- Mar 18, 2021
-
-
Benjamin Erhart authored
-
Benjamin Erhart authored
-
- Mar 17, 2021
-
-
Benjamin Erhart authored
-
Benjamin Erhart authored
Added support for `maxRetryDelay` configuration option. Added exponential back-off delay when retrying server connections.
-
- Feb 25, 2021
-
-
Benjamin Erhart authored
-
- Feb 22, 2021
-
-
Benjamin Erhart authored
-
Benjamin Erhart authored
-
Benjamin Erhart authored
Renamed `CleanInsights.featureSize` to `featureConsentsSize` and `CleanInsights.campaignSize` to `campaignConsentsSize` for clarification.
-
- Jan 28, 2021
-
-
Benjamin Erhart authored
-
Benjamin Erhart authored
-
- Jan 22, 2021
-
-
Benjamin Erhart authored
-
Benjamin Erhart authored
-
Benjamin Erhart authored
-
Benjamin Erhart authored
-
- Jan 21, 2021
-
-
Benjamin Erhart authored
-
Benjamin Erhart authored
-
Benjamin Erhart authored
-
Benjamin Erhart authored
-
Benjamin Erhart authored
-
Benjamin Erhart authored
-
Benjamin Erhart authored
Moved store persistence and data transmission code into a DefaultStore class, so users of the SDK are able to override both, if they wish so.
-
Benjamin Erhart authored
-
- Jan 20, 2021
-
-
Benjamin Erhart authored
-
Benjamin Erhart authored
-
Benjamin Erhart authored
-
- Jan 12, 2021
-
-
Benjamin Erhart authored
-
Benjamin Erhart authored
-
Benjamin Erhart authored
add dependency verification, static code analysis, and gitlab CI See merge request !1
-
- Jan 07, 2021
-
-
Hans-Christoph Steiner authored
It turns out that some of the dependencies in the Google Offline Components downloadable maven repository have difference to the ones Google publishes to maven.google.com. WTF. In any case, the new Gradle Dependency Verification feature handles this gracefully. I manually verified the diffs between the two using diffoscope. One just differed by timestamps in the ZIP header, and the other just differed by linefeeds at the end of the file. Then I generated this metadata update using: ``` ./gradlew --write-verification-metadata sha256 build pmd ``` * https://developer.android.com/studio#offline * fdroid/fdroidclient@708a6d8d
-
Hans-Christoph Steiner authored
This disables the verification of .pom files. .pom files can add dependencies, so it would be good to have them verified. But since this current setup requires all JARs to be verified, any new dependencies should fail anyway: https://docs.gradle.org/current/userguide/dependency_verification.html#sec:disabling-metadata-verification In some cases everything works fine, like on gitlab-ci, and in other places it always gives errors like this: ``` A problem occurred configuring root project 'Example'. > Dependency verification failed for configuration ':classpath' 6 artifacts failed verification: - all-1.2.0.pom (com.sun.activation:all:1.2.0) from repository MavenRepo - apache-9.pom (org.apache:apache:9) from repository MavenRepo - jvnet-parent-1.pom (net.java:jvnet-parent:1) from repository MavenRepo - oss-parent-7.pom (org.sonatype.oss:oss-parent:7) from repository MavenRepo - oss-parent-9.pom (org.sonatype.oss:oss-parent:9) from repository MavenRepo - tensorflow-lite-metadata-0.1.0-rc1.pom (org.tensorflow:tensorflow-lite-metadata:0.1.0-rc1) from repository MavenRepo This can indicate that a dependency has been compromised. Please carefully verify the checksums. Open this report for more details: file:///home/hans/code/cleaninsights/clean-insights-android-sdk/build/reports/dependency-verification/at-1610011768814/dependency-verification-report.html ```
-
Hans-Christoph Steiner authored
-
Hans-Christoph Steiner authored
This fully replaces gradle-witness and goes far beyond what it offered. As far as I can tell, this actually will verify every single artifact that gradle downloads and uses. This was generated in two passes to get both the PGP and the SHA256 info: ``` ./gradlew --write-verification-metadata pgp,sha256 build connectedFullDebugAndroidTest --export-keys ./gradlew --write-verification-metadata sha256 build connectedFullDebugAndroidTest ``` Thanks to @vlsi who made me aware of this, and helped make it possible. closes !837 ./gradlew --write-verification-metadata sha256 build pmd
-
Hans-Christoph Steiner authored
-
Hans-Christoph Steiner authored
-
Hans-Christoph Steiner authored
-
Hans-Christoph Steiner authored
jCenter does not police its submissions well: https://blog.autsoft.hu/a-confusing-dependency
-
- Jan 06, 2021
-
-
Hans-Christoph Steiner authored
``` ./gradlew wrapper --gradle-version 6.5 --distribution-type=bin \ --gradle-distribution-sha256-sum 23e7d37e9bb4f8dabb8a3ea7fdee9dd0428b9b1a71d298aefd65b11dccea220f ```
-
- Dec 08, 2020
-
-
Nathan Freitas authored
-
Nathan Freitas authored
-
Nathan Freitas authored
-