You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by GitBox <gi...@apache.org> on 2021/04/27 07:34:12 UTC
[GitHub] [lucene] dweiss commented on a change in pull request #108: LUCENE-9897 Change dependency checking mechanism to use gradle checksum verification
dweiss commented on a change in pull request #108:
URL: https://github.com/apache/lucene/pull/108#discussion_r620938812
##########
File path: gradle/validation/jar-checks.gradle
##########
@@ -140,41 +139,6 @@ subprojects {
}
}
- // Verifies that each JAR has a corresponding checksum and that it matches actual JAR available for this dependency.
- task validateJarChecksums() {
Review comment:
Is there any way we can leave this task (empty) and with a dependency on whatever task gradle generates for checksum validation?
##########
File path: gradle/validation/jar-checks.gradle
##########
@@ -242,62 +206,14 @@ subprojects {
}
}
- licenses.dependsOn validateJarChecksums, validateJarLicenses
+ licenses.dependsOn validateJarLicenses
}
// Add top-project level tasks validating dangling files
// and regenerating dependency checksums.
configure(project(":lucene")) {
def validationTasks = subprojects.collectMany { it.tasks.matching { it.name == "licenses" } }
- def jarInfoTasks = subprojects.collectMany { it.tasks.matching { it.name == "collectJarInfos" } }
-
- // Update dependency checksums.
- task updateLicenses() {
Review comment:
Same here. I'd leave this task and use:
```
./gradlew --write-verification-metadata sha256 updateLicenses
```
I hate to remember these option switches... the task could verify if they're in place in doFirst and maybe with a hint on how to issue the full command properly if they're missing. Or, alternatively, it could be a GradleBuild task that would recursively invoke the same build with the right options...
##########
File path: gradle/verification-metadata.xml
##########
@@ -0,0 +1,2198 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<verification-metadata xmlns="https://schema.gradle.org/dependency-verification" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="https://schema.gradle.org/dependency-verification https://schema.gradle.org/dependency-verification/dependency-verification-1.0.xsd">
+ <configuration>
+ <verify-metadata>true</verify-metadata>
+ <verify-signatures>false</verify-signatures>
+ </configuration>
+ <components>
+ <component group="com.beust" name="jcommander" version="1.78">
+ <artifact name="jcommander-1.78.jar">
+ <sha256 value="7891debb84b5f83e9bd57593ebece3399abbe0fd938cf306b3534c57913b9615" origin="Generated by Gradle"/>
+ </artifact>
+ <artifact name="jcommander-1.78.pom">
+ <sha256 value="6fee231c0aeee6de1256b6b5590ce9e6f6cf6c39797ed668573520bc3412e2a7" origin="Generated by Gradle"/>
+ </artifact>
+ </component>
+ <component group="com.carrotsearch" name="hppc" version="0.8.2">
+ <artifact name="hppc-0.8.2.jar">
+ <sha256 value="97e45d4e0106d98dd3e76d9610e0bd3895409bd1ab1ed189855b05af0571025e" origin="Generated by Gradle"/>
+ </artifact>
+ <artifact name="hppc-0.8.2.pom">
+ <sha256 value="dd84d3247b2bbdfea08f40e896f6d12aa5c3f2ec4982dcbf82b51efb8330a654" origin="Generated by Gradle"/>
+ </artifact>
+ </component>
+ <component group="com.carrotsearch" name="hppc-parent" version="0.8.2">
+ <artifact name="hppc-parent-0.8.2.pom">
+ <sha256 value="9af29845f5120dfd526d12d36d3eeaff045e8d85a826fca8039f830398df534f" origin="Generated by Gradle"/>
+ </artifact>
+ </component>
+ <component group="com.carrotsearch.randomizedtesting" name="randomizedtesting-parent" version="2.7.2">
+ <artifact name="randomizedtesting-parent-2.7.2.pom">
+ <sha256 value="43a0795f51c694dbfc7acf9430c96c867553d38fc44664649ffad68247046c57" origin="Generated by Gradle"/>
+ </artifact>
+ </component>
+ <component group="com.carrotsearch.randomizedtesting" name="randomizedtesting-parent" version="2.7.6">
+ <artifact name="randomizedtesting-parent-2.7.6.pom">
+ <sha256 value="4053e097749859df0955bcca1284ccf993e3dba23f9504236892081aab41079b" origin="Generated by Gradle"/>
+ </artifact>
+ </component>
+ <component group="com.carrotsearch.randomizedtesting" name="randomizedtesting-runner" version="2.7.2">
+ <artifact name="randomizedtesting-runner-2.7.2.jar">
+ <sha256 value="2c4f36dffe3578d30d0d9ea8eff0584f8b252f3f92ffea08ef76a1ecb2ef1e94" origin="Generated by Gradle"/>
+ </artifact>
+ <artifact name="randomizedtesting-runner-2.7.2.pom">
+ <sha256 value="5fbda9cb925a05d51c01b31e35c9b64bbf5bd8c1ff2d457bd7e98da521f72cc0" origin="Generated by Gradle"/>
+ </artifact>
+ </component>
+ <component group="com.carrotsearch.randomizedtesting" name="randomizedtesting-runner" version="2.7.6">
+ <artifact name="randomizedtesting-runner-2.7.6.jar">
+ <sha256 value="7a95b60ac991630430f723485e0ddfcc7094bfe32e19816165a7443a255008a5" origin="Generated by Gradle"/>
+ </artifact>
+ <artifact name="randomizedtesting-runner-2.7.6.pom">
+ <sha256 value="d845beab7418abe5167838f0c446212d8b330c33bd57ac81fa864ca20298e2c1" origin="Generated by Gradle"/>
+ </artifact>
+ </component>
+ <component group="com.diffplug.durian" name="durian-collect" version="1.2.0">
Review comment:
We only need checksums for a subset of configurations (like before). I'm pretty sure this dependency is from a plugin somewhere, not from Lucene code.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org