opendev/gerrit
Code Issues Proposed changes

Bazel: Stop unsigning jgit libraries

Browse Source 
This change deletes the last GWT related hack in build tool chain:
unsigning of JGit libraries to prevent security exception after adding
new class to the existing org.eclipse.jgit.diff package. Instead of
adding new ReplaceEdit class to this package, move the class to its own
gerrit top level package.

My understanding was, that we have done unsigning acrobatic to support
deserialization and JSON deserialization for GWT UI. Particularly these
two classes:

* EditDeserializer.java
* Edit_JsonSerializer.java

Right now I do not see why this couldn't be done in gerrit own package.
In any event, we do not intend to backport this change to other stable
branches but only apply it to branches where GWT UI was removed.

Change-Id: I3be17767ed495bb1b8c5c2ce4ca1574c865b2fba
This commit is contained in:
David Ostrovsky
2019-06-02 19:49:46 +02:00
parent fbd995218d
commit 2f22aa04aa
12 changed files with 9 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
java/org/eclipse/jgit/BUILD → java/com/google/gerrit/jgit/BUILD
View File

3
java/org/eclipse/jgit/diff/ReplaceEdit.java → java/com/google/gerrit/jgit/diff/ReplaceEdit.java
View File

@@ -12,9 +12,10 @@
// See the License for the specific language governing permissions and
// limitations under the License.
package org.eclipse.jgit.diff;
package com.google.gerrit.jgit.diff;
import java.util.List;
import org.eclipse.jgit.diff.Edit;
public class ReplaceEdit extends Edit {
private List<Edit> internalEdit;

2
java/com/google/gerrit/server/BUILD
View File

@@ -39,6 +39,7 @@ java_library(
"//java/com/google/gerrit/index",
"//java/com/google/gerrit/index:query_exception",
"//java/com/google/gerrit/index/project",
"//java/com/google/gerrit/jgit",
"//java/com/google/gerrit/json",
"//java/com/google/gerrit/lifecycle",
"//java/com/google/gerrit/mail",
@@ -55,7 +56,6 @@ java_library(
"//java/com/google/gerrit/util/ssl",
"//java/com/google/gwtorm",
"//java/org/apache/commons/net",
"//java/org/eclipse/jgit",
"//lib:args4j",
"//lib:autolink",
"//lib:automaton",

2
java/com/google/gerrit/server/patch/IntraLineDiff.java
View File

@@ -21,6 +21,7 @@ import static com.google.gerrit.server.ioutil.BasicSerialization.writeVarInt32;
import static java.util.stream.Collectors.toList;
import com.google.common.collect.ImmutableList;
import com.google.gerrit.jgit.diff.ReplaceEdit;
import com.google.gerrit.reviewdb.client.CodedEnum;
import java.io.IOException;
import java.io.InputStream;
@@ -32,7 +33,6 @@ import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import org.eclipse.jgit.diff.Edit;
import org.eclipse.jgit.diff.ReplaceEdit;
public class IntraLineDiff implements Serializable {
static final long serialVersionUID = IntraLineDiffKey.serialVersionUID;

2
java/com/google/gerrit/server/patch/IntraLineLoader.java
View File

@@ -19,6 +19,7 @@ import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.flogger.FluentLogger;
import com.google.gerrit.jgit.diff.ReplaceEdit;
import com.google.gerrit.server.config.ConfigUtil;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.inject.Inject;
@@ -34,7 +35,6 @@ import java.util.concurrent.TimeoutException;
import java.util.regex.Pattern;
import org.eclipse.jgit.diff.Edit;
import org.eclipse.jgit.diff.MyersDiff;
import org.eclipse.jgit.diff.ReplaceEdit;
import org.eclipse.jgit.lib.Config;
class IntraLineLoader implements Callable<IntraLineDiff> {

2
java/com/google/gerrit/server/restapi/BUILD
View File

@@ -13,6 +13,7 @@ java_library(
"//java/com/google/gerrit/index",
"//java/com/google/gerrit/index:query_exception",
"//java/com/google/gerrit/index/project",
"//java/com/google/gerrit/jgit",
"//java/com/google/gerrit/json",
"//java/com/google/gerrit/mail",
"//java/com/google/gerrit/metrics",
@@ -23,7 +24,6 @@ java_library(
"//java/com/google/gerrit/server/logging",
"//java/com/google/gerrit/server/util/time",
"//java/com/google/gerrit/util/cli",
"//java/org/eclipse/jgit",
"//lib:args4j",
"//lib:blame-cache",
"//lib:gson",

2
java/com/google/gerrit/server/restapi/change/GetDiff.java
View File

@@ -40,6 +40,7 @@ import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestReadView;
import com.google.gerrit.jgit.diff.ReplaceEdit;
import com.google.gerrit.prettify.common.SparseFileContent;
import com.google.gerrit.reviewdb.client.Patch;
import com.google.gerrit.reviewdb.client.PatchSet;
@@ -62,7 +63,6 @@ import java.util.List;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.eclipse.jgit.diff.Edit;
import org.eclipse.jgit.diff.ReplaceEdit;
import org.kohsuke.args4j.CmdLineException;
import org.kohsuke.args4j.CmdLineParser;
import org.kohsuke.args4j.NamedOptionDef;

2
javatests/com/google/gerrit/server/BUILD
View File

@@ -42,6 +42,7 @@ junit_tests(
"//java/com/google/gerrit/git",
"//java/com/google/gerrit/index",
"//java/com/google/gerrit/index:query_exception",
"//java/com/google/gerrit/jgit",
"//java/com/google/gerrit/lifecycle",
"//java/com/google/gerrit/mail",
"//java/com/google/gerrit/metrics",
@@ -61,7 +62,6 @@ junit_tests(
"//java/com/google/gerrit/server/util/time",
"//java/com/google/gerrit/testing:gerrit-test-util",
"//java/com/google/gerrit/truth",
"//java/org/eclipse/jgit",
"//lib:gson",
"//lib:guava",
"//lib:guava-retrying",

2
javatests/com/google/gerrit/server/patch/IntraLineLoaderTest.java
View File

@@ -19,11 +19,11 @@ import static java.nio.charset.StandardCharsets.UTF_8;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.gerrit.jgit.diff.ReplaceEdit;
import com.google.gerrit.testing.GerritBaseTests;
import java.util.List;
import org.eclipse.jgit.diff.Edit;
import org.eclipse.jgit.diff.EditList;
import org.eclipse.jgit.diff.ReplaceEdit;
import org.junit.Test;
public class IntraLineLoaderTest extends GerritBaseTests {

3
lib/jgit/jgit.bzl
View File

@@ -41,14 +41,12 @@ def jgit_maven_repos():
artifact = "org.eclipse.jgit:org.eclipse.jgit:" + _JGIT_VERS,
repository = _JGIT_REPO,
sha1 = "dba85014483315fa426259bc1b8ccda9373a624b",
unsign = True,
)
maven_jar(
name = "jgit-servlet",
artifact = "org.eclipse.jgit:org.eclipse.jgit.http.server:" + _JGIT_VERS,
repository = _JGIT_REPO,
sha1 = "3287341fca859340a00b51cb5dd3b78b8e532b39",
unsign = True,
)
maven_jar(
name = "jgit-archive",
@@ -61,7 +59,6 @@ def jgit_maven_repos():
artifact = "org.eclipse.jgit:org.eclipse.jgit.junit:" + _JGIT_VERS,
repository = _JGIT_REPO,
sha1 = "3d9ba7e610d6ab5d08dcb1e4ba448b592a34de77",
unsign = True,
)
def jgit_dep(name):

2
tools/bzl/maven_jar.bzl
View File

@@ -139,8 +139,6 @@ def _maven_jar_impl(ctx):
args = [python, script, "-o", binjar_path, "-u", binurl]
if ctx.attr.sha1:
args.extend(["-v", sha1])
if ctx.attr.unsign:
args.append("--unsign")
for x in ctx.attr.exclude:
args.extend(["-x", x])

13
tools/download_file.py
View File

@@ -81,7 +81,6 @@ opts.add_option('-u', help='URL to download')
opts.add_option('-v', help='expected content SHA-1')
opts.add_option('-x', action='append', help='file to delete from ZIP')
opts.add_option('--exclude_java_sources', action='store_true')
opts.add_option('--unsign', action='store_true')
args, _ = opts.parse_args()
root_dir = args.o
@@ -140,18 +139,6 @@ if args.exclude_java_sources:
print('error opening %s: %s' % (cache_ent, err), file=stderr)
exit(1)
if args.unsign:
try:
with ZipFile(cache_ent, 'r') as zf:
for n in zf.namelist():
if (n.endswith('.RSA')
or n.endswith('.SF')
or n.endswith('.LIST')):
exclude.append(n)
except (BadZipfile, LargeZipFile) as err:
print('error opening %s: %s' % (cache_ent, err), file=stderr)
exit(1)
safe_mkdirs(path.dirname(args.o))
if exclude:
try: