You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ant.apache.org by jk...@apache.org on 2019/05/31 17:01:13 UTC
[ant] branch 1.9.x updated (5198e58 -> 0b1690a)
This is an automated email from the ASF dual-hosted git repository.
jkf pushed a change to branch 1.9.x
in repository https://gitbox.apache.org/repos/asf/ant.git.
from 5198e58 Use HTTPS URL for fetching doc generation tool
new fb6d9b0 Validating contents of resources fetched via insecure channels
new 0b1690a updated default m2 repository location
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
fetch.xml | 8 ++++++++
lib/libraries.properties | 5 ++++-
2 files changed, 12 insertions(+), 1 deletion(-)
[ant] 01/02: Validating contents of resources fetched via insecure
channels
Posted by jk...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jkf pushed a commit to branch 1.9.x
in repository https://gitbox.apache.org/repos/asf/ant.git
commit fb6d9b0d5d603d4339f5547a74f00833b221cc0a
Author: jkf <jm...@famkruithof.net>
AuthorDate: Sun May 26 08:11:28 2019 +0200
Validating contents of resources fetched via insecure channels
---
fetch.xml | 8 ++++++++
lib/libraries.properties | 3 +++
2 files changed, 11 insertions(+)
diff --git a/fetch.xml b/fetch.xml
index 679aceb..106237d 100644
--- a/fetch.xml
+++ b/fetch.xml
@@ -342,6 +342,14 @@ Set -Ddest=LOCATION on the command line
<target name="netrexx"
description="load NetRexx compiler"
depends="init-no-m2,-setup-temp-cache,-fetch-netrexx,-fetch-netrexx-no-commons-net">
+ <checksum file="${temp.dir}/NetRexx.zip" algorithm="SHA-256" property="${netrexx.sha256}" verifyProperty="netrexx.hash.matches"/>
+ <fail message="NetRexx.zip fetched via ftp has an unexpected SHA-256 checksum, the file may have been tampered with">
+ <condition>
+ <not>
+ <istrue value="${netrexx.hash.matches}"/>
+ </not>
+ </condition>
+ </fail>
<copy todir="${dest.dir}" flatten="true">
<zipfileset src="${temp.dir}/NetRexx.zip">
<include name="NetRexx\lib\NetRexxC.jar"/>
diff --git a/lib/libraries.properties b/lib/libraries.properties
index 9ecbcfb..fcad671 100644
--- a/lib/libraries.properties
+++ b/lib/libraries.properties
@@ -28,6 +28,9 @@ m2.sha1.checksum=b09be554228d66d208e5fef5266844aacf443abc
# Repository to use by default for fetching dependencies.
m2.repo=http://repo1.maven.org/maven2/
+# hashes of libraries loaded over insecure connections
+netrexx.sha256=1f99f054e9b1e412d29823088f3fa7cfce90a7af25d907a60a6d7908a6b97ea4
+
# Versions of different libraries. Please keep in alphabetical order, except
# when a specific dependency forces them to be out-of-order
ivy.version=2.4.0
[ant] 02/02: updated default m2 repository location
Posted by jk...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jkf pushed a commit to branch 1.9.x
in repository https://gitbox.apache.org/repos/asf/ant.git
commit 0b1690a4f50e363fdbe4a474e24d0a7ac9e82d67
Author: jkf <jm...@famkruithof.net>
AuthorDate: Sat May 25 13:07:23 2019 +0200
updated default m2 repository location
---
lib/libraries.properties | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/libraries.properties b/lib/libraries.properties
index fcad671..fced7fb 100644
--- a/lib/libraries.properties
+++ b/lib/libraries.properties
@@ -26,7 +26,7 @@ m2.antlib.url=${m2.url}/${m2.version}/binaries/${m2.jar.name}
m2.sha1.checksum=b09be554228d66d208e5fef5266844aacf443abc
# Repository to use by default for fetching dependencies.
-m2.repo=http://repo1.maven.org/maven2/
+m2.repo=https://repo1.maven.org/maven2/
# hashes of libraries loaded over insecure connections
netrexx.sha256=1f99f054e9b1e412d29823088f3fa7cfce90a7af25d907a60a6d7908a6b97ea4