From: Mathieu Baudier <mbaudier@argeo.org>
Date: Wed, 22 Mar 2023 16:29:09 +0000 (+0100)
Subject: Move crypto to selectable A2 (FIPS or full)
X-Git-Tag: v2.3.12~19
X-Git-Url: http://git.argeo.org/?p=gpl%2Fargeo-tp.git;a=commitdiff_plain;h=46c933e0d5920fdf4d5abbcdb290babcc3f9825d

Move crypto to selectable A2 (FIPS or full)
---

diff --git a/repackage/Makefile b/repackage/Makefile
index 799cbfd..bfee248 100644
--- a/repackage/Makefile
+++ b/repackage/Makefile
@@ -16,13 +16,13 @@ lib/macosx/x86_64/swt/rcp/org.argeo.tp.swt.workbench \
 swt/rcp/org.argeo.tp.swt \
 swt/rcp/org.argeo.tp.swt.workbench \
 org.argeo.tp \
-org.argeo.tp.crypto \
 org.argeo.tp.jetty \
 org.argeo.tp.utils \
 org.argeo.tp.jcr \
 org.argeo.tp.poi \
 org.argeo.tp.gis \
-org.argeo.tp.fips \
+crypto/full/org.argeo.tp.crypto \
+crypto/fips/org.argeo.tp.crypto \
 
 # NOTE: FIPS support is experimental, in order to preapre for the 2.0.0 stream
 # see https://www.bouncycastle.org/fips_java_roadmap.html
diff --git a/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bc-fips.bnd.disabled b/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bc-fips.bnd.disabled
new file mode 100644
index 0000000..b3384ca
--- /dev/null
+++ b/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bc-fips.bnd.disabled
@@ -0,0 +1,3 @@
+# !! The current version is unsafe, see:
+# https://github.com/bcgit/bc-java/wiki/CVE-2022-45146
+Argeo-Origin-M2: org.bouncycastle:bc-fips
diff --git a/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bc-noncert.bnd b/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bc-noncert.bnd
new file mode 100644
index 0000000..4788299
--- /dev/null
+++ b/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bc-noncert.bnd
@@ -0,0 +1,5 @@
+# !! The current version is unsafe, see:
+# https://github.com/bcgit/bc-java/wiki/CVE-2022-45146
+Argeo-Origin-M2: org.bouncycastle:bc-noncert:1.0.2.4
+Argeo-Origin-URI: https://downloads.bouncycastle.org/fips-java/bc-noncert-1.0.2.4.jar
+Argeo-Origin-Sources-URI: https://downloads.bouncycastle.org/fips-java/bc-noncert-1.0.2.4-sources.jar
diff --git a/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bcmail-fips.bnd b/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bcmail-fips.bnd
new file mode 100644
index 0000000..34dc61f
--- /dev/null
+++ b/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bcmail-fips.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcmail-fips:1.0.4
diff --git a/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bcpg-fips.bnd b/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bcpg-fips.bnd
new file mode 100644
index 0000000..be773b7
--- /dev/null
+++ b/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bcpg-fips.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcpg-fips:1.0.7.1
diff --git a/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bcpkix-fips.bnd b/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bcpkix-fips.bnd
new file mode 100644
index 0000000..f2f46d6
--- /dev/null
+++ b/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bcpkix-fips.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcpkix-fips:1.0.7
diff --git a/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bctls-fips.bnd b/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bctls-fips.bnd
new file mode 100644
index 0000000..7de0139
--- /dev/null
+++ b/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/bctls-fips.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bctls-fips:1.0.14.1
diff --git a/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/common.bnd b/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/common.bnd
new file mode 100644
index 0000000..3658686
--- /dev/null
+++ b/repackage/crypto/fips/org.argeo.tp.crypto/bouncycastle/common.bnd
@@ -0,0 +1,4 @@
+SPDX-License-Identifier: MIT
+Argeo-Origin-NoMetadataGeneration: true
+Argeo-Origin-Do-Not-Modify: true
+Argeo-Origin-M2: :1.0.2.3
\ No newline at end of file
diff --git a/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bcmail.bnd b/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bcmail.bnd
new file mode 100644
index 0000000..ec30584
--- /dev/null
+++ b/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bcmail.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcmail-jdk18on
diff --git a/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bcpg.bnd b/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bcpg.bnd
new file mode 100644
index 0000000..86d4e74
--- /dev/null
+++ b/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bcpg.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcpg-jdk18on:1.72.2
diff --git a/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bcpkix.bnd b/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bcpkix.bnd
new file mode 100644
index 0000000..1634680
--- /dev/null
+++ b/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bcpkix.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcpkix-jdk18on
diff --git a/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bcprov.bnd b/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bcprov.bnd
new file mode 100644
index 0000000..2941b4e
--- /dev/null
+++ b/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bcprov.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcprov-jdk18on
diff --git a/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bctls.bnd b/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bctls.bnd
new file mode 100644
index 0000000..5ac9fb2
--- /dev/null
+++ b/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bctls.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bctls-jdk18on
diff --git a/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bcutil.bnd b/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bcutil.bnd
new file mode 100644
index 0000000..0a71f96
--- /dev/null
+++ b/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/bcutil.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcutil-jdk18on
diff --git a/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/common.bnd b/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/common.bnd
new file mode 100644
index 0000000..0c2cd37
--- /dev/null
+++ b/repackage/crypto/full/org.argeo.tp.crypto/bouncycastle/common.bnd
@@ -0,0 +1,3 @@
+SPDX-License-Identifier: MIT
+Argeo-Origin-M2: :1.72
+Argeo-Origin-NoMetadataGeneration: true
diff --git a/repackage/crypto/full/org.argeo.tp.crypto/net.i2p.crypto.eddsa.bnd b/repackage/crypto/full/org.argeo.tp.crypto/net.i2p.crypto.eddsa.bnd
new file mode 100644
index 0000000..c53f340
--- /dev/null
+++ b/repackage/crypto/full/org.argeo.tp.crypto/net.i2p.crypto.eddsa.bnd
@@ -0,0 +1,5 @@
+SPDX-License-Identifier: CC0-1.0
+Argeo-Origin-M2: net.i2p.crypto:eddsa:0.3.0
+Import-Package: \
+sun.*;resolution:="optional", \
+*
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcmail.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bcmail.bnd
deleted file mode 100644
index ec30584..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/bcmail.bnd
+++ /dev/null
@@ -1 +0,0 @@
-Argeo-Origin-M2: org.bouncycastle:bcmail-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcpg.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bcpg.bnd
deleted file mode 100644
index 86d4e74..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/bcpg.bnd
+++ /dev/null
@@ -1 +0,0 @@
-Argeo-Origin-M2: org.bouncycastle:bcpg-jdk18on:1.72.2
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcpkix.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bcpkix.bnd
deleted file mode 100644
index 1634680..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/bcpkix.bnd
+++ /dev/null
@@ -1 +0,0 @@
-Argeo-Origin-M2: org.bouncycastle:bcpkix-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcprov.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bcprov.bnd
deleted file mode 100644
index 2941b4e..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/bcprov.bnd
+++ /dev/null
@@ -1 +0,0 @@
-Argeo-Origin-M2: org.bouncycastle:bcprov-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bctls.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bctls.bnd
deleted file mode 100644
index 5ac9fb2..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/bctls.bnd
+++ /dev/null
@@ -1 +0,0 @@
-Argeo-Origin-M2: org.bouncycastle:bctls-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcutil.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bcutil.bnd
deleted file mode 100644
index 0a71f96..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/bcutil.bnd
+++ /dev/null
@@ -1 +0,0 @@
-Argeo-Origin-M2: org.bouncycastle:bcutil-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/common.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/common.bnd
deleted file mode 100644
index 0c2cd37..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/common.bnd
+++ /dev/null
@@ -1,3 +0,0 @@
-SPDX-License-Identifier: MIT
-Argeo-Origin-M2: :1.72
-Argeo-Origin-NoMetadataGeneration: true
diff --git a/repackage/org.argeo.tp.crypto/net.i2p.crypto.eddsa.bnd b/repackage/org.argeo.tp.crypto/net.i2p.crypto.eddsa.bnd
deleted file mode 100644
index c53f340..0000000
--- a/repackage/org.argeo.tp.crypto/net.i2p.crypto.eddsa.bnd
+++ /dev/null
@@ -1,5 +0,0 @@
-SPDX-License-Identifier: CC0-1.0
-Argeo-Origin-M2: net.i2p.crypto:eddsa:0.3.0
-Import-Package: \
-sun.*;resolution:="optional", \
-*
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bc-fips.bnd.disabled b/repackage/org.argeo.tp.fips/bouncycastle/bc-fips.bnd.disabled
deleted file mode 100644
index b3384ca..0000000
--- a/repackage/org.argeo.tp.fips/bouncycastle/bc-fips.bnd.disabled
+++ /dev/null
@@ -1,3 +0,0 @@
-# !! The current version is unsafe, see:
-# https://github.com/bcgit/bc-java/wiki/CVE-2022-45146
-Argeo-Origin-M2: org.bouncycastle:bc-fips
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bc-noncert.bnd b/repackage/org.argeo.tp.fips/bouncycastle/bc-noncert.bnd
deleted file mode 100644
index 4788299..0000000
--- a/repackage/org.argeo.tp.fips/bouncycastle/bc-noncert.bnd
+++ /dev/null
@@ -1,5 +0,0 @@
-# !! The current version is unsafe, see:
-# https://github.com/bcgit/bc-java/wiki/CVE-2022-45146
-Argeo-Origin-M2: org.bouncycastle:bc-noncert:1.0.2.4
-Argeo-Origin-URI: https://downloads.bouncycastle.org/fips-java/bc-noncert-1.0.2.4.jar
-Argeo-Origin-Sources-URI: https://downloads.bouncycastle.org/fips-java/bc-noncert-1.0.2.4-sources.jar
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bcmail-fips.bnd b/repackage/org.argeo.tp.fips/bouncycastle/bcmail-fips.bnd
deleted file mode 100644
index 34dc61f..0000000
--- a/repackage/org.argeo.tp.fips/bouncycastle/bcmail-fips.bnd
+++ /dev/null
@@ -1 +0,0 @@
-Argeo-Origin-M2: org.bouncycastle:bcmail-fips:1.0.4
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bcpg-fips.bnd b/repackage/org.argeo.tp.fips/bouncycastle/bcpg-fips.bnd
deleted file mode 100644
index be773b7..0000000
--- a/repackage/org.argeo.tp.fips/bouncycastle/bcpg-fips.bnd
+++ /dev/null
@@ -1 +0,0 @@
-Argeo-Origin-M2: org.bouncycastle:bcpg-fips:1.0.7.1
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bcpkix-fips.bnd b/repackage/org.argeo.tp.fips/bouncycastle/bcpkix-fips.bnd
deleted file mode 100644
index f2f46d6..0000000
--- a/repackage/org.argeo.tp.fips/bouncycastle/bcpkix-fips.bnd
+++ /dev/null
@@ -1 +0,0 @@
-Argeo-Origin-M2: org.bouncycastle:bcpkix-fips:1.0.7
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bctls-fips.bnd b/repackage/org.argeo.tp.fips/bouncycastle/bctls-fips.bnd
deleted file mode 100644
index 7de0139..0000000
--- a/repackage/org.argeo.tp.fips/bouncycastle/bctls-fips.bnd
+++ /dev/null
@@ -1 +0,0 @@
-Argeo-Origin-M2: org.bouncycastle:bctls-fips:1.0.14.1
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/common.bnd b/repackage/org.argeo.tp.fips/bouncycastle/common.bnd
deleted file mode 100644
index 3658686..0000000
--- a/repackage/org.argeo.tp.fips/bouncycastle/common.bnd
+++ /dev/null
@@ -1,4 +0,0 @@
-SPDX-License-Identifier: MIT
-Argeo-Origin-NoMetadataGeneration: true
-Argeo-Origin-Do-Not-Modify: true
-Argeo-Origin-M2: :1.0.2.3
\ No newline at end of file
diff --git a/repackage/osgi/api/org.argeo.tp.osgi/osgi.core.bnd b/repackage/osgi/api/org.argeo.tp.osgi/osgi.core.bnd
index a8e02bb..7bffea2 100644
--- a/repackage/osgi/api/org.argeo.tp.osgi/osgi.core.bnd
+++ b/repackage/osgi/api/org.argeo.tp.osgi/osgi.core.bnd
@@ -1,3 +1,3 @@
-Argeo-Origin-M2: org.osgi:osgi.core:7.0.0
+Argeo-Origin-M2: org.osgi:osgi.core:8.0.0
 Argeo-Origin-NoMetadataGeneration: true
 SPDX-License-Identifier: Apache-2.0
diff --git a/sdk/argeo-build b/sdk/argeo-build
index 949c81c..fd34494 160000
--- a/sdk/argeo-build
+++ b/sdk/argeo-build
@@ -1 +1 @@
-Subproject commit 949c81c657e02d1dde8a83f5651000f39db53b4d
+Subproject commit fd3449421a3d3e61756cc1ed8bd6e698ecd9eb11
diff --git a/sdk/output-argeo-tp-minimal.target b/sdk/output-argeo-tp-minimal.target
index b15e79b..9a0cdca 100644
--- a/sdk/output-argeo-tp-minimal.target
+++ b/sdk/output-argeo-tp-minimal.target
@@ -7,6 +7,7 @@
 		<location path="${project_loc:argeo-tp}/../output/a2/osgi/equinox/org.argeo.tp.eclipse" type="Directory"/>
 		<location path="${project_loc:argeo-tp}/../output/a2/org.argeo.tp.jetty" type="Directory"/>
 		<location path="${project_loc:argeo-tp}/../output/a2/org.argeo.tp.sdk" type="Directory"/>
+		<location path="${project_loc:argeo-tp}/../output/a2/crypto/fips/org.argeo.tp.crypto" type="Directory"/>
 	</locations>
 	<targetJRE path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-17"/>
 </target>
\ No newline at end of file