checksum-dependency: cache PGP public keys under %{ROOT_DIR}/gradle/checksum-dependency-plugin/cached-pgp-keys

vlsi · vlsi · commit 13d2a7ac224c · 2023-01-08T19:48:58.000+03:00
Fixes #42
diff --git a/README.md b/README.md
@@ -87,6 +87,10 @@ This library is distributed under terms of Apache License 2.0
 
 Change log
 ----------
+v1.85
+* licence-gather: better support for build cache by adding PathSensitivity
+* checksum-dependency: cache PGP public keys under `%{ROOT_DIR}/gradle/checksum-dependency-plugin/cached-pgp-keys`
+
 v1.84
 * no-op release, since some of the plugins failed to publish to Gradle Plugin Portal in v1.83
 
diff --git a/plugins/checksum-dependency-plugin/README.md b/plugins/checksum-dependency-plugin/README.md
@@ -390,14 +390,25 @@ Configuration properties
 
     since 1.29.0
 
-* checksumCpuThreads (int, default: `ForkJoinPool.getCommonPoolParallelism()`) specifies the number of threads for CPU-bound tasks (PGP verification and SHA computation)
+* `checksumCpuThreads` (int, default: `ForkJoinPool.getCommonPoolParallelism()`) specifies the number of threads for CPU-bound tasks (PGP verification and SHA computation)
 
     since 1.29.0
 
-* checksumIoThreads (int, default: `50`) specifies the number of threads to use for PGP key resolution
+* `checksumIoThreads` (int, default: `50`) specifies the number of threads to use for PGP key resolution
 
     since 1.29.0
 
+* `checksumCachedPgpKeysDir` (string, default: `%{ROOT_DIR}/gradle/checksum-dependency-plugin/cached-pgp-keys`) specifies the location for cached PGP keys
+
+    Public PGP keys are needed for verification, so it is recommended to cache them and commit the keys under source control.
+    It makes the build faster (as the keys are not downloaded on each build) and it reduces the chances for build failure caused by misbehaving PGP keyservers.
+
+    Placeholders:
+
+    * `%{ROOT_DIR}` replaces to `settings.rootDir.absolutePath`
+
+    since 1.85.0
+
 * `pgpKeyserver` (string, comma separated) specifies keyserver for retrieval of the keys.
 
     `*.asc` signatures alone are not sufficient for signature validation, so PGP public keys needs to be downloaded
@@ -487,6 +498,9 @@ Verification options
 
 Changelog
 ---------
+v1.85
+* Cache public PGP keys under `%{ROOT_DIR}/gradle/checksum-dependency-plugin/cached-pgp-keys` directory
+
 v1.78
 * Retrieve keys from https://keyserver.ubuntu.com, and https://keys.openpgp.org by default (drop SKS keyserver pool since it has been deprecated)
 
diff --git a/plugins/checksum-dependency-plugin/src/main/kotlin/com/github/vlsi/gradle/checksum/ChecksumDependencyPlugin.kt b/plugins/checksum-dependency-plugin/src/main/kotlin/com/github/vlsi/gradle/checksum/ChecksumDependencyPlugin.kt
@@ -74,6 +74,10 @@ open class ChecksumDependencyPlugin : Plugin<Settings> {
         val checksums = File(settings.rootDir, checksumFileName)
         val buildDir = settings.property("checksumBuildDir", "build/checksum")
         val buildFolder = File(settings.rootDir, buildDir)
+        val cachedKeysRoot =
+            settings.property("checksumCachedPgpKeysDir", "%{ROOT_DIR}/gradle/checksum-dependency-plugin/cached-pgp-keys")
+                .replace("%{ROOT_DIR}", settings.rootDir.absolutePath)
+                .let { File(it) }
 
         val checksumUpdateAll = settings.boolProperty("checksumUpdateAll")
         val checksumUpdate = checksumUpdateAll || settings.boolProperty("checksumUpdate")
@@ -133,7 +137,7 @@ open class ChecksumDependencyPlugin : Plugin<Settings> {
                 readTimeout = Duration.ofSeconds(pgpReadTimeout)
             )
         )
-        val keyStore = KeyStore(File(buildFolder, "keystore"), keyDownloader)
+        val keyStore = KeyStore(cachedKeysRoot, keyDownloader)
         val verification =
             if (checksums.exists()) {
                 DependencyVerificationStore.load(checksums)
diff --git a/plugins/checksum-dependency-plugin/src/main/kotlin/com/github/vlsi/gradle/checksum/pgp/KeyStore.kt b/plugins/checksum-dependency-plugin/src/main/kotlin/com/github/vlsi/gradle/checksum/pgp/KeyStore.kt
@@ -82,7 +82,13 @@ class KeyStore(
                 Files.createDirectories(parentFile.toPath())
                 writeBytes(keyBytes)
                 if (!renameTo(cacheFile)) {
-                    logger.warn("Unable to rename $this to $cacheFile")
+                    if (cacheFile.exists()) {
+                        // Another thread (e.g. another build) has already received the same key
+                        // Ignore the error
+                        delete()
+                    } else {
+                        logger.warn("Unable to rename $this to $cacheFile")
+                    }
                 }
             }
             keyBytes.inputStream()
