Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a system property to disable publishing of SHA-256 #11358

Merged
merged 1 commit into from Nov 14, 2019
Merged

Add a system property to disable publishing of SHA-256 #11358

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
11 changes: 9 additions & 2 deletions ...ava/org/gradle/api/internal/artifacts/repositories/resolver/ExternalResourceResolver.java
View file
Open in desktop
Expand Up @@ -319,8 +319,10 @@ private void put(File src, ExternalResourceName destination) {
private void publishChecksums(ExternalResourceName destination, File content) {
publishChecksum(destination, content, "sha1", 40);

publishPossiblyUnsupportedChecksum(destination, content, "sha-256", 64);
publishPossiblyUnsupportedChecksum(destination, content, "sha-512", 128);
if (!ExternalResourceResolver.disableExtraChecksums()) {
publishPossiblyUnsupportedChecksum(destination, content, "sha-256", 64);
publishPossiblyUnsupportedChecksum(destination, content, "sha-512", 128);
}
}

private void publishPossiblyUnsupportedChecksum(ExternalResourceName destination, File content, String algorithm, int length) {
Expand Down Expand Up @@ -584,4 +586,9 @@ public void listed(List<String> versions) {
result.listed(versions);
}
}

public static boolean disableExtraChecksums() {
return Boolean.getBoolean("org.gradle.internal.publish.checksums.insecure");
}

}
5 changes: 5 additions & 0 deletions subprojects/docs/src/docs/release/notes.md
View file
Open in desktop
Expand Up @@ -276,6 +276,11 @@ Publication of SHA256 and SHA512 files is _not_ supported by the deprecated `mav

In addition, the Gradle Module Metadata file also includes SHA256 and SHA512 checksums on referenced artifacts.

Since 6.0.1, if your external repository doesn't support SHA256 and/or SHA512 checksums, it is possible to disable upload of those checksums:

- add `-Dorg.gradle.internal.publish.checksums.insecure` to the CLI or
- add `org.gradle.internal.publish.checksums.insecure=true` to your `gradle.properties` file

### Support for in-memory signing with subkeys

Gradle now supports [in-memory signing](userguide/signing_plugin.html#sec:in-memory-keys) with subkeys.
Expand Down
18 changes: 17 additions & 1 deletion .../internal-integ-testing/src/main/groovy/org/gradle/test/fixtures/ivy/IvyFileModule.groovy
View file
Open in desktop
Expand Up @@ -55,6 +55,7 @@ class IvyFileModule extends AbstractModule implements IvyModule {
String status = "integration"
MetadataPublish metadataPublish = MetadataPublish.ALL
boolean writeGradleMetadataRedirection = false
private boolean withExtraChecksums = true

int publishCount = 1
XmlTransformer transformer = new XmlTransformer()
Expand Down Expand Up @@ -246,6 +247,18 @@ class IvyFileModule extends AbstractModule implements IvyModule {
return this
}

@Override
IvyModule withoutExtraChecksums() {
withExtraChecksums = false
this
}

@Override
IvyModule withExtraChecksums() {
withExtraChecksums = true
this
}

IvyFileModule nonTransitive(String config) {
configurations[config].transitive = false
return this
Expand Down Expand Up @@ -581,7 +594,10 @@ class IvyFileModule extends AbstractModule implements IvyModule {
void assertArtifactsPublished(String... names) {
def expectedArtifacts = [] as Set
for (name in names) {
expectedArtifacts.addAll([name, "${name}.sha1", "${name}.sha256", "${name}.sha512"])
expectedArtifacts.addAll([name, "${name}.sha1"])
if (withExtraChecksums) {
expectedArtifacts.addAll(["${name}.sha256", "${name}.sha512"])
}
}

List<String> publishedArtifacts = moduleDir.list().sort()
Expand Down
4 changes: 4 additions & 0 deletions ...ojects/internal-integ-testing/src/main/groovy/org/gradle/test/fixtures/ivy/IvyModule.java
View file
Open in desktop
Expand Up @@ -59,6 +59,10 @@ public interface IvyModule extends Module {

IvyModule withoutGradleMetadataRedirection();

IvyModule withoutExtraChecksums();

IvyModule withExtraChecksums();

/**
* Attributes:
* organisation
Expand Down
12 changes: 12 additions & 0 deletions ...teg-testing/src/main/groovy/org/gradle/test/fixtures/server/http/DelegatingIvyModule.java
View file
Open in desktop
Expand Up @@ -134,6 +134,18 @@ public IvyModule withoutGradleMetadataRedirection() {
return t();
}

@Override
public IvyModule withoutExtraChecksums() {
backingModule.withoutExtraChecksums();
return t();
}

@Override
public IvyModule withExtraChecksums() {
backingModule.withExtraChecksums();
return t();
}

@Override
public IvyModule withBranch(String branch) {
backingModule.withBranch(branch);
Expand Down
29 changes: 22 additions & 7 deletions ...ojects/ivy/src/integTest/groovy/org/gradle/api/publish/ivy/IvyPublishHttpIntegTest.groovy
View file
Open in desktop
Expand Up @@ -55,7 +55,8 @@ credentials {
server.expectUserAgent(matchesNameAndVersion("Gradle", GradleVersion.current().getVersion()))
}

def "can publish to unauthenticated HTTP repository"() {
@Unroll
def "can publish to unauthenticated HTTP repository (extra checksums = #extraChecksums)"() {
given:
server.start()
settingsFile << 'rootProject.name = "publish"'
Expand All @@ -78,19 +79,30 @@ credentials {
}
"""

if (!extraChecksums) {
executer.withArgument("-Dorg.gradle.internal.publish.checksums.insecure=true")
module.withoutExtraChecksums()
}

and:
module.jar.expectPut()
module.jar.sha1.expectPut()
module.jar.sha256.expectPut()
module.jar.sha512.expectPut()
if (extraChecksums) {
module.jar.sha256.expectPut()
module.jar.sha512.expectPut()
}
module.ivy.expectPut(HttpStatus.ORDINAL_201_Created)
module.ivy.sha1.expectPut(HttpStatus.ORDINAL_201_Created)
module.ivy.sha256.expectPut(HttpStatus.ORDINAL_201_Created)
module.ivy.sha512.expectPut(HttpStatus.ORDINAL_201_Created)
if (extraChecksums) {
module.ivy.sha256.expectPut(HttpStatus.ORDINAL_201_Created)
module.ivy.sha512.expectPut(HttpStatus.ORDINAL_201_Created)
}
module.moduleMetadata.expectPut()
module.moduleMetadata.sha1.expectPut()
module.moduleMetadata.sha256.expectPut()
module.moduleMetadata.sha512.expectPut()
if (extraChecksums) {
module.moduleMetadata.sha256.expectPut()
module.moduleMetadata.sha512.expectPut()
}

when:
succeeds 'publish'
Expand All @@ -103,6 +115,9 @@ credentials {
progressLogging.uploadProgressLogged(module.moduleMetadata.uri)
progressLogging.uploadProgressLogged(module.ivy.uri)
progressLogging.uploadProgressLogged(module.jar.uri)

where:
extraChecksums << [true, false]
}

def "can publish to a repository even if it doesn't support sha256/sha512 signatures"() {
Expand Down
23 changes: 16 additions & 7 deletions .../maven/src/integTest/groovy/org/gradle/api/publish/maven/MavenPublishHttpIntegTest.groovy
View file
Open in desktop
Expand Up @@ -54,10 +54,16 @@ class MavenPublishHttpIntegTest extends AbstractMavenPublishIntegTest {
settingsFile << 'rootProject.name = "publish"'
}

def "can publish to an unauthenticated http repo"() {
@Unroll
def "can publish to an unauthenticated http repo (with extra checksums = #extraChecksums)"() {
given:
buildFile << publicationBuild(version, group, mavenRemoteRepo.uri)
expectModulePublish(module)

if (!extraChecksums) {
executer.withArgument("-Dorg.gradle.internal.publish.checksums.insecure=true")
module.withoutExtraChecksums()
}
expectModulePublish(module, extraChecksums)

when:
succeeds 'publish'
Expand All @@ -74,6 +80,9 @@ class MavenPublishHttpIntegTest extends AbstractMavenPublishIntegTest {
module.rootMetaData.verifyChecksums()
module.rootMetaData.versions == ["2"]
module.moduleMetadata.verifyChecksums()

where:
extraChecksums << [true, false]
}

def "can publish to a repository even if it doesn't support sha256/sha512 signatures"() {
Expand Down Expand Up @@ -352,12 +361,12 @@ class MavenPublishHttpIntegTest extends AbstractMavenPublishIntegTest {
"""
}

private void expectModulePublish(MavenHttpModule module) {
module.artifact.expectPublish()
private void expectModulePublish(MavenHttpModule module, boolean extraChecksums = true) {
module.artifact.expectPublish(extraChecksums)
module.rootMetaData.expectGetMissing()
module.rootMetaData.expectPublish()
module.pom.expectPublish()
module.moduleMetadata.expectPublish()
module.rootMetaData.expectPublish(extraChecksums)
module.pom.expectPublish(extraChecksums)
module.moduleMetadata.expectPublish(extraChecksums)
}

private void expectModulePublishViaRedirect(MavenHttpModule module, URI targetServerUri, HttpServer httpServer, PasswordCredentials credentials = null) {
Expand Down
9 changes: 6 additions & 3 deletions ...src/main/java/org/gradle/api/publish/maven/internal/publisher/AbstractMavenPublisher.java
View file
Open in desktop
Expand Up @@ -21,6 +21,7 @@
import org.apache.maven.artifact.repository.metadata.io.xpp3.MetadataXpp3Reader;
import org.apache.maven.artifact.repository.metadata.io.xpp3.MetadataXpp3Writer;
import org.gradle.api.UncheckedIOException;
import org.gradle.api.internal.artifacts.repositories.resolver.ExternalResourceResolver;
import org.gradle.api.internal.artifacts.repositories.transport.NetworkOperationBackOffAndRetry;
import org.gradle.api.publish.maven.MavenArtifact;
import org.gradle.internal.Factory;
Expand Down Expand Up @@ -257,9 +258,10 @@ void publish(ExternalResourceName externalResource, File content) {
private void publishChecksums(ExternalResourceName destination, File content) {
publishChecksum(destination, content, "sha1", 40);
publishChecksum(destination, content, "md5", 32);

publishPossiblyUnsupportedChecksum(destination, content, "sha-256", 64);
publishPossiblyUnsupportedChecksum(destination, content, "sha-512", 128);
if (!ExternalResourceResolver.disableExtraChecksums()) {
publishPossiblyUnsupportedChecksum(destination, content, "sha-256", 64);
publishPossiblyUnsupportedChecksum(destination, content, "sha-512", 128);
}
}

private void publishPossiblyUnsupportedChecksum(ExternalResourceName destination, File content, String algorithm, int length) {
Expand Down Expand Up @@ -295,4 +297,5 @@ public String toString() {
});
}
}

}