[GitHub] [nutch] lewismc opened a new pull request #561: NUTCH-2840 Fix 'report-vulnerabilities' ant target in build.xml

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[GitHub] [nutch] lewismc opened a new pull request #561: NUTCH-2840 Fix 'report-vulnerabilities' ant target in build.xml

GitBox

lewismc opened a new pull request #561:
URL: https://github.com/apache/nutch/pull/561


   This PR addresses https://issues.apache.org/jira/browse/NUTCH-2840


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]


Reply | Threaded
Open this post in threaded view
|

[GitHub] [nutch] lewismc commented on pull request #561: NUTCH-2840 Fix 'report-vulnerabilities' ant target in build.xml

GitBox

lewismc commented on pull request #561:
URL: https://github.com/apache/nutch/pull/561#issuecomment-757014801


   OK folks, I finally stabilized this build. Some ant magic was required. Please try it out and let me know what you think.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]


Reply | Threaded
Open this post in threaded view
|

[GitHub] [nutch] lewismc commented on pull request #561: NUTCH-2840 Fix 'report-vulnerabilities' ant target in build.xml

GitBox
In reply to this post by GitBox

lewismc commented on pull request #561:
URL: https://github.com/apache/nutch/pull/561#issuecomment-757014801


   OK folks, I finally stabilized this build. Some ant magic was required. Please try it out and let me know what you think.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]


Reply | Threaded
Open this post in threaded view
|

[GitHub] [nutch] sebastian-nagel commented on a change in pull request #561: NUTCH-2840 Fix 'report-vulnerabilities' ant target in build.xml

GitBox
In reply to this post by GitBox

sebastian-nagel commented on a change in pull request #561:
URL: https://github.com/apache/nutch/pull/561#discussion_r554980570



##########
File path: build.xml
##########
@@ -639,24 +641,38 @@
   </target>
 
   <!-- Check dependencies for security vulnerabilities                                    -->
-  <!-- requires installation of OWASP dependency check tool, see                          -->
-  <!--   https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html     -->
-  <!-- get http://dl.bintray.com/jeremy-long/owasp/dependency-check-ant-3.3.2-release.zip -->
-  <!-- and unzip in directory ./ivy/                                                      -->
-  <path id="dependency-check.path">
-    <pathelement location="${dependency-check.home}/dependency-check-ant.jar"/>
-    <fileset dir="${dependency-check.home}/lib" erroronmissingdir="false">
+  <target name="dependency-check-ant-download" description="--> download dependency-check-ant jar">
+    <available file="${dependency-check-ant.jar}" property="dependency-check-ant.jar.found"/>
+    <antcall target="dependency-check-ant-download-unchecked"/>
+  </target>
+
+  <target name="dependency-check-ant-download-unchecked" unless="dependency-check-ant.jar.found"
+          description="--> downloads the dependency-check-ant binary (dependency-check-ant-*.zip).">
+    <get src="https://github.com/jeremylong/DependencyCheck/releases/download/v${dependency-check-ant.version}/dependency-check-ant-${dependency-check-ant.version}-release.zip"
+         dest="${ivy.dir}/dependency-check-ant-${dependency-check-ant.version}-release.zip" usetimestamp="false" />
+
+    <unzip src="${dependency-check-ant.home}/dependency-check-ant-${dependency-check-ant.version}-release.zip"

Review comment:
       The parameter `src` should be `${ivy.dir}/dependency-check-ant-${dependency-check-ant.version}-release.zip` - same as download destination and file to be deleted later.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]


Reply | Threaded
Open this post in threaded view
|

[GitHub] [nutch] lewismc commented on a change in pull request #561: NUTCH-2840 Fix 'report-vulnerabilities' ant target in build.xml

GitBox
In reply to this post by GitBox

lewismc commented on a change in pull request #561:
URL: https://github.com/apache/nutch/pull/561#discussion_r556001913



##########
File path: build.xml
##########
@@ -639,24 +641,38 @@
   </target>
 
   <!-- Check dependencies for security vulnerabilities                                    -->
-  <!-- requires installation of OWASP dependency check tool, see                          -->
-  <!--   https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html     -->
-  <!-- get http://dl.bintray.com/jeremy-long/owasp/dependency-check-ant-3.3.2-release.zip -->
-  <!-- and unzip in directory ./ivy/                                                      -->
-  <path id="dependency-check.path">
-    <pathelement location="${dependency-check.home}/dependency-check-ant.jar"/>
-    <fileset dir="${dependency-check.home}/lib" erroronmissingdir="false">
+  <target name="dependency-check-ant-download" description="--> download dependency-check-ant jar">
+    <available file="${dependency-check-ant.jar}" property="dependency-check-ant.jar.found"/>
+    <antcall target="dependency-check-ant-download-unchecked"/>
+  </target>
+
+  <target name="dependency-check-ant-download-unchecked" unless="dependency-check-ant.jar.found"
+          description="--> downloads the dependency-check-ant binary (dependency-check-ant-*.zip).">
+    <get src="https://github.com/jeremylong/DependencyCheck/releases/download/v${dependency-check-ant.version}/dependency-check-ant-${dependency-check-ant.version}-release.zip"
+         dest="${ivy.dir}/dependency-check-ant-${dependency-check-ant.version}-release.zip" usetimestamp="false" />
+
+    <unzip src="${dependency-check-ant.home}/dependency-check-ant-${dependency-check-ant.version}-release.zip"

Review comment:
       Good catch. Thank you




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]


Reply | Threaded
Open this post in threaded view
|

[GitHub] [nutch] lewismc commented on pull request #561: NUTCH-2840 Fix 'report-vulnerabilities' ant target in build.xml

GitBox
In reply to this post by GitBox

lewismc commented on pull request #561:
URL: https://github.com/apache/nutch/pull/561#issuecomment-758867279


   Is anyone else able to test and see if they can reproduce error's report by Seb? Thanks


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]