Bring Gradle Witness into repo.

- Api/Implementation compatible. - Regex configuration name.
signalapp · May 30, 2019 · 132c81b · 132c81b
1 parent 77e3cc4
commit 132c81b
Show file tree

Hide file tree

Showing 4 changed files with 94 additions and 1 deletion.
diff --git a/build.gradle b/build.gradle
@@ -11,7 +11,6 @@ buildscript {
     }
     dependencies {
         classpath 'com.android.tools.build:gradle:3.3.2'
-        classpath files('libs/gradle-witness.jar')
     }
 }
 
@@ -162,6 +161,7 @@ dependencies {
 }
 
 dependencyVerification {
+    configuration = '(play|website)(Debug|Release)RuntimeClasspath'
     verify = [
         'com.android.support:design:7874ad1904eedc74aa41cffffb7f759d8990056f3bbbc9264911651c67c42f5f',
         'com.android.support:preference-v14:8133c6e19233fa51e036a341e6d3f4adeead3375cebf777efced0fe154c3267e',

diff --git a/buildSrc/src/main/groovy/org/whispersystems/witness/WitnessPlugin.groovy b/buildSrc/src/main/groovy/org/whispersystems/witness/WitnessPlugin.groovy
@@ -0,0 +1,92 @@
+package org.whispersystems.witness
+
+import org.gradle.api.InvalidUserDataException
+import org.gradle.api.Plugin
+import org.gradle.api.Project
+import org.gradle.api.artifacts.Configuration
+import org.gradle.api.artifacts.ResolvedArtifact
+
+import java.security.MessageDigest
+
+class WitnessPluginExtension {
+    List verify
+    String configuration
+}
+
+class WitnessPlugin implements Plugin<Project> {
+
+    static String calculateSha256(file) {
+        MessageDigest md = MessageDigest.getInstance("SHA-256");
+        file.eachByte 4096, {bytes, size ->
+            md.update(bytes, 0, size);
+        }
+        return md.digest().collect {String.format "%02x", it}.join();
+    }
+
+    void apply(Project project) {
+        project.extensions.create("dependencyVerification", WitnessPluginExtension)
+        project.afterEvaluate {
+            project.dependencyVerification.verify.each {
+                assertion ->
+                    List  parts  = assertion.tokenize(":")
+                    String group = parts.get(0)
+                    String name  = parts.get(1)
+                    String hash  = parts.get(2)
+
+                    def artifacts = allArtifacts(project).findAll {
+                        return it.name.equals(name) && it.moduleVersion.id.group.equals(group)
+                    }
+
+                    if (artifacts.size() > 1) {
+                        throw new InvalidUserDataException("Multiple artifacts found for $group:$name, ${artifacts.size()} found")
+                    }
+
+                    ResolvedArtifact dependency = artifacts.find()
+
+                    println "Verifying " + group + ":" + name
+
+                    if (dependency == null) {
+                        throw new InvalidUserDataException("No dependency for integrity assertion found: " + group + ":" + name)
+                    }
+
+                    if (!hash.equals(calculateSha256(dependency.file))) {
+                        throw new InvalidUserDataException("Checksum failed for " + assertion)
+                    }
+            }
+        }
+
+        project.task('calculateChecksums').doLast {
+            println "dependencyVerification {"
+
+            def configurationName = project.dependencyVerification.configuration
+            if (configurationName != null) {
+                println "    configuration = '$configurationName'"
+            }
+
+            println "    verify = ["
+
+            allArtifacts(project).each {
+                dep ->
+                    println "        '" + dep.moduleVersion.id.group+ ":" + dep.name + ":" + calculateSha256(dep.file) + "',"
+            }
+
+            println "    ]"
+            println "}"
+        }
+    }
+
+    private static Set<ResolvedArtifact> allArtifacts(Project project) {
+        def configurationName = project.dependencyVerification.configuration
+        project.configurations
+                .findAll { config -> config.name =~ configurationName }
+                .collectMany { tryGetArtifacts(it) }
+    }
+
+    private static Set<ResolvedArtifact> tryGetArtifacts(Configuration configuration) {
+        try {
+            configuration.resolvedConfiguration.resolvedArtifacts
+        } catch (Exception ignored) {
+            [] as Set<ResolvedArtifact>
+        }
+    }
+}
diff --git a/buildSrc/src/main/resources/META-INF/gradle-plugins/witness.properties b/buildSrc/src/main/resources/META-INF/gradle-plugins/witness.properties
@@ -0,0 +1 @@
+implementation-class=org.whispersystems.witness.WitnessPlugin
diff --git a/libs/gradle-witness.jar b/libs/gradle-witness.jar