You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ant.apache.org by ma...@apache.org on 2009/01/12 23:58:37 UTC
svn commit: r733954 - in /ant/ivy/core/branches/2.0.x: ./ doc/ doc/resolver/
doc/use/ src/java/org/apache/ivy/plugins/parser/m2/
src/java/org/apache/ivy/plugins/resolver/packager/
Author: maartenc
Date: Mon Jan 12 14:58:34 2009
New Revision: 733954
URL: http://svn.apache.org/viewvc?rev=733954&view=rev
Log:
Merged all changes made to 2.0.0 branch back into the 2.0.x branch.
Modified:
ant/ivy/core/branches/2.0.x/ (props changed)
ant/ivy/core/branches/2.0.x/CHANGES.txt
ant/ivy/core/branches/2.0.x/build-release.xml
ant/ivy/core/branches/2.0.x/doc/resolver/packager.html
ant/ivy/core/branches/2.0.x/doc/template.html
ant/ivy/core/branches/2.0.x/doc/use/cachepath.html
ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/parser/m2/PomModuleDescriptorBuilder.java
ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/PackagerCacheEntry.java
ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/PackagerResolver.java
ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/build.xml
ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/packager.xsl
Propchange: ant/ivy/core/branches/2.0.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jan 12 14:58:34 2009
@@ -1,2 +1,3 @@
+/ant/ivy/core/branches/2.0.0:727184-732848
/ant/ivy/core/branches/2.0.0-rc2:707177-709027
/ant/ivy/core/trunk:695737,696014-696031,696442,698318-706770,709027-709034,709039-718421,720060-720591,721305-723065
Modified: ant/ivy/core/branches/2.0.x/CHANGES.txt
URL: http://svn.apache.org/viewvc/ant/ivy/core/branches/2.0.x/CHANGES.txt?rev=733954&r1=733953&r2=733954&view=diff
==============================================================================
--- ant/ivy/core/branches/2.0.x/CHANGES.txt (original)
+++ ant/ivy/core/branches/2.0.x/CHANGES.txt Mon Jan 12 14:58:34 2009
@@ -13,6 +13,7 @@
Contributors
Ingo Adler
+ alex322
Stephane Bailliez
Karl Baum
Mikkel Bjerg
@@ -83,9 +84,11 @@
2.0.0
=====================================
+- IMPROVEMENT: Extend packager resolver to allow arbitrary ant tasks in build instructions (IVY-994) (thanks to Archie Cobbs)
- IMPROVEMENT: Ivy Standalone setting to overwrite publications (IVY-976)
- IMPROVEMENT: Support useOrigin for artifacts with a set url attribute (IVY-965) (thanks to alex322)
+- FIX: NullPointerException at PomModuleDescriptorBuilder.addDependency (IVY-995)
- FIX: Log levels aren't respected in certain cases using the standalone functionality (IVY-960) (thanks to Patrick Woodworth)
- FIX: NPE in LogReportOutputter (IVY-961)
- FIX: NullPointerException when resolving module wihout revision in the pattern (IVY-980)
Modified: ant/ivy/core/branches/2.0.x/build-release.xml
URL: http://svn.apache.org/viewvc/ant/ivy/core/branches/2.0.x/build-release.xml?rev=733954&r1=733953&r2=733954&view=diff
==============================================================================
--- ant/ivy/core/branches/2.0.x/build-release.xml (original)
+++ ant/ivy/core/branches/2.0.x/build-release.xml Mon Jan 12 14:58:34 2009
@@ -22,9 +22,9 @@
xmlns:openpgp="antlib:org.apache.commons.openpgp.ant">
<import file="build.xml"/>
- <taskdef uri="antlib:xooki" file="${doc.src.dir}/xooki/antlib.xml" />
-
<target name="generate-doc">
+ <taskdef uri="antlib:xooki" file="${doc.src.dir}/xooki/antlib.xml" />
+
<copy todir="${doc.build.dir}">
<fileset dir="${doc.src.dir}" includes="images/**,style/**,samples/**,js/**,ivy.xsd" />
</copy>
@@ -216,13 +216,13 @@
<target name="sign" depends="init-ivy">
<ivy:settings id="sign.settingsId" file="ivysettings-signtask.xml" />
- <ivy:cachepath organisation="org.apache.commons" settingsRef="sign.settingsId" transitive="false"
+ <ivy:cachepath organisation="org.apache.commons" settingsRef="sign.settingsId" transitive="false" log="download-only"
module="commons-openpgp" revision="1.0-SNAPSHOT" inline="true" pathid="openpgp.classpath"/>
- <ivy:cachepath organisation="bouncycastle" settingsRef="sign.settingsId"
+ <ivy:cachepath organisation="bouncycastle" settingsRef="sign.settingsId" log="download-only"
module="bcprov-jdk16" revision="140" inline="true" pathid="bouncycastle.bcprov.classpath"/>
<!-- Didn't find the jdk1.6 bcpg dependency, using the jdk1.5 version instead -->
- <ivy:cachepath organisation="bouncycastle" settingsRef="sign.settingsId" transitive="false"
+ <ivy:cachepath organisation="bouncycastle" settingsRef="sign.settingsId" transitive="false" log="download-only"
module="bcpg-jdk15" revision="140" inline="true" pathid="bouncycastle.bcpg.classpath"/>
<property file="${user.home}/ivybuild.properties" />
Modified: ant/ivy/core/branches/2.0.x/doc/resolver/packager.html
URL: http://svn.apache.org/viewvc/ant/ivy/core/branches/2.0.x/doc/resolver/packager.html?rev=733954&r1=733953&r2=733954&view=diff
==============================================================================
--- ant/ivy/core/branches/2.0.x/doc/resolver/packager.html (original)
+++ ant/ivy/core/branches/2.0.x/doc/resolver/packager.html Mon Jan 12 14:58:34 2009
@@ -40,10 +40,6 @@
</p>
<p>
-The only packaging operations currently supported are downloading files, extracting files from archives, packaging files into archives, and moving and copying files. In the future more general operations may be supported, once appropriate security controls are in place.
-</p>
-
-<p>
Packager repositories allow the creation of Ivy repositories that require neither the participation of any of the modules' creators nor setting up a huge mirror site. One such repository on the web is <a href="http://ivyroundup.googlecode.com/">Ivy RoundUp</a>. Of course, private packager repositories are feasible as well.
</p>
@@ -52,11 +48,11 @@
</p>
<p>
-The packaging instructions are contained in "packager.xml" in a simple XML format. At resolve time this file gets converted into a "build.xml" file via XSLT and then executed using <a href="http://ant.apache.org/">ant</a>. Therefore, ant must be available as an executable on the platform. The ant task executes in a separate process and so is not affected by properties, etc. that may be set in any existing ant environment in which Ivy is running. However, Ivy will define a few properties for convenience; see the "Properties" listed below.
+The packaging instructions are contained in "packager.xml" in a simple XML format. At resolve time this file gets converted into a "build.xml" file via XSLT and then executed using <a href="http://ant.apache.org/">ant</a>. Therefore, ant must be available as an executable on the platform. The ant task executes in a separate ant project and so is not affected by properties, etc. that may be set in any existing ant environment in which Ivy is running. However, Ivy will define a few properties for convenience; see the "Properties" listed below.
</p>
<p>
-For security reasons, the XSLT transform ensures that (a) all downloaded archives have verified SHA1 checksums (including cached resources); and (b) only a very limited set of ant tasks can be performed during the artifact "build" phase; currently these include move, copy, mkdir, zip, unzip, tar, and untar.
+For security reasons, the XSLT transform ensures that (a) all downloaded archives have verified SHA1 checksums (including cached resources); and (b) only a very limited set of ant tasks can be performed during the artifact "build" phase; currently these include move, copy, mkdir, zip, unzip, tar, and untar (this restriction may be overridden however; see below).
</p>
<p>
@@ -64,11 +60,11 @@
</p>
<p>
-Because the downloading and packaging process is relatively slow, it is important to use <a href="../concept.html#cache">Ivy's caching support</a> to avoid repeated execution of the packaging instructions.
+Because the packaging process is relatively slow, it is important to use <a href="../concept.html#cache">Ivy's caching support</a> to avoid repeated execution of the packaging instructions.
</p>
<h1>Attributes</h1>
-This resolver shares the <a href="../settings/resolvers.html#common">common attributes</a> of standard resolvers.
+This resolver shares the <a href="../settings/resolvers.html#common">common attributes</a> of standard resolvers, plus the following:
<table class="ivy-attributes">
<thead>
<tr><th class="ivy-att">Attribute</th><th class="ivy-att-desc">Description</th><th class="ivy-att-req">Required</th></tr>
@@ -90,6 +86,11 @@
<td>No; defaults to none</td>
</tr>
<tr>
+ <td>restricted</td>
+ <td>True if this resolver should only allow "safe" ant tasks in the packaging instructions. <strong>Warning:</strong> setting <span class="ivy-att">restricted</span> to false creates a security problem due to ant tasks like delete, exec, etc. Do not use this setting when your configuration points to an untrusted repository.</td>
+ <td>No; defaults to true</td>
+ </tr>
+ <tr>
<td>verbose</td>
<td>True to run ant with the -verbose flag</td>
<td>No; defaults to false</td>
@@ -255,11 +256,17 @@
</tr>
<tr>
<td>build</td>
- <td>Specify move, copy, and/or archiving ant tasks that ultimately result in each artifact being placed into artifacts/[type]s/[artifact].[ext]</td>
+ <td>Specify ant tasks that ultimately result in each artifact being placed into artifacts/[type]s/[artifact].[ext]</td>
<td>0..1</td>
</tr>
</tbody>
</table>
+<br />
+Which ant tasks are allowed within the build tag is controlled by the <span class="ivy-att">restricted</span> configuration attribute. When true (the default), only the following ant tasks are allowed: copy, jar, mkdir, move, tar, unjar, untar, unwar, unzip, war, and zip. When false, all ant tasks are allowed.
+
+<p>
+<strong>Warning:</strong> setting <span class="ivy-att">restricted</span> to false creates a security problem due to ant tasks like delete, exec, etc. Do not use this setting when your configuration points to an untrusted repository.
+</p>
<h1>Resource XML Elements</h1>
The resource XML tag supports the following attributes:
Modified: ant/ivy/core/branches/2.0.x/doc/template.html
URL: http://svn.apache.org/viewvc/ant/ivy/core/branches/2.0.x/doc/template.html?rev=733954&r1=733953&r2=733954&view=diff
==============================================================================
--- ant/ivy/core/branches/2.0.x/doc/template.html (original)
+++ ant/ivy/core/branches/2.0.x/doc/template.html Mon Jan 12 14:58:34 2009
@@ -20,7 +20,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
-<title>${title} | Ivy Documentation</title>
+<title>${title} | Ivy 2.0.0 Documentation</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style/style.css" />
<script src="js/jquery.pack.js" type="text/javascript"></script>
Modified: ant/ivy/core/branches/2.0.x/doc/use/cachepath.html
URL: http://svn.apache.org/viewvc/ant/ivy/core/branches/2.0.x/doc/use/cachepath.html?rev=733954&r1=733953&r2=733954&view=diff
==============================================================================
--- ant/ivy/core/branches/2.0.x/doc/use/cachepath.html (original)
+++ ant/ivy/core/branches/2.0.x/doc/use/cachepath.html Mon Jan 12 14:58:34 2009
@@ -29,7 +29,7 @@
This is a [[ant:postresolvetask post resolve task]], with all the behaviour and attributes common to all post resolve tasks.
-Please prefer the use of retrieve + standard ant path creation, which make your build more independent from ivy (once artifacts are properly retrieved, ivy is not required any more).
+If you want to make your build more independent from Ivy, you could consider using the [[ant:retrieve retrieve task]]. Once the artifacts are properly retrieved, you can use standard Ant path creation which makes Ivy not necessary any more.
Built path is registered in ant with a given id, and can thus be used like any other ant path using refid.
Modified: ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/parser/m2/PomModuleDescriptorBuilder.java
URL: http://svn.apache.org/viewvc/ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/parser/m2/PomModuleDescriptorBuilder.java?rev=733954&r1=733953&r2=733954&view=diff
==============================================================================
--- ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/parser/m2/PomModuleDescriptorBuilder.java (original)
+++ ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/parser/m2/PomModuleDescriptorBuilder.java Mon Jan 12 14:58:34 2009
@@ -17,7 +17,6 @@
*/
package org.apache.ivy.plugins.parser.m2;
-import java.text.ParseException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -270,14 +269,11 @@
ivyModuleDescriptor.addArtifact("master", mainArtifact);
}
-
- public void addDependency(Resource res, PomDependencyData dep) throws ParseException {
+ public void addDependency(Resource res, PomDependencyData dep) {
String scope = dep.getScope();
if ((scope != null) && (scope.length() > 0) && !MAVEN2_CONF_MAPPING.containsKey(scope)) {
- String msg = "Unknown scope '" + scope + "' for dependency "
- + ModuleId.newInstance(dep.getGroupId(), dep.getArtifactId()) + " in "
- + res.getName();
- throw new ParseException(msg, 0);
+ // unknown scope, defaulting to 'compile'
+ scope = "compile";
}
String version = dep.getVersion();
@@ -408,7 +404,7 @@
private String getDefaultScope(PomDependencyData dep) {
String key = getDependencyMgtExtraInfoKeyForScope(dep.getGroupId(), dep.getArtifactId());
String result = (String) ivyModuleDescriptor.getExtraInfo().get(key);
- if (result == null) {
+ if ((result == null) || !MAVEN2_CONF_MAPPING.containsKey(result)) {
result = "compile";
}
return result;
Modified: ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/PackagerCacheEntry.java
URL: http://svn.apache.org/viewvc/ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/PackagerCacheEntry.java?rev=733954&r1=733953&r2=733954&view=diff
==============================================================================
--- ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/PackagerCacheEntry.java (original)
+++ ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/PackagerCacheEntry.java Mon Jan 12 14:58:34 2009
@@ -48,6 +48,7 @@
private final String resourceURL;
private final boolean validate;
private final boolean preserve;
+ private final boolean restricted;
private final boolean verbose;
private final boolean quiet;
@@ -56,13 +57,14 @@
// CheckStyle:ParameterNumber OFF
public PackagerCacheEntry(ModuleRevisionId mr, File rootDir,
File resourceCache, String resourceURL, boolean validate,
- boolean preserve, boolean verbose, boolean quiet) {
+ boolean preserve, boolean restricted, boolean verbose, boolean quiet) {
this.mr = mr;
this.dir = getSubdir(rootDir, this.mr);
this.resourceCache = resourceCache;
this.resourceURL = resourceURL;
this.validate = validate;
this.preserve = preserve;
+ this.restricted = restricted;
this.verbose = verbose;
this.quiet = quiet;
}
@@ -143,6 +145,7 @@
if (this.validate) {
project.setUserProperty("ivy.packager.validate", "true");
}
+ project.setUserProperty("ivy.packager.restricted", "" + this.restricted);
if (properties != null) {
for (Iterator it = properties.entrySet().iterator(); it.hasNext();) {
Entry entry = (Entry) it.next();
Modified: ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/PackagerResolver.java
URL: http://svn.apache.org/viewvc/ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/PackagerResolver.java?rev=733954&r1=733953&r2=733954&view=diff
==============================================================================
--- ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/PackagerResolver.java (original)
+++ ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/PackagerResolver.java Mon Jan 12 14:58:34 2009
@@ -57,6 +57,7 @@
private boolean validate = true;
private boolean preserve;
+ private boolean restricted = true;
private boolean verbose;
private boolean quiet;
@@ -134,6 +135,13 @@
}
/**
+ * Set whether to enable restricted mode. Default is true.
+ */
+ public void setRestricted(boolean restricted) {
+ this.restricted = restricted;
+ }
+
+ /**
* Set whether to run ant with the -verbose flag. Default is false.
*/
public void setVerbose(boolean verbose) {
@@ -216,7 +224,8 @@
return null;
}
entry = new PackagerCacheEntry(mr, this.buildRoot, this.resourceCache,
- this.resourceURL, this.validate, this.preserve, this.verbose, this.quiet);
+ this.resourceURL, this.validate, this.preserve, this.restricted,
+ this.verbose, this.quiet);
try {
entry.build(packager.getResource(), properties);
} catch (IOException e) {
Modified: ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/build.xml
URL: http://svn.apache.org/viewvc/ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/build.xml?rev=733954&r1=733953&r2=733954&view=diff
==============================================================================
--- ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/build.xml (original)
+++ ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/build.xml Mon Jan 12 14:58:34 2009
@@ -44,6 +44,7 @@
<target name="style">
<xslt style="packager.xsl" in="packager.xml" out="packager-output.xml">
<param name="resourceURL" expression="${resourceURL}"/>
+ <param name="restricted" expression="${ivy.packager.restricted}"/>
</xslt>
</target>
Modified: ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/packager.xsl
URL: http://svn.apache.org/viewvc/ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/packager.xsl?rev=733954&r1=733953&r2=733954&view=diff
==============================================================================
--- ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/packager.xsl (original)
+++ ant/ivy/core/branches/2.0.x/src/java/org/apache/ivy/plugins/resolver/packager/packager.xsl Mon Jan 12 14:58:34 2009
@@ -20,6 +20,7 @@
<xsl:output encoding="UTF-8" method="xml" indent="yes" media-type="text/xml"/>
<xsl:param name="resourceURL"/>
+ <xsl:param name="restricted"/>
<xsl:variable name="maven2repo" select="'http://repo1.maven.org/maven2/'"/>
@@ -59,18 +60,30 @@
<xsl:copy-of select="."/>
</xsl:template>
- <!-- The allowed build actions -->
- <xsl:template match="/packager-module/build/copy"><xsl:copy-of select="."/></xsl:template>
- <xsl:template match="/packager-module/build/jar"><xsl:copy-of select="."/></xsl:template>
- <xsl:template match="/packager-module/build/mkdir"><xsl:copy-of select="."/></xsl:template>
- <xsl:template match="/packager-module/build/move"><xsl:copy-of select="."/></xsl:template>
- <xsl:template match="/packager-module/build/tar"><xsl:copy-of select="."/></xsl:template>
- <xsl:template match="/packager-module/build/unjar"><xsl:copy-of select="."/></xsl:template>
- <xsl:template match="/packager-module/build/untar"><xsl:copy-of select="."/></xsl:template>
- <xsl:template match="/packager-module/build/unwar"><xsl:copy-of select="."/></xsl:template>
- <xsl:template match="/packager-module/build/unzip"><xsl:copy-of select="."/></xsl:template>
- <xsl:template match="/packager-module/build/war"><xsl:copy-of select="."/></xsl:template>
- <xsl:template match="/packager-module/build/zip"><xsl:copy-of select="."/></xsl:template>
+ <!-- The allowed build actions in restricted mode -->
+ <xsl:template match="/packager-module/build/copy" priority="1"><xsl:copy-of select="."/></xsl:template>
+ <xsl:template match="/packager-module/build/jar" priority="1"><xsl:copy-of select="."/></xsl:template>
+ <xsl:template match="/packager-module/build/mkdir" priority="1"><xsl:copy-of select="."/></xsl:template>
+ <xsl:template match="/packager-module/build/move" priority="1"><xsl:copy-of select="."/></xsl:template>
+ <xsl:template match="/packager-module/build/tar" priority="1"><xsl:copy-of select="."/></xsl:template>
+ <xsl:template match="/packager-module/build/unjar" priority="1"><xsl:copy-of select="."/></xsl:template>
+ <xsl:template match="/packager-module/build/untar" priority="1"><xsl:copy-of select="."/></xsl:template>
+ <xsl:template match="/packager-module/build/unwar" priority="1"><xsl:copy-of select="."/></xsl:template>
+ <xsl:template match="/packager-module/build/unzip" priority="1"><xsl:copy-of select="."/></xsl:template>
+ <xsl:template match="/packager-module/build/war" priority="1"><xsl:copy-of select="."/></xsl:template>
+ <xsl:template match="/packager-module/build/zip" priority="1"><xsl:copy-of select="."/></xsl:template>
+
+ <!-- Allow other build actions when restricted="false", otherwise generate error -->
+ <xsl:template match="/packager-module/build/*">
+ <xsl:choose>
+ <xsl:when test="$restricted = 'false'">
+ <xsl:copy-of select="."/>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:message terminate="yes">build tag <<xsl:value-of select="name()"/>> not allowed in restricted mode</xsl:message>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
<!-- Resource definitions -->
<xsl:template match="/packager-module/resource">