Thomas Wolf [Tue, 10 Aug 2021 21:26:42 +0000 (23:26 +0200)]
[gpg] Better GPG home directory determination
GPG can use customized directories instead of the standard ~/.gnupg or
%APPDATA%\gnupg directories:
* Environment variable GNUPGHOME can define the location.
* On Windows, a registry key may define the location (but this is
deprecated).
* Portable installations may use a directory defined via a file
"gpgconf.ctl".
* GPG programs may take a --homedir command-line argument, which
overrides anything.
Implement handling of environment variable GNUPGHOME. The other ways of
GPG to get its home directory are outside the reach of JGit. Provide a
system property "jgit.gpg.home" that the user can set in such cases.
Do tilde replacement for the system property and for GNUPGHOME.
Note that on VMS, the default directory would be ~/gnupg (without dot).
This is not accounted for, but a user on VMS could now use either the
system property or GNUPGHOME to direct JGit to the right directory.
Bug: 575327
Change-Id: Id5ea04a85d58dba0c0df7a705777630d36042467 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
DFS block cache: Refactor to enable parallel index loading
With this change bitmap index creation is not blocked on index and
reverse index full initialization in DfsPackFile. Now bitmap index and index could be
read from storage in parallel in separate threads.
Update PackBitmapIndexV1 constructor to get packIndex and reverseIndex
suppliers instead of actual objects. Inner class IdxPositionBitmap was added to initialize pack objects after bitmap
index is fully read from storage. Update DfsPackFile and PackBitmapIndex
accordingly.
Thomas Wolf [Thu, 29 Jul 2021 11:12:40 +0000 (13:12 +0200)]
Merge branch 'stable-5.12'
* stable-5.12:
[test] Create keystore with the keytool of the running JDK
Fix garbage collection failing to delete pack file
ReachabilityCheckerTestCase: fix reachable from self test case
Change-Id: I4b54f4850819736144edb784617ee902f491ffd6 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Thomas Wolf [Sun, 25 Jul 2021 13:44:35 +0000 (15:44 +0200)]
[test] Create keystore with the keytool of the running JDK
Call keytool with the absolute path of "java.home". Otherwise a keytool
for a different, maybe even newer Java version might be picked up, and
then the keystore may not be readable by the JVM used to run the tests.
Thomas Wolf [Sun, 25 Jul 2021 13:44:35 +0000 (15:44 +0200)]
[test] Create keystore with the keytool of the running JDK
Call keytool with the absolute path of "java.home". Otherwise a keytool
for a different, maybe even newer Java version might be picked up, and
then the keystore may not be readable by the JVM used to run the tests.
Change-Id: Iea77024947a34267f008847d81312fe0abadc615 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Adds functionality to read the git commit.template property. The
template content is read either via a default encoding or, if present,
via encoding specified by i18n.commitEncoding property.
Matthias Sohn [Mon, 19 Jul 2021 10:32:26 +0000 (12:32 +0200)]
Relax version range for hamcrest and assertj
We currently cannot use hamcrest 2.2 and assertj 3.20.2 (which requires
hamcrest 2.2) in egit tests since other Eclipse dependencies (e.g.
swtbot) require hamcrest 1.1.
Hence relax version range for these components in jgit so that jgit
tests also work when using the egit target platform.
Matthias Sohn [Wed, 14 Jul 2021 20:30:06 +0000 (22:30 +0200)]
Update orbit to I20210713220109
update
- org.apache.commons.compress to 1.20.0.v20210713-192
- org.bouncycastle.bcpg to 1.69.0.v20210713-1924
- org.bouncycastle.bcpkix to 1.69.0.v20210713-1924
- org.bouncycastle.bcprov to 1.69.0.v20210713-1924
In bazel build don't expose bouncycastle to org.eclipse.jgit since it's
not used there anymore since code depending on bouncycastle was moved to
org.eclipse.jgit.gpg.bc.
Matthias Sohn [Sun, 11 Jul 2021 12:21:40 +0000 (14:21 +0200)]
Update orbit to I20210711110031
and update
- assertj to 3.20.2.v20210706-1104
- hamcrest to 2.2.0.v20210711-0821
- classes which were in org.hamcrest.core 1.3 and org.hamcrest.library
1.3 were all moved to org.hamcrest in 2.2
- the annotation org.hamcrest.Factory was removed and is no longer
needed
- junit 4.13 requires hamcrest-core and hamcrest-library 1.3 therefore
keep them in the target platform
Thomas Wolf [Tue, 29 Jun 2021 21:08:02 +0000 (23:08 +0200)]
[sshd] Distinguish key type and signature algorithm for host key
Since the introduction of the rsa-sha2-512 and rsa-sha2-256 signature
types, the key type for RSA is no longer automatically the signature
algorithm. We re-order the list for the host key proposal such that
keys we already have are preferred; this minimizes warnings about new
host keys. When doing so, put all of rsa-sha2-512, rsa-sha2-256, and
ssh-rsa at the front, in that order, not just ssh-rsa.
This ensures that we do prefer RSA keys if we already have an RSA host
key, but at the same time we still prefer the stronger signature
algorithms over the weaker and deprecated SHA1-based ssh-rsa signature.
It also helps avoid a bug found in some Github versions where the Github
SSH server uses a rsa-sha2-512 signature even though ssh-rsa was
negotiated.[1]
Thomas Wolf [Tue, 29 Jun 2021 20:57:09 +0000 (22:57 +0200)]
[sshd] Implement SSH config KexAlgorithms
Make the used KEX algorithms configurable via the ssh config. Also
implement adding algorithms not in the default set: since sshd 2.6.0
deprecated SHA1-based algorithms, it is possible that the default set
has not all available algorithms, so adding algorithms makes sense.
This enables users who have to use a git server that only supports
old SHA1-based key exchange methods to enable those methods in the
ssh config:
KexAlgorithms +diffie-hellman-group1-sha1
There are two more SHA1 algorithms that are not enabled by default:
diffie-hellman-group14-sha1 and diffie-hellman-group-exchange-sha1.
KeyAlgorithms accepts a comma-separated list of algorithm names.
Since adding algorithms is now supported, adapt the handling of
signature algorithms, too. Make sure that definitions for the KEX
exchange signature (HostKeyAlgorithms) don't conflict with the
definition for signatures for pubkey auth (PubkeyAcceptedAlgorithms).
HostKeyAlgorithms updates the signature factories set on the session
to include the default factories plus any that might have been added
via the SSH config. Move the handling of PubkeyAcceptedAlgorithms
from the client to the JGitPubkeyAuthentication, where it can be done
only if pubkey auth is attempted at all and where it can store its
adapted list of factories locally.
Bug: 574636
Change-Id: Ia5d5f174bbc8e5b41e10ec2c25216d861174e7c3 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Thomas Wolf [Tue, 11 May 2021 07:04:52 +0000 (09:04 +0200)]
Update target platform to I20210626190330
Update
- com.google.gson to 2.8.7.v20210624-1215
- javaewah to 1.1.12.v20210622-2206
- org.apache.sshd.osgi to 2.7.0.v20210623-0618
- org.apache.sshd.sftp to 2.7.0.v20210623-0618
- org.tukaani.xz to 1.9.0.v20210624-1259
- Apache MINA sshd to 2.7.0
- Remove work-arounds for problems resolved upstream since 2.6.0, and
adapt to upstream API changes.
- update DEPENDENCIES.
CQ: 23469
CQ: 23470
CQ: 23496
CQ: 23497
CQ: 23498
Bug: 574220
Change-Id: I898b216c3492f8488fbf25fa4b49f1250f86f3c8 Also-by: David Ostrovsky <david@ostrovsky.org> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Luca Milanesio [Sat, 19 Jun 2021 00:50:35 +0000 (01:50 +0100)]
Remove use of deprecated getAllRefs() in ReceivePack
Repository.getAllRefs() is deprecated and should not
be used anymore. Leverage the ref-db and the retrieval
of refs by prefix and adapt the result to the expected
refname/ref map.
Antonio Barone [Wed, 2 Jun 2021 15:13:17 +0000 (18:13 +0300)]
Retry loose object read upon "Stale file handle" exception
When reading loose objects over NFS it is possible that the OS syscall
would fail with ESTALE errors: This happens when the open file
descriptor no longer refers to a valid file.
Notoriously it is possible to hit this scenario when git data is shared
among multiple clients, for example by multiple gerrit instances in HA.
If one of the two clients performs a GC operation that would cause the
packing and then the pruning of loose objects, the other client might
still hold a reference to those objects, which would cause an exception
to bubble up the stack.
The Linux NFS FAQ[1] (at point A.10), suggests that the proper way to
handle such ESTALE scenarios is to:
"[...] close the file or directory where the error occurred, and reopen
it so the NFS client can resolve the pathname again and retrieve the new
file handle."
In case of a stale file handle exception, we now attempt to read the
loose object again (up to 5 times), until we either succeed or encounter
a FileNotFoundException, in which case the search can continue to
Packfiles and alternates.
The limit of 5 provides an arbitrary upper bounds that is consistent to
the one chosen when handling stale file handles for packed-refs
files (see [2] for context).
andrewxian2000 [Mon, 14 Jun 2021 21:58:52 +0000 (09:58 +1200)]
Fix garbage collection failing to delete pack file
The loosen() method has opened pack file and the open pack file handle
may prevent it from being deleted e.g. on Windows. Fix this by closing
the pack file only after loosen() finished.
Bug: 574178
Change-Id: Icd59931a218d84c9c97b450eea87b21ed01248ff Signed-off-by: andrew.xian2000@gmail.com Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
andrewxian2000 [Mon, 14 Jun 2021 21:58:52 +0000 (09:58 +1200)]
Fix garbage collection failing to delete pack file
The loosen() method has opened pack file and the open pack file handle
may prevent it from being deleted e.g. on Windows. Fix this by closing
the pack file only after loosen() finished.
Bug: 574178
Change-Id: Icd59931a218d84c9c97b450eea87b21ed01248ff Signed-off-by: andrew.xian2000@gmail.com Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Thomas Wolf [Thu, 17 Jun 2021 15:50:31 +0000 (17:50 +0200)]
Fix PathSuffixFilter: can decide only on full paths
On a subtree, a PathSuffixFilter must return -1 ("indeterminate"),
not 0 ("include"), otherwise negation goes wrong: an indeterminate
result (-1) is passed on, but a decision (0/1) is inverted.
As a result a negated PathSuffixFilter would skip all folders.
Bug: 574253
Change-Id: I27fe785c0d772392a5b5efe0a7b1c9cafcb6e566 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Teach independent negotiation (no pack file) using an option "wait-for-done"
From Git commit 9c1e657a8f:
Currently, the packfile negotiation step within a Git fetch cannot be
done independent of sending the packfile, even though there is at
least one application wherein this is useful - push negotiation.
Therefore, make it possible for this negotiation step to be done
independently.
This feature is for protocol v2 only.
In the protocol, the main hindrance towards independent negotiation is
that the server can unilaterally decide to send the packfile. This is
solved by a "wait-for-done" argument: the server will then wait for
the client to say "done". In practice, the client will never say it;
instead it will cease requests once it is satisfied.
Advertising the server capability option "wait-for-done" is behind the
transport config: uploadpack.advertisewaitfordone, which by default is
false.
projects / jgit.git / log