From 531a9a8554fb5bba2103b12b0cf67b35450ced32 Mon Sep 17 00:00:00 2001
From: Max Weber <mii7303@gmail.com>
Date: Thu, 25 Feb 2021 12:02:08 -0700
Subject: [PATCH] package: use a central verification-metadata file

This lets us have better control over which dependencies are verified,
as changes to runelite-client's dependencies cause all Hub plugins with
pinned deps to fail, as the new transitive deps aren't pinned. Moving
this file into this repo not only lets us update it in these situations,
but also means individual plugin authors don't need to touch Gradle's
verification and all of it's associated pains. This also allows plugins
to pull a dependency that another plugin pulls already with no extra
work.
---
 .github/workflows/build.yml                   |   5 +-
 README.md                                     |  29 +-
 package/package/build.gradle                  |   6 +
 .../runelite/pluginhub/packager/Packager.java |   7 +-
 .../runelite/pluginhub/packager/Plugin.java   |   9 +
 .../pluginhub/packager/PluginTest.java        |  20 +
 package/travis.sh                             |   1 +
 package/verification-template/README.md       |   5 +
 package/verification-template/build.gradle    |  72 +++
 .../gradle/verification-metadata.xml          | 587 ++++++++++++++++++
 package/verification-template/settings.gradle |   1 +
 11 files changed, 713 insertions(+), 29 deletions(-)
 create mode 100644 package/verification-template/README.md
 create mode 100644 package/verification-template/build.gradle
 create mode 100644 package/verification-template/gradle/verification-metadata.xml
 create mode 100644 package/verification-template/settings.gradle

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 047dc83a6..398b07c92 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -28,11 +28,12 @@ jobs:
         path: |
           ~/.gradle/caches/
           ~/.gradle/wrapper/
-        key: package-2.0.3
+        key: package-2.0.4
     - name: prepare
       run: |
         pushd package
         ./gradlew --build-cache prep
+        ./gradlew --build-cache --project-dir verification-template :verifyCore
         popd
     - name: build
       env:
@@ -79,7 +80,7 @@ jobs:
         path: |
           ~/.gradle/caches/
           ~/.gradle/wrapper/
-        key: upload-2.0.3
+        key: upload-2.0.4
     - uses: actions/download-artifact@v2
       with:
         name: manifest_diff
diff --git a/README.md b/README.md
index 5f172a97a..992d319b9 100644
--- a/README.md
+++ b/README.md
@@ -118,29 +118,6 @@ will not merge it__.
 We require any dependencies that are not a transitive dependency of runelite-client to
 be have their cryptographic hash verified during the build to prevent [supply chain attacks](https://en.wikipedia.org/wiki/Supply_chain_attack) and ensure build reproducability.
 To do this we rely on [Gradle's dependency verification](https://docs.gradle.org/nightly/userguide/dependency_verification.html).
-
-Create `gradle/verification-metadata.xml` with the following contents
-
-```xml
-<?xml version="1.0" encoding="UTF-8"?>
-<verification-metadata xmlns="https://schema.gradle.org/dependency-verification" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="https://schema.gradle.org/dependency-verification https://schema.gradle.org/dependency-verification/dependency-verification-1.0.xsd">
-  <configuration>
-    <verify-metadata>true</verify-metadata>
-    <verify-signatures>false</verify-signatures>
-    <trusted-artifacts>
-      <trust group="net.runelite"/>
-      <trust group="net.runelite.gluegen"/>
-      <trust group="net.runelite.jocl"/>
-      <trust group="net.runelite.jogl"/>
-      <trust group="net.runelite.pushingpixels"/>
-    </trusted-artifacts>
-  </configuration>
-</verification-metadata>
-```
-
-And finally run: 
-```
-./gradlew --write-verification-metadata sha256
-```
-Then commit the files to your repository. You will have to run this final command anytime you
-add/remove/update dependencies that are not part of RuneLite.
\ No newline at end of file
+To add a new dependency, add it to the `thirdParty` configuration in [`package/verification-template/build.gradle`](https://github.com/runelite/plugin-hub/blob/master/package/verification-template/build.gradle),
+then run `../gradlew --write-verification-metadata sha256` to update the metadata file. A maintainer must then verify
+the dependencies manually before your pull request will be merged.
\ No newline at end of file
diff --git a/package/package/build.gradle b/package/package/build.gradle
index fca319c10..172689f9e 100644
--- a/package/package/build.gradle
+++ b/package/package/build.gradle
@@ -49,6 +49,12 @@ dependencies {
 	testImplementation "com.squareup.okhttp3:mockwebserver:3.14.9"
 }
 
+processResources {
+	from("../verification-template/gradle/verification-metadata.xml") {
+		into "net/runelite/pluginhub/packager"
+	}
+}
+
 jar {
 	manifest {
 		attributes "Main-Class": "net.runelite.pluginhub.packager.Packager"
diff --git a/package/package/src/main/java/net/runelite/pluginhub/packager/Packager.java b/package/package/src/main/java/net/runelite/pluginhub/packager/Packager.java
index 99b59d1b8..e0dbb5f5e 100644
--- a/package/package/src/main/java/net/runelite/pluginhub/packager/Packager.java
+++ b/package/package/src/main/java/net/runelite/pluginhub/packager/Packager.java
@@ -337,11 +337,16 @@ public class Packager implements Closeable
 
 			if (doPackageTests)
 			{
-				testFailure = new ProcessBuilder(new File(PACKAGE_ROOT, "gradlew").getAbsolutePath(), "--console=plain", "test")
+				testFailure |= new ProcessBuilder(new File(PACKAGE_ROOT, "gradlew").getAbsolutePath(), "--console=plain", "test")
 					.directory(PACKAGE_ROOT)
 					.inheritIO()
 					.start()
 					.waitFor() != 0;
+				testFailure |= new ProcessBuilder(new File(PACKAGE_ROOT, "gradlew").getAbsolutePath(), "--console=plain", ":verifyAll")
+					.directory(new File(PACKAGE_ROOT, "verification-template"))
+					.inheritIO()
+					.start()
+					.waitFor() != 0;
 			}
 
 			if (doAll)
diff --git a/package/package/src/main/java/net/runelite/pluginhub/packager/Plugin.java b/package/package/src/main/java/net/runelite/pluginhub/packager/Plugin.java
index b8bd35bbe..a53e56eb2 100644
--- a/package/package/src/main/java/net/runelite/pluginhub/packager/Plugin.java
+++ b/package/package/src/main/java/net/runelite/pluginhub/packager/Plugin.java
@@ -40,6 +40,7 @@ import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.OutputStreamWriter;
 import java.io.PrintWriter;
@@ -51,6 +52,7 @@ import java.nio.file.FileVisitResult;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.SimpleFileVisitor;
+import java.nio.file.StandardCopyOption;
 import java.nio.file.attribute.BasicFileAttributes;
 import java.util.ArrayList;
 import java.util.Comparator;
@@ -369,6 +371,13 @@ public class Plugin implements Closeable
 			}
 		}
 
+		try (InputStream is = Plugin.class.getResourceAsStream("verification-metadata.xml"))
+		{
+			File metadataFile = new File(repositoryDirectory, "gradle/verification-metadata.xml");
+			metadataFile.getParentFile().mkdir();
+			Files.copy(is, metadataFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
+		}
+
 		try (ProjectConnection con = GradleConnector.newConnector()
 			.forProjectDirectory(repositoryDirectory)
 			.useInstallation(GRADLE_HOME)
diff --git a/package/package/src/test/java/net/runelite/pluginhub/packager/PluginTest.java b/package/package/src/test/java/net/runelite/pluginhub/packager/PluginTest.java
index c036b00c2..830cbfa1a 100644
--- a/package/package/src/test/java/net/runelite/pluginhub/packager/PluginTest.java
+++ b/package/package/src/test/java/net/runelite/pluginhub/packager/PluginTest.java
@@ -100,6 +100,26 @@ public class PluginTest
 		}
 	}
 
+	@Test
+	public void testUnverifiedDependency() throws InterruptedException, DisabledPluginException, PluginBuildException, IOException
+	{
+		try (Plugin p = createExamplePlugin("unverified-dependency"))
+		{
+			File buildFile = new File(p.repositoryDirectory, "build.gradle");
+			String buildSrc = Files.asCharSource(buildFile, StandardCharsets.UTF_8).read();
+			buildSrc = buildSrc.replace("dependencies {", "dependencies {\n" +
+				"	implementation 'org.apache.httpcomponents:httpclient:4.5.13'");
+			Files.asCharSink(buildFile, StandardCharsets.UTF_8).write(buildSrc);
+			p.build(Util.readRLVersion());
+			p.assembleManifest();
+			Assert.fail();
+		}
+		catch (PluginBuildException e)
+		{
+			log.info("ok: ", e);
+		}
+	}
+
 	private static void writeProperties(Properties props, File fi) throws IOException
 	{
 		try (FileOutputStream fos = new FileOutputStream(fi))
diff --git a/package/travis.sh b/package/travis.sh
index 6bdac43c1..07d381d41 100755
--- a/package/travis.sh
+++ b/package/travis.sh
@@ -31,6 +31,7 @@ env:
 '
 pushd "$(dirname "$0")"
 ./gradlew --console=plain --build-cache prep
+./gradlew --console=plain --build-cache --project-dir verification-template :verifyCore
 popd
 
 PACKAGE_IS_PR="$TRAVIS_PULL_REQUEST" \
diff --git a/package/verification-template/README.md b/package/verification-template/README.md
new file mode 100644
index 000000000..b14b2bade
--- /dev/null
+++ b/package/verification-template/README.md
@@ -0,0 +1,5 @@
+This project includes the dependency verification hashes used by all Plugin Hub plugins.
+At the start of every build `core` dependencies are verified, but `thirdParty` deps are not.
+To add a new dependency for a plugin add a new dep to the `thirdParty` configuration in this
+`build.gradle` and run `../gradlew --write-verification-metadata sha256`. The maintainer MUST
+then verify the hashes match Maven Central and that the library in question is reasonable.
\ No newline at end of file
diff --git a/package/verification-template/build.gradle b/package/verification-template/build.gradle
new file mode 100644
index 000000000..7986832a6
--- /dev/null
+++ b/package/verification-template/build.gradle
@@ -0,0 +1,72 @@
+plugins {
+	id "base"
+}
+
+repositories {
+	maven {
+		url = "https://repo.runelite.net"
+	}
+	mavenCentral()
+	gradlePluginPortal()
+}
+
+configurations {
+	core
+	thirdParty.extendsFrom core
+}
+
+dependencies {
+	core group: "net.runelite", name:"client", version: file("../../runelite.version").text.trim()
+	core "org.projectlombok:lombok:1.18.4"
+
+	thirdParty("org.zeromq:jnacl:0.1.0") {
+		because "keepass-xc"
+	}
+	thirdParty("org.mongodb:mongodb-driver-sync:4.2.0") {
+		because "afterdark-pvm-loot-tracker"
+	}
+	thirdParty("jfree:jfreechart:1.0.13") {
+		because "bank-value-tracker"
+	}
+	thirdParty("net.sourceforge.jdatepicker:jdatepicker:1.3.2") {
+		because "bank-value-tracker"
+	}
+	thirdParty("io.freefair.lombok:io.freefair.lombok.gradle.plugin:5.3.0") {
+		because "discord-rare-drop-notifier"
+	}
+	thirdParty("org.projectlombok:lombok:1.18.16") {
+		because "discord-rare-drop-notifier"
+	}
+	thirdParty("org.json:json:20200518") {
+		because "discord-rare-drop-notifier"
+	}
+	thirdParty("org.jsoup:jsoup:1.13.1") {
+		because "discord-rare-drop-notifier, drop-simulator, fire-beats, loot-table"
+	}
+	thirdParty("com.miglayout:miglayout-swing:5.2") {
+		because "drop-simulator"
+	}
+	thirdParty("org.apache.commons:commons-io:1.3.2") {
+		because "emojiscape"
+	}
+	thirdParty("org.influxdb:influxdb-java:2.5") {
+		because "influxdb-stats"
+	}
+	thirdParty("com.diffplug.spotless:spotless-plugin-gradle:5.2.0") {
+		because "ring-of-recoil-notifier"
+	}
+}
+
+task verifyCore {
+	doLast {
+		// This causes resolution (and therefore verification) of the configuration
+		configurations.core.asPath
+	}
+}
+
+task verifyAll {
+	doLast {
+		// This causes resolution (and therefore verification) of the configuration
+		configurations.thirdParty.asPath
+	}
+}
\ No newline at end of file
diff --git a/package/verification-template/gradle/verification-metadata.xml b/package/verification-template/gradle/verification-metadata.xml
new file mode 100644
index 000000000..1114083c7
--- /dev/null
+++ b/package/verification-template/gradle/verification-metadata.xml
@@ -0,0 +1,587 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<verification-metadata xmlns="https://schema.gradle.org/dependency-verification" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="https://schema.gradle.org/dependency-verification https://schema.gradle.org/dependency-verification/dependency-verification-1.0.xsd">
+   <configuration>
+      <verify-metadata>true</verify-metadata>
+      <verify-signatures>false</verify-signatures>
+      <trusted-artifacts>
+         <trust group="net.runelite"/>
+         <trust group="net.runelite.gluegen"/>
+         <trust group="net.runelite.jocl"/>
+         <trust group="net.runelite.jogl"/>
+         <trust group="net.runelite.pushingpixels"/>
+      </trusted-artifacts>
+   </configuration>
+   <components>
+      <component group="aopalliance" name="aopalliance" version="1.0">
+         <artifact name="aopalliance-1.0.jar">
+            <sha256 value="0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="aopalliance-1.0.pom">
+            <sha256 value="26e82330157d6b844b67a8064945e206581e772977183e3e31fec6058aa9a59b" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="ch.qos.logback" name="logback-classic" version="1.2.3">
+         <artifact name="logback-classic-1.2.3.jar">
+            <sha256 value="fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="logback-classic-1.2.3.pom">
+            <sha256 value="a051eb1a2548b93c99abca8eb71d5c75d2ff06976682960348124bc4901a5315" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="ch.qos.logback" name="logback-core" version="1.2.3">
+         <artifact name="logback-core-1.2.3.jar">
+            <sha256 value="5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="logback-core-1.2.3.pom">
+            <sha256 value="df4d7181ec51655baaaab067971180d7681643ddd274139f0c3078dba14e97e0" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="ch.qos.logback" name="logback-parent" version="1.2.3">
+         <artifact name="logback-parent-1.2.3.pom">
+            <sha256 value="79cd021dafc7b0255d3cdd3fd70cbaa638df73995749a348ee82c45635eab26a" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.diffplug.durian" name="durian-collect" version="1.2.0">
+         <artifact name="durian-collect-1.2.0.jar">
+            <sha256 value="b194c0b88021cc116c21c1dc76f49c2c1fe175af5bcb74c8ba67b9dbbf9a48cc" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="durian-collect-1.2.0.pom">
+            <sha256 value="8bb762086a0a4fd2a6473bbf905c744763afa1d59a5630f73bb04b7872c09ff3" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.diffplug.durian" name="durian-core" version="1.2.0">
+         <artifact name="durian-core-1.2.0.jar">
+            <sha256 value="17ed0aacb3a3c16323332168bbdead8694f32800b2b47d69d4a4c49b114d5dae" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="durian-core-1.2.0.pom">
+            <sha256 value="870320e90755371b01796fe81ba525fd1dee8b70346f554551eedd4289f0b662" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.diffplug.durian" name="durian-io" version="1.2.0">
+         <artifact name="durian-io-1.2.0.jar">
+            <sha256 value="095fd1dc77888c073f0be39a018156ee526722798b09de9e285ef2135e16eac4" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="durian-io-1.2.0.pom">
+            <sha256 value="350919424324e2750a3ddc2fa1bce6a90ac8ce2925698a60a9b4d1d6e4922ffe" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.diffplug.spotless" name="spotless-lib" version="2.3.0">
+         <artifact name="spotless-lib-2.3.0.jar">
+            <sha256 value="e90dea800bd104549907401698e370ee7083fe621c833ee81a44f72d990b3777" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="spotless-lib-2.3.0.pom">
+            <sha256 value="5c7fd219b59e0673e935dc670bbabe8cffcaec58c7d164896550d0fb827f10e0" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.diffplug.spotless" name="spotless-lib-extra" version="2.3.0">
+         <artifact name="spotless-lib-extra-2.3.0.jar">
+            <sha256 value="7d6261cd2dfd4adb7601ef7b95e181198b2a04162e310d4da0823b88e34ee81a" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="spotless-lib-extra-2.3.0.pom">
+            <sha256 value="fe8ee004589534065c7c87231e9d8a82638d9a6f99ed7f755d8d9fbb4f006d11" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.diffplug.spotless" name="spotless-plugin-gradle" version="5.2.0">
+         <artifact name="spotless-plugin-gradle-5.2.0.jar">
+            <sha256 value="7c17a78fb4b23fe11f3623d4ab51696ac5373a60ff8afee96939e8d33237d0a2" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="spotless-plugin-gradle-5.2.0.pom">
+            <sha256 value="0e2cbe4e5d38e1edea146c6eab025657838258f40e20ea9852739221b70490ac" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.google" name="google" version="5">
+         <artifact name="google-5.pom">
+            <sha256 value="e09d345e73ca3fbca7f3e05f30deb74e9d39dd6b79a93fee8c511f23417b6828" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.google.code.findbugs" name="jsr305" version="3.0.2">
+         <artifact name="jsr305-3.0.2.jar">
+            <sha256 value="766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="jsr305-3.0.2.pom">
+            <sha256 value="19889dbdf1b254b2601a5ee645b8147a974644882297684c798afe5d63d78dfe" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.google.code.gson" name="gson" version="2.8.5">
+         <artifact name="gson-2.8.5.jar">
+            <sha256 value="233a0149fc365c9f6edbd683cfe266b19bdc773be98eabdaf6b3c924b48e7d81" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="gson-2.8.5.pom">
+            <sha256 value="b8308557a7fccc92d9fe7c8cd0599258b361285d2ecde7689eda98843255a092" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.google.code.gson" name="gson-parent" version="2.8.5">
+         <artifact name="gson-parent-2.8.5.pom">
+            <sha256 value="8f1fec72b91a71ea39ec39f5f778c4d1124b6b097c6d55b3a50b554a52237b27" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.google.errorprone" name="error_prone_annotations" version="2.0.18">
+         <artifact name="error_prone_annotations-2.0.18.jar">
+            <sha256 value="cb4cfad870bf563a07199f3ebea5763f0dec440fcda0b318640b1feaa788656b" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="error_prone_annotations-2.0.18.pom">
+            <sha256 value="9144127192d6f612c2366825dceaeb23b0d53130b83e0bf1ffe107d1470a8487" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.google.errorprone" name="error_prone_parent" version="2.0.18">
+         <artifact name="error_prone_parent-2.0.18.pom">
+            <sha256 value="cf149955279b07d4f11e817985c1164a69e930d73db7441b43a6ef53bbd286c4" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.google.guava" name="guava" version="23.2-jre">
+         <artifact name="guava-23.2-jre.jar">
+            <sha256 value="5be9a7d05ba0ccd74708bc8018ae412255f85843c0b92302e9b9befa6ed52564" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="guava-23.2-jre.pom">
+            <sha256 value="57abac7e3962e45ad1c8645d91cdad96e1e0bf23b8b38e6f389011f7ae496870" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.google.guava" name="guava-parent" version="23.2-jre">
+         <artifact name="guava-parent-23.2-jre.pom">
+            <sha256 value="e92cd52f3b86a0f6fe90fc94a86ea072a2b112fc40063bd33f6679778038cc47" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.google.inject" name="guice" version="4.1.0">
+         <artifact name="guice-4.1.0-no_aop.jar">
+            <sha256 value="9264c6931c431e928dc64adc842584d5f57d17b2f3aff29221f2b3fdea673dad" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="guice-4.1.0.pom">
+            <sha256 value="0fa847b77ecf18b17007bf3853f44bf7f0b6170f2f944a05b1990dc59c441695" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.google.inject" name="guice-parent" version="4.1.0">
+         <artifact name="guice-parent-4.1.0.pom">
+            <sha256 value="1ecea87b2c44d210e60f0f2ecc241538de227006bd2b2d1e75349ee4164b77dc" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.google.j2objc" name="j2objc-annotations" version="1.1">
+         <artifact name="j2objc-annotations-1.1.jar">
+            <sha256 value="2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="j2objc-annotations-1.1.pom">
+            <sha256 value="f0c98c571e93a7cb4dd18df0fa308f0963e7a0620ac2d4244e61e709d03ad6be" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.googlecode.concurrent-trees" name="concurrent-trees" version="2.6.1">
+         <artifact name="concurrent-trees-2.6.1.jar">
+            <sha256 value="04e3724984e2a5cbf55606cfa372a5bd3d3c5d2a21533a7004e3cde539761fa5" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="concurrent-trees-2.6.1.pom">
+            <sha256 value="43c2b9b142e7055d1f2a5827f10944925d22747d9756b3250c07aab47538a971" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.googlecode.javaewah" name="JavaEWAH" version="1.1.7">
+         <artifact name="JavaEWAH-1.1.7.jar">
+            <sha256 value="3ecf8b2c602314341f5a2ace171ed04fc86f2d4ddf762180656e9b71134ae68f" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="JavaEWAH-1.1.7.pom">
+            <sha256 value="3e65dece4bd244bfb28c305a34160e7eb3811a34b31e6ff7684242dbd0d6cfdb" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.miglayout" name="miglayout-core" version="5.2">
+         <artifact name="miglayout-core-5.2.jar">
+            <sha256 value="669f0da8fd76be53d75f5940f481626f29b544cd9925b7da2611187d2684bc7a" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="miglayout-core-5.2.pom">
+            <sha256 value="b1cbef6baaaab7721a08b2a5019b696a37d5e3ec0a7d0cd7991a3830e26b7c60" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.miglayout" name="miglayout-parent" version="5.2">
+         <artifact name="miglayout-parent-5.2.pom">
+            <sha256 value="f924d2d02976bc842ed2eff8b31e07a7665bfcd25463d4d79adbe41058ace99b" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.miglayout" name="miglayout-swing" version="5.2">
+         <artifact name="miglayout-swing-5.2.jar">
+            <sha256 value="8369f682ea153efb681a3f582acc488e82a97ee6f47d25352f080e977f138c86" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="miglayout-swing-5.2.pom">
+            <sha256 value="e7643592af49a7121473e3943b374edd7c3fbb9cc905d0c6ab90ce702be442a1" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.squareup.moshi" name="moshi" version="1.2.0">
+         <artifact name="moshi-1.2.0.jar">
+            <sha256 value="70960944f72380a9669adbf3245430597022b0da9a0a73d2c28404baa0261323" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="moshi-1.2.0.pom">
+            <sha256 value="9310d64b9eaf918d67c4793c2fc81ce5cbf7294cab24b5229d81067eb896ea9d" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.squareup.moshi" name="moshi-parent" version="1.2.0">
+         <artifact name="moshi-parent-1.2.0.pom">
+            <sha256 value="df73c08f4dc82afc59b581ded868f98416a8b3e376fce0835488d5613618c217" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.squareup.okhttp3" name="logging-interceptor" version="3.5.0">
+         <artifact name="logging-interceptor-3.5.0.jar">
+            <sha256 value="2f77bb4b1b2ecf1c330a54295b0b112f65a56d2c16b7937303ad601b1de18fde" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="logging-interceptor-3.5.0.pom">
+            <sha256 value="c6859cd41ab3df4567e86e6fc5dfb881364c46e673471974d45f6014d0378276" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.squareup.okhttp3" name="okhttp" version="3.5.0">
+         <artifact name="okhttp-3.5.0.pom">
+            <sha256 value="98eca3610c0d636f2a16c4dcdbe5e7d1a077d7fc75da63ec8fa9d0a82e7d5ad9" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.squareup.okhttp3" name="okhttp" version="3.7.0">
+         <artifact name="okhttp-3.7.0.jar">
+            <sha256 value="f55abda036da75e1af45bd43b9dfa79b2a3d90905be9cb38687c6621597a8165" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="okhttp-3.7.0.pom">
+            <sha256 value="819a803d86f84de135984af85e3fa83f188f54f66b9f90c4104d64ffdb5eaafb" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.squareup.okhttp3" name="parent" version="3.5.0">
+         <artifact name="parent-3.5.0.pom">
+            <sha256 value="28b93e60ab8945777de3e62f566b042dad05f9a436b2ab6aef1fd9557c768d4d" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.squareup.okhttp3" name="parent" version="3.7.0">
+         <artifact name="parent-3.7.0.pom">
+            <sha256 value="fb80c3c74ea789891810b22a80904043f44a527edd7f9d231435a7eaf5b73928" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.squareup.okio" name="okio" version="1.12.0">
+         <artifact name="okio-1.12.0.jar">
+            <sha256 value="bfe7dfe483c37137966a1690f0c7d0b448ba217902c1fed202aaffdbba3291ae" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="okio-1.12.0.pom">
+            <sha256 value="ef2c568317872a31df0d6a47ed69ff541b706441d96e76fd1915613251734470" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.squareup.okio" name="okio-parent" version="1.12.0">
+         <artifact name="okio-parent-1.12.0.pom">
+            <sha256 value="93d8ddc1226190894402ed36fdaea8d2757efcd120de48edbf73e12473d0ea94" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.squareup.retrofit2" name="converter-moshi" version="2.1.0">
+         <artifact name="converter-moshi-2.1.0.jar">
+            <sha256 value="ad052fa0bfabbf697c8174a3fdf4ba647dfe7ebe911bc8feb751b55d1dd90e27" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="converter-moshi-2.1.0.pom">
+            <sha256 value="251d2be722a4888d6d18d9a16aaf129e9162072b6cb63fb7a84cd956be9b9f13" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.squareup.retrofit2" name="parent" version="2.1.0">
+         <artifact name="parent-2.1.0.pom">
+            <sha256 value="81d859e4f8b0715ff86159529052c8dc9cfdd1cc7b034f53c05386ffd4c535ef" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.squareup.retrofit2" name="retrofit" version="2.1.0">
+         <artifact name="retrofit-2.1.0.jar">
+            <sha256 value="b7ae1a8c9f8de27c85ea43238c6c1507e91d33c6411cc52a06b5451842dc28bb" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="retrofit-2.1.0.pom">
+            <sha256 value="05f5a3e2d192d8ae4812f613a70a173d7336a16af7c038564f11c923da22d524" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.squareup.retrofit2" name="retrofit-converters" version="2.1.0">
+         <artifact name="retrofit-converters-2.1.0.pom">
+            <sha256 value="3cac6d011409c96348ac330686326a2cb53315f6c29080e5d55b28308c9448a2" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="commons-io" name="commons-io" version="1.3.2">
+         <artifact name="commons-io-1.3.2.jar">
+            <sha256 value="551c13e49dab32aebdb7a70ec9c2767372e58864ae115ef389582e548cffee38" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="commons-io-1.3.2.pom">
+            <sha256 value="1da5fdcd12e75b62ba85eed94ab46b64ab9ad7f66a5d1cfcbe194e4e9a0f5d84" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="io.freefair.gradle" name="lombok-plugin" version="5.3.0">
+         <artifact name="lombok-plugin-5.3.0.jar">
+            <sha256 value="9cd994b8501b715e1bf8904318f2019e7e32b4d915e2f022ec54bf1026bd23e9" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="lombok-plugin-5.3.0.pom">
+            <sha256 value="9550172e9d37595d1ddc1ae008ddbd272dd521d94d1bbaf127b0c749e1ee0440" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="io.freefair.lombok" name="io.freefair.lombok.gradle.plugin" version="5.3.0">
+         <artifact name="io.freefair.lombok.gradle.plugin-5.3.0.pom">
+            <sha256 value="388d370f5c677b29d93f2a32c4ea0ec317f2e345f028de9d637e5118b0dece4d" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="javax.inject" name="javax.inject" version="1">
+         <artifact name="javax.inject-1.jar">
+            <sha256 value="91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="javax.inject-1.pom">
+            <sha256 value="943e12b100627804638fa285805a0ab788a680266531e650921ebfe4621a8bfa" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="jfree" name="jcommon" version="1.0.16">
+         <artifact name="jcommon-1.0.16.jar">
+            <sha256 value="3d6113245ffdb8b6bf066d53674d888218c916cf1db1cb40e55105a75b2d567e" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="jcommon-1.0.16.pom">
+            <sha256 value="d1474959ef5e9fa5a8637ae93a1812d69fa06006300161fcf101e9f6442cc10e" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="jfree" name="jfreechart" version="1.0.13">
+         <artifact name="jfreechart-1.0.13.jar">
+            <sha256 value="62fc1c7a98fd59b760e4324e95a63ec6aadf10dfc817af808a86b1891776d2ad" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="jfreechart-1.0.13.pom">
+            <sha256 value="d7dee32531d5adddc5bb7b3c314efe0690f10fa670867b2a52343ca17e412a25" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="net.java.dev.jna" name="jna" version="4.5.1">
+         <artifact name="jna-4.5.1.jar">
+            <sha256 value="fbc9de96a0cc193a125b4008dbc348e9ed54e5e13fc67b8ed40e645d303cc51b" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="jna-4.5.1.pom">
+            <sha256 value="a2bae04bb469e14213ce6c94be413684646e00965ada85ec03563801bf0c2408" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="net.java.dev.jna" name="jna-platform" version="4.5.1">
+         <artifact name="jna-platform-4.5.1.jar">
+            <sha256 value="84c8667555ee8dd91fef44b451419f6f16f71f727d5fc475a10c2663eba83abb" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="jna-platform-4.5.1.pom">
+            <sha256 value="aff7dab2ce6de5eb359f019211d6985b3b590ac22019bbc4e45c24940e995e8a" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="net.sf.jopt-simple" name="jopt-simple" version="5.0.1">
+         <artifact name="jopt-simple-5.0.1.jar">
+            <sha256 value="9f0c8d50fa4b79b6ff1502dbec8502179d6b9497cacbe17a13074001aed537ec" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="jopt-simple-5.0.1.pom">
+            <sha256 value="606e9b1d8e448a8f454b7eb585320b392e80f68880e92bef98cdf9dab8714340" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="net.sourceforge.jdatepicker" name="jdatepicker" version="1.3.2">
+         <artifact name="jdatepicker-1.3.2.jar">
+            <sha256 value="e2b8f768f0ee996083d01d192bf6f239122d7e2e8c2c44f0d15dcd13a53474d5" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="jdatepicker-1.3.2.pom">
+            <sha256 value="3b524e7567e1f16400a6f2a5c7da66f69107ea46974d80d6479bf93ade681ac5" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.apache" name="apache" version="17">
+         <artifact name="apache-17.pom">
+            <sha256 value="398044b74b5a719326be218ae08124e5e2f3318ab5d78fe199d504efc2e0d43f" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.apache" name="apache" version="18">
+         <artifact name="apache-18.pom">
+            <sha256 value="7831307285fd475bbc36b20ae38e7882f11c3153b1d5930f852d44eda8f33c17" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.apache" name="apache" version="4">
+         <artifact name="apache-4.pom">
+            <sha256 value="9e9323a26ba8eb2394efef0c96d31b70df570808630dc147cab1e73541cc5194" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.apache.commons" name="commons-csv" version="1.4">
+         <artifact name="commons-csv-1.4.jar">
+            <sha256 value="9d4924588d6280c7516db3a4b7298306db5b6f0d1cdf568ce738309b5660f008" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="commons-csv-1.4.pom">
+            <sha256 value="87a058a0c2d33472ceca88467d58b17be0f0ec650af072da054af5fee0fd03d9" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.apache.commons" name="commons-io" version="1.3.2">
+         <artifact name="commons-io-1.3.2.pom">
+            <sha256 value="6bd9a4de95b23d52956909e91aab6f79c8a7aa269e3519b31f77f1ef7a729f4d" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.apache.commons" name="commons-lang3" version="3.7">
+         <artifact name="commons-lang3-3.7.jar">
+            <sha256 value="6e8dc31e046508d9953c96534edf0c2e0bfe6f468966b5b842b3f87e43b6a847" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="commons-lang3-3.7.pom">
+            <sha256 value="16bf63e86f5ea0404e89ed0f654b0915bea0030129aea9531d74369b71f764da" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.apache.commons" name="commons-parent" version="3">
+         <artifact name="commons-parent-3.pom">
+            <sha256 value="9b4771f073287d1f3f249d3a62c0b1ef76fdbba61fac64f099f3c6ef72fa3fb0" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.apache.commons" name="commons-parent" version="40">
+         <artifact name="commons-parent-40.pom">
+            <sha256 value="3059556e29612b1af65df7e040c4a510be492a973479c8c0cc3b6c083b1943e4" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.apache.commons" name="commons-parent" version="42">
+         <artifact name="commons-parent-42.pom">
+            <sha256 value="cd313494c670b483ec256972af1698b330e598f807002354eb765479f604b09c" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.apache.commons" name="commons-text" version="1.2">
+         <artifact name="commons-text-1.2.jar">
+            <sha256 value="d4a57bbc1627da7c391308fd0fe910b83170fb66afd117236a5b111d2db1590b" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="commons-text-1.2.pom">
+            <sha256 value="ec4f5a26089541f8e8531f91db590d963d772ee86d76f749a4b5d44fd9c6f6fc" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.codehaus" name="codehaus-parent" version="4">
+         <artifact name="codehaus-parent-4.pom">
+            <sha256 value="6b87237de8c2e1740cf80627c7f3ce3e15de1930bb250c55a1eca94fa3e014df" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.codehaus.groovy" name="groovy" version="3.0.3">
+         <artifact name="groovy-3.0.3.jar">
+            <sha256 value="4052c72a3518b681ef9ec576940aa841bd85278a151b28d6656871668033392f" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="groovy-3.0.3.pom">
+            <sha256 value="bab8276b9b11de756d27e1e73b01322e681e84a6d4e22d49a9d9f633eeb95571" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.codehaus.groovy" name="groovy-xml" version="3.0.3">
+         <artifact name="groovy-xml-3.0.3.jar">
+            <sha256 value="2acfa711a69b585047ab731769d6bff3b8a06e49490639c78346c7a4005a59b7" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="groovy-xml-3.0.3.pom">
+            <sha256 value="792811162f89b3e2666a0bd4363068de0d00d2f841456d0351e8a2df8293b78b" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.codehaus.mojo" name="animal-sniffer-annotations" version="1.14">
+         <artifact name="animal-sniffer-annotations-1.14.jar">
+            <sha256 value="2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="animal-sniffer-annotations-1.14.pom">
+            <sha256 value="1879f19a05991e3ed95910b96689333396b0c467a215dc4d1f90018404b72a26" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.codehaus.mojo" name="animal-sniffer-parent" version="1.14">
+         <artifact name="animal-sniffer-parent-1.14.pom">
+            <sha256 value="f51550a06b1410bd4962cb0e71df0b921a60a7ef47bfa9c4825a14be72316eea" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.codehaus.mojo" name="mojo-parent" version="34">
+         <artifact name="mojo-parent-34.pom">
+            <sha256 value="3e395d6fbc43c09a3774cac8694ce527398305ea3fd5492d80e25af27d382a9c" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.eclipse.jgit" name="org.eclipse.jgit" version="5.8.0.202006091008-r">
+         <artifact name="org.eclipse.jgit-5.8.0.202006091008-r.jar">
+            <sha256 value="84a0dcb47f4d2233fc4c05d4eac012d37db012b953a208aa13a22c286bcc85f9" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="org.eclipse.jgit-5.8.0.202006091008-r.pom">
+            <sha256 value="f70528fda51102e0c540106912911558ed67e0dd303d198f4e34c3d14bb545f1" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.eclipse.jgit" name="org.eclipse.jgit-parent" version="5.8.0.202006091008-r">
+         <artifact name="org.eclipse.jgit-parent-5.8.0.202006091008-r.pom">
+            <sha256 value="0ced7ec1d5da22ce417c0be830d300c4419963030fd39ae75335b03e61ef65c0" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.hamcrest" name="hamcrest-core" version="1.3">
+         <artifact name="hamcrest-core-1.3.jar">
+            <sha256 value="66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="hamcrest-core-1.3.pom">
+            <sha256 value="fde386a7905173a1b103de6ab820727584b50d0e32282e2797787c20a64ffa93" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.hamcrest" name="hamcrest-parent" version="1.3">
+         <artifact name="hamcrest-parent-1.3.pom">
+            <sha256 value="6d535f94efb663bdb682c9f27a50335394688009642ba7a9677504bc1be4129b" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.influxdb" name="influxdb-java" version="2.5">
+         <artifact name="influxdb-java-2.5.jar">
+            <sha256 value="4fc6b2c75c7c39380859220439969637897fbc9abaa1457c51c0275610f18ffd" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="influxdb-java-2.5.pom">
+            <sha256 value="9cea55346c8e92fed0c8f5467911c47adcdf6ea3196cdbd9306bf3851921a5da" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.json" name="json" version="20200518">
+         <artifact name="json-20200518.jar">
+            <sha256 value="0ff30e6da82f15afaf0e76bd6e996a7ab5566851166a83f973c64a9a0f946d2d" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="json-20200518.pom">
+            <sha256 value="48e84a975f5e3fb593bf6ca549ceac9983b2ec9727b5d3b9e62278c9ce00df38" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.jsoup" name="jsoup" version="1.13.1">
+         <artifact name="jsoup-1.13.1.jar">
+            <sha256 value="e2b99c0d2fa39f69f27efb1c0016390713feb2f2e02d8ea7f1c36b780271598a" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="jsoup-1.13.1.pom">
+            <sha256 value="b35a250072073639ef51d988956b4679741cd7b453f38466b1dfadc3fd4998eb" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.mongodb" name="bson" version="4.2.0">
+         <artifact name="bson-4.2.0.jar">
+            <sha256 value="a21917b7027a7a0a8ac8b1731fffcb81193905def4377d5dc10cd2cf3841d995" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="bson-4.2.0.pom">
+            <sha256 value="244590396c2be7596eef95958056c87197a7049ff6dcbaa191329ff40d58ff9c" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.mongodb" name="mongodb-driver-core" version="4.2.0">
+         <artifact name="mongodb-driver-core-4.2.0.jar">
+            <sha256 value="1d86535a2f21a0e4bde6ed4c87acf5552b9283bb1a3a8c95620945ba3d285f32" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="mongodb-driver-core-4.2.0.pom">
+            <sha256 value="7d57d91814834cd09ad405bda53f5c29864e66787ecc7e1f6a9f22e43b3aef22" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.mongodb" name="mongodb-driver-sync" version="4.2.0">
+         <artifact name="mongodb-driver-sync-4.2.0.jar">
+            <sha256 value="cd62a225f4890a16f8b4079ccb77d9ba7a8718acc3de23f5cedd5ff073f2e42d" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="mongodb-driver-sync-4.2.0.pom">
+            <sha256 value="c4feccdf540ecc95a4d41733cd485b59219f9c77dffd25cbb99d5a06b774e058" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.projectlombok" name="lombok" version="1.18.16">
+         <artifact name="lombok-1.18.16.jar">
+            <sha256 value="7206cbbfd6efd5e85bceff29545633645650be58d58910a23b0d4835fbd15ed7" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="lombok-1.18.16.pom">
+            <sha256 value="34353bdceac715ac005aa8bcb89930cde3897ba9fc61280c1f1c0e7863de941c" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.projectlombok" name="lombok" version="1.18.4">
+         <artifact name="lombok-1.18.4.jar">
+            <sha256 value="39f3922deb679b1852af519eb227157ef2dd0a21eec3542c8ce1b45f2df39742" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="lombok-1.18.4.pom">
+            <sha256 value="2eaf8fc3d7a9c2ce18ec874bc4674f7ab492b2121143342321e820eea12ffa2f" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.slf4j" name="slf4j-api" version="1.7.25">
+         <artifact name="slf4j-api-1.7.25.jar">
+            <sha256 value="18c4a0095d5c1da6b817592e767bb23d29dd2f560ad74df75ff3961dbde25b79" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="slf4j-api-1.7.25.pom">
+            <sha256 value="7cd9d7a0b5d93dfd461a148891b43509cf403a9c7f9fb49060d3554df1c81e1e" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.slf4j" name="slf4j-parent" version="1.7.25">
+         <artifact name="slf4j-parent-1.7.25.pom">
+            <sha256 value="18f5c52120db036e88d6136f8839c832d074bdda95c756c6f429249d2db54ac6" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.sonatype.oss" name="oss-parent" version="5">
+         <artifact name="oss-parent-5.pom">
+            <sha256 value="1678d4120a585d8a630131aeec4c524d928398583b7eab616ee7d5a87f520d3d" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.sonatype.oss" name="oss-parent" version="7">
+         <artifact name="oss-parent-7.pom">
+            <sha256 value="b51f8867c92b6a722499557fc3a1fdea77bdf9ef574722fe90ce436a29559454" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.sonatype.oss" name="oss-parent" version="9">
+         <artifact name="oss-parent-9.pom">
+            <sha256 value="fb40265f982548212ff82e362e59732b2187ec6f0d80182885c14ef1f982827a" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.zeromq" name="jnacl" version="0.1.0">
+         <artifact name="jnacl-0.1.0.jar">
+            <sha256 value="5e4836d5f08a22e833f9cf1cadbdb5af60c0735d08dd88256a04d5df25b54f26" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="jnacl-0.1.0.pom">
+            <sha256 value="1a819054432bcf31f88e45d53cc16a9234798cb988bf3fe3a8d685c5e53759d5" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+   </components>
+</verification-metadata>
diff --git a/package/verification-template/settings.gradle b/package/verification-template/settings.gradle
new file mode 100644
index 000000000..ff5477128
--- /dev/null
+++ b/package/verification-template/settings.gradle
@@ -0,0 +1 @@
+rootProject.name = "verification-template"
\ No newline at end of file