summaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.packaging
Commit message (Collapse)AuthorAgeFilesLines
* Prepare 6.9.0-SNAPSHOT buildsMatthias Sohn2024-02-2220-21/+21
| | | | Change-Id: I11f4871bfdf6c6c0de5d5ed577edf16bac8cf681
* JGit v6.9.0.202402211805-m3v6.9.0.202402211805-m3Matthias Sohn2024-02-2120-21/+21
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: Id2f3934947d6d1e94feeb9e73ad7282ae089b682
* Update jetty to 10.0.20Matthias Sohn2024-02-2016-127/+127
| | | | Change-Id: Ic79c5ce718fe1345f75c4254a9ee2aa7d91af359
* Update maven pluginsMatthias Sohn2024-02-201-8/+8
| | | | | | | | | | | | | | | | | - build-helper-maven-plugin to 3.5.0 - cyclonedx-maven-plugin to 2.7.11 - eclipse-jarsigner-plugin to 1.4.3 - git-commit-id-maven-plugin to 7.0.0 - japicmp-maven-plugin to 0.18.5 - maven-clean-plugin to 3.3.2 - maven-compiler-plugin to 3.12.1 - maven-enforcer-plugin to 3.4.1 - maven-jxr-plugin to 3.3.2< - maven-site-plugin to 4.0.0-M13 - spotbugs-maven-plugin to 4.8.3.1 - tycho plugins to 4.0.6 Change-Id: Ie792f783b8b8453a37743f10f8c4162932e5ff85
* Update org.assertj:assertj-core to 3.25.3Matthias Sohn2024-02-2016-31/+31
| | | | Change-Id: I3fd8adf3c1cc3f2c8826602b11d1d11fdfe29bfb
* Update org.mockito:mockito-core to 5.10.0Matthias Sohn2024-02-2016-31/+31
| | | | Change-Id: I35dbb2402e65753e10bef4617b7e1683f9900406
* Update org.apache.commons:commons-compress to 1.26.0Matthias Sohn2024-02-2016-31/+126
| | | | | | | The new version now requires commons-io for the tests. Hence adding dependency to commons-io:commons-io:2.15.1. Change-Id: Ieb50ef559a119c89f90d700ab95a73c0fcae85a8
* Update byte-buddy to 1.14.12Matthias Sohn2024-02-2016-47/+47
| | | | Change-Id: Idc56efd1ee6d9d1e039ccfffd5e16803b727f6dc
* [ssh] Bump Apache MINA sshd 2.11.0 -> 2.12.0Thomas Wolf2024-01-2016-47/+47
| | | | | | | | | | | This includes the upstream fix for CVE-2023-48795[1] ("strict KEX" protocol extension mitigating the "Terrapin attack"[2]) in JGit. [1] https://nvd.nist.gov/vuln/detail/CVE-2023-48795 [2] https://www.terrapin-attack.com/ Bug: jgit-16 Change-Id: Ie9aa5b903ea6795bd1511afea0bebdb537b56148 Signed-off-by: Thomas Wolf <twolf@apache.org>
* Merge "Remove invalid/unnecessary Maven settings"Matthias Sohn2024-01-163-42/+0
|\
| * Remove invalid/unnecessary Maven settingsMichael Keppler2023-12-233-42/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | * Remove jgit.target POM and remove it from the module list. This was only necessary when the target file had to be referenced as an artifact. Meanwhile we reference it directly by its path, and can remove the Maven build around it. * Remove tycho configuration options that are no longer valid (resolved was removed very early, probably before 1.0; includePackedArtifacts was removed in 3.0). Also remove duplicate version specification. Change-Id: Ifa69065dd73bf586b8359541375e065f5f60aa03
* | Update jna to 5.14.0Matthias Sohn2024-01-1216-47/+47
|/ | | | Change-Id: Ie60f618fabd1c35815a7fe2775b7fe059baba8b4
* Update Tycho to 4.0.4Matthias Sohn2023-12-221-1/+1
| | | | Change-Id: I9d087b5a62ab3d474d894a2276572156c14dad4e
* Update mockito to 5.8.0Matthias Sohn2023-12-2216-31/+31
| | | | Change-Id: I70d33b7af25fcb4754fb048dd9054eef7356f00c
* Add 4.31 target platform and update orbit to 4.31Matthias Sohn2023-12-2218-44/+351
| | | | | | and update bytebuddy to 1.14.10. Change-Id: I145776a31d806f7e6dcc90263650109b3eb19067
* Renormalize line endings based on .gitattributesMatthias Sohn2023-12-226-18/+18
| | | | | | This fixes line endings of all text files to use LF in the repository. Change-Id: I4df6fd7aaf9db9cdaa953a0d1062981b4612056c
* Prepare 6.9.0-SNAPSHOT buildsMatthias Sohn2023-12-0422-33/+33
| | | | Change-Id: Id1d784ec4870cfb53c4b140fe0bb3fad9eef651d
* Prepare 6.8.1-SNAPSHOT buildsMatthias Sohn2023-11-2922-33/+33
| | | | Change-Id: I56458c5345dcd9544868c948e90c9827d25c6850
* JGit v6.8.0.202311291450-rv6.8.0.202311291450-rMatthias Sohn2023-11-2922-23/+23
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: Iecfe3f628cfdc437ee0d63fe52653ef952c8c494
* Update Orbit to orbit-aggregation/2023-12Matthias Sohn2023-11-2815-29/+29
| | | | Change-Id: Ifde28f60461e0a9d7b1278f8f178ceb2c4e1db7a
* Prepare 6.8.0-SNAPSHOT buildsMatthias Sohn2023-11-2222-23/+23
| | | | Change-Id: I89178175549541111cddb88da401899960c0ecac
* JGit v6.8.0.202311212206-rc1v6.8.0.202311212206-rc1Matthias Sohn2023-11-2122-23/+23
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I6a40cdef68538fa769f4525eb2ff1ed4a810f11c
* Update org.apache.commons:commons-compress to 1.25.0Matthias Sohn2023-11-1715-29/+29
| | | | Change-Id: Ic9c6910853ad00075501aa3e03888fefbe634bf6
* Update bouncycastle to 1.77Matthias Sohn2023-11-1615-74/+74
| | | | Change-Id: I2dc011247ace2eeea8c46587cae55a39be086f36
* Update jetty to 10.0.18Matthias Sohn2023-11-1515-119/+119
| | | | Change-Id: I34c9f7c062400bb69849812d57390dd2e7b04cac
* SSH: bump org.apache.sshd to 2.11.0Thomas Wolf2023-11-1515-44/+44
| | | | | | | | | | Update maven build, bazel build, and target platform. Also remove a file in a ./bin directory that got committed by mistake in commit f5f4bf0ad. Change-Id: Ia653c71643f8fad290874d723dacdafbef25c13f Signed-off-by: Thomas Wolf <twolf@apache.org>
* Update mockito to 5.7.0 and bytebuddy to 1.14.9Matthias Sohn2023-11-0915-72/+72
| | | | Change-Id: I7c93847054050a0af0d2c16e724e5755f9fa33bf
* Enable Maven reproducible buildsMatthias Sohn2023-11-091-1/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - configure Maven to run build reproducibly [1] - use UTC timestamp of checked out commit as build timestamp - add git-describe, git-commit-id, git-commit-id, git-tags, git-remote-origin-url to MANIFEST.MF files - configure cyclonedx-maven-plugin to also use UTC timestamp of checked out commit - for packaging build use tycho-buildtimestamp-jgit [2] to ensure version uses the timestamp of the last commit - SBOMs are not reproducible by design [3] they should have a build timestamp matching the time when the build was executed and a serial number which is a unique UUID per build run. Hence exclude them from comparison [4]. - Use gmavenplus-plugin to format build timestamps. Maven expects build timestamp in ISO-8601 format, to replace the qualifier in versions the timestamp format must be compatible with rules for OSGi version numbers. Didn't find a way to read the properties set by the git-commit-id-maven-plugin from another plugin. Hence use JGit in a groovy script to get the commit time of the current HEAD and provide it in these two formats. TODO: packaging build (features and p2 repository) is not yet binary reproducible since that's not yet supported by Tycho [5], artefacts have reproducible version numbers but file lastModified timestamps are not yet reproducible. Test plan for Maven build: - build using mvn clean install" - verify second build is reproducible: mvn -T1 clean verify artifact:compare verification seems not to be thread-safe, hence run it with a single thread using option -T1 For packaging build (still fails due to non-reproducible file timestamps): - build using mvn -f org.eclipse.jgit.packaging/pom.xml clean install - verify second build is reproducible: mvn -T1 -f org.eclipse.jgit.packaging/pom.xml clean verify artifact:compare [1] https://maven.apache.org/guides/mini/guide-reproducible-builds.html [2] https://wiki.eclipse.org/Tycho/Reproducible_Version_Qualifiers [3] https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/84 [4] https://maven.apache.org/plugins/maven-artifact-plugin/compare-mojo.html [5] https://github.com/eclipse-tycho/tycho/issues/233 Change-Id: I0202f55a1b6ae0edd922cfef638beb39d2ce9417
* Generate SBOMs using cyclonedx maven pluginMatthias Sohn2023-10-181-0/+37
| | | | | | | | and specify JGit's license using its SPDX identifier. See https://gitlab.eclipse.org/eclipsefdn/emo-team/sbom/-/blob/main/docs/sbom.adoc#sbom-maven Change-Id: I8f022002c84200ea430325916fa38c3764979c02
* Use net.i2p.crypto.eddsa 0.3.0 from new Orbit buildMatthias Sohn2023-10-1315-46/+46
| | | | | | | | | | | | | | | | | | | | | | consuming it directly from Maven Central. The bundle net.i2p.crypto.eddsa 0.3.0 contains bad OSGi metadata, earlier it was repackaged in Orbit tweaking its mandatory dependency to sun.security.x509 to an optional dependency. This project seems to be orphaned, probably because Java 15 added support for eddsa with JEP339 [1]. This repackaged bundle is no longer available after Orbit was renovated [2] to consume the vast majority of bundles directly from Maven Central without repacking them. Hence we have to workaround this (probably false) mandatory dependency. For that export an empty dummy package "sun.security.x509" to satisfy OSGi. [1] https://openjdk.org/jeps/339 [2] https://github.com/eclipse-orbit/orbit-simrel/issues/15 Change-Id: I2267e15823ebce6cf1d448e1e16a129f703e0f80
* Update orbit to orbit-aggregation/2023-12Matthias Sohn2023-10-0529-117/+424
| | | | | | | - add target platform for Eclipse 4.30 (2023-12) - update org.apache.ant to 1.10.14 Change-Id: Ib7fa7cb79e93ecd6009784bc0ad4269bfa71cb29
* Eclipse features: update copyright yearThomas Wolf2023-09-269-9/+9
| | | | | | Set upper bound to 2023. Change-Id: I67acc12b3fe80ab7ca4a9303b0e96325a1e707e9 Signed-off-by: Thomas Wolf <twolf@apache.org>
* Update jetty to 10.0.16Matthias Sohn2023-09-2214-111/+111
| | | | Change-Id: I918e308e71fa978c9f25e3fad63c5f2e94ec3be7
* Update org.apache.commons:commons-compress to 1.24.0Matthias Sohn2023-09-1514-27/+27
| | | | Change-Id: I896298f9e94b50dda6c6396e652f4a191a722a68
* Update bytebuddy to 1.14.8Matthias Sohn2023-09-1514-41/+41
| | | | Change-Id: I60ad9ea9300099eeabbb5023d7a5264593e60dc0
* Prepare 6.8.0-SNAPSHOT buildsMatthias Sohn2023-09-0722-33/+33
| | | | Change-Id: Ifc81f0a96c2ced0b25926b9daa539d9cfc951925
* Prepare 6.7.1-SNAPSHOT buildsMatthias Sohn2023-09-0722-33/+33
| | | | Change-Id: I96097ef8c6f198220f513bbc6d5f8881834a1491
* JGit v6.7.0.202309050840-rv6.7.0.202309050840-rMatthias Sohn2023-09-0522-23/+23
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: Ibe952d97bc178adb909cdd40f48957f5b68af699
* Fix list of 3rd party bundles in p2 repoMatthias Sohn2023-09-041-3/+12
| | | | | | | | | | | The jgit p2 repo should contain all 3rd party dependencies needed at runtime but not dependencies only used in tests. - remove assertj-core since it's only used in tests - add org.eclipse.osgi and org.osgi.service.cm which are runtime dependencies Change-Id: Ie789cb8feab0905e7e23aae1d5378e82a0088992
* Add missing source bundle org.osgi.service.cm.source to target platformMatthias Sohn2023-09-0414-13/+27
| | | | Change-Id: I6e61278467ad11d28c08ee6b49e04dac0593f3e6
* Update mockito to 5.5.0Matthias Sohn2023-08-3114-27/+27
| | | | Change-Id: Ic62864aaf15388b8f20b2db8aa65d1dcf03465a6
* Update byte-buddy to 1.14.7Matthias Sohn2023-08-3114-41/+41
| | | | Change-Id: Iee257eef4cdc3235db6172e19d8d271ff9988fa4
* Prepare 6.7.0-SNAPSHOT buildsMatthias Sohn2023-08-3022-23/+23
| | | | Change-Id: I49751232464e70b7d1dc3292a9f36b7a7015e44f
* JGit v6.7.0.202308301100-rc1v6.7.0.202308301100-rc1Matthias Sohn2023-08-3022-23/+23
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I712a9f6830364ed404d03f3a145c055906273544
* Remove the cbi-snapshots Maven repositoryMatthias Sohn2023-08-301-4/+0
| | | | | | since it's not used anymore. Change-Id: I884c5e5854d6a1f5b104d8d3bb0419e860fa34ca
* Update Orbit to orbit-aggregation/release/4.29.0Matthias Sohn2023-08-3027-195/+234
| | | | | | | | | | | | | Switch to bundle dependencies for hamcrest 1.3 to avoid issues with split packages in that version. Don't allow hamcrest 2.x yet since junit 4.13.2 still requires hamcrest 1.3. See Orbit restructuring in https://github.com/orgs/eclipse-orbit/discussions/49 Change-Id: I8faf519b8f2c4e4a6bd255d694d1aa28017acd85
* Add target platform for Eclipse 2023-09 (4.29)Matthias Sohn2023-08-302-0/+278
| | | | Change-Id: I62f9bacebf0a2a2cba6ffde7936572e3f05a629c
* Use release p2 repo for Eclipse 2023-06 (4.28)Matthias Sohn2023-08-302-3/+3
| | | | Change-Id: I3b8794bdb43db12c2eacda1de27651686c41abf5
* Update tycho to 4.0.2Matthias Sohn2023-08-291-1/+1
| | | | Change-Id: Ib619bc09bf79c0f9e7526c0303606f314e8c1209
* Update bouncycastle to 1.76Matthias Sohn2023-08-2913-64/+64
| | | | Change-Id: Ic569f348106e917001fbaa25a302fc20cca56244
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 21:48:38 +0000