diff --git a/build.gradle b/build.gradle index f902416314..f28f44e2ae 100644 --- a/build.gradle +++ b/build.gradle @@ -11,7 +11,6 @@ buildscript { } dependencies { classpath 'com.android.tools.build:gradle:3.3.2' - classpath files('libs/gradle-witness.jar') } } @@ -162,6 +161,7 @@ dependencies { } dependencyVerification { + configuration = '(play|website)(Debug|Release)RuntimeClasspath' verify = [ 'com.android.support:design:7874ad1904eedc74aa41cffffb7f759d8990056f3bbbc9264911651c67c42f5f', 'com.android.support:preference-v14:8133c6e19233fa51e036a341e6d3f4adeead3375cebf777efced0fe154c3267e', diff --git a/buildSrc/src/main/groovy/org/whispersystems/witness/WitnessPlugin.groovy b/buildSrc/src/main/groovy/org/whispersystems/witness/WitnessPlugin.groovy new file mode 100644 index 0000000000..31dae7e99b --- /dev/null +++ b/buildSrc/src/main/groovy/org/whispersystems/witness/WitnessPlugin.groovy @@ -0,0 +1,92 @@ +package org.whispersystems.witness + +import org.gradle.api.InvalidUserDataException +import org.gradle.api.Plugin +import org.gradle.api.Project +import org.gradle.api.artifacts.Configuration +import org.gradle.api.artifacts.ResolvedArtifact + +import java.security.MessageDigest + +class WitnessPluginExtension { + List verify + String configuration +} + +class WitnessPlugin implements Plugin { + + static String calculateSha256(file) { + MessageDigest md = MessageDigest.getInstance("SHA-256"); + file.eachByte 4096, {bytes, size -> + md.update(bytes, 0, size); + } + return md.digest().collect {String.format "%02x", it}.join(); + } + + void apply(Project project) { + project.extensions.create("dependencyVerification", WitnessPluginExtension) + project.afterEvaluate { + project.dependencyVerification.verify.each { + assertion -> + List parts = assertion.tokenize(":") + String group = parts.get(0) + String name = parts.get(1) + String hash = parts.get(2) + + def artifacts = allArtifacts(project).findAll { + return it.name.equals(name) && it.moduleVersion.id.group.equals(group) + } + + if (artifacts.size() > 1) { + throw new InvalidUserDataException("Multiple artifacts found for $group:$name, ${artifacts.size()} found") + } + + ResolvedArtifact dependency = artifacts.find() + + println "Verifying " + group + ":" + name + + if (dependency == null) { + throw new InvalidUserDataException("No dependency for integrity assertion found: " + group + ":" + name) + } + + if (!hash.equals(calculateSha256(dependency.file))) { + throw new InvalidUserDataException("Checksum failed for " + assertion) + } + } + } + + project.task('calculateChecksums').doLast { + println "dependencyVerification {" + + def configurationName = project.dependencyVerification.configuration + if (configurationName != null) { + println " configuration = '$configurationName'" + } + + println " verify = [" + + allArtifacts(project).each { + dep -> + println " '" + dep.moduleVersion.id.group+ ":" + dep.name + ":" + calculateSha256(dep.file) + "'," + } + + println " ]" + println "}" + } + } + + private static Set allArtifacts(Project project) { + def configurationName = project.dependencyVerification.configuration + project.configurations + .findAll { config -> config.name =~ configurationName } + .collectMany { tryGetArtifacts(it) } + } + + private static Set tryGetArtifacts(Configuration configuration) { + try { + configuration.resolvedConfiguration.resolvedArtifacts + } catch (Exception ignored) { + [] as Set + } + } +} \ No newline at end of file diff --git a/buildSrc/src/main/resources/META-INF/gradle-plugins/witness.properties b/buildSrc/src/main/resources/META-INF/gradle-plugins/witness.properties new file mode 100644 index 0000000000..dae767f677 --- /dev/null +++ b/buildSrc/src/main/resources/META-INF/gradle-plugins/witness.properties @@ -0,0 +1 @@ +implementation-class=org.whispersystems.witness.WitnessPlugin diff --git a/libs/gradle-witness.jar b/libs/gradle-witness.jar deleted file mode 100644 index 53abf2bb39..0000000000 Binary files a/libs/gradle-witness.jar and /dev/null differ