Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jdt.ls should store gradle wrapper checksums at build time, so it can work offline #1486

Closed
fbricon opened this issue Jun 17, 2020 · 4 comments · Fixed by #1490
Closed

jdt.ls should store gradle wrapper checksums at build time, so it can work offline #1486

fbricon opened this issue Jun 17, 2020 · 4 comments · Fixed by #1490
Assignees
@snjeza
Labels
enhancement gradle
Milestone
Early July 2020

Comments

@fbricon
Copy link
Contributor

fbricon commented Jun 17, 2020

jdt.ls should store gradle wrapper checksums at build time, so it can work offline.
Then there would be no need to remotely fetch checksums for past wrapper releases, only for the new ones, between 2 jdt.ls releases. That would help avoiding false-positive detections like redhat-developer/vscode-java#1492, due to connection issues
@fbricon fbricon mentioned this issue Jun 17, 2020
Closed
@testforstephen
Copy link
Contributor

Since buildship won't auto run the embedded gradle-wrapper.jar in local user workspace, it's unnecessary to put the validator in the importer job. Please correct me if i'm wrong.

@snjeza snjeza mentioned this issue Jun 20, 2020
Closed
@snjeza
Copy link
Contributor

snjeza commented Jun 20, 2020

@fbricon could you, please, review mojohaus/wagon-maven-plugin#42

@testforstephen
Copy link
Contributor

Since buildship won't auto run the embedded gradle-wrapper.jar in local user workspace, it's unnecessary to put the validator in the importer job. Please correct me if i'm wrong.

Ping again.

If it's not appropriate for open discussion, would you mind forwarding the original security report email to me? thanks. // @fbricon

@snjeza snjeza mentioned this issue Jun 23, 2020
Merged
@DPUkyle
Copy link

DPUkyle commented Jun 23, 2020

Wrapper verification should be optional, or at least provide the ability to disable it for those who opt-out. Some teams use a GitHub action, for example, to only validate on CI.

@fbricon fbricon mentioned this issue Jul 1, 2020
Closed
@fbricon fbricon added this to the End June 2020 milestone Jul 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@snjeza snjeza

Labels
enhancement gradle
Projects
None yet
Milestone
Early July 2020
Development

Successfully merging a pull request may close this issue.

jdt.ls should store gradle wrapper checksums at build time snjeza/eclipse.jdt.ls
4 participants
@fbricon @snjeza @DPUkyle @testforstephen