| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* master:
SSH signing: implement a SignatureVerifier
SSH signing: implement a Signer
PackIndexWriter: create interface to write indexes
Add `numberOfPackFilesAfterBitmap` to RepoStatistics
SSH signing: don't require a session in PasswordProviderWrapper
SSH signing: make OpenSSH pattern matching public
SSH signing: prepare config
ssh: add a factory for KeyPasswordProvider
DfsBlockCacheConfig: update stream.toList to collect(toList)
DfsBlockCache: refactor stats implementations.
DfsBlockCacheConfigs: add debug configuration print
Test advertised capabilities with protocol V0 and allow*Sha1InWant
Align request policies with CGit
DfsReaderOptions: read loadRevIndexInParallel from config
UploadPack: suppress resource warning for DepthWalk.RevWalk
Update Apache sshd to 2.14.0
LfsConnectionFactoryTest: remove unnecessary cast
JSchSshProtocol2Test: remove unnecessary cast
ApacheSshProtocol2Test: remove unnecessary cast
NoteMapMerger: remove unnecessary cast
Update jetty to 12.0.14
Update Apache sshd to 2.14.0
orbit-4.34: update junit bundle to 4.13.2.v20240929-1000
WindowCursor: Fix parameter name in javadoc
RevolveMerger: honor ignoreConflicts also for binary files
dfs: add configurable name to block cache table stats
DfsBlockCache: use PackExtBlockCacheTable when configured
Change-Id: I1483aab03c6c01a0b11d4eaa2f7722cb53fe5837
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* stable-7.0:
Update Apache sshd to 2.14.0
LfsConnectionFactoryTest: remove unnecessary cast
JSchSshProtocol2Test: remove unnecessary cast
ApacheSshProtocol2Test: remove unnecessary cast
NoteMapMerger: remove unnecessary cast
Change-Id: Iade9d1fd01452ca12b4f75731fd13d02a5ac5e55
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* stable-6.10:
Update Apache sshd to 2.14.0
LfsConnectionFactoryTest: remove unnecessary cast
JSchSshProtocol2Test: remove unnecessary cast
ApacheSshProtocol2Test: remove unnecessary cast
NoteMapMerger: remove unnecessary cast
Change-Id: I8fca74d88efadc827955b0a5032e6fbd72ce3e0d
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This fixes an 'incorrect signature' error when trying to use the keys
generated by SSHD during server init with an OpenSSH client.
This also includes a few other changes since 2.13.2:
* GH-524 Performance improvements
* GH-533 Fix multi-step authentication
* GH-582 Fix filtering in NamedFactory
* GH-587 Prevent NullPointerExceptionon closed channel in NettyIoSession
* GH-590 Better support for FIPS
* GH-597 Pass on Charset in ClientSession.executeRemoteCommand()
https://github.com/apache/mina-sshd/releases/tag/sshd-2.14.0
Change-Id: I76909fd56e70ee4ce16a075bd40ed6b2a609cc47
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: I08ed51b13aa269a4f6b64ac723b6bd7649c6591c
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: Id3767f43cbbfd0c05f9a7f0d5620943da874df92
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: Ie8e7b097e48342a9cda6873e8595146a1b3f1427
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: I3be4963f506529bbadc5b6dfc0b625ee85effc1f
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* changes:
SSH signing: implement a SignatureVerifier
SSH signing: implement a Signer
SSH signing: don't require a session in PasswordProviderWrapper
SSH signing: make OpenSSH pattern matching public
SSH signing: prepare config
ssh: add a factory for KeyPasswordProvider
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Signature verification needs quite a bit of infrastructure. There are
two files to read: a list of allowed signers, and a list of revoked keys
or certificates. Introduce a SigningKeyDatabase abstraction for these,
and give client code the possibility to plug in its own implementation.
Loading these files afresh for every signature to be checked would be
prohibitively expensive. Introduce a cache of SigningKeyDatabases, and
have them reload the files only when they have changed.
Include a default implementation that works with the OpenSSH allowed
signers file and with OpenSSH revocation lists. Binary KRLs are parsed
according to [1]; the test data was generated using the OpenSSH test
script[2].
[1] https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.krl
[2] https://github.com/openssh/openssh-portable/blob/67a115e/regress/krl.sh
Bug: jgit-44
Change-Id: I6a2fa24f38a2f2fe63ffb353da5b6665ca7277e1
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Implement a Signer and its factory, and publish the factory for the
ServiceLoader. SSH signatures can be created directly if the key is
given via a file in user.signingKey and the private key can be found.
Otherwise, signing is delegated to an SSH agent, if available.
If a certificate is used as public key, the signer verifies the
certificate (correct signature, and valid at the commit time).
SSH signatures are documented at [1].
[1] https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig
Bug: jgit-44
Change-Id: I3848ccc06ba3be5e868f879bd5705fee1b39c632
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
To read passphrase-protected private keys SSH signing will need to use a
PasswordProviderWrapper without SSH session.
Change-Id: I3ecac6c099f3ed1565fb4f0d56d55aee16edb9fc
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
SSH signing needs the same pattern matching algorithm as is used for
host matching in host entries in ~/.ssh/config. So make that pattern
matching available via a static method.
Change-Id: Ia26f23666f323f44ce66f769fbcd6c85965eb219
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Include the SSH specifics in the GpgConfig so that we will have access
to these configs later on.
Change-Id: Iad3d6f2bdb5ba879e1672368c82d367b8ccd246c
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Introduce a global default factory to create KeyPasswordProvider.
Previously, their creation was tied to the SSH session, but for SSH
signatures, we will need to be able to create KeyPasswordProviders
without having an SSH session.
Change-Id: If4a69c4d4c4e8de390cb1ef3b65966d0e39c24ff
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| |\ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
PackWriter assumes that the primary index goes to a file in a well-known
format. This cannot accomodate implementations in other storages or
formats (e.g. in a database).
Create an interface to write the index (PackIndexWriter). This interface
will be implemented by the existing pack index writer classes
(PackIndexWriterV1 etc.).
As the "PackIndexWriter" name was used by the previous superclass of the
file writers, we rename that class to "BasePackIndexWriter".
Change-Id: Ia7348395315e458fc7adc75a8db5dcb903e2a4a1
|
| |\ \ \ \ \ |
|
| | | |/ / /
| | |/| | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This change updates usage of stream's list collector to support older
jdk versions.
Change-Id: Ia066d36aef8ab166efd837d5f6f01e5d1fdd3cb7
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Introduce a `numberOfPackFilesAfterBitmap` that contains the number of
packfiles created since the latest bitmap generation.
Notes:
* the `repo.getObjectDatabase().getPacks()` that obtains the list of
packs (in the existing `getStatistics` function) uses
`PackDirectory.scanPacks` that boils down to call to
`PackDirectory.scanPacksImpl` which is sorting packs prior returning
them therefore the `numberOfPackFilesAfterBitmap` is just all packs
before the one that has bitmap attached
* the improved version of `packAndPrune` function (one that skips
non-existent packfiles) was introduced for testing
Change-Id: I608011462f104fc002ac527aa405f492a8a4b0c2
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The stats interface has an implementation in the interface itself and another inside the PackExtBlockCache class. This asymmetry gets on the way to implement stats-per-table later.
Make DfsBlockCacheStats (the stats of a single table) a top-level class and create an aggregator class to combine multiple stats. This makes the stats classes mirror the table classes structure (singles tables + composite).
This change is part of a refactor to support providing detailed stats
breakdowns for cache implementations using multiple table instances
while keeping the existing "aggregated" view of cache stats.
Change-Id: I79c11e4ea24afe4b449efdbb47bc81eed363ffd3
|
| |\ \ \ \ |
|
| | |/ / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This will write out configuration values on a line by line basis to a
given PrintWriter.
Primary usage is as a semi-formatted debug print of the configuration
values used by dfs block cache.
Change-Id: I96724262245e4aa3423734a8b10de83322c4f89f
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The advertised capabilities with protocol V0 were untested
leading to potential regressions when advertising what
SHA1 should or should not be on the list of capabilities.
Verify that allow-tip-sha1-in-want and allow-reachable-sha1-in-want
are properly advertised with the allow*Sha1InWant is set in
jgit.config.
Change-Id: I99d062a5a630b02ca3d1fe83bf6cdf3c284ae941
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
CGit defines the SHA request policies using a bitmask
that represents which policy is implied by another policy.
For example, in CGit the ALLOW_TIP_SHA1 is 0x01 and ALLOW_REACHABLE_SHA1
is 0x02, which are associated to two different bit in a 3-bit value.
The ALLOW_ANY_SHA1 value is 0x07 which denotes a different policy that
implies the previous two ones, because is represented with a 3-bit
bitmask having all ones.
Associate the JGit RequestPolicy enum to the same CGit bitmask values
and use the same logic for the purpose of advertising the server
capabilities.
The JGit code becomes easier to read and associate with its counterpart
in CGit, especially during the capabilities advertising phase.
Also add a new utility method RequestPolicy.implies() which is more
readable than a direct bitmask and operator.
Bug: jgit-68
Change-Id: I6b2649b06623a3b8226ee8413e4f1f58ad8ea28b
|
| |\ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
which borrows the ObjectReader from `walk` which is closed by
UploadPack#close.
Change-Id: Idb91f025c2872421702034381bb55d292d0e74ed
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The options have the field but it isn't loaded from the config. This
forces a workaround downstream.
Read the option from the config, as the others.
Change-Id: I7720812e0577d8f45f6b7f5b8495a8b64729125e
|
| |\ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This doc was copied from another where the parameter had a shorter name.
Change-Id: I6ae1afa525f02e26ab7224cced56db946f679bb8
Signed-off-by: Nasser Grainawi <quic_nasserg@quicinc.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Change-Id: I05da7de8fa370e3f00532f9f50408ddb79d37e56
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This fixes an 'incorrect signature' error when trying to use the keys
generated by SSHD during server init with an OpenSSH client.
This also includes a few other changes since 2.13.2:
* GH-524 Performance improvements
* GH-533 Fix multi-step authentication
* GH-582 Fix filtering in NamedFactory
* GH-587 Prevent NullPointerExceptionon closed channel in NettyIoSession
* GH-590 Better support for FIPS
* GH-597 Pass on Charset in ClientSession.executeRemoteCommand()
https://github.com/apache/mina-sshd/releases/tag/sshd-2.14.0
Change-Id: I76909fd56e70ee4ce16a075bd40ed6b2a609cc47
|
| |/ / / /
| | | | |
| | | | |
| | | | | |
Change-Id: I641c4dc44af47106149804fa05313d62d4f33325
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently difference in binary files during merge will cause them to be
added to unmergedPaths regardless of whether ignoreConflicts is true.
This creates an issue during merging with strategy "RECURSIVE", as it
makes it impossible to create a virtual commit if there is a difference
in a binary file. Resulting in the
CONFLICTS_DURING_MERGE_BASE_CALCULATION error being thrown.
This is especially problematic, since JGit has a
rather simplistic rules for considering file binary, which easily leads
to false positives.
What we should do instead is keep OURS. This will not lead to silently
ignoring difference in the final result. It will allow creation of
virtual merge-base commit, and then the difference would be presented
again in the final merge results. In essense it only affects what's
shown as BASE in 3-way merge.
Additionally, this is correct because
- It's consistent with treatment of other unmergeable entities, for
example Gitlinks
- It's consistent with behaviour of CGit:
- https://git-scm.com/docs/gitattributes#Documentation/gitattributes.txt-binary
states on diffs in binary OURS is picked by default.
- In code: https://git.kernel.org/pub/scm/git/git.git/tree/merge-ll.c#n81
- ignoreConflicts in CGit afterwards ignores all issues with content
merging https://git.kernel.org/pub/scm/git/git.git/tree/merge-ort.c#n5201
We also adjust the behaviour when .gitattributes tell us to treat the
file as binary for the purpose of the merge.
We only change the behaviour when ignoreConlicts = true, as otherwise
the current behaviour works as intended.
Change-Id: I2b69f80a13d250aad3fe12dd438b2763f3022270
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The addition of a name will help show statistics broken down per inner
cache table when more than one cache table is used.
The name configuration is obtained from the config subsection name
prefixed by `dfs`, or `dfs` for the base case.
Change-Id: Ia16c794f094d756441b779e3b1f1a3c992443509
|
| |\ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Adds the usage of PackExtBlockCacheTable to the
DfsBlockCache, replacing the current DfsBlockCacheTable
when PackExtCacheConfigurations exists.
When no PackExtCacheConfigurations exists the current
DfsBlockCacheTable implementation will be used.
Change-Id: I42222a0cb43785baba907a49077dd9874d19d891
|
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I6329845c41bf40a752c685fb77483d9722cd1583
|
|/ / / /
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Change-Id: Ib48cf15ad039bc7102a8af202ffcc39ea9233b9b
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: I08ed51b13aa269a4f6b64ac723b6bd7649c6591c
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: Id3767f43cbbfd0c05f9a7f0d5620943da874df92
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: Ie8e7b097e48342a9cda6873e8595146a1b3f1427
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: I3be4963f506529bbadc5b6dfc0b625ee85effc1f
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: I6da7acb4fb8188a5bd32382eca12593febff29b7
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: I164964b2173ee285d35d6d3a29caf30c0b8a6f95
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: Ib17b92d6f413f706ff97fb4ccf07847f4b5808ad
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: Ib3030b917ffb1a02115345e9050180313efdc19b
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is meant to help diagnose LOCK_FAILURE errors, which otherwise provides
very little information in
https://eclipse.googlesource.com/jgit/jgit/+/refs/heads/master/org.eclipse.jgit/src/org/eclipse/jgit/lib/BatchRefUpdate.java#731.
Change-Id: I3d544c899fe66effbd107ea2f38d73f6f253a7e6
|
|\ \ \ \ \ |
|