From 708a6d8dbdb55a55c7864981c4e10587bec36c37 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Tue, 4 Aug 2020 09:46:43 +0200
Subject: [PATCH] allow differing sha256 values in Google Maven vs Android
 Offline

It turns out that some of the dependencies in the Google Offline Components
downloadable maven repository have difference to the ones Google publishes
to maven.google.com.  WTF.  In any case, the new Gradle Dependency
Verification feature handles this gracefully.  I manually verified the
diffs between the two using diffoscope.  One just differed by timestamps in
the ZIP header, and the other just differed by linefeeds at the end of the
file.  Then I generated this metadata update using:

`./gradlew --write-verification-metadata pgp,sha256`

* https://developer.android.com/studio#offline
---
 gradle/verification-metadata.xml | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
index 233867aa8..0c6f752b7 100644
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@@ -13,6 +13,7 @@
          <trusted-key id="0cc641c3a62453ab390066c4a41f13c999945293">
             <trusting group="commons-logging"/>
             <trusting group="commons-collections"/>
+            <trusting group="commons-collections" name="commons-collections" version="3.2.2"/>
          </trusted-key>
          <trusted-key id="19beab2d799c020f17c69126b16698a4adf4d638" group="org.checkerframework" name="checker-qual" version="2.5.2"/>
          <trusted-key id="1d9aa7f9e1e2824728b8cd1794b291aef984a085" group="io.reactivex" name="rxjava" version="1.1.0"/>
@@ -42,7 +43,10 @@
          <trusted-key id="6214760097dc5cfad0175ac2c9fbaa83a8753994" group="^com[.]fasterxml($|([.].*))" regex="true"/>
          <trusted-key id="628462a5eaba59d57e99ae5a840b2bf6da8ed8c8" group="com.google.android.apps.common.testing.accessibility.framework" name="accessibility-test-framework" version="2.1"/>
          <trusted-key id="67497e9d680ce8e95bd6b8f85ad66315fc018797" group="com.beust" name="jcommander" version="1.72"/>
-         <trusted-key id="694621a7227d8d5289699830abe9f3126bb741c1" group="^com[.]google($|([.].*))" regex="true"/>
+         <trusted-key id="694621a7227d8d5289699830abe9f3126bb741c1">
+            <trusting group="^com[.]google($|([.].*))" regex="true"/>
+            <trusting group="com.google.guava"/>
+         </trusted-key>
          <trusted-key id="6f538074ccebf35f28af9b066a0975f8b1127b83" group="org.jetbrains.kotlin"/>
          <trusted-key id="6f7e5acbcd02db60dfd232e45e1f79a7c298661e" group="com.google.auto" name="auto-parent"/>
          <trusted-key id="70cd19bfd9f6c330027d6f260315bfb7970a144f">
@@ -55,7 +59,10 @@
          <trusted-key id="7f36e793ae3252e5d9e9b98fee9e7dc9d92fc896" group="com.google.errorprone"/>
          <trusted-key id="7faa0f2206de228f0db01ad741321490758aad6f" group="org.codehaus.groovy" name="groovy-all" version="2.4.15"/>
          <trusted-key id="8254180bfc943b816e0b5e2e5e2f2b3d474efe6b" group="it.unimi.dsi" name="fastutil" version="7.2.0"/>
-         <trusted-key id="90ee19787a7bcf6fd37a1e9180c08b1c29100955" group="com.squareup" name="javawriter"/>
+         <trusted-key id="90ee19787a7bcf6fd37a1e9180c08b1c29100955">
+            <trusting group="com.squareup" name="javawriter"/>
+            <trusting group="com.squareup" name="javawriter" version="2.1.1"/>
+         </trusted-key>
          <trusted-key id="912e716ef6d98746f8eeb4d182de7be82166e84e" group="net.sourceforge.pmd"/>
          <trusted-key id="92d3e6630b4b92cb2ef124994786cbe7d4906b68" group="com.google.auto" name="auto-common" version="0.8"/>
          <trusted-key id="972239dbe68699f526c06a053e177817ba1b9bfa" group="^info[.]guardianproject($|([.].*))" regex="true"/>
@@ -1391,6 +1398,7 @@
       </component>
       <component group="com.sun.activation" name="all" version="1.2.0">
          <artifact name="all-1.2.0.pom">
+            <pgp value="4f7e32d440ef90a83011a8fc6425559c47cc79c4"/>
             <sha256 value="1d8518e3ac7532a104e4f7be77def37c982e530723c6bdb3d67708cce2b0c2c4" origin="Generated by Gradle"/>
          </artifact>
       </component>
@@ -1865,6 +1873,7 @@
       </component>
       <component group="org.apache.commons" name="commons-parent" version="37">
          <artifact name="commons-parent-37.pom">
+            <pgp value="d6f1bc78607808ec8e9f69437a8860944fad5f62"/>
             <sha256 value="ee705a4dd68d8dcd9cc8d1249d5790861eb145ce7b0c6d6c0555ba94489d014b" origin="Generated by Gradle"/>
          </artifact>
       </component>
@@ -1882,6 +1891,7 @@
       </component>
       <component group="org.apache.commons" name="commons-parent" version="42">
          <artifact name="commons-parent-42.pom">
+            <pgp value="ce8075a251547bee249bc151a2115ae15f6b8b72"/>
             <sha256 value="cd313494c670b483ec256972af1698b330e598f807002354eb765479f604b09c" origin="Generated by Gradle"/>
          </artifact>
       </component>
@@ -2140,7 +2150,9 @@
             <sha256 value="51d6c4e71782e85674239189499854359d380fb75e1a703756e3aaa5b98a5af0" origin="Generated by Gradle"/>
          </artifact>
          <artifact name="groovy-all-2.4.15.pom">
-            <sha256 value="fc0d535d7bdb7ca90562321c2e8e2a35c377f113c6dd0b2062282e1f4676367a" origin="Generated by Gradle"/>
+            <sha256 value="fc0d535d7bdb7ca90562321c2e8e2a35c377f113c6dd0b2062282e1f4676367a" origin="Generated by Gradle">
+               <also-trust value="2f265241a9de73c352a24ff7d4a9c21bd9c53f280907e1af9e5048685df4d602"/>
+            </sha256>
          </artifact>
       </component>
       <component group="org.codehaus.mojo" name="animal-sniffer-annotations" version="1.14">
@@ -2340,7 +2352,9 @@
       </component>
       <component group="org.jetbrains.trove4j" name="trove4j" version="20160824">
          <artifact name="trove4j-20160824.jar">
-            <sha256 value="1917871c8deb468307a584680c87a44572f5a8b0b98c6d397fc0f5f86596dbe7" origin="Generated by Gradle because artifact wasn't signed"/>
+            <sha256 value="1917871c8deb468307a584680c87a44572f5a8b0b98c6d397fc0f5f86596dbe7" origin="Generated by Gradle because artifact wasn't signed">
+               <also-trust value="73b172473034defed027eba6c7df7ea39d56baa54452ade7aba5c5f19d7218f9"/>
+            </sha256>
          </artifact>
          <artifact name="trove4j-20160824.pom">
             <sha256 value="5c415a9d8585200de4be1947e15291cc79f599b06249375f5c9ea22d4b2d090f" origin="Generated by Gradle because artifact wasn't signed"/>