-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsettings.gradle
55 lines (49 loc) · 2.11 KB
/
settings.gradle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
include ':app'
rootProject.name = 'WallETH'
// See https://github.com/vlsi/vlsi-release-plugins
// It is a plugin that verifies checksums of all the resolved files (plugins, dependencies, ...)
buildscript {
dependencies {
classpath('com.github.vlsi.gradle:checksum-dependency-plugin:1.28.0') {
// Gradle ships kotlin-stdlib which is good enough
exclude(group: "org.jetbrains.kotlin", module:"kotlin-stdlib")
}
}
repositories {
gradlePluginPortal()
}
}
// Note: we need to verify the checksum for checksum-dependency-plugin itself
def expectedSha512 = [
"43BC9061DFDECA0C421EDF4A76E380413920E788EF01751C81BDC004BD28761FBD4A3F23EA9146ECEDF10C0F85B7BE9A857E9D489A95476525565152E0314B5B":
"bcpg-jdk15on-1.62.jar",
"2BA6A5DEC9C8DAC2EB427A65815EB3A9ADAF4D42D476B136F37CD57E6D013BF4E9140394ABEEA81E42FBDB8FC59228C7B85C549ED294123BF898A7D048B3BD95":
"bcprov-jdk15on-1.62.jar",
"17DAAF511BE98F99007D7C6B3762C9F73ADD99EAB1D222985018B0258EFBE12841BBFB8F213A78AA5300F7A3618ACF252F2EEAD196DF3F8115B9F5ED888FE827":
"okhttp-4.1.0.jar",
"93E7A41BE44CC17FB500EA5CD84D515204C180AEC934491D11FC6A71DAEA761FB0EECEF865D6FD5C3D88AAF55DCE3C2C424BE5BA5D43BEBF48D05F1FA63FA8A7":
"okio-2.2.2.jar",
"2ABC83FF0675D69697D4530D4853411761FE947E57EB8D68F6590DC2BFF0436906ADE619822EEE5F80B0DA28285FBE75FDCB50B67421DB7BF78B34CF6A613714":
"checksum-dependency-plugin-1.28.0.jar"
]
def sha512(File file) {
def md = java.security.MessageDigest.getInstance('SHA-512')
file.eachByte(8192) { buffer, length ->
md.update(buffer, 0, length)
}
new BigInteger(1, md.digest()).toString(16).toUpperCase()
}
def violations =
buildscript.configurations.classpath
.resolve()
.sort { it.name }
.collectEntries { [(it): sha512(it)] }
.findAll { !expectedSha512.containsKey(it.value) }
.collect { file, sha512 -> "SHA-512(${file.name}) = $sha512 ($file)" }
.join("\n ")
if (!violations.isEmpty()) {
throw new GradleException("Buildscript classpath has non-whitelisted files:\n $violations")
}
if (hasProperty("isCI") || hasProperty("isLIGI")) {
apply plugin: 'com.github.vlsi.checksum-dependency'
}