gen_gradle_deps_file.sh 3.1 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576
  1. #!/bin/sh
  2. # Copyright (c) 2020, The Tor Project, Inc.
  3. #
  4. # Redistribution and use in source and binary forms, with or without
  5. # modification, are permitted provided that the following conditions are
  6. # met:
  7. #
  8. # * Redistributions of source code must retain the above copyright
  9. # notice, this list of conditions and the following disclaimer.
  10. #
  11. # * Redistributions in binary form must reproduce the above
  12. # copyright notice, this list of conditions and the following disclaimer
  13. # in the documentation and/or other materials provided with the
  14. # distribution.
  15. #
  16. # * Neither the names of the copyright owners nor the names of its
  17. # contributors may be used to endorse or promote products derived from
  18. # this software without specific prior written permission.
  19. #
  20. # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  21. # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  22. # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  23. # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  24. # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  25. # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  26. # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  27. # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  28. # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  29. # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  30. # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  31. # Usage:
  32. # 1) Point to a log file with all the dependency download attempts (for its
  33. # generation see: doc/how-to-create-gradle-dependencies-list.txt)
  34. # 2) Double-check that you get the same SHA-256 sums when downloaded from a
  35. # different network location. E.g. by using `torsocks` with this script after
  36. # having made a copy of `gradle-dependencies-list.txt` from 1) and comparing
  37. # the two .txt files.
  38. export LC_ALL=C
  39. log="$1"
  40. # Step 1: Extract all the download attempts out of the log file, ignore the ones
  41. # for maven-metadata.xml and module files. We don't need those.
  42. cat $log | grep "Performing HTTP" | grep -o "https://.*" | \
  43. grep -vE "\.module|maven-metadata\.xml" | sort | uniq > dl-attempts
  44. # Step 2: Fetch all the dependencies and calculate the SHA-256 sum
  45. while read line
  46. do
  47. wget -U "" $line
  48. fn=$(basename "$line")
  49. sha256=`sha256sum $fn | cut -d ' ' -f 1`
  50. echo "$sha256 | $line" >> deps
  51. rm $fn
  52. done < dl-attempts
  53. # Step 3: Add the header at the beginning of the final dependency file.
  54. echo "# On how to update dependencies see doc/how-to-create-gradle\
  55. -dependencies-list.txt" > gradle-dependencies-list.txt
  56. echo "# Don't forget to update var/gradle_dependencies_version when modifying \
  57. this file" >> gradle-dependencies-list.txt
  58. echo "sha256sum | url" >> gradle-dependencies-list.txt
  59. # Step 4: Keep only successfully downloaded artifacts, remove duplicates, and
  60. # sort based on download URL.
  61. grep ^[a-f0-9] deps | rev | sort -t/ -u -k1,4 | rev | \
  62. sort -k 3 >> gradle-dependencies-list.txt
  63. # Step 5: Clean up
  64. rm dl-attempts
  65. rm deps
  66. exit 0