From 000861b5eee9456b6310b8a6786aef235a481439 Mon Sep 17 00:00:00 2001 From: Amir Vakili <114409643+amirhosv@users.noreply.github.com> Date: Thu, 7 Dec 2023 10:57:45 -0500 Subject: [PATCH] Release candidate 2.3.3 (#352) --- CHANGELOG.md | 16 +++++++++++- README.md | 18 ++++++++------ build.gradle | 27 ++++++++++++++++++--- examples/gradle-kt-dsl/lib/build.gradle.kts | 7 +++--- 4 files changed, 52 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8c191ea5..b12ae370 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,20 @@ # Changelog -# 2.3.2 +## 2.3.3 + +### Overview +Starting from this version, build artifacts for MacOS AARCH64 (Arm64) are released. +The corresponding Jar is identified by `osx-aarch_64` classifier. +Please note that ACCP-FIPS does not have `osx-aarch_64` artifacts and `osx-aarch_64` +is only available for non-FIPS builds. + +### Patch +* Use AWS-LC [v1.17.0](https://github.com/aws/aws-lc/releases/tag/v1.17.0) for ACCP +* Use AWS-LC [AWS-LC-FIPS-2.0.2](https://github.com/aws/aws-lc/releases/tag/AWS-LC-FIPS-2.0.2) for ACCP-FIPS +* [PR 335: Do not destroy linked public keys](https://github.com/corretto/amazon-corretto-crypto-provider/pull/335) +* [PR 329: Allow users to control the release of EVP context for AES-GCM](https://github.com/corretto/amazon-corretto-crypto-provider/pull/329) + +## 2.3.2 ### Overview Starting from this version, build artifacts for MacOS X86-64 are released. diff --git a/README.md b/README.md index d1a52322..949dbdd7 100644 --- a/README.md +++ b/README.md @@ -122,9 +122,16 @@ will always have the most recent version. We strongly recommend you always pull in the latest version for best performance and bug-fixes. Whether you're using Maven, Gradle, or some other build system that also pulls -packages from Maven Central, it's important to specify `linux-x86_64` or `linux-aarch_64` as the -classifier. You'll get an empty package otherwise. Note that ACCP is not -available for MacOS on Maven Central yet. +packages from Maven Central, it's important to specify a classifier, otherwise, +one would get an empty package. The possible classifiers are as follows: + +| Classifier | Support since version | FIPS support since version | +|------------|-----------------------|----------------------------| +| `linux-x86_64` | 1.0.0 | 2.3.0 | +| `linux-aarch_64` | 2.0.0 | 2.3.0 | +| `osx-x86_64` | 2.3.2 | Not supported | +| `osx-aarch_64` | 2.3.3 | Not supported | + Regardless of how you acquire ACCP (Maven, manual build, etc.) you will still need to follow the guidance in the [Configuration section](#configuration) to enable ACCP in your application. @@ -144,11 +151,6 @@ For more information, please see [VERSIONING.rst](https://github.com/corretto/am The artifactId for FIPS builds is `AmazonCorrettoCryptoProvider-FIPS`. -The classifier attribute could be set to `linux-aarch_64` to use ACCP on Linux ARM64 platforms. - -Starting from verions 2.3.2, the classifier attribute could be set to `osx-x86_64` to use ACCP -on MacOS X86 platforms. The FIPS artifacts do not support MacOS X86. - ACCP artifacts on Maven can be verified using the following PGP keys: | ACCP Version | PGP Key ID | Key Server | diff --git a/build.gradle b/build.gradle index c57bee5e..9bc5294f 100644 --- a/build.gradle +++ b/build.gradle @@ -13,10 +13,10 @@ plugins { } group = 'software.amazon.cryptools' -version = '2.3.2' +version = '2.3.3' ext.isFips = Boolean.getBoolean('FIPS') if (ext.isFips) { - ext.awsLcGitVersionId = 'AWS-LC-FIPS-2.0.0' + ext.awsLcGitVersionId = 'AWS-LC-FIPS-2.0.2' } else { ext.awsLcGitVersionId = 'v1.17.0' } @@ -45,7 +45,6 @@ def getDescriptionForPom(isFips) { } - spotless { java { target 'src/**/*.java', 'tst/**/*.java' @@ -582,16 +581,19 @@ task fakePublish { def x64Base = "${System.env.CODEBUILD_SRC_DIR_Linux_x64_Artifacts}/lib" def aarch64Base = "${System.env.CODEBUILD_SRC_DIR_Linux_aarch64_Artifacts}/lib" def osxX64Base = "${System.env.CODEBUILD_SRC_DIR_Osx_x64_Artifacts}/lib" + def osxAarch64Base = "${System.env.CODEBUILD_SRC_DIR_Osx_aarch64_Artifacts}/lib" def newPrefix = "AmazonCorrettoCryptoProvider-${version}" if (isFips) { + newPrefix = "AmazonCorrettoCryptoProvider-FIPS-${version}" x64Base = "${System.env.CODEBUILD_SRC_DIR_Linux_x64_Artifacts_FIPS}/lib" aarch64Base = "${System.env.CODEBUILD_SRC_DIR_Linux_aarch64_Artifacts_FIPS}/lib" osxX64Base = null - newPrefix = "AmazonCorrettoCryptoProvider-FIPS-${version}" + osxAarch64Base = null } def x86Jar = "${x64Base}/AmazonCorrettoCryptoProvider.jar" def aarch64Jar = "${aarch64Base}/AmazonCorrettoCryptoProvider.jar" def osxX64Jar = "${osxX64Base}/AmazonCorrettoCryptoProvider.jar" + def osxAarch64Jar = "${osxAarch64Base}/AmazonCorrettoCryptoProvider.jar" def sourceJar = "${x64Base}/AmazonCorrettoCryptoProvider-sources.jar" def javadocJar = "${x64Base}/AmazonCorrettoCryptoProvider-javadoc.jar" @@ -600,6 +602,8 @@ task fakePublish { if (!isFips) { println osxX64Jar println file(osxX64Jar).file + println osxAarch64Jar + println file(osxAarch64Jar).file } println aarch64Jar println file(aarch64Jar).file @@ -617,6 +621,11 @@ task fakePublish { rename 'AmazonCorrettoCryptoProvider.jar', "${newPrefix}-osx-x86_64.jar" into "${destinationDir}" } + copy { + from osxAarch64Jar + rename 'AmazonCorrettoCryptoProvider.jar', "${newPrefix}-osx-aarch_64.jar" + into "${destinationDir}" + } } copy { from aarch64Jar @@ -643,6 +652,14 @@ task fakePublish { keystore: "${project.gradle.gradleUserHomeDir}/${jcecertJks}", tsaurl: "http://timestamp.digicert.com" ) + ant.signjar( + alias: jcecertAlias, + jar: "${destinationDir}/${newPrefix}-osx-aarch_64.jar", + storepass: jcecertPassword, + keystore: "${project.gradle.gradleUserHomeDir}/${jcecertJks}", + tsaurl: "http://timestamp.digicert.com" + ) + } ant.signjar( alias: jcecertAlias, @@ -679,12 +696,14 @@ if (project.hasProperty('mavenUser') && project.hasProperty('jcecertAlias')) { def x86Jar = "${fakeMavenBase}linux-x86_64.jar" def aarch64Jar = "${fakeMavenBase}linux-aarch_64.jar" def osxX64Jar = "${fakeMavenBase}osx-x86_64.jar" + def osxAarch64Jar = "${fakeMavenBase}osx-aarch_64.jar" def sourceJar = "${fakeMavenBase}sources.jar" def javadocJar = "${fakeMavenBase}javadoc.jar" artifact source: file(x86Jar),classifier:"linux-x86_64",extension:"jar" artifact source: file(aarch64Jar),classifier:"linux-aarch_64",extension:"jar" if (!isFips) { artifact source: file(osxX64Jar),classifier:"osx-x86_64",extension:"jar" + artifact source: file(osxAarch64Jar),classifier:"osx-aarch_64",extension:"jar" } artifact emptyJar artifact source: file(javadocJar),classifier:"javadoc",extension:"jar" diff --git a/examples/gradle-kt-dsl/lib/build.gradle.kts b/examples/gradle-kt-dsl/lib/build.gradle.kts index 36d0b571..dd11e900 100644 --- a/examples/gradle-kt-dsl/lib/build.gradle.kts +++ b/examples/gradle-kt-dsl/lib/build.gradle.kts @@ -1,6 +1,7 @@ -val accpVersion = "2.3.2" +val accpVersion = "2.3.3" val accpLocalJar: String by project val fips: Boolean by project +val PLATFORMS_WITHOUT_FIPS_SUPPORT = setOf("osx-x86_64", "osx-aarch_64") plugins { // Apply the org.jetbrains.kotlin.jvm Plugin to add support for Kotlin. @@ -29,9 +30,9 @@ dependencies { // Use the Kotlin JUnit integration. testImplementation("org.jetbrains.kotlin:kotlin-test-junit") - // for OSX-x86_64, we do not have FIPS artifacts + // For some plaforms, ACCP does not have FIPS artifacts; in such cases, ignore "fips" property. val accpArtifactId = - if (project.hasProperty("fips") && osdetector.classifier != "osx-x86_64") + if (project.hasProperty("fips") && osdetector.classifier !in PLATFORMS_WITHOUT_FIPS_SUPPORT) "AmazonCorrettoCryptoProvider-FIPS" else "AmazonCorrettoCryptoProvider"