Bazel: Unsign the JGit jars

Now that we use download_file.py anyway, move the unsign part to it.

Change-Id: I139fae87bbe263ac42e75d4706fa28059a53e326

WORKSPACE

@@ -135,6 +135,7 @@ maven_jar(
   sha1 = '4e953ecb2ed6d9ec2f90caee9de7c6a74df5c9b8',
   src_sha1 = '35712f083d19bbef07fca2271fc9278cc76ad28a',
   repository = GERRIT,
+  unsign = True,
 )
 
 maven_jar(
@@ -142,6 +143,7 @@ maven_jar(
   artifact = 'org.eclipse.jgit:org.eclipse.jgit.http.server:' + JGIT_VERS,
   sha1 = 'af904b4ac10682b80486bddb86efc2f1a409ec78',
   repository = GERRIT,
+  unsign = True,
 )
 
 maven_jar(
@@ -163,6 +165,7 @@ maven_jar(
   artifact = 'org.eclipse.jgit:org.eclipse.jgit.junit:' + JGIT_VERS,
   sha1 = '35d1fcd4cbbf1332ac5aee89e370b65cbe82c390',
   repository = GERRIT,
+  unsign = True,
 )
 
 maven_jar(

lib/jgit/org.eclipse.jgit.http.server/BUILD

@@ -1,15 +1,7 @@
-load('//tools/bzl:unsign.bzl', 'unsign_jars')
-
 java_library(
-  name = 'jgit-servlet-signed',
+  name = 'jgit-servlet',
   exports = ['@jgit_servlet//jar'],
   runtime_deps = ['//lib/jgit/org.eclipse.jgit:jgit'],
   visibility = ['//visibility:public'],
   data = ['//lib:LICENSE-jgit'],
 )
-
-unsign_jars(
-  name = 'jgit-servlet',
-  deps = [':jgit-servlet-signed'],
-  visibility = ['//visibility:public'],
-)

lib/jgit/org.eclipse.jgit.junit/BUILD

@@ -1,15 +1,7 @@
-load('//tools/bzl:unsign.bzl', 'unsign_jars')
-
 java_library(
-  name = 'junit-signed',
+  name = 'junit',
   exports = ['@jgit_junit//jar'],
   runtime_deps = ['//lib/jgit/org.eclipse.jgit:jgit'],
   visibility = ['//visibility:public'],
   data = ['//lib:LICENSE-DO_NOT_DISTRIBUTE'],
 )
-
-unsign_jars(
-  name = 'junit',
-  deps = [':junit-signed'],
-    visibility = ['//visibility:public'],
-)

lib/jgit/org.eclipse.jgit/BUILD

@@ -1,7 +1,5 @@
-load('//tools/bzl:unsign.bzl', 'unsign_jars')
-
 java_library(
-  name = 'jgit-signed',
+  name = 'jgit',
   exports = ['@jgit//jar'],
   runtime_deps = [':javaewah'],
   visibility = ['//visibility:public'],
@@ -14,9 +12,3 @@ java_library(
   visibility = ['//visibility:public'],
   data = ['//lib:LICENSE-Apache2.0'],
 )
-
-unsign_jars(
-  name = 'jgit',
-  deps = [':jgit-signed'],
-  visibility = ['//visibility:public'],
-)

tools/bzl/maven_jar.bzl

@@ -91,6 +91,11 @@ def _maven_jar_impl(ctx):
   script = ctx.path(ctx.attr._download_script)
 
   args = [python, script, "-o", binjar_path, "-u", binurl, "-v", sha1]
+  if ctx.attr.unsign:
+    args.append('--unsign')
+  for x in ctx.attr.exclude:
+    args.extend(['-x', x])
+
   out = ctx.execute(args)
 
   if out.return_code:
@@ -115,5 +120,7 @@ maven_jar=repository_rule(
     "src_sha1": attr.string(),
     "_download_script": attr.label(default=Label("//tools:download_file.py")),
     "repository": attr.string(default=MAVEN_CENTRAL),
-    "attach_source": attr.bool(default=True)
+    "attach_source": attr.bool(default=True),
+    "unsign": attr.bool(default=False),
+    "exclude": attr.string_list(),
   })

tools/bzl/unsign.bzl

@@ -1,16 +0,0 @@
-
-def unsign_jars(name, deps, **kwargs):
-  """unsign_jars collects its dependencies into a single java_import.
-
-  As a side effect, the signature is removed.
-  """
-  native.java_binary(
-    name = name + '-unsigned-binary',
-    runtime_deps = deps,
-    main_class = 'dummy'
-  )
-
-  native.java_import(
-    name = name,
-    jars = [ name + '-unsigned-binary_deploy.jar' ],
-    **kwargs)