replace witness plugin with gradle dependency checksum verification (#223)

* replace witness plugin with gradle builtin dependency checksum verification

I noticed that a recent dependency change didn't needed checksum change. It was because the witness plugin only checked the listed checksums, not all the dependencies. If the dependency was not on the list, the new checksum was not verified.

Gradle now has its own verification mechanism, see https://docs.gradle.org/current/userguide/dependency_verification.html

After a dependency is added or a version is changed, the checksums could be regenerated using the following command.

```
gradle --write-verification-metadata sha256 help
````

 The help task is just used to discover as much as possible dependencies, and if subsequent builds fail with a verification error, you can re-execute generation with the appropriate tasks to "discover" more dependencies

 I verified that all the checksums from the removed file are present in the new one.

jcenter repository (used only for gradle shadow plugin) is replaced with gradlePluginPortal. jcenter is shutting down anyway and the checksums for shadow plugin and its dependencies were not added automatically to the xml file for some reason.

* add javadoc and source as trusted artifacts

Co-authored-by: woodser <woodser@protonmail.com>
This commit is contained in:
Přemek Vyhnal 2022-02-06 17:36:58 +01:00 committed by GitHub
parent f264cdb244
commit 17d109a15e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 2171 additions and 95 deletions

View file

@ -1,12 +1,11 @@
buildscript {
repositories {
jcenter()
gradlePluginPortal()
}
dependencies {
classpath 'com.google.protobuf:protobuf-gradle-plugin:0.8.10'
classpath 'com.google.gradle:osdetector-gradle-plugin:1.6.0'
classpath 'com.github.jengelman.gradle.plugins:shadow:5.2.0'
classpath files('gradle/witness/gradle-witness.jar')
classpath 'org.springframework.boot:spring-boot-gradle-plugin:1.5.10.RELEASE'
}
}
@ -280,9 +279,9 @@ configure(project(':common')) {
annotationProcessor "org.projectlombok:lombok:$lombokVersion"
testCompile "org.hamcrest:hamcrest-all:$hamcrestVersion"
// override transitive dependency version from 1.5 to the same version just identified by commit number.
// override transitive dependency version from 1.5 to the same version just identified by commit number.
// Remove this if transitive dependency is changed to something else than 1.5
compile( group: 'com.github.JesusMcCloud', name: 'jtorctl') { version { strictly "[9b5ba2036b]" } }
compile(group: 'com.github.JesusMcCloud', name: 'jtorctl') { version { strictly "[9b5ba2036b]" } }
}
}
@ -347,6 +346,7 @@ configure(project(':core')) {
exclude(module: 'jackson-annotations')
exclude(module: 'jackson-databind')
exclude(module: 'bcprov-jdk15on')
exclude(group: 'org.slf4j', module: 'slf4j-simple')
}
implementation("org.apache.httpcomponents.client5:httpclient5:$httpclient5Version")
implementation "com.google.protobuf:protobuf-java:$protobufVersion"
@ -407,8 +407,6 @@ configure(project(':cli')) {
configure(project(':desktop')) {
apply plugin: 'com.github.johnrengelman.shadow'
apply plugin: 'witness'
apply from: '../gradle/witness/gradle-witness.gradle'
apply from: 'package/package.gradle'
version = '1.6.2-SNAPSHOT'

File diff suppressed because it is too large Load diff

View file

@ -1,89 +0,0 @@
// To update the `dependencyVerification` block below (we don't add local bisq modules and org.openjfx libraries as
// those cause problems):
//
// 1. Remove the block entirely
// 2. Replace the block with the following command:
//
// ./gradlew -q calculateChecksums | grep -v 'bisq:\|org.openjfx:' >> gradle/witness/gradle-witness.gradle
//
// 3. Run `git diff` to verify that expected hashes have changed
// 4. Commit the changes
//
// Note: The checksums are SHA-256.
//
// See https://github.com/signalapp/gradle-witness#using-witness for further details.
dependencyVerification {
verify = [
'aopalliance:aopalliance:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08',
'ch.qos.logback:logback-classic:86a0268c3c96888d4e49d8a754b5b2173286aee100559e803efcbb0df676c66e',
'ch.qos.logback:logback-core:58738067842476feeae5768e832cd36a0e40ce41576ba5739c3632d376bd8c86',
'com.fasterxml.jackson.core:jackson-annotations:203cefdfa6c81e6aa84e11f292f29ca97344a3c3bc0293abea065cd837592873',
'com.fasterxml.jackson.core:jackson-core:cc899cb6eae0c80b87d590eea86528797369cc4feb7b79463207d6bb18f0c257',
'com.fasterxml.jackson.core:jackson-databind:f2ca3c28ebded59c98447d51afe945323df961540af66a063c015597af936aa0',
'com.github.JesusMcCloud:jtorctl:b2bdfe9758e4c82ff1b10e7c3098981bf55ea3e5f161ee7990ac125003a6cdbe',
'com.github.bisq-network.netlayer:tor.external:e1d6b8fe73891207701c6b14317be789fd4acd25f7b499425d2471598d9a22ac',
'com.github.bisq-network.netlayer:tor.native:aa3edf9c27071fdc2b7d55b00dbc7c6cd5dc9aa9f87aafa4be0805f818a466be',
'com.github.bisq-network.netlayer:tor:37198bc56e8fe112f8c80441544a2b9731929dae586bda841a4a926fdc04f457',
'com.github.bisq-network.tor-binary:tor-binary-geoip:cfefbf2d8591b5dd321ec17a02a3682d21763cf50525fa5496c9ec8968413c4e',
'com.github.bisq-network.tor-binary:tor-binary-linux32:b82b6595f78ef52a44e58000fe5d7f679681739451872f5bbd123e5dbd2af050',
'com.github.bisq-network.tor-binary:tor-binary-linux64:d5c1d54b2c2323ac1124435be633c7822a28e6fe9160486d03102cc2b444df24',
'com.github.bisq-network.tor-binary:tor-binary-macos:6216d66241e020fec1a55648d7176ef64959e094c493df8f49e7e8e8f62fe1e1',
'com.github.bisq-network.tor-binary:tor-binary-windows:28a1031d7610863f774eedbd00b83b06b132781c31077b805033299de3e3a263',
'com.github.bisq-network:bitcoinj:65ed08fa5777ea4a08599bdd575e7dc1f4ba2d4d5835472551439d6f6252e68a',
'com.github.bisq-network:jsonrpc4j:842b4a660440ef53cd436da2e21c3e1fed939b620a3fc7542307deb3e77fdeb6',
'com.github.ravn:jsocks:3c71600af027b2b6d4244e4ad14d98ff2352a379410daebefff5d8cd48d742a4',
'com.google.android:annotations:ba734e1e84c09d615af6a09d33034b4f0442f8772dec120efb376d86a565ae15',
'com.google.api.grpc:proto-google-common-protos:bd60cd7a423b00fb824c27bdd0293aaf4781be1daba6ed256311103fb4b84108',
'com.google.code.findbugs:jsr305:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7',
'com.google.code.gson:gson:233a0149fc365c9f6edbd683cfe266b19bdc773be98eabdaf6b3c924b48e7d81',
'com.google.errorprone:error_prone_annotations:baf7d6ea97ce606c53e11b6854ba5f2ce7ef5c24dddf0afa18d1260bd25b002c',
'com.google.guava:failureaccess:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26',
'com.google.guava:guava:fc3aa363ad87223d1fbea584eee015a862150f6d34c71f24dc74088a635f08ef',
'com.google.guava:listenablefuture:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99',
'com.google.inject:guice:d258ff1bd9b8b527872f8402648226658ad3149f1f40e74b0566d69e7e042fbc',
'com.google.j2objc:j2objc-annotations:21af30c92267bd6122c0e0b4d20cccb6641a37eaf956c6540ec471d584e64a7b',
'com.google.protobuf:protobuf-java:161d7d61a8cb3970891c299578702fd079646e032329d6c2cabf998d191437c9',
'com.google.zxing:core:11aae8fd974ab25faa8208be50468eb12349cd239e93e7c797377fa13e381729',
'com.google.zxing:javase:0ec23e2ec12664ddd6347c8920ad647bb3b9da290f897a88516014b56cc77eb9',
'com.googlecode.jcsv:jcsv:73ca7d715e90c8d2c2635cc284543b038245a34f70790660ed590e157b8714a2',
'com.jfoenix:jfoenix:8060235fec5eb49617ec8d81d379e8c945f6cc722d0645e97190045100de2084',
'commons-codec:commons-codec:61f7a3079e92b9fdd605238d0295af5fd11ac411a0a0af48deace1f6c5ffa072',
'commons-io:commons-io:f877d304660ac2a142f3865badfc971dec7ed73c747c7f8d5d2f5139ca736513',
'commons-logging:commons-logging:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636',
'de.jensd:fontawesomefx-commons:5539bb3335ecb822dbf928546f57766eeb9f1516cc1417a064b5709629612149',
'de.jensd:fontawesomefx-materialdesignfont:dbad8dfdd1c85e298d5bbae25b2399aec9e85064db57b2427d10f3815aa98752',
'de.jensd:fontawesomefx:73bacc991a0a6f5cf0f911767c8db161e0949dbca61e8371eb4342e3da96887b',
'io.github.microutils:kotlin-logging:4992504fd3c6ecdf9ed10874b9508e758bb908af9e9d7af19a61e9afb6b7e27a',
'io.grpc:grpc-api:a269094009588213ab5386a6fb92426b8056a130b2653d3b4e59e971f2f1ef08',
'io.grpc:grpc-context:f4c8f878c320f6fb56c1c14692618f6df8253314b556176e32727afbc5921a73',
'io.grpc:grpc-core:d67fa113fd9cc45a02710f9c41dda9c15191448c14e9e96fcc21839a41345d4c',
'io.grpc:grpc-netty-shaded:9edfd45da473d2efbb5683fc3eaf1857e82d2148033d82dd558a7ac38731ea33',
'io.grpc:grpc-protobuf-lite:9ba9aaa3e6997a04c707793c25e3ec88c6bad86f8d6f6b8b7a1a0c33ea2429d8',
'io.grpc:grpc-protobuf:454dae7e246dac25526ed5b795d97a5dafedd3cc2042cfc810f02051d7d3e3cb',
'io.grpc:grpc-stub:1532e291c0e9fd8230a6416c8ebbd902d99c7e2760241ae638ea761aa3dd5f43',
'io.opencensus:opencensus-api:8e2cb0f6391d8eb0a1bcd01e7748883f0033b1941754f4ed3f19d2c3e4276fc8',
'io.opencensus:opencensus-contrib-grpc-metrics:29fc79401082301542cab89d7054d2f0825f184492654c950020553ef4ff0ef8',
'io.perfmark:perfmark-api:b734ba2149712409a44eabdb799f64768578fee0defe1418bb108fe32ea43e1a',
'javax.inject:javax.inject:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
'net.glxn:qrgen:c85d9d8512d91e8ad11fe56259a7825bd50ce0245447e236cf168d1b17591882',
'net.jcip:jcip-annotations:be5805392060c71474bf6c9a67a099471274d30b83eef84bfc4e0889a4f1dcc0',
'net.sf.jopt-simple:jopt-simple:df26cc58f235f477db07f753ba5a3ab243ebe5789d9f89ecf68dd62ea9a66c28',
'org.apache.commons:commons-compress:5f2df1e467825e4cac5996d44890c4201c000b43c0b23cffc0782d28a0beb9b0',
'org.apache.commons:commons-lang3:4ee380259c068d1dbe9e84ab52186f2acd65de067ec09beff731fca1697fdb16',
'org.apache.httpcomponents:httpclient:bc5f065aba5dd815ee559dd24d9bcb797fb102ff9cfa036f5091ebc529bd3b93',
'org.apache.httpcomponents:httpcore:e06e89d40943245fcfa39ec537cdbfce3762aecde8f9c597780d2b00c2b43424',
'org.bouncycastle:bcpg-jdk15on:dc4f51adfc46583c2543489c82708fef5660202bf264c7cd453f081a117ea536',
'org.bouncycastle:bcprov-jdk15on:28155c8695934f666fabc235f992096e40d97ecb044d5b6b0902db6e15a0b72f',
'org.bouncycastle:bcprov-jdk15to18:82c28318b178da751d174b1adf6c43e0199f0fcf80a7bf6483caa226ae0d30b3',
'org.checkerframework:checker-qual:d261fde25d590f6b69db7721d469ac1b0a19a17ccaaaa751c31f0d8b8260b894',
'org.fxmisc.easybind:easybind:666af296dda6de68751668a62661571b5238ac6f1c07c8a204fc6f902b222aaf',
'org.jetbrains.kotlin:kotlin-stdlib-common:6c91dea17d7dce5f0b550c3de3305767e5fb46247b6d1eb7eca0ca1fe18458de',
'org.jetbrains.kotlin:kotlin-stdlib-jdk7:25e2409aba0ec37d2fd7c77727d7835b511879de8d9bf4862af0b493aabbe39e',
'org.jetbrains.kotlin:kotlin-stdlib-jdk8:f7dbbaee3e0841758187a213c052388a4e619e11c87ab16f4bc229cfe7ce5fed',
'org.jetbrains.kotlin:kotlin-stdlib:6ea3d0921b26919b286f05cbdb906266666a36f9a7c096197114f7495708ffbc',
'org.jetbrains:annotations:ace2a10dc8e2d5fd34925ecac03e4988b2c0f851650c94b8cef49ba1bd111478',
'org.slf4j:slf4j-api:cdba07964d1bb40a0761485c6b1e8c2f8fd9eb1d19c53928ac0d7f9510105c57',
'org.tukaani:xz:a594643d73cc01928cf6ca5ce100e094ea9d73af760a5d4fb6b75fa673ecec96',
]
}

Binary file not shown.