Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configured reproducible builds #6

Merged
merged 6 commits into from
Apr 5, 2023
Merged

Configured reproducible builds #6

merged 6 commits into from
Apr 5, 2023

Conversation

gioelemella
Copy link
Contributor

@gioelemella gioelemella commented Apr 3, 2023

List of Changes

Motivation and Context

Initial project configuration in order to allow reproducible builds.

How Has This Been Tested?

Project builded with success and compared the generated checksum of subsequent builds

Executed verification-metadata file production, changed lombok dependency from 8.0.0 to 8.0.1 and executed gradle build command. Result:

  • What went wrong:
    A problem occurred configuring project ':http-verifier'.

Dependency verification failed for configuration ':http-verifier:classpath'
3 artifacts failed verification:
- io.freefair.lombok.gradle.plugin-8.0.1.pom (io.freefair.lombok:io.freefair.lombok.gradle.plugin:8.0.1) from repository MavenRepo
- lombok-plugin-8.0.1.jar (io.freefair.gradle:lombok-plugin:8.0.1) from repository MavenRepo
- lombok-plugin-8.0.1.module (io.freefair.gradle:lombok-plugin:8.0.1) from repository MavenRepo


Executed verification-metadata file production, tampered commons-codec-1.15.jar checksum on build test

  • What went wrong:
    A problem occurred configuring root project 'eng-lollipop-consumer-java-sdk'.

Dependency verification failed for configuration ':classpath'
One artifact failed verification: commons-codec-1.15.jar (commons-codec:commons-codec:1.15) from repository MavenRepo
This can indicate that a dependency has been compromised. Please carefully verify the checksums.

Screenshots (if appropriate):


  • What went wrong:
    A problem occurred configuring root project 'eng-lollipop-consumer-java-sdk'.

Dependency verification failed for configuration ':classpath'
One artifact failed verification: commons-codec-1.15.jar (commons-codec:commons-codec:1.15) from repository MavenRepo
This can indicate that a dependency has been compromised. Please carefully verify the checksums.

Types of changes

  • Chore (nothing changes by a user perspective)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.

giomella added 2 commits April 3, 2023 13:24
…ailable plugins and added reproducible build settings for subprojects
@alessio-cialini alessio-cialini requested a review from pp-ps April 3, 2023 14:08
Copy link
Contributor

@pp-ps pp-ps left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm for now, needs more testing but it can be deferred, as it is non-blocking.

@alessio-cialini alessio-cialini merged commit f212855 into core-sprint-1 Apr 5, 2023
@alessio-cialini alessio-cialini deleted the SLS-5 branch April 6, 2023 17:30
This was referenced Apr 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants