Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an optional parameter to enforce a specific vendor #76

Open
ldeso opened this issue Sep 3, 2024 · 1 comment
Open

Add an optional parameter to enforce a specific vendor #76

ldeso opened this issue Sep 3, 2024 · 1 comment

Comments

@ldeso
Copy link

ldeso commented Sep 3, 2024

The use case would be to block the installation of toolchains from vendors that are not trusted.

For example, this could be useful if one wants to build a Gradle project from some source code that is not audited, and only trusts a specific vendor. In that case, setting this optional parameter would guarantee that no toolchain will be downloaded and installed from any other vendor than the trusted one.

Looking at the source code, it seems that this feature could be implemented in the file FoojayToolchainResolver.kt, by checking that the vendor obtained from spec.vendor.get() matches the one specified by the optional parameter.
@StefMa
Copy link
Contributor

StefMa commented Sep 6, 2024

Isn't this already possible?

Looking at the docs here https://docs.gradle.org/8.10/userguide/toolchains.html#sec:vendors you can specify the vendor in that case. If there isn't a matching one, the build will fail.

Is this what you're looking for? 🤔
Or what would be the benefit of setting a vendor at this plugin level?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@StefMa @ldeso