From 9c16f28d7e31c49f8062b2187f24f59024ccd6ec Mon Sep 17 00:00:00 2001 From: Bartosz Spyrko-Smietanko Date: Fri, 2 Aug 2024 13:05:28 +0200 Subject: [PATCH] Add override for manifest signature URL --- .../java/org/wildfly/channel/ChannelImpl.java | 31 +++++++++++++------ .../channel/ChannelManifestCoordinate.java | 19 +++++++++++- .../channel/ChannelMetadataCoordinate.java | 11 +++++++ .../org/wildfly/channel/v2.1.0/schema.json | 4 +++ doc/spec.adoc | 3 +- 5 files changed, 57 insertions(+), 11 deletions(-) diff --git a/core/src/main/java/org/wildfly/channel/ChannelImpl.java b/core/src/main/java/org/wildfly/channel/ChannelImpl.java index 58ba360c..1b773531 100644 --- a/core/src/main/java/org/wildfly/channel/ChannelImpl.java +++ b/core/src/main/java/org/wildfly/channel/ChannelImpl.java @@ -148,9 +148,16 @@ private ChannelImpl createNewChannelFromMaven(MavenVersionsResolver.Factory fact version = latest.orElseThrow(() -> new RuntimeException(String.format("Can not determine the latest version for Maven artifact %s:%s:%s:%s", groupId, artifactId, ChannelManifest.EXTENSION, ChannelManifest.CLASSIFIER))); } - final ChannelImpl requiredChannel = new ChannelImpl(new Channel(ChannelMapper.CURRENT_SCHEMA_VERSION, null, null, null, channelDefinition.getRepositories(), - new ChannelManifestCoordinate(groupId, artifactId, version), null, - Channel.NoStreamStrategy.NONE, channelDefinition.isGpgCheck(), channelDefinition.getGpgUrls())); + final Channel requiredChannelDefinition = new Channel.Builder(channelDefinition) + .setName(null) + .setDescription(null) + .setVendor(null) + .setManifestCoordinate(groupId, artifactId, version) + .setResolveStrategy(Channel.NoStreamStrategy.NONE) + .build(); + + final ChannelImpl requiredChannel = new ChannelImpl(requiredChannelDefinition); + try { requiredChannel.init(factory, channels, signatureValidator); } catch (UnresolvedMavenArtifactException e) { @@ -228,7 +235,7 @@ private ChannelManifest resolveManifest(ChannelManifestCoordinate manifestCoordi * * @throws ArtifactTransferException if any artifacts can not be resolved. */ - public List resolveChannelMetadata(List coords, boolean optional) throws ArtifactTransferException { + private List resolveChannelMetadata(List coords, boolean optional) throws ArtifactTransferException { requireNonNull(coords); List channels = new ArrayList<>(); @@ -237,9 +244,15 @@ public List resolveChannelMetadata(List resolveChannelMetadata(List resolveArtifacts(List coordinates) throws UnresolvedMavenArtifactException { final List resolvedArtifacts = resolver.resolveArtifacts(coordinates); - if (channelDefinition.requiresGpgCheck()) { + if (channelDefinition.isGpgCheck()) { try { final List signatures = resolver.resolveArtifacts(coordinates.stream() .map(c->new ArtifactCoordinate(c.getGroupId(), c.getArtifactId(), c.getExtension() + SIGNATURE_FILE_SUFFIX, diff --git a/core/src/main/java/org/wildfly/channel/ChannelManifestCoordinate.java b/core/src/main/java/org/wildfly/channel/ChannelManifestCoordinate.java index 8b4efcc1..3522cb2a 100644 --- a/core/src/main/java/org/wildfly/channel/ChannelManifestCoordinate.java +++ b/core/src/main/java/org/wildfly/channel/ChannelManifestCoordinate.java @@ -45,12 +45,23 @@ public ChannelManifestCoordinate(URL url) { super(url); } + public ChannelManifestCoordinate(URL url, URL signatureUrl) { + super(url, signatureUrl); + } + public ChannelManifestCoordinate() { super(ChannelManifest.CLASSIFIER, ChannelManifest.EXTENSION); } + public static ChannelManifestCoordinate create(String url, + MavenCoordinate gav) throws MalformedURLException { + return create(url, null, gav); + } + @JsonCreator - public static ChannelManifestCoordinate create(@JsonProperty(value = "url") String url, @JsonProperty(value = "maven") MavenCoordinate gav) throws MalformedURLException { + public static ChannelManifestCoordinate create(@JsonProperty(value = "url") String url, + @JsonProperty(value = "signature-url") String signatureUrl, + @JsonProperty(value = "maven") MavenCoordinate gav) throws MalformedURLException { if (gav != null) { if (gav.getVersion() == null || gav.getVersion().isEmpty()) { return new ChannelManifestCoordinate(gav.getGroupId(), gav.getArtifactId()); @@ -81,4 +92,10 @@ private boolean isEmpty(String text) { public URL getUrl() { return super.getUrl(); } + + @JsonProperty(value = "signature-url") + @JsonInclude(NON_NULL) + public URL getSignatureUrl() { + return super.getSignatureUrl(); + } } diff --git a/core/src/main/java/org/wildfly/channel/ChannelMetadataCoordinate.java b/core/src/main/java/org/wildfly/channel/ChannelMetadataCoordinate.java index 7eb1435c..82fd2c32 100644 --- a/core/src/main/java/org/wildfly/channel/ChannelMetadataCoordinate.java +++ b/core/src/main/java/org/wildfly/channel/ChannelMetadataCoordinate.java @@ -35,6 +35,7 @@ public class ChannelMetadataCoordinate { private String extension; private URL url; + protected URL signatureUrl; protected ChannelMetadataCoordinate() { } @@ -57,6 +58,12 @@ public ChannelMetadataCoordinate(URL url) { requireNonNull(url); } + public ChannelMetadataCoordinate(URL url, URL signatureUrl) { + this(null, null, null, null, null, url); + requireNonNull(url); + this.signatureUrl = signatureUrl; + } + private ChannelMetadataCoordinate(String groupId, String artifactId, String version, String classifier, String extension, URL url) { this.groupId = groupId; this.artifactId = artifactId; @@ -94,6 +101,10 @@ public String getExtension() { return extension; } + public URL getSignatureUrl() { + return signatureUrl; + } + @Override public boolean equals(Object o) { if (this == o) return true; diff --git a/core/src/main/resources/org/wildfly/channel/v2.1.0/schema.json b/core/src/main/resources/org/wildfly/channel/v2.1.0/schema.json index e1b5727c..47bd6ce7 100644 --- a/core/src/main/resources/org/wildfly/channel/v2.1.0/schema.json +++ b/core/src/main/resources/org/wildfly/channel/v2.1.0/schema.json @@ -81,6 +81,10 @@ "url": { "description": "URL of the manifest file.", "type": "string" + }, + "signature-url": { + "description": "URL of the manifest signature file.", + "type": "string" } }, "oneOf": [ diff --git a/doc/spec.adoc b/doc/spec.adoc index c3940911..29bbfe23 100644 --- a/doc/spec.adoc +++ b/doc/spec.adoc @@ -65,6 +65,7 @@ A channel is composed of several fields: **** Mandatory `groupId` and `artifactId` elements that are the Maven coordinates of the manifest. **** Optional `version` to stick to a given manifest version (instead of requiring the latest version of that manifest). In the absence of this `version`, the latest version of the manifest will be determined based on the Maven repository metadata (see <>). *** `url` corresponding to a URL where the manifest file can be found. +*** `signature-url` corresponding to a URL where the signature of the manifest file can be found. * Optional `blocklist` corresponding to the Blocklist artifact. Blocklist is used to define versions of artifacts excluded from a channel. ** One of the following, mutually exclusive fields, used to resolve the Blocklist: *** `maven` corresponds to Maven coordinates of the Blocklist. It's composed of: @@ -247,7 +248,7 @@ The signature file is resolved at the same time as the artifact. If the signatur #### Verifing manifest signatures -If the manifest of a channel is defined as a Maven GA(V), it is treated as any other maven artifact. If it is defined as an URL, the signature file must be available at the same URL with ".asc" suffix. If the signature cannot be resolved, the channel creation must fail. +If the manifest of a channel is defined as a Maven GA(V), it is treated as any other maven artifact. If it is defined as an URL, the signature file must be available at the same URL with ".asc" suffix. Alternatively, a `signature-url` element can be used to provide a location of the signature. If the signature cannot be resolved, the channel creation must fail. #### Public keys