aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* sshd: support the ConnectTimeout ssh configThomas Wolf2022-01-302-1/+15
| | | | | | Parse the value from the ssh config and if set use it when connecting. Change-Id: I85b44c9468a5027602375706612c46ea7a99b2bd Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: Skip unknown keys from the SSH agentThomas Wolf2022-01-304-6/+57
| | | | | | | | | | | | An SSH agent might contain keys that Apache MINA sshd cannot handle. Pageant for instance can contain ed448 keys, which are not implemented in OpenSSH or in Apache MINA sshd. When an agent delivers such keys, simply skip (and log) them. That way, we can work with the remaining keys. Otherwise a single unknown key in the agent would break pubkey authentication. Change-Id: I3945d932c7e64b628465004cfbaf10f4dc05f3e4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: support the AddKeysToAgent ssh configThomas Wolf2022-01-308-22/+542
| | | | | | | | | | Add parsing of the config. Implement the SSH agent protocol for adding a key. In the pubkey authentication, add keys to the agent as soon as they've been loaded successfully, before even attempting to use them for authentication. OpenSSH does the same. Bug: 577052 Change-Id: Id1c08d9676a74652256b22281c2f8fa0b6508fa6 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: handle "IdentityAgent SSH_AUTH_SOCK" in ssh configThomas Wolf2022-01-305-11/+24
| | | | | | | | | OpenSSH has (for legacy reasons?) the option of specifying the default environment variable directly, instead of using ${SSH_AUTH_SOCK}. Make sure the plain variable name is not taken as a relative path name. Bug: 577053 Change-Id: If8f550dffc43887254f71aa0b487c50fa14d0627 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: Connector for the Win32-OpenSSH SSH agentThomas Wolf2022-01-306-5/+259
| | | | | | | | | Win32-OpenSSH uses a named Windows pipe for communication. Implement a connector for this mechanism using JNA. Choose the appropriate connector based on the setting of the 'identityAgent' parameter. Bug: 577053 Change-Id: I205f07fb33654aa18ca5db92706e65544ce38641 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: handle IdentitiesOnly with an SSH agentThomas Wolf2022-01-303-32/+138
| | | | | | | | | | | | | | | | | If an SSH agent is used but "IdentitiesOnly yes" is set, only those keys from the agent that correspond to one of the keys explicitly given via an IdentityFile directive are to be used. Implement this by filtering the list of keys obtained from the agent against the list of IdentityFiles, each entry suffixed with ".pub". Load the public keys from these files, and ignore all other keys from the agent. Keys without ".pub" file are also ignored. Apache MINA sshd has no operation to load only the public key from a private key file, so we have to rely on *.pub files. Bug: 577053 Change-Id: I75c2c0b3ce35781c933ec2944bd6da1b94f4caf9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: support IdentityAgent configThomas Wolf2022-01-304-9/+28
| | | | | | | | | Handle the 'none' value, and change the value to select Pageant to something that looks like an absolute UNC path name to avoid it's handled as an relative path name. Bug: 577053 Change-Id: I4ccf047abbc1def50e2782319e4fa7c744069401 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* LFS: Fix error occurring during delete branchNail Samatov2022-01-272-0/+19
| | | | | | | | | | | | | | | | | Fix TransportException occurring when deleting a branch and push that change to remote repository if BuiltinLFS is used to work with repository. When finding LFS pointers in RemoteRepUpdate, LfsPrePushHook fails to open ObjectReader with new object id equal to ObjectId.zeroId(). If update is a deleting update (new object id is zero id), we can assume that this update doesn't contain LFS Pointer and we can skip step with extracting LFS pointer for that RemoteRefUpdate. Bug: 578313 Change-Id: Ic4367978338b8234d39d9af0d9674490f79fc22d Signed-off-by: Nail Samatov <sanail@yandex.ru>
* Merge "PackOutputStream: Extract cancellation and digest to superclass"Ivan Frade2022-01-273-72/+229
|\
| * PackOutputStream: Extract cancellation and digest to superclasskylezhao2022-01-273-72/+229
| | | | | | | | | | | | | | | | | | | | Checking the cancelled status and keeping a digest of the written data is useful for other output streams. e.g. to write commit-graphs. Pull up that functionality to a superclass, so it can be reused. Change-Id: I177b50be09c4ea631e7a144cc6127085ec2ca411 Signed-off-by: kylezhao <kylezhao@tencent.com>
* | Bazel: Include bazel resource configuration file for RBE buildDavid Ostrovsky2022-01-221-0/+2
| | | | | | | | | | | | | | In I988f61e34 tools/remote-bazelrc was added, but this resource file wasn't imported from main resource file workspace/.bazelrc. Change-Id: Ie0c2f128fbccaa6f9e99ad29a3a76ac294f3cd29
* | Merge "DFS block cache: report index load and evict stats"Ivan Frade2022-01-213-4/+279
|\ \
| * | DFS block cache: report index load and evict statsAlina Djamankulova2022-01-213-4/+279
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enhance cache performance monitoring for large data such as pack and bitmap indexes. Provide details about what is loaded and evicted from cache like total number of cache hits, time in cache before eviction. Add a custom consumer to report loading events and eviction events when enabled. Signed-off-by: Alina Djamankulova <adjama@google.com> Change-Id: I5739325db7ff7ec370e4defd8f7e46f1c3f5d2dd
* | | Bazel: Add RBE supportDavid Ostrovsky2022-01-203-0/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Bazel build can be used with Google's Remote Build Execution. This needs the following setup steps: $ gcloud auth application-default login $ gcloud services enable remotebuildexecution.googleapis.com --project=${PROJECT} Create a worker pool. The instances should have at least 4 CPUs each for adequate performance. $ gcloud alpha remote-build-execution worker-pools create default \ --project=${PROJECT} \ --instance=default_instance \ --worker-count=50 \ --machine-type=e2-standard-4 \ --disk-size=200 To use RBE, execute $ bazel test --config=remote \ --remote_instance_name=projects/${PROJECT}/instances/default_instance \ //... Change-Id: I988f61e342dab2136d8752ace945a4ed91a4189a
* | | Bazel: Switch to using toolchain resolution for java rulesDavid Ostrovsky2022-01-204-4/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump Bazel version to release 5.0.0. In this new Bazel release, --incompatible_use_toolchain_resolution_for_java_rules is flipped, that means that the build must be adapted to toolchain resolution. Specification toolchain resolution for java rules is here: [1]. Main tracking Bazel issue is here: [2]. Given that new Bazel release also added support for remote JDK 17, add experimental support for building with remote JDK 17 to produce major byte code version 61. Test Plan: To build with remote JDK 11 run: $ bazel build :all To build with remote JDK 17 run: $ bazel build --config java17 :all [1] https://docs.google.com/document/d/1MVbBxbKVKRJJY7DnkptHpvz7ROhyAYy4a-TZ-n7Q0r4/edit?usp=sharing [2] https://github.com/bazelbuild/bazel/issues/7849 Change-Id: I8d26dff722c6677ea7642913b61e416b23ea9041
* | | Bazel: Simplify java 11 toolchain definitionDavid Ostrovsky2022-01-201-20/+2
| | | | | | | | | | | | | | | | | | Also remove unused JDK9_JVM_OPTS constant. Change-Id: I0f45ca8312a2a8c3aee3855e3ef3afa95808b4ad
* | | Bazel: Format build files with buildifierDavid Ostrovsky2022-01-203-4/+4
| | | | | | | | | | | | Change-Id: I1ff38237058d11a3f61acc881c504382ff4b7e08
* | | Bazel: Remove JDK 15 toolchain definitionDavid Ostrovsky2022-01-201-28/+0
| | | | | | | | | | | | | | | | | | | | | Java 15 is outdated and the recent Bazel releases added support to JDK 17. Change-Id: I68c1f5b5132d844f07bfefc22f81ecf0a19df910
* | | Bazel: Remove version checkDavid Ostrovsky2022-01-202-32/+0
| | | | | | | | | | | | | | | | | | | | | Recent Bazel releases perform Bazel version check, based on .bazelversion file. Change-Id: I92d5daaef8ecbd011517d314564c0f5492c8ea75
* | | ExternalToolTest: Rename class name to usual name for test casesDavid Ostrovsky2022-01-203-3/+3
| | | | | | | | | | | | Change-Id: I00e4a5e73f530b7ac671d09b9b447bb24d6419fa
* | | Bazel: Add missing java packages to error_prone package groupDavid Ostrovsky2022-01-201-3/+8
| | | | | | | | | | | | Change-Id: I709a3cd2639e9209b2c92c700e04ab4c90ed0524
* | | Adapt junit_tests invocation to removal of resource_jars attributeDavid Ostrovsky2022-01-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In upcoming Bazel release 5.0 resource_jars attribute was removed: [1]. Replace resource_jars with runtime_deps as recommended in the release notes. [1] https://github.com/bazelbuild/bazel/issues/13221 Change-Id: Iab834d647cf63259ca182adc1f862b6001db0cce
* | | Update orbit to I20220111151929Matthias Sohn2022-01-1915-103/+103
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and update - com.google.gson to 2.8.9.v20220111-1409 - org.bouncycastle.bcpg to 1.70.0.v20220105-1522 - org.bouncycastle.bcpkix to 1.70.0.v20220105-1522 - org.bouncycastle.bcprov to 1.70.0.v20220105-1522 - org.bouncycastle.bcutil to 1.70.0.v20220105-1522 Change-Id: I7d9159e0e8524459a11da84cb2db709cb1f0823d
* | | Update org.apache.maven.wagon:wagon-ssh to 3.5.1Matthias Sohn2022-01-191-1/+1
| | | | | | | | | | | | Change-Id: I90807ef1ae065a8a8559e445c0aa7e2abdd2b9a8
* | | Update org.eclipse.jdt:ecj to 3.28.0Matthias Sohn2022-01-191-1/+1
| | | | | | | | | | | | Change-Id: I7573d8cfd07038bca4a7ed9e122e5dcf666632f8
* | | Update org.osgi:org.osgi.core to 6.0.0Matthias Sohn2022-01-191-1/+1
| | | | | | | | | | | | Change-Id: If93e0e8769fcbb92befa1f159f48b0ac6b6f3d24
* | | [errorprone] Fix implicit use of platform default charsetMatthias Sohn2022-01-191-1/+3
| | | | | | | | | | | | Change-Id: I42f893c4248d8b00bf4aaf59cd528c43940f99e2
* | | [bazel] Fix build of ExternalDiffToolTestMatthias Sohn2022-01-191-0/+1
| | | | | | | | | | | | Change-Id: Ida4721142f49c86aa3f05aeffc6ca0aef40939f9
* | | Let org.eclipse.jgit.pgm use BooleanTriStateMatthias Sohn2022-01-191-1/+2
| | | | | | | | | | | | Change-Id: I575cd5e1ecd326514a8bb4c36a86a2dc71ba5457
* | | Merge branch 'stable-6.0'Matthias Sohn2022-01-197-29/+74
|\ \ \ | |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | * stable-6.0: [bazel] Skip ConfigTest#testCommitTemplatePathInHomeDirecory [errorprone] Fix InfiniteRecursion error in RecordingLogger [errorprone] Suppress Finally error in ObjectDownloadListener [errorprone] Fix implicit use of default charset in FileBasedConfigTest [errorprone] Suppress FutureReturnValueIgnored in FileRepository#autoGc Change-Id: I08d58c8f3f04e3a920da43b5fb252b1654c2b33c
| * | Merge changes I6a22f37f,I092389e4,I20af1d8d,I83332efc into stable-6.0Matthias Sohn2022-01-196-29/+73
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * changes: [bazel] Skip ConfigTest#testCommitTemplatePathInHomeDirecory [errorprone] Fix InfiniteRecursion error in RecordingLogger [errorprone] Suppress Finally error in ObjectDownloadListener [errorprone] Fix implicit use of default charset in FileBasedConfigTest
| | * | [bazel] Skip ConfigTest#testCommitTemplatePathInHomeDirecoryMatthias Sohn2022-01-183-26/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move this test to another class and skip it when running tests with bazel since the bazel test runner does not allow to create files in the home directory. FS#userHome retrieves the home directory on the first call and caches it for subsequent calls to avoid overhead in case path translation is required (currently on cygwin). This prevents that the test can mock the home directory using MockSystemReader like SshTestHarness does. Change-Id: I6a22f37f4a19eb4b4935509eae508a23e56db7aa
| | * | [errorprone] Fix InfiniteRecursion error in RecordingLoggerMatthias Sohn2022-01-181-1/+5
| | | | | | | | | | | | | | | | Change-Id: I092389e428232a4fe7613d846c288d285ae9102c
| | * | [errorprone] Suppress Finally error in ObjectDownloadListenerMatthias Sohn2022-01-181-0/+1
| | | | | | | | | | | | | | | | Change-Id: I20af1d8d931608e93fbc52e127f1b7bafd2f917c
| | * | [errorprone] Fix implicit use of default charset in FileBasedConfigTestMatthias Sohn2022-01-181-2/+5
| | | | | | | | | | | | | | | | Change-Id: I83332efc498a5bce242915a1eec2346e6e1f58fd
| * | | Merge "[errorprone] Suppress FutureReturnValueIgnored in ↵Matthias Sohn2022-01-191-0/+1
| |\| | | | | | | | | | | | | | FileRepository#autoGc" into stable-6.0
| | * | [errorprone] Suppress FutureReturnValueIgnored in FileRepository#autoGcMatthias Sohn2022-01-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Ignore the FutureReturnValueIgnored warning for the unused return value of #gc. Change-Id: I4e7a2f85d404962c01726f9a1d079fe4a6430a1b
* | | | Merge branch 'stable-6.0'Matthias Sohn2022-01-184-3/+63
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-6.0: UploadPack v2 protocol: Stop negotiation for orphan refs Complete update to servlet api 4.0.0 Change-Id: I55ab6e8fd4a76e4313e37b12f9fc5d5e4b84a681
| * | | Merge branch 'stable-5.13' into stable-6.0Matthias Sohn2022-01-182-0/+60
| |\ \ \ | | |/ / | |/| | | | | | | | | | | | | | | | | | * stable-5.13: UploadPack v2 protocol: Stop negotiation for orphan refs Change-Id: I6a9ed8338ffbf5363e48d640a2c4209e4e503549
| | * | Merge branch 'stable-5.12' into stable-5.13Matthias Sohn2022-01-182-0/+60
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.12: UploadPack v2 protocol: Stop negotiation for orphan refs Change-Id: Ib43068c32d9cb8effe4b873396391dc3c9197a6e
| | | * \ Merge branch 'stable-5.11' into stable-5.12Matthias Sohn2022-01-182-0/+60
| | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.11: UploadPack v2 protocol: Stop negotiation for orphan refs Change-Id: I5db432bd416cfa8d3dd295bdce63e31d5f160a8a
| | | | * | UploadPack v2 protocol: Stop negotiation for orphan refsMarcin Czech2022-01-182-0/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The fetch of a single orphan ref (for example Gerrit meta ref: refs/changes/21/21/meta) did not stop the negotiation so client had to advertise all refs. This impacts the fetch performance on repositories with a large number of refs (for example on Gerrit repository it takes 20 seconds to fetch meta ref comparing to 1.2 second to fetch ref with parent). To avoid this issue UploadPack, used on the server side, now checks if all `want` refs have parents, if not this means that client doesn't need any extra objects, hence the server responds with `ready` and finishes the negotiation phase. Bug: 577937 Change-Id: Ia3001b400b415d5cf6aae45e72345ca08d3af058
| * | | | | Complete update to servlet api 4.0.0Matthias Sohn2022-01-122-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ibd0240cf7ad updated servlet-api to 4.0.0 only partially for the osgi-based build in Eclipse. Complete this by updating dependencies also in maven and bazel build. Change-Id: Ic4c3eb78c538007ca2177f6109d415147e58eabe
* | | | | | Switch to Apache MINA sshd 2.8.0Thomas Wolf2022-01-0721-155/+209
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update version in root pom.xml, adapt code & manifests. Bump the dependency in the bazel build. Update Orbit to I20220105095044 to get Apache MINA sshd 2.8.0 and regenerate all target platforms. Bug: 577542 Change-Id: Iefc02ceda8a9b0683f49aa8059999a5486d1f322 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | | | | Merge changes Ia744cd4a,Id95350c7,I746b7fb7Thomas Wolf2022-01-0633-140/+187
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * changes: sshd: backport upstream fix for SSHD-1231 [releng] bump japicmp base version and configure sshd bundles Merge branch 'stable-6.0'
| * | | | | | sshd: backport upstream fix for SSHD-1231Thomas Wolf2022-01-062-0/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SSHD-1231[1] may lead to exceptions when trying to authenticate first with an RSA key that is rejected by the server. The upstream fix is a one-liner but unfortunately didn't make it into Apache MINA sshd 2.8.0. Incorporate the upstream fix in JGitPublicKeyAuthentication, and add a test case for this. [1] https://issues.apache.org/jira/browse/SSHD-1231 Bug: 577545 Change-Id: Ia744cd4aa569bccd937c855f3bb45c0116915bad Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
| * | | | | | [releng] bump japicmp base version and configure sshd bundlesThomas Wolf2022-01-053-5/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump the japicmp base version to 6.0.0.202111291000-r and configure the o.e.j.ssh.apache and o.e.j.ssh.apache.agent bundles to ignore internal classes. Change-Id: Id95350c73b9141e1583f9de5fb6ab2496c7407d9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
| * | | | | | Merge branch 'stable-6.0'Thomas Wolf2022-01-0529-135/+134
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-6.0: Use slf4j-simple instead of log4j for logging Update orbit to R20211213173813 Change-Id: I746b7fb71571020ce49f7b50fd675c9864327719 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
| | * | | | | Merge branch 'stable-5.13' into stable-6.0Thomas Wolf2022-01-0529-135/+134
| | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.13: Use slf4j-simple instead of log4j for logging Update orbit to R20211213173813 Change-Id: I219ef3901c1d908b91bf9c8f00431b22686ff7a5 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
| | | * | | | Use slf4j-simple instead of log4j for loggingMatthias Sohn2021-12-3132-177/+84
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | JGit uses slf4j-api as logging API. The libraries - org.eclipse.jgit.http.test - org.eclipse.jgit.pgm - org.eclipse.jgit.ssh.apache.test - org.eclipse.jgit.test used the outdated log4j 1.2.15 which is EOL since years. Since both jgit command line and also the tests don't need sophisticated logging features replace log4j with the much simpler slf4j-simple log implementation. The org.slf4j.binding.simple 1.7.30 archive has only 25kB instead of 429kB for log4j 1.2.15 Applications using jgit are free to choose any other log implementation supporting slf4j API. Change-Id: I89e85cd3c76e954c3434622510975ce65dc227d4
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-15 10:27:11 +0000