首頁 探索 說明
登入
lqb
/
elasticsearch
镜像来自 https://gitee.com/mirrors/elasticsearch.git
1
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

Adjust jarHell and 3rd party audit exclusions (#51733)

Now that the FIPS 140 security provider is simply a test dependency
we don't need the thirdPartyAudit exceptions, but plugin-cli and
transport-netty4 do need jarHell disabled as they use the non fips
BouncyCastle security provider as a test dependency too.
Ioannis Kakavas 5 年之前
父節點
928c663ce0
當前提交
ae070f41d9
共有 5 個文件被更改,包括 2 次插入27 次删除
分割檢視 顯示文件統計
  1. 0 6
      distribution/tools/plugin-cli/build.gradle
  2. 0 8
      modules/transport-netty4/build.gradle
  3. 1 1
      plugins/ingest-attachment/build.gradle
  4. 0 8
      plugins/transport-nio/build.gradle
  5. 1 4
      x-pack/plugin/security/cli/build.gradle

+ 0 - 6
distribution/tools/plugin-cli/build.gradle
查看文件 

@@ -42,12 +42,6 @@ test {
 
   systemProperty 'tests.security.manager', 'false'
 
 }
 
 
-thirdPartyAudit.onlyIf {
 
-  // FIPS JVM includes manny classes from bouncycastle which count as jar hell for the third party audit,
 
-  // rather than provide a long list of exclusions, disable the check on FIPS.
 
-  BuildParams.inFipsJvm == false
 
-}
 
-
 
 /*
 
  * these two classes intentionally use the following JDK internal APIs in order to offer the necessary
 
  * functionality

+ 0 - 8
modules/transport-netty4/build.gradle
查看文件 

@@ -198,11 +198,3 @@ thirdPartyAudit {
 
     'io.netty.handler.ssl.util.OpenJdkSelfSignedCertGenerator'
 
   )
 
 }
 
-
 
-if (BuildParams.inFipsJvm == false) {
 
-  // BouncyCastleFIPS provides this class, so the exclusion is invalid when running CI in
 
-  // a FIPS JVM with BouncyCastleFIPS Provider
 
-  thirdPartyAudit.ignoreMissingClasses(
 
-    'org.bouncycastle.asn1.x500.X500Name'
 
-  )
 
-}

+ 1 - 1
plugins/ingest-attachment/build.gradle
查看文件 

@@ -88,7 +88,7 @@ thirdPartyAudit {
 
   ignoreMissingClasses()
 
 }
 
 
-thirdPartyAudit.onlyIf {
 
+jarHell.onlyIf {
 
   // FIPS JVM includes many classes from bouncycastle which count as jar hell for the third party audit,
 
   // rather than provide a long list of exclusions, disable the check on FIPS.
 
   BuildParams.inFipsJvm == false

+ 0 - 8
plugins/transport-nio/build.gradle
查看文件 

@@ -159,11 +159,3 @@ thirdPartyAudit {
 
   )
 
 }
 
 
-if (BuildParams.inFipsJvm == false) {
 
-  // BouncyCastleFIPS provides this class, so the exclusion is invalid when running CI in
 
-  // a FIPS JVM with BouncyCastleFIPS Provider
 
-  thirdPartyAudit.ignoreMissingClasses(
 
-    'org.bouncycastle.asn1.x500.X500Name'
 
-  )
 
-}
 
-

+ 1 - 4
x-pack/plugin/security/cli/build.gradle
查看文件 

@@ -26,14 +26,11 @@ forbiddenPatterns {
 
 
 if (BuildParams.inFipsJvm) {
 
   test.enabled = false
 
+  jarHell.enabled = false
 
   testingConventions.enabled = false
 
   // Forbiden APIs non-portable checks fail because bouncy castle classes being used from the FIPS JDK since those are
 
   // not part of the Java specification - all of this is as designed, so we have to relax this check for FIPS.
 
   tasks.withType(CheckForbiddenApis) {
 
     bundledSignatures -= "jdk-non-portable"
 
   }
 
-  // FIPS JVM includes many classes from bouncycastle which count as jar hell for the third party audit,
 
-  // rather than provide a long list of exclusions, disable the check on FIPS.
 
-  thirdPartyAudit.enabled = false
 
-
 
 }