Closed Bug 2024522 Opened 4 days ago Closed 6 hours ago

Generate dependency verification metadata for gradle deps

Categories

(Firefox for Android :: Tooling, task)

Product:
Firefox for Android
Component:
Tooling
Platform:
All
Android
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
150 Branch
Tracking Flags:
Tracking Status
firefox150 --- fixed

People

(Reporter: jonalmeida, Assigned: jonalmeida)

References

Details

(Whiteboard: [fxdroid][group6][quickwins])

Attachments

(2 files)

Bug 2024522 - Generate dependency verification metadata for mockito. r=RyanVM,mcarare
48 bytes, text/x-phabricator-request
Details | Review
Bug 2024522 - Add write-verification-metadata subcommand r=ahochheiden
48 bytes, text/x-phabricator-request
Details | Review

We want some external dependencies to be validated that the artifacts do not change without us being notified. This is a helpful security feature built into gradle that we can employ.

Used: ./gradlew --write-verification-metadata sha256 help
Limited to only mockito with wildcards.

Source: https://docs.gradle.org/current/userguide/dependency_verification.html

To make it easier to update the verification-metadata.xml file with
mach gradle writeVerificationMetadata will cover our supported
projects.

Attachment #9554745 - Attachment description: Bug 2024522 - Add writeVerificationMetadata to update verification files r=ahochheiden → Bug 2024522 - Add write-verification-metadata subcommand r=ahochheiden

https://hg.mozilla.org/mozilla-central/rev/4f1070832717
https://hg.mozilla.org/mozilla-central/rev/0fa3dfdbb00c

Status: ASSIGNED → RESOLVED
Closed: 6 hours ago
status-firefox150: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 150 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: