diff --git a/LICENSE b/LICENSE index 3c1f33f21..01dc31339 100644 --- a/LICENSE +++ b/LICENSE @@ -291,14 +291,3 @@ CI/Test Templates: ci/singlecluster/templates/ranger/install.properties ci/singlecluster/templates/tez/conf/tez-site.xml ci/singlecluster/templates/usersync/install.properties - -======================================================================= - -This product bundles Gradle Wrapper, which is licensed under -the Apache License, Version 2.0. - - Copyright © Gradle, Inc. - - server/gradle/wrapper/gradle-wrapper.jar - -======================================================================= \ No newline at end of file diff --git a/package/cloudberry-pxf-release.sh b/package/cloudberry-pxf-release.sh index 4be96085f..05614d894 100755 --- a/package/cloudberry-pxf-release.sh +++ b/package/cloudberry-pxf-release.sh @@ -560,6 +560,16 @@ section "Staging release: $TAG" rm -rf "$TMP_DIR" echo -e "Archive saved to: $TAR_NAME" + echo "Verifying tarball does not contain Gradle wrapper files..." + GRADLE_WRAPPER_FILES=$($DETECTED_TAR_TOOL -tzf "$TAR_NAME" | grep -E '(gradle-wrapper\.jar)$' || true) + if [[ -n "$GRADLE_WRAPPER_FILES" ]]; then + echo "WARNING: Found Gradle wrapper files in tarball:" + echo "$GRADLE_WRAPPER_FILES" + echo "These files must be excluded from Apache source release artifacts." + else + echo "[OK] Tarball verified clean of Gradle wrapper files" + fi + # Verify that no macOS extended attribute files are included if [[ "$DETECTED_PLATFORM" == "macOS" ]]; then echo "Verifying tarball does not contain macOS-specific files..." diff --git a/server/.gitignore b/server/.gitignore index c22989cd0..2cad5664b 100644 --- a/server/.gitignore +++ b/server/.gitignore @@ -14,7 +14,6 @@ dist/ HELP.md build/ -!gradle/wrapper/gradle-wrapper.jar !**/src/main/** !**/src/test/** @@ -33,3 +32,6 @@ build/ *.iml *.ipr out/ + +# ASF Policies doesn't allow complied binaries in the source tarballs +gradle/wrapper/gradle-wrapper.jar \ No newline at end of file diff --git a/server/Makefile b/server/Makefile index 4e6ee0403..edd2cbb17 100644 --- a/server/Makefile +++ b/server/Makefile @@ -27,6 +27,10 @@ PXF_API_VERSION ?= $(shell cat $(PXF_ROOT_DIR)/api_version) PXF_GRADLE_PROPERTIES = -Pversion=$(PXF_VERSION) -PapiVersion=$(PXF_API_VERSION) +.PHONY: prepare-gradle-wrapper +prepare-gradle-wrapper: + @APP_HOME="$(CURDIR)" bash ./gradlew-install.sh + help: @echo @echo "Possible targets" @@ -39,10 +43,10 @@ help: @echo " - stage - build PXF server and stage resulting artifacts for packaging" @echo " - doc - creates aggregate javadoc under docs" -all: +all: prepare-gradle-wrapper ./gradlew $(PXF_GRADLE_PROPERTIES) clean stage -compile: +compile: prepare-gradle-wrapper ./gradlew $(PXF_GRADLE_PROPERTIES) compileJava GRADLEW_TEST_PARAMS = test @@ -56,21 +60,21 @@ ifneq "$(TEST)" "" GRADLEW_TEST_PARAMS = :$(PROJECT):test --rerun-tasks --tests $(TEST_PATH) endif -test unittest: +test unittest: prepare-gradle-wrapper @if [ -n '$(TEST)' ] && [ -z '${TEST_FILE}' ]; then \ echo 'Test $(TEST) was not found'; \ exit 1; \ fi ./gradlew $(PXF_GRADLE_PROPERTIES) ${GRADLEW_TEST_PARAMS} -coverage: +coverage: prepare-gradle-wrapper ./gradlew $(PXF_GRADLE_PROPERTIES) ${GRADLEW_TEST_PARAMS} jacocoTestReport @echo @echo "Coverage reports can be found within each server module under /build/reports/jacoco" @echo "For example, the pxf-service coverage report is located at $(shell pwd)/pxf-service/build/reports/jacoco/test/html/index.html" .PHONY: stage -stage: +stage: prepare-gradle-wrapper ./gradlew $(PXF_GRADLE_PROPERTIES) test stage install -m 744 -d "build/stage/lib" install -m 744 -d "build/stage/lib/native" @@ -81,7 +85,7 @@ stage: install -m 700 -d "build/stage/keytabs" .PHONY: stage-notest -stage-notest: +stage-notest: prepare-gradle-wrapper ./gradlew $(PXF_GRADLE_PROPERTIES) stage -x test install -m 744 -d "build/stage/lib" install -m 744 -d "build/stage/lib/native" @@ -91,7 +95,7 @@ stage-notest: install -m 700 -d "build/stage/run" install -m 700 -d "build/stage/keytabs" -clean: +clean: prepare-gradle-wrapper ./gradlew clean rm -rf build @@ -100,7 +104,7 @@ clean-all: clean distclean maintainer-clean: clean -doc: +doc: prepare-gradle-wrapper ./gradlew $(PXF_GRADLE_PROPERTIES) aggregateJavadoc .PHONY: install @@ -120,5 +124,5 @@ install-server: stage-notest cp -R build/stage/* "$(PXF_HOME)" .PHONY: version -version: +version: prepare-gradle-wrapper @./gradlew -q version diff --git a/server/gradle/wrapper/gradle-6.8.2-wrapper.jar.sha256 b/server/gradle/wrapper/gradle-6.8.2-wrapper.jar.sha256 new file mode 100644 index 000000000..46143fb01 --- /dev/null +++ b/server/gradle/wrapper/gradle-6.8.2-wrapper.jar.sha256 @@ -0,0 +1 @@ +e996d452d2645e70c01c11143ca2d3742734a28da2bf61f25c82bdc288c9e637 \ No newline at end of file diff --git a/server/gradle/wrapper/gradle-wrapper.jar b/server/gradle/wrapper/gradle-wrapper.jar deleted file mode 100644 index e708b1c02..000000000 Binary files a/server/gradle/wrapper/gradle-wrapper.jar and /dev/null differ diff --git a/server/gradle/wrapper/gradle-wrapper.properties b/server/gradle/wrapper/gradle-wrapper.properties index 2a563242c..9027973dc 100644 --- a/server/gradle/wrapper/gradle-wrapper.properties +++ b/server/gradle/wrapper/gradle-wrapper.properties @@ -3,3 +3,4 @@ distributionPath=wrapper/dists distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.2-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists +distributionSha256Sum=8de6efc274ab52332a9c820366dd5cf5fc9d35ec7078fd70c8ec6913431ee610 diff --git a/server/gradlew-install.sh b/server/gradlew-install.sh new file mode 100755 index 000000000..e91a675f5 --- /dev/null +++ b/server/gradlew-install.sh @@ -0,0 +1,70 @@ +#!/usr/bin/env bash +# +# Copyright (C) 2024 Dremio +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Download the gradle-wrapper.jar if necessary and verify its integrity. +# This script is invoked by server/Makefile + +if [[ -z "${APP_HOME:-}" ]]; then + # set APP_HOME as parent directory of the current script + APP_HOME="$(cd -- "$(dirname -- "$0")" && pwd)" +fi + + +# Extract the Gradle version from gradle-wrapper.properties. +GRADLE_DIST_VERSION="$(grep distributionUrl= "$APP_HOME/gradle/wrapper/gradle-wrapper.properties" | sed 's/^.*gradle-\([0-9.]*\)-[a-z]*.zip$/\1/')" +GRADLE_WRAPPER_SHA256="$APP_HOME/gradle/wrapper/gradle-wrapper-${GRADLE_DIST_VERSION}.jar.sha256" +GRADLE_WRAPPER_JAR="$APP_HOME/gradle/wrapper/gradle-wrapper.jar" +if [ -x "$(command -v sha256sum)" ] ; then + SHASUM="sha256sum" +else + if [ -x "$(command -v shasum)" ] ; then + SHASUM="shasum -a 256" + else + echo "Neither sha256sum nor shasum are available, install either." > /dev/stderr + exit 1 + fi +fi +if [ ! -e "${GRADLE_WRAPPER_SHA256}" ]; then + # Delete the wrapper jar, if the checksum file does not exist. + rm -f "${GRADLE_WRAPPER_JAR}" +fi +if [ -e "${GRADLE_WRAPPER_JAR}" ]; then + # Verify the wrapper jar, if it exists, delete wrapper jar and checksum file, if the checksums + # do not match. + JAR_CHECKSUM="$(${SHASUM} "${GRADLE_WRAPPER_JAR}" | cut -d\ -f1)" + EXPECTED="$(cat "${GRADLE_WRAPPER_SHA256}")" + if [ "${JAR_CHECKSUM}" != "${EXPECTED}" ]; then + rm -f "${GRADLE_WRAPPER_JAR}" "${GRADLE_WRAPPER_SHA256}" + fi +fi +if [ ! -e "${GRADLE_WRAPPER_SHA256}" ]; then + curl --location --output "${GRADLE_WRAPPER_SHA256}" https://services.gradle.org/distributions/gradle-${GRADLE_DIST_VERSION}-wrapper.jar.sha256 || exit 1 +fi +if [ ! -e "${GRADLE_WRAPPER_JAR}" ]; then + # The Gradle version extracted from the `distributionUrl` property does not contain ".0" patch + # versions. Need to append a ".0" in that case to download the wrapper jar. + GRADLE_VERSION="$(echo "$GRADLE_DIST_VERSION" | sed 's/^\([0-9]*[.][0-9]*\)$/\1.0/')" + curl --location --output "${GRADLE_WRAPPER_JAR}" https://raw.githubusercontent.com/gradle/gradle/v${GRADLE_VERSION}/gradle/wrapper/gradle-wrapper.jar || exit 1 + JAR_CHECKSUM="$(${SHASUM} "${GRADLE_WRAPPER_JAR}" | cut -d\ -f1)" + EXPECTED="$(cat "${GRADLE_WRAPPER_SHA256}")" + if [ "${JAR_CHECKSUM}" != "${EXPECTED}" ]; then + # If the (just downloaded) checksum and the downloaded wrapper jar do not match, something + # really bad is going on. + echo "Expected sha256 of the downloaded gradle-wrapper.jar does not match the downloaded sha256!" > /dev/stderr + exit 1 + fi +fi