[lombok-ast] 07/08: always use HTTPS when downloading jars

Hans-Christoph Steiner eighthave at moszumanska.debian.org
Fri Dec 18 09:30:49 UTC 2015 

This is an automated email from the git hooks/post-receive script.

eighthave pushed a commit to branch master
in repository lombok-ast.

commit e0f2f0569f087cf3ae38f42ce69d71f2959e9e5d
Author: Hans-Christoph Steiner <hans at eds.org>
Date:   Fri Dec 18 10:27:57 2015 +0100

    always use HTTPS when downloading jars
    
     This patch is not actually needed for building the package, but it is
     here to protect the developer working with this package.  The build
     system will try to download and run jars via HTTP as part of the build
     process.  This is very bad:
     http://blog.ontoillogical.com/blog/2014/07/28/how-to-take-over-any-java-developer/
---
 debian/patches/series                 |   1 +
 debian/patches/use_https_always.patch | 120 ++++++++++++++++++++++++++++++++++
 2 files changed, 121 insertions(+)

diff --git a/debian/patches/series b/debian/patches/series
index 5b05df3..38842c1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@ add_maven_repo.patch
 remove_missing_dependency.patch
 parboiled.patch
 fix_java7_build.patch
+use_https_always.patch
diff --git a/debian/patches/use_https_always.patch b/debian/patches/use_https_always.patch
new file mode 100644
index 0000000..eed91e6
--- /dev/null
+++ b/debian/patches/use_https_always.patch
@@ -0,0 +1,120 @@
+Description: always use HTTPS when downloading jars
+ This patch is not actually needed for building the package, but it is
+ here to protect the developer working with this package.  The build
+ system will try to download and run jars via HTTP as part of the build
+ process.  This is very bad:
+ http://blog.ontoillogical.com/blog/2014/07/28/how-to-take-over-any-java-developer/
+
+--- a/build.xml
++++ b/build.xml
+@@ -27,7 +27,7 @@
+ 	
+ 	<target name="download-ipp" unless="ivyplusplus.available">
+ 		<mkdir dir="lib" />
+-		<get src="http://projectlombok.org/downloads/ivyplusplus.jar" dest="lib/ivyplusplus.jar" usetimestamp="true" />
++		<get src="https://projectlombok.org/downloads/ivyplusplus.jar" dest="lib/ivyplusplus.jar" usetimestamp="true" />
+ 	</target>
+ 	
+ 	<target name="load-ipp" depends="download-ipp">
+@@ -36,7 +36,7 @@
+ 	</target>
+ 	
+ 	<target name="redownload-ipp" unless="ivyplusplus.minimumAvailable">
+-		<get src="http://projectlombok.org/downloads/ivyplusplus.jar" dest="lib/ivyplusplus.jar" />
++		<get src="https://projectlombok.org/downloads/ivyplusplus.jar" dest="lib/ivyplusplus.jar" />
+ 		<fail>A new version of ivyplusplus was required and has been downloaded. Rerun the script to continue.</fail>
+ 	</target>
+ 	
+@@ -227,7 +227,7 @@
+ 	
+ 	<target name="fetchJLS" unless="jls-available">
+ 		<mkdir dir="doc/jls" />
+-		<get src="http://projectlombok.org/ivyrepo/langtools/langspec-3.0.zip" dest="doc/jls/langspec-3.0.zip" verbose="on" />
++		<get src="https://projectlombok.org/ivyrepo/langtools/langspec-3.0.zip" dest="doc/jls/langspec-3.0.zip" verbose="on" />
+ 		<unzip src="doc/jls/langspec-3.0.zip" dest="doc/jls" />
+ 		<delete file="doc/jls/langspec-3.0.zip" />
+ 	</target>
+@@ -276,7 +276,7 @@
+ 			<classpath location="build/templateProcessor.jar" />
+ 			<classpath refid="build.path" />
+ 			<link href="http://download.oracle.com/javase/6/docs/api/" />
+-			<header><![CDATA[<a href='http://projectlombok.org/' target='_blank'>Lombok.ast</a> - ]]>v${lombok.ast.version}</header>
++			<header><![CDATA[<a href='https://projectlombok.org/' target='_blank'>Lombok.ast</a> - ]]>v${lombok.ast.version}</header>
+ 			<bottom><![CDATA[<i>Copyright © 2010-2011 The Project Lombok Authors, licensed under the <a href='http://www.opensource.org/licenses/mit-license.php'>MIT licence</a>.]]></bottom>
+ 		</javadoc>
+ 		<!-- bugfix for boneheaded javadoc bug where ?is-external=true is inserted before an anchor ref, breaking the anchor ref.
+@@ -378,7 +378,7 @@
+ 				<srcdir dir="test/src" test="true" />
+ 			</module>
+ 			<settings>
+-				<url url="http://projectlombok.org/downloads/lombok.intellij.settings" />
++				<url url="https://projectlombok.org/downloads/lombok.intellij.settings" />
+ 			</settings>
+ 			<apt enabled="true" />
+ 		</ivy:intellijgen>
+@@ -397,7 +397,7 @@
+ 			<conf name="build" sources="contrib" />
+ 			<conf name="test" sources="contrib" />
+ 			<settings>
+-				<url url="http://projectlombok.org/downloads/lombok.eclipse.settings" />
++				<url url="https://projectlombok.org/downloads/lombok.eclipse.settings" />
+ 			</settings>
+ 		</ivy:eclipsegen>
+ 	</target>
+--- a/buildScripts/ivy-repo/com.github.parboiled.custom-parboiled-0.9.7.2.xml
++++ b/buildScripts/ivy-repo/com.github.parboiled.custom-parboiled-0.9.7.2.xml
+@@ -10,7 +10,7 @@
+ 		<conf name="sources" />
+ 	</configurations>
+ 	<publications>
+-		<artifact conf="build, runtime" url="http://projectlombok.org/ivyrepo/parboiled/parboiled-0.9.7.2.jar" />
+-		<artifact conf="sources" url="http://projectlombok.org/ivyrepo/parboiled/parboiled-0.9.7.2-src.jar" />
++		<artifact conf="build, runtime" url="https://projectlombok.org/ivyrepo/parboiled/parboiled-0.9.7.2.jar" />
++		<artifact conf="sources" url="https://projectlombok.org/ivyrepo/parboiled/parboiled-0.9.7.2-src.jar" />
+ 	</publications>
+ </ivy-module>
+--- a/buildScripts/ivy-repo/com.zwitserloot-cmdreader-1.2.xml
++++ b/buildScripts/ivy-repo/com.zwitserloot-cmdreader-1.2.xml
+@@ -9,7 +9,7 @@
+ 		<conf name="sources" />
+ 	</configurations>
+ 	<publications>
+-		<artifact conf="default" url="http://projectlombok.org/ivyrepo/tools/com.zwitserloot.cmdreader-1.2.jar" />
+-		<artifact type="zip" conf="sources" url="http://projectlombok.org/ivyrepo/tools/com.zwitserloot.cmdreader-src-1.2.zip" />
++		<artifact conf="default" url="https://projectlombok.org/ivyrepo/tools/com.zwitserloot.cmdreader-1.2.jar" />
++		<artifact type="zip" conf="sources" url="https://projectlombok.org/ivyrepo/tools/com.zwitserloot.cmdreader-src-1.2.zip" />
+ 	</publications>
+ </ivy-module>
+--- a/buildScripts/ivy-repo/net.java.openjdk.custom-javac6-1.6.0.18.xml
++++ b/buildScripts/ivy-repo/net.java.openjdk.custom-javac6-1.6.0.18.xml
+@@ -8,7 +8,7 @@
+ 		<conf name="sources" />
+ 	</configurations>
+ 	<publications>
+-		<artifact conf="default" url="http://projectlombok.org/ivyrepo/langtools/javac-1.6.0.18.jar" />
+-		<artifact type="zip" conf="sources" url="http://projectlombok.org/ivyrepo/langtools/javac-1.6.0.18-sources.zip" />
++		<artifact conf="default" url="https://projectlombok.org/ivyrepo/langtools/javac-1.6.0.18.jar" />
++		<artifact type="zip" conf="sources" url="https://projectlombok.org/ivyrepo/langtools/javac-1.6.0.18-sources.zip" />
+ 	</publications>
+ </ivy-module>
+--- a/buildScripts/ivy-repo/projectlombok.org-jsch-ant-fixed-0.1.42.xml
++++ b/buildScripts/ivy-repo/projectlombok.org-jsch-ant-fixed-0.1.42.xml
+@@ -7,6 +7,6 @@
+ 		<conf name="build" />
+ 	</configurations>
+ 	<publications>
+-		<artifact conf="build" url="http://projectlombok.org/ivyrepo/tools/ant-jsch-fixed.jar" />
++		<artifact conf="build" url="https://projectlombok.org/ivyrepo/tools/ant-jsch-fixed.jar" />
+ 	</publications>
+ </ivy-module>
+--- a/buildScripts/ivysettings.xml
++++ b/buildScripts/ivysettings.xml
+@@ -4,7 +4,7 @@
+ 			<filesystem name="projectLocalRepo">
+ 				<ivy pattern="${ivy.settings.dir}/ivy-repo/[organization]-[module]-[revision].xml" />
+ 			</filesystem>
+-			<ibiblio name="maven-repo2" m2compatible="true" root="http://repo2.maven.org/maven2" />
++			<ibiblio name="maven-repo2" m2compatible="true" root="https://repo1.maven.org/maven2" />
+ 		</chain>
+ 	</resolvers>
+ 	<settings defaultResolver="projectRepos" />

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/lombok-ast.git

More information about the pkg-java-commits mailing list