-
Notifications
You must be signed in to change notification settings - Fork 25.2k
/
Copy pathbuild.gradle
81 lines (72 loc) · 3.55 KB
/
build.gradle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the "Elastic License
* 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
* Public License v 1"; you may not use this file except in compliance with, at
* your election, the "Elastic License 2.0", the "GNU Affero General Public
* License v3.0 only", or the "Server Side Public License, v 1".
*/
import org.elasticsearch.gradle.OS
apply plugin: 'elasticsearch.build'
base {
archivesName = 'elasticsearch-plugin-cli'
}
tasks.named("dependencyLicenses").configure {
mapping from: /asm-.*/, to: 'asm'
}
dependencies {
compileOnly project(":server")
compileOnly project(":libs:cli")
implementation project(":libs:plugin-api")
implementation project(":libs:plugin-scanner")
implementation project(":libs:entitlement")
// TODO: asm is picked up from the plugin scanner and entitlements, we should consolidate so it is not defined twice
implementation 'org.ow2.asm:asm:9.7.1'
implementation 'org.ow2.asm:asm-tree:9.7.1'
api "org.bouncycastle:bcpg-fips:1.0.7.1"
api "org.bouncycastle:bc-fips:1.0.2.5"
testImplementation project(":test:framework")
testImplementation "com.google.jimfs:jimfs:${versions.jimfs}"
testRuntimeOnly "com.google.guava:guava:${versions.jimfs_guava}"
}
tasks.named("dependencyLicenses").configure {
mapping from: /bc.*/, to: 'bouncycastle'
}
tasks.named("test").configure {
// TODO: find a way to add permissions for the tests in this module
systemProperty 'tests.security.manager', 'false'
// These tests are "heavy" on the secure number generator. On Linux, the NativePRNG defaults to /dev/random for the seeds, and
// its entropy is quite limited, to the point that it's known to hang: https://bugs.openjdk.org/browse/JDK-6521844
// We force the seed to be initialized from /dev/urandom, which is less secure, but in case of unit tests is not important.
if (OS.current() == OS.LINUX) {
systemProperty 'java.security.egd', 'file:/dev/urandom'
}
}
/*
* these two classes intentionally use the following JDK internal APIs in order to offer the necessary
* functionality
*
* sun.security.internal.spec.TlsKeyMaterialParameterSpec
* sun.security.internal.spec.TlsKeyMaterialSpec
* sun.security.internal.spec.TlsMasterSecretParameterSpec
* sun.security.internal.spec.TlsPrfParameterSpec
* sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec
* sun.security.provider.SecureRandom
*
*/
tasks.named("thirdPartyAudit").configure {
ignoreViolations(
'org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$CoreSecureRandom',
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF',
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$BaseTLSKeyGeneratorSpi',
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSKeyMaterialGenerator',
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSKeyMaterialGenerator$2',
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSMasterSecretGenerator',
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSMasterSecretGenerator$2',
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSPRFKeyGenerator',
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSRsaPreMasterSecretGenerator',
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSRsaPreMasterSecretGenerator$2',
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSExtendedMasterSecretGenerator',
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSExtendedMasterSecretGenerator$2'
)
}