group:$name")
} }
if (!hash.equals(calculateSha256(dependency.file))) { if (hash != calculateSha256(dependency.file)) {
throw new InvalidUserDataException("Checksum failed for " + assertion) throw new InvalidUserDataException("Checksum failed for $assertion")
}
} }
} }
} }
} }
project.task('calculateChecksums').doLast { project.task('calculateChecksums') {
group = 'Gradle Witness'
description = 'Recalculate checksums of dependencies and update the witness-verifications.gradle file(s).'
doLast {
def stringBuilder = new StringBuilder() def stringBuilder = new StringBuilder()
stringBuilder.append '// Auto-generated, use ./gradlew calculateChecksums to regenerate\n\n' stringBuilder.append '// Auto-generated, use ./gradlew calculateChecksums to regenerate\n\n'
@ -67,10 +87,11 @@ class WitnessPlugin implements Plugin<Project> {
dep -> stringBuilder.append "\n $dep,\n" dep -> stringBuilder.append "\n $dep,\n"
} }
stringBuilder.append " ]\n" stringBuilder.append ' ]\n'
stringBuilder.append "}\n" stringBuilder.append '}\n'
project.file("witness-verifications.gradle").write(stringBuilder.toString()) project.file('witness-verifications.gradle').write(stringBuilder.toString())
}
} }
} }