zec
/
secant-android-wallet
mirror of https://github.com/zcash/secant-android-wallet.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[#8] Restrict maven repositories 

This improves security by ensuring that Google's dependencies only from the Google Maven repo.

A dependency on Jitpack has also been removed.
This commit is contained in:
Carter Jernigan 2021-10-19 13:52:50 -04:00 committed by Carter Jernigan
parent f3c425e68a
commit 7d305dc953
7 changed files with 95 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -31,4 +31,4 @@ If you plan to fork the project to create a new app of your own, please make the
# Known Issues
1. During builds, a warning will be printed that says "Unable to detect AGP versions for included builds. All projects in the build should use the same AGP version." This can be safely ignored. The version under build-conventions is the same as the version used elsewhere in the application.
1. During builds, a warning will be printed that says "Unable to detect AGP versions for included builds. All projects in the build should use the same AGP version." This can be safely ignored. The version under build-conventions is the same as the version used elsewhere in the application.

34
build-conventions/settings.gradle.kts
View File

@ -1,14 +1,32 @@
pluginManagement {
repositories {
gradlePluginPortal()
}
}
@Suppress("UnstableApiUsage")
dependencyResolutionManagement {
repositories {
mavenCentral()
google()
val isRepoRestrictionEnabled = true
maven("https://dl.google.com/dl/android/maven2/") { //google()
if (isRepoRestrictionEnabled) {
content {
includeGroup("androidx.navigation")
includeGroup("com.android.tools")
includeGroup("com.google.testing.platform")
includeGroupByRegex("androidx.*")
includeGroupByRegex("com\\.android.*")
includeGroupByRegex("com\\.android\\.tools.*")
}
}
}
maven("https://repo.maven.apache.org/maven2/") { // mavenCentral()
if (isRepoRestrictionEnabled) {
content {
excludeGroup("androidx.navigation")
excludeGroup("com.android.tools")
excludeGroup("com.google.testing.platform")
excludeGroupByRegex("androidx.*")
excludeGroupByRegex("com\\.android.*")
excludeGroupByRegex("com\\.android\\.tools.*")
}
}
}
}
}

44
build.gradle.kts
View File

@ -1,11 +1,43 @@
import org.gradle.internal.impldep.org.junit.experimental.categories.Categories.CategoryFilter.exclude
buildscript {
repositories {
google()
mavenCentral()
maven("https://jitpack.io")
gradlePluginPortal()
val isRepoRestrictionEnabled = true
maven("https://dl.google.com/dl/android/maven2/") { //google()
if (isRepoRestrictionEnabled) {
content {
includeGroup("androidx.navigation")
includeGroup("com.android.tools")
includeGroup("com.google.testing.platform")
includeGroupByRegex("androidx.*")
includeGroupByRegex("com\\.android.*")
includeGroupByRegex("com\\.android\\.tools.*")
}
}
}
maven("https://plugins.gradle.org/m2/") { // gradlePluginPortal()
if (isRepoRestrictionEnabled) {
content {
excludeGroup("androidx.navigation")
excludeGroup("com.android.tools")
excludeGroup("com.google.testing.platform")
excludeGroupByRegex("androidx.*")
excludeGroupByRegex("com\\.android.*")
excludeGroupByRegex("com\\.android\\.tools.*")
}
}
}
maven("https://repo.maven.apache.org/maven2/") { // mavenCentral()
if (isRepoRestrictionEnabled) {
content {
excludeGroup("androidx.navigation")
excludeGroup("com.android.tools")
excludeGroup("com.google.testing.platform")
excludeGroupByRegex("androidx.*")
excludeGroupByRegex("com\\.android.*")
excludeGroupByRegex("com\\.android\\.tools.*")
}
}
}
}
dependencies {
classpath("com.android.tools.build:gradle:${properties["ANDROID_GRADLE_PLUGIN_VERSION"]}")

7
docs/Architecture.md
View File

@ -6,6 +6,7 @@ _Note: This document will continue to be updated as the app is implemented._
* Much of the Gradle configuration lives in [build-conventions](../build-conventions/) to prevent repetitive configuration as additional modules are added to the project
* Build scripts are written in Kotlin, so that a single language is used across build and the app code bases
* Only Gradle, Google, and JetBrains plug-ins are included in the critical path. Third party plug-ins can be used, but they're outside the critical path. For example, the Gradle Versions Plugin could be removed and wouldn't negative impact building, testing, or deploying the app
* Repository restrictions are enabled in [build-conventions](../build-conventions/settings.gradle.kts), [settings.gradle.kts](../settings.gradle.kts), and [build.gradle.kts](../build.gradle.kts) to reduce likelihood of pulling in an incorrect dependency. If adding a new dependency, these restrictions may need to be changed otherwise an error that the dependency cannot be found will be displayed
# Multiplatform
While this repository is for an Android application, efforts are made to give multiplatform flexibility in the future. Specific adaptions that are being made:
@ -26,6 +27,6 @@ The logical components of the app are implemented as a number of Gradle modules.
* build-info-lib — Collects information from the build environment (e.g. Git SHA, Git commit count) and compiles them into the application. Can also be used for injection of API keys or other secrets.
* ui-lib — User interface that the user interacts with. This contains 99% of the UI code, along with localizations, icons, and other assets.
* preference
* preference-api-lib — Multiplatform interfaces for key-value storage of preferences
* preference-impl-android-lib — Android-specific implementation for preference storage
* test-lib — Provides common test utilities
* preference-api-lib — Multiplatform interfaces for key-value storage of preferences.
* preference-impl-android-lib — Android-specific implementation for preference storage.
* test-lib — Provides common test utilities.

1
docs/Setup.md
View File

@ -34,6 +34,7 @@ Start by making sure the command line with Gradle works first, because **all the
3. Run Gradle with the argument `--rerun-tasks` which will effectively disable the build cache by re-running tasks and repopulating the cache. E.g. `./gradlew assemble --rerun-tasks`
4. Reboot your computer, which will ensure that Gradle and Kotlin daemons are completely killed and relaunched
5. Delete the global Gradle cache under `~/.gradle/caches`
6. If adding a new dependency or updating a dependency, a warning that a dependency cannot be found may indicate the Maven repository restrictions need adjusting
## Gradle Tasks
A variety of Gradle tasks are set up within the project, and these tasks are also accessible in Android Studio as run configurations.

2
gradle.properties
View File

@ -47,7 +47,7 @@ ANDROID_NDK_VERSION=23.0.7599858
ANDROID_GRADLE_PLUGIN_VERSION=7.0.3
DETEKT_VERSION=1.18.1
GRADLE_VERSIONS_PLUGIN_VERSION=0.38.0
GRADLE_VERSIONS_PLUGIN_VERSION=0.39.0
KTLINT_VERSION=0.42.1
JGIT_VERSION=5.12.0.202106070339-r

32
settings.gradle.kts
View File

@ -2,11 +2,6 @@ enableFeaturePreview("VERSION_CATALOGS")
enableFeaturePreview("TYPESAFE_PROJECT_ACCESSORS")
pluginManagement {
repositories {
gradlePluginPortal()
google()
}
plugins {
val detektVersion = extra["DETEKT_VERSION"].toString()
val gradleVersionsPluginVersion = extra["GRADLE_VERSIONS_PLUGIN_VERSION"].toString()
@ -22,9 +17,30 @@ pluginManagement {
dependencyResolutionManagement {
@Suppress("UnstableApiUsage")
repositories {
google()
mavenCentral()
maven("https://jitpack.io")
val isRepoRestrictionEnabled = true
maven("https://dl.google.com/dl/android/maven2/") { // google()
if (isRepoRestrictionEnabled) {
content {
includeGroup("android.arch.lifecycle")
includeGroup("android.arch.core")
includeGroup("com.google.android.material")
includeGroupByRegex("androidx.*")
includeGroupByRegex("com\\.android.*")
}
}
}
maven("https://repo.maven.apache.org/maven2/") { // mavenCentral()
if (isRepoRestrictionEnabled) {
content {
excludeGroup("android.arch.lifecycle")
excludeGroup("android.arch.core")
excludeGroup("com.google.android.material")
excludeGroupByRegex("androidx.*")
excludeGroupByRegex("com\\.android.*")
}
}
}
}
@Suppress("UnstableApiUsage", "MaxLineLength")