opendev/gerrit
Code Issues Proposed changes

Ship BouncyCastle in the .war files.

Browse Source 
Per
https://www.bis.doc.gov/index.php/forms-documents/encryption/328-flowchart-2/file
open source crypto software can be self-classified as 5D002, and
requires only notification of the U.S. Bureau of Industry and
Security.

This registration has been performed by Google, as of Feb 15, 2017.

This gets rid of the special casing for BouncyCastle, simplifying our
build and deployment process.

Change-Id: I680b0a001e5e2e497ed6e62c90c8b8be30efff48
This commit is contained in:
Han-Wen Nienhuys 2017-02-13 16:08:30 +01:00
parent 7635930138
commit 6471e8a94a
8 changed files with 11 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
gerrit-acceptance-tests/tests.bzl
View File

@ -1,10 +1,5 @@
load("//tools/bzl:junit.bzl", "junit_tests")
BOUNCYCASTLE = [
"//lib/bouncycastle:bcpkix-without-neverlink",
"//lib/bouncycastle:bcpg-without-neverlink",
]
def acceptance_tests(
group,
deps = [],
@ -13,8 +8,10 @@ def acceptance_tests(
**kwargs):
junit_tests(
name = group,
deps = deps + BOUNCYCASTLE + [
deps = deps + [
'//gerrit-acceptance-tests:lib',
"//lib/bouncycastle:bcpkix",
"//lib/bouncycastle:bcpg",
],
tags = labels + [
'acceptance',

8
gerrit-gpg/BUILD
View File

@ -33,8 +33,8 @@ java_library(
visibility = ["//visibility:public"],
deps = DEPS + [
":gpg",
"//lib/bouncycastle:bcpg-without-neverlink",
"//lib/bouncycastle:bcprov-without-neverlink",
"//lib/bouncycastle:bcpg",
"//lib/bouncycastle:bcprov",
],
)
@ -53,7 +53,7 @@ junit_tests(
"//gerrit-server:testutil",
"//lib:truth",
"//lib/jgit/org.eclipse.jgit.junit:junit",
"//lib/bouncycastle:bcpg-without-neverlink",
"//lib/bouncycastle:bcprov-without-neverlink",
"//lib/bouncycastle:bcpg",
"//lib/bouncycastle:bcprov",
],
)

4
gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java
View File

@ -131,9 +131,5 @@ class InitAuth implements InitStep {
boolean def = flags.cfg.getBoolean(RECEIVE, ENABLE_SIGNED_PUSH, false);
boolean enable = ui.yesno(def, "Enable signed push support");
receive.set("enableSignedPush", Boolean.toString(enable));
if (enable) {
libraries.bouncyCastleProvider.downloadRequired();
libraries.bouncyCastlePGP.downloadRequired();
}
}
}

6
gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitSshd.java
View File

@ -79,12 +79,6 @@ class InitSshd implements InitStep {
port = ui.readInt(port, "Listen on port");
sshd.set("listenAddress", SocketUtil.format(hostname, port));
if (exists(site.ssh_rsa) || exists(site.ssh_dsa)) {
libraries.bouncyCastleSSL.downloadRequired();
} else if (!exists(site.ssh_key)) {
libraries.bouncyCastleSSL.downloadOptional();
}
generateSshHostKeys();
}

3
gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/Libraries.java
View File

@ -40,9 +40,6 @@ class Libraries {
private final List<String> skippedDownloads;
private final boolean skipAllDownloads;
/* final */ LibraryDownloader bouncyCastlePGP;
/* final */ LibraryDownloader bouncyCastleProvider;
/* final */ LibraryDownloader bouncyCastleSSL;
/* final */ LibraryDownloader db2Driver;
/* final */ LibraryDownloader db2DriverLicense;
/* final */ LibraryDownloader hanaDriver;

24
gerrit-pgm/src/main/resources/com/google/gerrit/pgm/init/libraries.config
View File

@ -12,30 +12,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# Version should match lib/bouncycastle/BUCK
[library "bouncyCastleProvider"]
name = Bouncy Castle Crypto Provider v156
url = https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/1.56/bcprov-jdk15on-1.56.jar
sha1 = a153c6f9744a3e9dd6feab5e210e1c9861362ec7
remove = bcprov-.*[.]jar
# Version should match lib/bouncycastle/BUCK
[library "bouncyCastleSSL"]
name = Bouncy Castle Crypto SSL v156
url = https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.56/bcpkix-jdk15on-1.56.jar
sha1 = 4648af70268b6fdb24674fb1fd7c1fcc73db1231
needs = bouncyCastleProvider
remove = bcpkix-.*[.]jar
# Version should match lib/bouncycastle/BUCK
[library "bouncyCastlePGP"]
name = Bouncy Castle Crypto OpenPGP v156
url = https://repo1.maven.org/maven2/org/bouncycastle/bcpg-jdk15on/1.56/bcpg-jdk15on-1.56.jar
sha1 = 9c3f2e7072c8cc1152079b5c25291a9f462631f1
needs = bouncyCastleProvider
remove = bcpg-.*[.]jar
[library "mysqlDriver"]
name = MySQL Connector/J 5.1.40
url = https://repo1.maven.org/maven2/mysql/mysql-connector-java/5.1.40/mysql-connector-java-5.1.40.jar

1
gerrit-pgm/src/test/java/com/google/gerrit/pgm/init/LibrariesTest.java
View File

@ -45,7 +45,6 @@ public class LibrariesTest {
Collections.<String>emptyList(),
false);
assertNotNull(lib.bouncyCastleProvider);
assertNotNull(lib.mysqlDriver);
verify(ui);

31
lib/bouncycastle/BUILD
View File

@ -1,44 +1,21 @@
java_library(
name = "bcprov",
data = ["//lib:LICENSE-DO_NOT_DISTRIBUTE"],
neverlink = 1,
visibility = ["//visibility:public"],
exports = ["@bcprov//jar"],
)
java_library(
name = "bcprov-without-neverlink",
data = ["//lib:LICENSE-DO_NOT_DISTRIBUTE"],
name = "bcprov",
data = ["//lib:LICENSE-bouncycastle"],
visibility = ["//visibility:public"],
exports = ["@bcprov//jar"],
)
java_library(
name = "bcpg",
data = ["//lib:LICENSE-DO_NOT_DISTRIBUTE"],
neverlink = 1,
visibility = ["//visibility:public"],
exports = ["@bcpg//jar"],
)
java_library(
name = "bcpg-without-neverlink",
data = ["//lib:LICENSE-DO_NOT_DISTRIBUTE"],
data = ["//lib:LICENSE-bouncycastle"],
visibility = ["//visibility:public"],
exports = ["@bcpg//jar"],
)
java_library(
name = "bcpkix",
data = ["//lib:LICENSE-DO_NOT_DISTRIBUTE"],
neverlink = 1,
visibility = ["//visibility:public"],
exports = ["@bcpkix//jar"],
)
java_library(
name = "bcpkix-without-neverlink",
data = ["//lib:LICENSE-DO_NOT_DISTRIBUTE"],
data = ["//lib:LICENSE-bouncycastle"],
visibility = ["//visibility:public"],
exports = ["@bcpkix//jar"],
)