aboutsummaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.packaging
Commit message (Collapse)AuthorAgeFilesLines
* JGit v6.8.0.202311151710-m2v6.8.0.202311151710-m2Matthias Sohn2023-11-1522-23/+23
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I9d06bb08fc1f9a2a08d4bc5a4459ec7e7e8c1be4
* Update mockito to 5.7.0 and bytebuddy to 1.14.9Matthias Sohn2023-11-0915-72/+72
| | | | Change-Id: I7c93847054050a0af0d2c16e724e5755f9fa33bf
* Enable Maven reproducible buildsMatthias Sohn2023-11-091-1/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - configure Maven to run build reproducibly [1] - use UTC timestamp of checked out commit as build timestamp - add git-describe, git-commit-id, git-commit-id, git-tags, git-remote-origin-url to MANIFEST.MF files - configure cyclonedx-maven-plugin to also use UTC timestamp of checked out commit - for packaging build use tycho-buildtimestamp-jgit [2] to ensure version uses the timestamp of the last commit - SBOMs are not reproducible by design [3] they should have a build timestamp matching the time when the build was executed and a serial number which is a unique UUID per build run. Hence exclude them from comparison [4]. - Use gmavenplus-plugin to format build timestamps. Maven expects build timestamp in ISO-8601 format, to replace the qualifier in versions the timestamp format must be compatible with rules for OSGi version numbers. Didn't find a way to read the properties set by the git-commit-id-maven-plugin from another plugin. Hence use JGit in a groovy script to get the commit time of the current HEAD and provide it in these two formats. TODO: packaging build (features and p2 repository) is not yet binary reproducible since that's not yet supported by Tycho [5], artefacts have reproducible version numbers but file lastModified timestamps are not yet reproducible. Test plan for Maven build: - build using mvn clean install" - verify second build is reproducible: mvn -T1 clean verify artifact:compare verification seems not to be thread-safe, hence run it with a single thread using option -T1 For packaging build (still fails due to non-reproducible file timestamps): - build using mvn -f org.eclipse.jgit.packaging/pom.xml clean install - verify second build is reproducible: mvn -T1 -f org.eclipse.jgit.packaging/pom.xml clean verify artifact:compare [1] https://maven.apache.org/guides/mini/guide-reproducible-builds.html [2] https://wiki.eclipse.org/Tycho/Reproducible_Version_Qualifiers [3] https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/84 [4] https://maven.apache.org/plugins/maven-artifact-plugin/compare-mojo.html [5] https://github.com/eclipse-tycho/tycho/issues/233 Change-Id: I0202f55a1b6ae0edd922cfef638beb39d2ce9417
* Generate SBOMs using cyclonedx maven pluginMatthias Sohn2023-10-181-0/+37
| | | | | | | | and specify JGit's license using its SPDX identifier. See https://gitlab.eclipse.org/eclipsefdn/emo-team/sbom/-/blob/main/docs/sbom.adoc#sbom-maven Change-Id: I8f022002c84200ea430325916fa38c3764979c02
* Use net.i2p.crypto.eddsa 0.3.0 from new Orbit buildMatthias Sohn2023-10-1315-46/+46
| | | | | | | | | | | | | | | | | | | | | | consuming it directly from Maven Central. The bundle net.i2p.crypto.eddsa 0.3.0 contains bad OSGi metadata, earlier it was repackaged in Orbit tweaking its mandatory dependency to sun.security.x509 to an optional dependency. This project seems to be orphaned, probably because Java 15 added support for eddsa with JEP339 [1]. This repackaged bundle is no longer available after Orbit was renovated [2] to consume the vast majority of bundles directly from Maven Central without repacking them. Hence we have to workaround this (probably false) mandatory dependency. For that export an empty dummy package "sun.security.x509" to satisfy OSGi. [1] https://openjdk.org/jeps/339 [2] https://github.com/eclipse-orbit/orbit-simrel/issues/15 Change-Id: I2267e15823ebce6cf1d448e1e16a129f703e0f80
* Update orbit to orbit-aggregation/2023-12Matthias Sohn2023-10-0529-117/+424
| | | | | | | - add target platform for Eclipse 4.30 (2023-12) - update org.apache.ant to 1.10.14 Change-Id: Ib7fa7cb79e93ecd6009784bc0ad4269bfa71cb29
* Eclipse features: update copyright yearThomas Wolf2023-09-269-9/+9
| | | | | | Set upper bound to 2023. Change-Id: I67acc12b3fe80ab7ca4a9303b0e96325a1e707e9 Signed-off-by: Thomas Wolf <twolf@apache.org>
* Update jetty to 10.0.16Matthias Sohn2023-09-2214-111/+111
| | | | Change-Id: I918e308e71fa978c9f25e3fad63c5f2e94ec3be7
* Update org.apache.commons:commons-compress to 1.24.0Matthias Sohn2023-09-1514-27/+27
| | | | Change-Id: I896298f9e94b50dda6c6396e652f4a191a722a68
* Update bytebuddy to 1.14.8Matthias Sohn2023-09-1514-41/+41
| | | | Change-Id: I60ad9ea9300099eeabbb5023d7a5264593e60dc0
* Prepare 6.8.0-SNAPSHOT buildsMatthias Sohn2023-09-0722-33/+33
| | | | Change-Id: Ifc81f0a96c2ced0b25926b9daa539d9cfc951925
* Prepare 6.7.1-SNAPSHOT buildsMatthias Sohn2023-09-0722-33/+33
| | | | Change-Id: I96097ef8c6f198220f513bbc6d5f8881834a1491
* JGit v6.7.0.202309050840-rv6.7.0.202309050840-rMatthias Sohn2023-09-0522-23/+23
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: Ibe952d97bc178adb909cdd40f48957f5b68af699
* Fix list of 3rd party bundles in p2 repoMatthias Sohn2023-09-041-3/+12
| | | | | | | | | | | The jgit p2 repo should contain all 3rd party dependencies needed at runtime but not dependencies only used in tests. - remove assertj-core since it's only used in tests - add org.eclipse.osgi and org.osgi.service.cm which are runtime dependencies Change-Id: Ie789cb8feab0905e7e23aae1d5378e82a0088992
* Add missing source bundle org.osgi.service.cm.source to target platformMatthias Sohn2023-09-0414-13/+27
| | | | Change-Id: I6e61278467ad11d28c08ee6b49e04dac0593f3e6
* Update mockito to 5.5.0Matthias Sohn2023-08-3114-27/+27
| | | | Change-Id: Ic62864aaf15388b8f20b2db8aa65d1dcf03465a6
* Update byte-buddy to 1.14.7Matthias Sohn2023-08-3114-41/+41
| | | | Change-Id: Iee257eef4cdc3235db6172e19d8d271ff9988fa4
* Prepare 6.7.0-SNAPSHOT buildsMatthias Sohn2023-08-3022-23/+23
| | | | Change-Id: I49751232464e70b7d1dc3292a9f36b7a7015e44f
* JGit v6.7.0.202308301100-rc1v6.7.0.202308301100-rc1Matthias Sohn2023-08-3022-23/+23
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I712a9f6830364ed404d03f3a145c055906273544
* Remove the cbi-snapshots Maven repositoryMatthias Sohn2023-08-301-4/+0
| | | | | | since it's not used anymore. Change-Id: I884c5e5854d6a1f5b104d8d3bb0419e860fa34ca
* Update Orbit to orbit-aggregation/release/4.29.0Matthias Sohn2023-08-3027-195/+234
| | | | | | | | | | | | | Switch to bundle dependencies for hamcrest 1.3 to avoid issues with split packages in that version. Don't allow hamcrest 2.x yet since junit 4.13.2 still requires hamcrest 1.3. See Orbit restructuring in https://github.com/orgs/eclipse-orbit/discussions/49 Change-Id: I8faf519b8f2c4e4a6bd255d694d1aa28017acd85
* Add target platform for Eclipse 2023-09 (4.29)Matthias Sohn2023-08-302-0/+278
| | | | Change-Id: I62f9bacebf0a2a2cba6ffde7936572e3f05a629c
* Use release p2 repo for Eclipse 2023-06 (4.28)Matthias Sohn2023-08-302-3/+3
| | | | Change-Id: I3b8794bdb43db12c2eacda1de27651686c41abf5
* Update tycho to 4.0.2Matthias Sohn2023-08-291-1/+1
| | | | Change-Id: Ib619bc09bf79c0f9e7526c0303606f314e8c1209
* Update bouncycastle to 1.76Matthias Sohn2023-08-2913-64/+64
| | | | Change-Id: Ic569f348106e917001fbaa25a302fc20cca56244
* Merge branch 'stable-6.6' into stable-6.7Matthias Sohn2023-08-031-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | * stable-6.6: Update to Tycho 4.0.1 Add verification in GcKeepFilesTest that bitmaps are generated Express the explicit intention of creating bitmaps in GC GC: prune all packfiles after the loosen phase Prepare 5.13.3-SNAPSHOT builds JGit v5.13.2.202306221912-r Change-Id: I7294c21748897eb3f94eeffbda944b62e3206c0d
| * Update to Tycho 4.0.1Matthias Sohn2023-08-031-1/+1
| | | | | | | | | | | | | | | | Tycho 4.0.0-SNAPSHOT is no longer available and it's a bad practice to depend on any snapshot version (we had to since this was the only way to get gpg signing to work in time for releasing 6.6.0). Change-Id: I1d4af5f69965b4cad50b379fd81f6f442b38c8d0
* | Prepare 6.7.0-SNAPSHOT buildsMatthias Sohn2023-08-0322-23/+23
| | | | | | | | Change-Id: I936d2d9106a1e3b7a98ec89fec8ae8a92ec765f2
* | JGit v6.7.0.202308011830-m2v6.7.0.202308011830-m2Matthias Sohn2023-08-0222-23/+23
| | | | | | | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I255a979e9f48f60a251ef7b74ced3f720f012706
* | Update commons-codec to 1.16.0Matthias Sohn2023-07-2513-25/+25
| | | | | | | | Change-Id: I64617b17a168da1966b93c283c150d549477f3e1
* | [releng] Use tycho 4.0.0 instead of 4.0.0-SNAPSHOTThomas Wolf2023-07-111-5/+1
| | | | | | | | | | | | | | Now that it is released there is no need anymore to use a snapshot version. Change-Id: Idd35c48022370abf18049ef4b6ddd6253613888e Signed-off-by: Thomas Wolf <twolf@apache.org>
* | Update mockito to 5.4.0 and bytebuddy to 1.14.5Matthias Sohn2023-07-0214-64/+171
| | | | | | | | Change-Id: Ia9de3f9fb6f51ac55a7c551cab4ce199318c1114
* | Merge branch 'stable-6.6'Matthias Sohn2023-07-0125-38/+38
|\| | | | | | | | | | | | | | | | | * stable-6.6: Update Orbit to R20230531010532 for 2023-06 Bazel: Fix remote build execution for Java 17 Bump bazel vesion to 6.2.0 Change-Id: I107eb2cd1ce3cb7670e7418ffd74a7b94ab858a6
| * Update Orbit to R20230531010532 for 2023-06Matthias Sohn2023-06-0925-38/+38
| | | | | | | | Change-Id: I844efc4bec153931f0a7b3c694bade4f5b166295
| * Prepare 6.6.1-SNAPSHOT buildsMatthias Sohn2023-05-3022-33/+33
| | | | | | | | Change-Id: I0036999e2be076d4ad8231410faeff51bf9cbf52
| * JGit v6.6.0.202305301015-rv6.6.0.202305301015-rMatthias Sohn2023-05-3022-23/+23
| | | | | | | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I33b45b0cf36835b289ecbb5a1a9fc4ad7fc200cd
* | Update bouncycastle to 1.75Matthias Sohn2023-06-2713-64/+64
| | | | | | | | Change-Id: I7538759005b9a4eb8f1ae9337ce0056500eb7227
* | Update eclipse-jarsigner-plugin to 1.4.2Matthias Sohn2023-06-271-1/+1
| | | | | | | | Change-Id: I3f92a32ccf795ae8c6c4e1699d0040ac84d743c2
* | Merge branch 'stable-6.6'Matthias Sohn2023-05-2525-60/+87
|\| | | | | | | | | | | | | | | | | | | | | * stable-6.6: Update to Orbit S20230516204213 Prepare 6.6.0-SNAPSHOT builds JGit v6.6.0.202305241045-m3 Prepare 6.6.0-SNAPSHOT builds JGit v6.6.0.202305031100-m2 Change-Id: Ibceebbce6aebba7a8670de41eb39eb23b14b8c74
| * Update to Orbit S20230516204213Matthias Sohn2023-05-2425-60/+87
| | | | | | | | Change-Id: I4daae47b8d2e244b78dff5ca072e41153e7e6734
| * Prepare 6.6.0-SNAPSHOT buildsMatthias Sohn2023-05-2422-23/+23
| | | | | | | | Change-Id: If0e4e8ce5f3e2f5170f313fb9b26b4ec0e34dab9
| * JGit v6.6.0.202305241045-m3v6.6.0.202305241045-m3Matthias Sohn2023-05-2422-23/+23
| | | | | | | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I204708812b9cb6f98f9c29e28548b91da0d88d91
* | Prepare 6.7.0-SNAPSHOT buildsMatthias Sohn2023-05-2422-33/+33
|/ | | | Change-Id: I50ff7ee31046cfc29a087c8963be3deae24b1c9c
* Update to Tycho 4.0.0-SNAPSHOTMatthias Sohn2023-05-231-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to update to Tycho in order to force PGP signing of the bouncycastle libraries which isn't supported by earlier Tycho versions. For that we need to run Maven on Java 17 or higher. In order to run tests on Java 11 add a `toolchain.xml` file into the `~/.m2` directory providing the path to Java installations: <?xml version='1.0' encoding='UTF-8'?> <toolchains> <toolchain> <type>jdk</type> <provides> <id>JavaSE-11</id> <version>11</version> </provides> <configuration> <jdkHome>/path/to/java-11</jdkHome> </configuration> </toolchain> <toolchain> <type>jdk</type> <provides> <id>JavaSE-17</id> <version>17</version> </provides> <configuration> <jdkHome>/path/to/java-17</jdkHome> </configuration> </toolchain> </toolchains> Change-Id: Ib0f18147826e5b4a7fa1f41590772516269de702
* PGP sign p2 artefactsMatthias Sohn2023-05-232-0/+38
| | | | | | | | | This ensures bundles directly pulled from Maven Central are PGP signed by Tycho. See https://docs.google.com/document/d/1MnDBvOUwKvKacB-QKnH_PzK88dUlHkjs-D-DWEKmvkY Change-Id: I2a9308c091e602d40a1c143edb506a3e43dd0dc2
* Revert 'Use net.i2p.crypto:eddsa directly from Maven Central'Thomas Wolf2023-05-2314-145/+38
| | | | | | | | | | | | | | | | | This reverts commit 7e094c6cf32d6b6c2e49c72d506149427e97c5ab. Reason: the maven artifact has a broken MANIFEST.MF with a mandatory dependency to sun.security.x509, which is an internal package in the JDK and moreover not needed by the bundle except for one test class that isn't in the bundle at all. This extra dependency makes the JGit tycho packaging build fail when Tycho 4 is used. We must keep using the Orbit re-packaging of this artifact, which does not have this unnecessary mandatory dependency. Change-Id: Ica15a5ddcada09686de3055b2b3daf081e3c5ffc Signed-off-by: Thomas Wolf <twolf@apache.org>
* Use hamcrest 2.2 directly from Maven CentralMatthias Sohn2023-05-1714-38/+145
| | | | Change-Id: I4039b56b1cdc54ff1886c2a4973d857d785989c2
* Use commons-logging directly from Maven CentralMatthias Sohn2023-05-1714-38/+89
| | | | Change-Id: I08e51450f70f941761539d3f08dd65c5d706dcdc
* Update jna to 5.13.0Matthias Sohn2023-05-1713-38/+38
| | | | Change-Id: I87d65e66e1cac64ccb744632ea45d06f8b8637fe
* Use bytebuddy directly from Maven CentralMatthias Sohn2023-05-1714-64/+222
| | | | Change-Id: I5e24a31b78ef3758e1ce84e3b0eacaff1608fcd9