summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'master' into stable-7.1Matthias Sohn2024-10-23203-676/+6753
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: SSH signing: implement a SignatureVerifier SSH signing: implement a Signer PackIndexWriter: create interface to write indexes Add `numberOfPackFilesAfterBitmap` to RepoStatistics SSH signing: don't require a session in PasswordProviderWrapper SSH signing: make OpenSSH pattern matching public SSH signing: prepare config ssh: add a factory for KeyPasswordProvider DfsBlockCacheConfig: update stream.toList to collect(toList) DfsBlockCache: refactor stats implementations. DfsBlockCacheConfigs: add debug configuration print Test advertised capabilities with protocol V0 and allow*Sha1InWant Align request policies with CGit DfsReaderOptions: read loadRevIndexInParallel from config UploadPack: suppress resource warning for DepthWalk.RevWalk Update Apache sshd to 2.14.0 LfsConnectionFactoryTest: remove unnecessary cast JSchSshProtocol2Test: remove unnecessary cast ApacheSshProtocol2Test: remove unnecessary cast NoteMapMerger: remove unnecessary cast Update jetty to 12.0.14 Update Apache sshd to 2.14.0 orbit-4.34: update junit bundle to 4.13.2.v20240929-1000 WindowCursor: Fix parameter name in javadoc RevolveMerger: honor ignoreConflicts also for binary files dfs: add configurable name to block cache table stats DfsBlockCache: use PackExtBlockCacheTable when configured Change-Id: I1483aab03c6c01a0b11d4eaa2f7722cb53fe5837
| * Merge branch 'stable-7.0'Matthias Sohn2024-10-230-0/+0
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-7.0: Update Apache sshd to 2.14.0 LfsConnectionFactoryTest: remove unnecessary cast JSchSshProtocol2Test: remove unnecessary cast ApacheSshProtocol2Test: remove unnecessary cast NoteMapMerger: remove unnecessary cast Change-Id: Iade9d1fd01452ca12b4f75731fd13d02a5ac5e55
| | * Merge branch 'stable-6.10' into stable-7.0Matthias Sohn2024-10-2327-155/+157
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-6.10: Update Apache sshd to 2.14.0 LfsConnectionFactoryTest: remove unnecessary cast JSchSshProtocol2Test: remove unnecessary cast ApacheSshProtocol2Test: remove unnecessary cast NoteMapMerger: remove unnecessary cast Change-Id: I8fca74d88efadc827955b0a5032e6fbd72ce3e0d
| | | * Update Apache sshd to 2.14.0Matthias Sohn2024-10-1022-145/+145
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes an 'incorrect signature' error when trying to use the keys generated by SSHD during server init with an OpenSSH client. This also includes a few other changes since 2.13.2: * GH-524 Performance improvements * GH-533 Fix multi-step authentication * GH-582 Fix filtering in NamedFactory * GH-587 Prevent NullPointerExceptionon closed channel in NettyIoSession * GH-590 Better support for FIPS * GH-597 Pass on Charset in ClientSession.executeRemoteCommand() https://github.com/apache/mina-sshd/releases/tag/sshd-2.14.0 Change-Id: I76909fd56e70ee4ce16a075bd40ed6b2a609cc47
| | | * LfsConnectionFactoryTest: remove unnecessary castMatthias Sohn2024-10-102-2/+5
| | | | | | | | | | | | | | | | Change-Id: I08ed51b13aa269a4f6b64ac723b6bd7649c6591c
| | | * JSchSshProtocol2Test: remove unnecessary castMatthias Sohn2024-10-102-2/+3
| | | | | | | | | | | | | | | | Change-Id: Id3767f43cbbfd0c05f9a7f0d5620943da874df92
| | | * ApacheSshProtocol2Test: remove unnecessary castMatthias Sohn2024-10-102-2/+3
| | | | | | | | | | | | | | | | Change-Id: Ie8e7b097e48342a9cda6873e8595146a1b3f1427
| | | * NoteMapMerger: remove unnecessary castMatthias Sohn2024-10-101-1/+1
| | | | | | | | | | | | | | | | Change-Id: I3be4963f506529bbadc5b6dfc0b625ee85effc1f
| * | | Merge changes from topic "ssh-signatures"Matthias Sohn2024-10-23147-33/+5122
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * changes: SSH signing: implement a SignatureVerifier SSH signing: implement a Signer SSH signing: don't require a session in PasswordProviderWrapper SSH signing: make OpenSSH pattern matching public SSH signing: prepare config ssh: add a factory for KeyPasswordProvider
| | * | | SSH signing: implement a SignatureVerifierThomas Wolf2024-10-23115-2/+3757
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signature verification needs quite a bit of infrastructure. There are two files to read: a list of allowed signers, and a list of revoked keys or certificates. Introduce a SigningKeyDatabase abstraction for these, and give client code the possibility to plug in its own implementation. Loading these files afresh for every signature to be checked would be prohibitively expensive. Introduce a cache of SigningKeyDatabases, and have them reload the files only when they have changed. Include a default implementation that works with the OpenSSH allowed signers file and with OpenSSH revocation lists. Binary KRLs are parsed according to [1]; the test data was generated using the OpenSSH test script[2]. [1] https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.krl [2] https://github.com/openssh/openssh-portable/blob/67a115e/regress/krl.sh Bug: jgit-44 Change-Id: I6a2fa24f38a2f2fe63ffb353da5b6665ca7277e1 Signed-off-by: Thomas Wolf <twolf@apache.org>
| | * | | SSH signing: implement a SignerThomas Wolf2024-10-2332-11/+1161
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement a Signer and its factory, and publish the factory for the ServiceLoader. SSH signatures can be created directly if the key is given via a file in user.signingKey and the private key can be found. Otherwise, signing is delegated to an SSH agent, if available. If a certificate is used as public key, the signer verifies the certificate (correct signature, and valid at the commit time). SSH signatures are documented at [1]. [1] https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig Bug: jgit-44 Change-Id: I3848ccc06ba3be5e868f879bd5705fee1b39c632 Signed-off-by: Thomas Wolf <twolf@apache.org>
| | * | | SSH signing: don't require a session in PasswordProviderWrapperThomas Wolf2024-10-221-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To read passphrase-protected private keys SSH signing will need to use a PasswordProviderWrapper without SSH session. Change-Id: I3ecac6c099f3ed1565fb4f0d56d55aee16edb9fc Signed-off-by: Thomas Wolf <twolf@apache.org>
| | * | | SSH signing: make OpenSSH pattern matching publicThomas Wolf2024-10-221-13/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SSH signing needs the same pattern matching algorithm as is used for host matching in host entries in ~/.ssh/config. So make that pattern matching available via a static method. Change-Id: Ia26f23666f323f44ce66f769fbcd6c85965eb219 Signed-off-by: Thomas Wolf <twolf@apache.org>
| | * | | SSH signing: prepare configThomas Wolf2024-10-222-0/+79
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Include the SSH specifics in the GpgConfig so that we will have access to these configs later on. Change-Id: Iad3d6f2bdb5ba879e1672368c82d367b8ccd246c Signed-off-by: Thomas Wolf <twolf@apache.org>
| | * | | ssh: add a factory for KeyPasswordProviderThomas Wolf2024-10-222-5/+86
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce a global default factory to create KeyPasswordProvider. Previously, their creation was tied to the SSH session, but for SSH signatures, we will need to be able to create KeyPasswordProviders without having an SSH session. Change-Id: If4a69c4d4c4e8de390cb1ef3b65966d0e39c24ff Signed-off-by: Thomas Wolf <twolf@apache.org>
| * | | | Merge "PackIndexWriter: create interface to write indexes"Ivan Frade2024-10-2212-21/+67
| |\ \ \ \
| | * | | | PackIndexWriter: create interface to write indexesSam Delmerico2024-10-2212-21/+67
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PackWriter assumes that the primary index goes to a file in a well-known format. This cannot accomodate implementations in other storages or formats (e.g. in a database). Create an interface to write the index (PackIndexWriter). This interface will be implemented by the existing pack index writer classes (PackIndexWriterV1 etc.). As the "PackIndexWriter" name was used by the previous superclass of the file writers, we rename that class to "BasePackIndexWriter". Change-Id: Ia7348395315e458fc7adc75a8db5dcb903e2a4a1
| * | | | | Merge "DfsBlockCacheConfig: update stream.toList to collect(toList)"Ivan Frade2024-10-221-1/+1
| |\ \ \ \ \
| | * | | | | DfsBlockCacheConfig: update stream.toList to collect(toList)Laura Hamelin2024-10-211-1/+1
| | | |/ / / | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change updates usage of stream's list collector to support older jdk versions. Change-Id: Ia066d36aef8ab166efd837d5f6f01e5d1fdd3cb7
| * / | | | Add `numberOfPackFilesAfterBitmap` to RepoStatisticsJacek Centkowski2024-10-222-0/+190
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce a `numberOfPackFilesAfterBitmap` that contains the number of packfiles created since the latest bitmap generation. Notes: * the `repo.getObjectDatabase().getPacks()` that obtains the list of packs (in the existing `getStatistics` function) uses `PackDirectory.scanPacks` that boils down to call to `PackDirectory.scanPacksImpl` which is sorting packs prior returning them therefore the `numberOfPackFilesAfterBitmap` is just all packs before the one that has bitmap attached * the improved version of `packAndPrune` function (one that skips non-existent packfiles) was introduced for testing Change-Id: I608011462f104fc002ac527aa405f492a8a4b0c2
| * | | | DfsBlockCache: refactor stats implementations.Laura Hamelin2024-10-216-287/+547
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The stats interface has an implementation in the interface itself and another inside the PackExtBlockCache class. This asymmetry gets on the way to implement stats-per-table later. Make DfsBlockCacheStats (the stats of a single table) a top-level class and create an aggregator class to combine multiple stats. This makes the stats classes mirror the table classes structure (singles tables + composite). This change is part of a refactor to support providing detailed stats breakdowns for cache implementations using multiple table instances while keeping the existing "aggregated" view of cache stats. Change-Id: I79c11e4ea24afe4b449efdbb47bc81eed363ffd3
| * | | | Merge "DfsBlockCacheConfigs: add debug configuration print"Ivan Frade2024-10-152-1/+97
| |\ \ \ \
| | * | | | DfsBlockCacheConfigs: add debug configuration printLaura Hamelin2024-10-152-1/+97
| | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This will write out configuration values on a line by line basis to a given PrintWriter. Primary usage is as a semi-formatted debug print of the configuration values used by dfs block cache. Change-Id: I96724262245e4aa3423734a8b10de83322c4f89f
| * | | | Test advertised capabilities with protocol V0 and allow*Sha1InWantLuca Milanesio2024-10-121-0/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The advertised capabilities with protocol V0 were untested leading to potential regressions when advertising what SHA1 should or should not be on the list of capabilities. Verify that allow-tip-sha1-in-want and allow-reachable-sha1-in-want are properly advertised with the allow*Sha1InWant is set in jgit.config. Change-Id: I99d062a5a630b02ca3d1fe83bf6cdf3c284ae941
| * | | | Align request policies with CGitLuca Milanesio2024-10-121-13/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CGit defines the SHA request policies using a bitmask that represents which policy is implied by another policy. For example, in CGit the ALLOW_TIP_SHA1 is 0x01 and ALLOW_REACHABLE_SHA1 is 0x02, which are associated to two different bit in a 3-bit value. The ALLOW_ANY_SHA1 value is 0x07 which denotes a different policy that implies the previous two ones, because is represented with a 3-bit bitmask having all ones. Associate the JGit RequestPolicy enum to the same CGit bitmask values and use the same logic for the purpose of advertising the server capabilities. The JGit code becomes easier to read and associate with its counterpart in CGit, especially during the capabilities advertising phase. Also add a new utility method RequestPolicy.implies() which is more readable than a direct bitmask and operator. Bug: jgit-68 Change-Id: I6b2649b06623a3b8226ee8413e4f1f58ad8ea28b
| * | | | Merge "UploadPack: suppress resource warning for DepthWalk.RevWalk"Matthias Sohn2024-10-111-1/+2
| |\ \ \ \
| | * | | | UploadPack: suppress resource warning for DepthWalk.RevWalkMatthias Sohn2024-10-111-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | which borrows the ObjectReader from `walk` which is closed by UploadPack#close. Change-Id: Idb91f025c2872421702034381bb55d292d0e74ed
| * | | | | DfsReaderOptions: read loadRevIndexInParallel from configIvan Frade2024-10-113-0/+12
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The options have the field but it isn't loaded from the config. This forces a workaround downstream. Read the option from the config, as the others. Change-Id: I7720812e0577d8f45f6b7f5b8495a8b64729125e
| * | | | Merge "WindowCursor: Fix parameter name in javadoc"Matthias Sohn2024-10-101-1/+1
| |\ \ \ \
| | * | | | WindowCursor: Fix parameter name in javadocNasser Grainawi2024-10-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This doc was copied from another where the parameter had a shorter name. Change-Id: I6ae1afa525f02e26ab7224cced56db946f679bb8 Signed-off-by: Nasser Grainawi <quic_nasserg@quicinc.com>
| * | | | | Update jetty to 12.0.14Matthias Sohn2024-10-0921-188/+180
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I05da7de8fa370e3f00532f9f50408ddb79d37e56
| * | | | | Update Apache sshd to 2.14.0Matthias Sohn2024-10-0924-151/+151
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes an 'incorrect signature' error when trying to use the keys generated by SSHD during server init with an OpenSSH client. This also includes a few other changes since 2.13.2: * GH-524 Performance improvements * GH-533 Fix multi-step authentication * GH-582 Fix filtering in NamedFactory * GH-587 Prevent NullPointerExceptionon closed channel in NettyIoSession * GH-590 Better support for FIPS * GH-597 Pass on Charset in ClientSession.executeRemoteCommand() https://github.com/apache/mina-sshd/releases/tag/sshd-2.14.0 Change-Id: I76909fd56e70ee4ce16a075bd40ed6b2a609cc47
| * | | | | orbit-4.34: update junit bundle to 4.13.2.v20240929-1000Matthias Sohn2024-10-092-5/+5
| |/ / / / | | | | | | | | | | | | | | | Change-Id: I641c4dc44af47106149804fa05313d62d4f33325
| * / / / RevolveMerger: honor ignoreConflicts also for binary filesKamil Musin2024-10-082-2/+85
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently difference in binary files during merge will cause them to be added to unmergedPaths regardless of whether ignoreConflicts is true. This creates an issue during merging with strategy "RECURSIVE", as it makes it impossible to create a virtual commit if there is a difference in a binary file. Resulting in the CONFLICTS_DURING_MERGE_BASE_CALCULATION error being thrown. This is especially problematic, since JGit has a rather simplistic rules for considering file binary, which easily leads to false positives. What we should do instead is keep OURS. This will not lead to silently ignoring difference in the final result. It will allow creation of virtual merge-base commit, and then the difference would be presented again in the final merge results. In essense it only affects what's shown as BASE in 3-way merge. Additionally, this is correct because - It's consistent with treatment of other unmergeable entities, for example Gitlinks - It's consistent with behaviour of CGit: - https://git-scm.com/docs/gitattributes#Documentation/gitattributes.txt-binary states on diffs in binary OURS is picked by default. - In code: https://git.kernel.org/pub/scm/git/git.git/tree/merge-ll.c#n81 - ignoreConflicts in CGit afterwards ignores all issues with content merging https://git.kernel.org/pub/scm/git/git.git/tree/merge-ort.c#n5201 We also adjust the behaviour when .gitattributes tell us to treat the file as binary for the purpose of the merge. We only change the behaviour when ignoreConlicts = true, as otherwise the current behaviour works as intended. Change-Id: I2b69f80a13d250aad3fe12dd438b2763f3022270
| * | | dfs: add configurable name to block cache table statsLaura Hamelin2024-10-077-7/+212
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The addition of a name will help show statistics broken down per inner cache table when more than one cache table is used. The name configuration is obtained from the config subsection name prefixed by `dfs`, or `dfs` for the base case. Change-Id: Ia16c794f094d756441b779e3b1f1a3c992443509
| * | | Merge "DfsBlockCache: use PackExtBlockCacheTable when configured"Ivan Frade2024-10-072-7/+56
| |\ \ \
| | * | | DfsBlockCache: use PackExtBlockCacheTable when configuredLaura Hamelin2024-10-042-7/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds the usage of PackExtBlockCacheTable to the DfsBlockCache, replacing the current DfsBlockCacheTable when PackExtCacheConfigurations exists. When no PackExtCacheConfigurations exists the current DfsBlockCacheTable implementation will be used. Change-Id: I42222a0cb43785baba907a49077dd9874d19d891
* | | | | Prepare 7.1.0-SNAPSHOT buildsMatthias Sohn2024-10-0289-123/+123
| | | | | | | | | | | | | | | | | | | | Change-Id: I6329845c41bf40a752c685fb77483d9722cd1583
* | | | | JGit v7.1.0.202410012040-m1v7.1.0.202410012040-m1Matthias Sohn2024-10-0189-123/+123
|/ / / / | | | | | | | | | | | | | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: Ib48cf15ad039bc7102a8af202ffcc39ea9233b9b
* | | | LfsConnectionFactoryTest: remove unnecessary castMatthias Sohn2024-10-012-2/+5
| | | | | | | | | | | | | | | | Change-Id: I08ed51b13aa269a4f6b64ac723b6bd7649c6591c
* | | | JSchSshProtocol2Test: remove unnecessary castMatthias Sohn2024-10-012-2/+3
| | | | | | | | | | | | | | | | Change-Id: Id3767f43cbbfd0c05f9a7f0d5620943da874df92
* | | | ApacheSshProtocol2Test: remove unnecessary castMatthias Sohn2024-10-012-2/+3
| | | | | | | | | | | | | | | | Change-Id: Ie8e7b097e48342a9cda6873e8595146a1b3f1427
* | | | NoteMapMerger: remove unnecessary castMatthias Sohn2024-10-011-1/+1
| | | | | | | | | | | | | | | | Change-Id: I3be4963f506529bbadc5b6dfc0b625ee85effc1f
* | | | Update mockito to 5.14.1Matthias Sohn2024-10-0121-40/+40
| | | | | | | | | | | | | | | | Change-Id: I6da7acb4fb8188a5bd32382eca12593febff29b7
* | | | Update jna to 5.15.0Matthias Sohn2024-10-0121-60/+60
| | | | | | | | | | | | | | | | Change-Id: I164964b2173ee285d35d6d3a29caf30c0b8a6f95
* | | | Update bytebuddy to 1.15.3Matthias Sohn2024-10-0121-60/+60
| | | | | | | | | | | | | | | | Change-Id: Ib17b92d6f413f706ff97fb4ccf07847f4b5808ad
* | | | Update commons-io:commons-io to 2.17.0Matthias Sohn2024-10-0121-40/+40
| | | | | | | | | | | | | | | | Change-Id: Ib3030b917ffb1a02115345e9050180313efdc19b
* | | | Merge "Record failing paths in recursive merge."Ivan Frade2024-09-272-3/+20
|\ \ \ \
| * | | | Record failing paths in recursive merge.jackdt@google.com2024-09-232-3/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is meant to help diagnose LOCK_FAILURE errors, which otherwise provides very little information in https://eclipse.googlesource.com/jgit/jgit/+/refs/heads/master/org.eclipse.jgit/src/org/eclipse/jgit/lib/BatchRefUpdate.java#731. Change-Id: I3d544c899fe66effbd107ea2f38d73f6f253a7e6
* | | | | Merge "FileRepository: Remove unnecessary setConfig call"Ivan Frade2024-09-271-2/+0
|\ \ \ \ \