summaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.gpg.bc
Commit message (Collapse)AuthorAgeFilesLines
* JGit v6.0.0.202111241155-rc1v6.0.0.202111241155-rc1Matthias Sohn2021-11-243-4/+4
| | | | | Change-Id: I35dc089a00ee12f83f506fb320d23762fa030063 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Prepare 6.0.0-SNAPSHOT buildsMatthias Sohn2021-11-173-4/+4
| | | | Change-Id: Ibfc7fb21b039fe2a7669c8dee3c10f5ade33d520
* JGit v6.0.0.202111161950-m3v6.0.0.202111161950-m3Matthias Sohn2021-11-173-4/+4
| | | | | Change-Id: If6c36994be05848c567d3d664eb683d9bed26c48 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Prepare 6.0.0-SNAPSHOT buildsMatthias Sohn2021-10-283-4/+4
| | | | Change-Id: Iff7b4f834ecb43c7a0a9bf79bb8b30dd10d1fa07
* JGit v6.0.0.202110270955-m2v6.0.0.202110270955-m2Matthias Sohn2021-10-273-4/+4
| | | | | Change-Id: I8057bbbf6acd478ad062e30cf5cbfc287531a66a Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Prepare 6.0.0-SNAPSHOT buildsMatthias Sohn2021-10-063-4/+4
| | | | Change-Id: Iac4504923b34e29b5981cb77fdbe9e4cac7e625e
* JGit v6.0.0.202110060947-m1v6.0.0.202110060947-m1Matthias Sohn2021-10-063-4/+4
| | | | | Change-Id: I182115d974d5ef3e611e0e082667d7e51d8babd0 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* KeyGrip: fix build error on java 15Matthias Sohn2021-09-291-2/+4
| | | | | | | | CryptlibObjectIdentifiers can't be used because bouncycastle doesn't export the package org.bouncycastle.asn1.cryptlib. Bug: 573638 Change-Id: I1f9e2af02d9fec69d2249a7d78301ba4b333a9ba
* Enable compiler option --releaseMatthias Sohn2021-09-292-3/+122
| | | | | | | | | | | | | | | | | | | This ensures the compiler compiles against the public, supported and documented API for a specific VM version (here 11) [1]. This also means that we don't need EE descriptors in Eclipse anymore in order to ensure that only supported APIs of the selected Java version can be used. According to [2] if option --release is used --source and --target options can't be used. While we are at it also add default value for all new jdt core options added in Eclipse 4.21. [1] https://docs.oracle.com/en/java/javase/11/tools/javac.html [2] https://docs.oracle.com/en/java/javase/14/docs/specs/man/javac.html#option-release Change-Id: I852a5d7b0a3210751c15d79ec91915b4c01c41e2 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Bump minimum required Java version to 11Matthias Sohn2021-09-293-5/+9
| | | | | | Bug: 569917 Change-Id: Ifdcdb022a3f29321b4d10da1cc34acca68ed7b03 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Merge branch 'next'Matthias Sohn2021-09-143-10/+10
|\ | | | | | | | | | | | | | | * next: Enable CommitCommand to use a fluent style Prepare 6.0.0-SNAPSHOT builds Change-Id: Ibd247d5990983bedadd8b959a82215914d216ed1
| * Merge branch 'master' into nextMatthias Sohn2021-09-137-37/+74
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (38 commits) Revert "DFS block cache: Refactor to enable parallel index loading" GitServlet: allow to override default error handlers Silence API error for new interface method ProtocolV2Hook#onObjectInfo transport: add object-info capability Ignore IllegalStateException if JVM is already shutting down Update orbit to R20210825222808 for 2021-09 Update spotbugs-maven-plugin to 4.3.0 Update ant to 1.10.11 also in pom.xml DFS block cache: add additional stats to DfsReaderIoStats Update Orbit to S20210817231813 [gpg] Better GPG home directory determination FS: cleanup use of final modifier Ensure FS#searchPath only selects executable files RevWalk: getMergedInto's result is wrong on the second call DFS block cache: Refactor to enable parallel index loading [test] Create keystore with the keytool of the running JDK [gpg] Update to Bouncy Castle 1.69 [test] Create keystore with the keytool of the running JDK [sshd] Minor code clean-up Support commit.template config property ... Change-Id: I9f99e9a513a23c0c0d252334e79c351512d7355e
| * \ Merge branch 'master' into nextMatthias Sohn2021-02-2817-166/+2723
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (143 commits) Prepare 5.11.0-SNAPSHOT builds JGit v5.11.0.202102240950-m3 [releng] japicmp: update last release version IgnoreNode: include path to file for invalid .gitignore patterns FastIgnoreRule: include bad pattern in log message init: add config option to set default for the initial branch name init: allow specifying the initial branch name for the new repository Fail clone if initial branch doesn't exist in remote repository GPG: fix reading unprotected old-format secret keys Update Orbit to S20210216215844 Add missing bazel dependency for o.e.j.gpg.bc.test GPG: handle extended private key format dfs: handle short copies [GPG] Provide a factory for the BouncyCastleGpgSigner Fix boxing warnings GPG: compute the keygrip to find a secret key GPG signature verification via BouncyCastle Post commit hook failure should not cause commit failure Allow to define additional Hook classes outside JGit GitHook: use default charset for output and error streams ... Change-Id: I689f4070e79f4a0ac1c02b35698ccaab68ad2f34
| * \ \ Merge branch 'master' into nextMatthias Sohn2020-11-283-11/+35
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: Remove unused imports Silence API warnings Remove erraneously merged source features Add support for reading symrefs from pack capabilities Prepare 5.3.9-SNAPSHOT builds JGit v5.3.8.202011260953-r Prepare 5.1.15-SNAPSHOT builds JGit v5.1.14.202011251942-r GC#deleteOrphans: log warning for deleted orphaned files GC#deleteOrphans: handle failure to list files in pack directory Ensure that GC#deleteOrphans respects pack lock Prepare 5.10.0-SNAPSHOT builds JGit v5.10.0.202011251205-m3 PacketLineIn: ensure that END != DELIM Update Orbit to S20201118210000 and add target for 4.18 PacketLineIn: ensure that END != DELIM PacketLineIn: ensure that END != DELIM Allow to resolve a conflict by checking out a file Update Orbit to I20201111205634 Document that setLastModified sets time of symlink target Fix bug in PerformanceLogContext Fix IOException occurring during gc Prepare 5.10.0-SNAPSHOT builds JGit v5.10.0.202011041322-m2 Revert "Client-side protocol V2 support for fetching" Close Repository to fix tests failing on Windows Client-side protocol V2 support for fetching Update slf4j to 1.7.30 Update Orbit to S20201027182932 (2020-12 M2) Fix formatting of config option values Document options in core section supported by JGit Ensure .gitmodules is loaded when accessing submodule name Export new package org.eclipse.jgit.logging and import it where used Ensure GC.deleteOrphans() can delete read-only orphaned files on Windows Add new performance logging Implement git describe --all Compute time differences with Duration Override config http.userAgent from environment GIT_HTTP_USER_AGENT Upgrade spotbugs-maven-plugin to 4.1.3 Fix OperatorPrecedence warning flagged by error prone UploadPackTest#testUploadRedundantBytes: ensure test repo is closed ObjectDirectory#selectObjectRepresentation: fix formatting Upgrade ecj to 3.23.0 Support "http.userAgent" and "http.extraHeader" from the git config sshd: better error report when user cancels authentication API filters for PackStatistics.Accumulator Add TypedConfigGetter.getPath() Make Javadoc consistent for PackStatistics fields Measure time taken for reachability checks Measure time taken for negotiation in protocol V2 IndexDiffFilter: handle path prefixes correctly sshd: support the ProxyJump ssh config Upgrade jacoco-maven-plugin to 0.8.6 ReceivePackStats: Add size and count of unnecessary pushed objects Upgrade maven-project-info-reports-plugin to 3.1.1 Prepare 5.9.1-SNAPSHOT builds JGit v5.9.0.202009080501-r [releng] Enable japicmp for the fragments added in 5.8.0 GitlinkMergeTest: fix boxing warnings Remove unused API problem filters Add missing since tag on BundleWriter#addObjectsAsIs SshdSession: close channel gracefully GPG: include signer's user ID in the signature jgit: Add DfsBundleWriter Bump Bazel version to 3.5.0 Upgrade maven-resources-plugin to 3.2.0 Upgrade plexus-compiler version to 2.8.8 [bazel] Add missing dependency to slf4j-api [errorprone] DirCacheEntry: make clear operator precedence [errorprone] PackWriter#parallelDeltaSearch: avoid suppressed exception [errorprone] Declare DirCache#version final Add jgit-4.17-staging target platform for 2020-09 Update target platform to R20200831200620 Prepare 5.10.0-SNAPSHOT builds Prepare 5.9.0-SNAPSHOT builds ResolveMerger: do not content-merge gitlinks on del/mod conflicts ResolveMerger: Adding test cases for GITLINK deletion ResolveMerger: choose OURS on gitlink when ignoreConflicts ResolveMerger: improving content merge readability ResolveMerger: extracting createGitLinksMergeResult method ResolveMerger: Adding test cases for GITLINK merge JGit v5.9.0.202008260805-m3 Fix possible NegativeArraySizeException in PackIndexV1 FS: use binary search to determine filesystem timestamp resolution Do not prematurely create directory of jgit's XDG config file FS: write to JGit config in a background thread FS: don't cache fallback if running in background Keep line endings for text files committed with CR/LF on text=auto Delay WindowCache statistics JMX MBean registration [releng] Update plexus-compiler to 2.8.7 DirCache: support index V4 Update javadoc for RemoteSession and SshSessionFactory Fix JSchProcess.waitFor() with time-out sshd: work around a race condition in Apache MINA sshd 2.4.0/2.5.x sshd: store per-session data on the sshd session object FilterSpec: Use BigInteger.ZERO instead of valueOf(0) Do not send empty blob in response to blob:none filter Add support for tree filters when fetching sshd: use PropertyResolver in test FS_POSIX: avoid prompt to install the XCode tools on OS X Remove dependency on JSch from SSH test framework Use LinkedBlockingQueue for executor determining filesystem attributes Update API warning filters Remove unused imports Bazel: Add workspace status command to stamp final artifact DiffFormatter: correctly deal with tracked files in ignored folders Prepare 5.8.2-SNAPSHOT builds JGit v5.8.1.202007141445-r Update Jetty to 9.4.30.v20200611 Fix writing GPG signatures with trailing newline Rename a test method Add a test for upstream bug SSHD-1028 Improve error message when receive.maxCommandBytes is exceeded LfsConnectionFactory#getLfsUrl: Fix unconditional break in for-loop DiffFormatterTest: Add a test to confirm the default rename detection settings Upgrade maven-site-plugin to 3.9.1 Upgrade build-helper-maven-plugin to 3.2.0 Upgrade spotbugs to 4.0.4 MergedReftable: Include the last reftable in determining minUpdateIndex Add new osgi fragments to maven-central deploy scripts PackBitmapIndex: Not buffer inflated bitmap during bitmap creation. Do not require org.assertj.core.annotations Upgrade ecj to 3.22.0 Remove workaround for signing jars using Tycho plugins Use https for URL of jgit website Fix CI information in pom.xml Use gitiles as scm url in pom.xml for browsing source code Update API baseline to 5.8.0.202006091008-r Remove trailing whitespace Change-Id: Ie6bc6954741a47cfbd32c0886bdbd7b594f08b31 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
| * | | | Merge branch 'master' into nextMatthias Sohn2020-06-103-13/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: SimpleMergeTest: Clean up code style Prepare 5.8.1-SNAPSHOT builds Handle Fragment-Host declaration when updating version JGit v5.8.0.202006091008-r Prepare 5.9.0-SNAPSHOT builds Handle Fragment-Host declaration when updating version Add benchmark for strategies how to move a file Add getter for unpackErrorHandler in ReceivePack Upgrade maven-project-info-reports-plugin to 3.1.0 Upgrade maven-shade-plugin to 3.2.4 ObjectDirectoryInserter: Open FileOutputStream in try-with-resource ObjectDirectoryInserter: Remove redundant 'throws' declarations ObjectDirectory: Further clean up insertUnpackedObject Add Git#shutdown for releasing resources held by JGit process ApplyCommand: use context lines to determine hunk location GPG: don't prompt for a passphrase for unprotected keys Fix typo in org.eclipse.jgit.ssh.jsch.test MANIFEST Fix ProtectedMembersInFinalClass warning flagged by error prone Use version range to define fragment host bundle version ObjectDirectory: Explicitly handle NoSuchFileException ObjectDirectory: Fail immediately when atomic move is not supported Fix jgit packaging Fix InvalidInlineTag error flagged by error prone Fix BadComparable error flagged by error prone Add tests for RawTextComparator.WS_IGNORE_CHANGE.hash() Update Orbit to R20200529191137 for final Eclipse release 2020-06 Organize manifest of org.eclipse.jgit.pgm Do not include log4j implementation in jgit Decouple JSch from JGit Core Decouple BouncyCastle from JGit Core Verify that the user home directory is valid WindowCache: conditional JMX setup RawTextComparator.WS_IGNORE_CHANGE must not compare whitespace Revert "PackBitmapIndex: Not buffer inflated bitmap in BasePackBitmapIndex" Update jetty to 9.4.28.v20200408 Add 4.16 staging target platform In-memory SSH keys for the "no files" sshd tests Builder API to configure SshdSessionFactories TransportHttp: abort on time-out or on SocketException Ignore core.eol if core.autocrlf=input Attributes: fix handling of text=auto in combination with eol Bazel: Remove superfluous dependencies flagged by unused_deps Log stack trace if CachingKeyPairProvider hits unexpected exception Update Orbit to S20200519202422 and ant to 1.10.8 Include full IssuerFingerprint in GPG signature Bazel: Fix src_sha1 of bcpg-jdk15on Suppress API error for new method BitmapIndex.Bitmap#retrieveCompressed Fix wrong @since tags added in dcb0265 PackBitmapIndex: Set distance threshold PackBitmapIndex: Not buffer inflated bitmap in BasePackBitmapIndex PackBitmapIndex: Remove convertedBitmaps in the Remapper PackBitmapIndex: Reduce memory usage in GC PackBitmapIndex: Add AddToBitmapWithCacheFilter class PackBitmapIndex: Add util methods and builder to BitmapCommit PackBitmapIndex: Move BitmapCommit to a top-level class Refactor: Make retriveCompressed an method of the Bitmap class Fix downloading LFS Object fails behind proxy Allow for using custom s3 host with lfs server ReceivePack: adding IterativeConnectivityChecker Moving transport/internal -> internal/transport Fix error occurring during checkout Change-Id: Ic11286e16ed6a72c6372297b310336dd040689d1
* | | | | Prepare 5.13.1-SNAPSHOT buildsMatthias Sohn2021-09-083-10/+10
| | | | | | | | | | | | | | | | | | | | Change-Id: Ib2f689d8d13eab022da5b5e83d6d6bebc1bb81d3
* | | | | JGit v5.13.0.202109080827-rv5.13.0.202109080827-rMatthias Sohn2021-09-083-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: If3b2d4256712cc7e577c23e75c0d4ad940870e72 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | | Prepare 5.13.0-SNAPSHOT buildsMatthias Sohn2021-09-013-4/+4
| | | | | | | | | | | | | | | | | | | | Change-Id: I2a1d7ab24d5ca718348f4ce3cda351553e48cd1f
* | | | | JGit v5.13.0.202109011149-rc1v5.13.0.202109011149-rc1Matthias Sohn2021-09-013-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: Id8d0970102f18e61a2fc7cf941267c9089d71c1a Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | | Prepare 5.13.0-SNAPSHOT buildsMatthias Sohn2021-08-253-4/+4
| | | | | | | | | | | | | | | | | | | | Change-Id: I6db044fdd57b60adbc2dd078c4af8cb54bb331c3
* | | | | JGit v5.13.0.202108250949-m3v5.13.0.202108250949-m3Matthias Sohn2021-08-253-4/+4
| |_|_|/ |/| | | | | | | | | | | | | | | Change-Id: Icc079b28327f5a02256f9a06837c2be6352ea6e3 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | [gpg] Better GPG home directory determinationThomas Wolf2021-08-183-15/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GPG can use customized directories instead of the standard ~/.gnupg or %APPDATA%\gnupg directories: * Environment variable GNUPGHOME can define the location. * On Windows, a registry key may define the location (but this is deprecated). * Portable installations may use a directory defined via a file "gpgconf.ctl". * GPG programs may take a --homedir command-line argument, which overrides anything. Implement handling of environment variable GNUPGHOME. The other ways of GPG to get its home directory are outside the reach of JGit. Provide a system property "jgit.gpg.home" that the user can set in such cases. Do tilde replacement for the system property and for GNUPGHOME. Note that on VMS, the default directory would be ~/gnupg (without dot). This is not accounted for, but a user on VMS could now use either the system property or GNUPGHOME to direct JGit to the right directory. Bug: 575327 Change-Id: Id5ea04a85d58dba0c0df7a705777630d36042467 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | | [gpg] Update to Bouncy Castle 1.69Thomas Wolf2021-07-262-22/+22
| | | | | | | | | | | | | | | | | | | | | | | | Bump lower bound in MANIFEST.MF and adapt code. Change-Id: I3a3c7948e5fc29f5517fe84209fcea81834e8e5b
* | | | Update orbit to I20210713220109Matthias Sohn2021-07-162-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | update - org.apache.commons.compress to 1.20.0.v20210713-192 - org.bouncycastle.bcpg to 1.69.0.v20210713-1924 - org.bouncycastle.bcpkix to 1.69.0.v20210713-1924 - org.bouncycastle.bcprov to 1.69.0.v20210713-1924 - add org.bouncycastle.bcutil 1.69.0.v20210713-1924 In bazel build don't expose bouncycastle to org.eclipse.jgit since it's not used there anymore since code depending on bouncycastle was moved to org.eclipse.jgit.gpg.bc. CQ: 21771 CQ: 23471 CQ: 23472 CQ: 23473 CQ: 23474 Change-Id: Id3d94c00c39bbc57e3f49a61150841249dc3985c
* | | | Prepare 5.13.0-SNAPSHOT buildsMatthias Sohn2021-06-143-10/+10
| | | | | | | | | | | | | | | | Change-Id: Ie9cfc1eeb0eda7b2bbe744a22a7e4cfe6d59bc37
* | | | Prepare 5.12.1-SNAPSHOT buildsMatthias Sohn2021-06-133-10/+10
| | | | | | | | | | | | | | | | Change-Id: Idf266c34aa9a04cf9c5e0e09bcb415c13d773d4c
* | | | JGit v5.12.0.202106070339-rv5.12.0.202106070339-rMatthias Sohn2021-06-073-4/+4
| | | | | | | | | | | | | | | | | | | | Change-Id: I0fbfea2c83f1ce83f75130cc97591547032f1104 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | Prepare 5.12.0-SNAPSHOT buildsMatthias Sohn2021-06-033-4/+4
| | | | | | | | | | | | | | | | | | | | Change-Id: Ifc72d3f3ac84b9c4055b95ec0093d877ffb09ab0 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | JGit v5.12.0.202106021050-rc1v5.12.0.202106021050-rc1Matthias Sohn2021-06-023-4/+4
| | | | | | | | | | | | | | | | | | | | Change-Id: I622ee049f14f37504ff4a062f03d6fc25465d0ec Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | Prepare 5.12.0-SNAPSHOT buildsMatthias Sohn2021-06-023-4/+4
| | | | | | | | | | | | | | | | Change-Id: I25e4efc9b40ae4e7168b37385445c73992c5beb0
* | | | JGit v5.12.0.202106011439-rc1v5.12.0.202106011439-rc1Matthias Sohn2021-06-013-4/+4
| | | | | | | | | | | | | | | | | | | | Change-Id: Ieac1d02879defe0f4791062448d4efc328a2f652 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | Prepare 5.12.0-SNAPSHOT buildsMatthias Sohn2021-06-013-4/+4
| | | | | | | | | | | | | | | | | | | | Change-Id: If563be77aab768ac1f31ae2211fb0892d0205a2a Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | JGit v5.12.0.202105261145-m3v5.12.0.202105261145-m3Matthias Sohn2021-05-263-4/+4
| | | | | | | | | | | | | | | | | | | | Change-Id: I3b1af2032227900e6e0c6189f47bace1df67f0ab Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | Prepare 5.12.0-SNAPSHOT buildsMatthias Sohn2021-05-063-4/+4
| | | | | | | | | | | | | | | | Change-Id: I2fc5305e7eaaa4593d418fc3b31d20e4b6e1e585
* | | | JGit v5.12.0.202105051250-m2v5.12.0.202105051250-m2Matthias Sohn2021-05-053-4/+4
| | | | | | | | | | | | | | | | | | | | Change-Id: Ic7d86c91ec0ff9aa0678dcb971c197e62a4ca2dc Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | Prepare 5.12.0-SNAPSHOT buildsMatthias Sohn2021-03-103-10/+10
| | | | | | | | | | | | | | | | | | | | Change-Id: I736de7c3deb11da75777d459f47332df0b486443 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | Prepare 5.11.1-SNAPSHOT buildsMatthias Sohn2021-03-093-10/+10
| | | | | | | | | | | | | | | | | | | | Change-Id: I94628ccbb5099a65aa4345cfd28a141ff5555b68 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | JGit v5.11.0.202103091610-rv5.11.0.202103091610-rMatthias Sohn2021-03-093-4/+4
| | | | | | | | | | | | | | | | | | | | Change-Id: I8e6855eaf7228459f492036feb4e34ca085698a7 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | Prepare 5.11.0-SNAPSHOT buildsMatthias Sohn2021-03-043-4/+4
| | | | | | | | | | | | | | | | | | | | Change-Id: I89ed49a6acc53dd75d16f40c99e1140e0c18f646 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | JGit v5.11.0.202103031150-rc1v5.11.0.202103031150-rc1Matthias Sohn2021-03-033-4/+4
| | | | | | | | | | | | | | | | | | | | Change-Id: I0a86fa59645888f9f36ea6938c9121e095f02fc6 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | Prepare 5.11.0-SNAPSHOT buildsMatthias Sohn2021-02-243-4/+4
| | | | | | | | | | | | | | | | | | | | Change-Id: If3dbe084ee37ae4b993d3a10ec48b14e8709ff6d Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | JGit v5.11.0.202102240950-m3v5.11.0.202102240950-m3Matthias Sohn2021-02-243-4/+4
| |_|/ |/| | | | | | | | | | | Change-Id: Iea6b3515fa63db497989194b6bf50fe7324086d0 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | GPG: fix reading unprotected old-format secret keysThomas Wolf2021-02-221-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | Fix code and add a test case. The old code passed on the original input stream, which has already been consumed. Bug: 570501 Change-Id: I81f60698ce42443df57e59b1d1ab155574136fa8 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | GPG: handle extended private key formatThomas Wolf2021-02-1911-93/+1744
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add detection for the key-value pair format that was available in gpg-agent for some time already and that has become the default since gpg-agent 2.2.20. If a secret key in the .gnupg/private-keys-v1.d directory is found to have this format, extract the human-readable key from it, convert it to the binary serialized form and hand that to BouncyCastle. Encrypted keys in the new format may use AES/OCB. OCB is a patent- encumbered algorithm; although there is a license for open-source software, that may not be good enough and OCB may not be available in Java. It is not available in the default security provider in Java, and it is also not available in the BouncyCastle version included in Eclipse. Implement AES/OCB decryption, throwing a PGPException with a nice message if the algorithm is not available. Include a copy of the normal s-expression parser of BouncyCastle and fix it to properly handle data from such keys: such keys do not contain an internal hash since the AES/OCB cipher includes and checks a MAC already. Bug: 570501 Change-Id: Ifa6391a809a84cfc6ae7c6610af6a79204b4143b Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | [GPG] Provide a factory for the BouncyCastleGpgSignerThomas Wolf2021-02-192-1/+36
| | | | | | | | | | | | | | | | | | | | | Otherwise client code has no way to ever create an instance without using internal non-API. Change-Id: I6201f98d4b1704a053159967b8adacd98e368522 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | GPG: compute the keygrip to find a secret keyThomas Wolf2021-02-165-62/+399
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The gpg-agent stores secret keys in individual files in the secret key directory private-keys-v1.d. The files have the key's keygrip (in upper case) as name and extension ".key". A keygrip is a SHA1 hash over the parameters of the public key. By computing this keygrip, we can pre-compute the expected file name and then check only that one file instead of having to iterate over all keys stored in that directory. This file naming scheme is actually an implementation detail of gpg-agent. It is unlikely to change, though. The keygrip itself is computed via libgcrypt and will remain stable according to the GPG main author.[1] Add an implementation for calculating the keygrip and include tests. Do not iterate over files in BouncyCastleGpgKeyLocator but only check the single file identified by the keygrip. Ideally upstream BouncyCastle would provide such a getKeyGrip() method. But as it re-builds GPG and libgcrypt internals, it's doubtful it would be included there, and since BouncyCastle even lacks a number of curve OIDs for ed25519/curve25519 and uses the short-Weierstrass parameters instead of the more common Montgomery parameters, including it there might be quite a bit of work. [1] http://gnupg.10057.n7.nabble.com/GnuPG-2-1-x-and-2-2-x-keyring-formats-tp54146p54154.html Bug: 547536 Change-Id: I30022a0e7b33b1bf35aec1222f84591f0c30ddfd Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | GPG signature verification via BouncyCastleThomas Wolf2021-02-168-22/+502
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a GpgSignatureVerifier interface, plus a factory to create instances thereof that is provided via the ServiceLoader mechanism. Implement the new interface for BouncyCastle. A verifier maintains an internal LRU cache of previously found public keys to speed up verifying multiple objects (tag or commits). Mergetags are not handled. Provide a new VerifySignatureCommand in org.eclipse.jgit.api together with a factory method Git.verifySignature(). The command can verify signatures on tags or commits, and can be limited to accept only tags or commits. Provide a new public WrongObjectTypeException thrown when the command is limited to either tags or commits and a name resolves to some other object kind. In jgit.pgm, implement "git tag -v", "git log --show-signature", and "git show --show-signature". The output is similar to command-line gpg invoked via git, but not identical. In particular, lines are not prefixed by "gpg:" but by "bc:". Trust levels for public keys are read from the keys' trust packets, not from GPG's internal trust database. A trust packet may or may not be set. Command-line GPG produces more warning lines depending on the trust level, warning about keys with a trust level below "full". There are no unit tests because JGit still doesn't have any setup to do signing unit tests; this would require at least a faked .gpg directory with pre-created key rings and keys, and a way to make the BouncyCastle classes use that directory instead of the default. See bug 547538 and also bug 544847. Tested manually with a small test repository containing signed and unsigned commits and tags, with signatures made with different keys and made by command-line git using GPG 2.2.25 and by JGit using BouncyCastle 1.65. Bug: 547751 Change-Id: If7e34aeed6ca6636a92bf774d893d98f6d459181 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | GPG: support git config gpg.programThomas Wolf2021-02-071-2/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add it to the GpgConfig. Change GpgConfig to load the values once only. Add a parameter to the GpgObjectSigner interface's operations to pass in a GpgConfig. Update CommitCommand and TagCommand to pass the value to the signer. Let the signer decide whether it can actually produce the wanted signature type (openpgp or x509). No behavior change. But this makes it possible to implement different signers that might support x509 signatures, or use gpg.program and shell out to an external GPG executable for signing. Change-Id: I427f83eb1ece81c310e1cddd85315f6f88cc99ea Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | GPG user ID matching: use case-insensitive matchingThomas Wolf2020-12-291-4/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Although not mentioned in the GPG documentation at [1], GPG uses case-insensitive matching also for the '<' (exact e-mail) and '@' (partial e-mail) operators. Matching for '=' (full exact match) is case-sensitive. Compare [2]. [1] https://www.gnupg.org/documentation/manuals/gnupg/Specify-a-User-ID.html [2] https://dev.gnupg.org/source/gnupg/browse/master/g10/keyring.c;22f7dddc34446a8c3e9eddf6cb281f16802351d7$890 Bug: 547789 Change-Id: I2f5ab65807d5dde3aa00ff032894701bbd8418c9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | Enable GpgSigner to also sign tagsThomas Wolf2020-12-071-3/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Factor out a common ObjectBuilder as super class of CommitBuilder and TagBuilder, and make the GpgSigner work on ObjectBuilder. In order not to break API, add the new method for signing an ObjectBuilder in a new interface GpgObjectSigner. The signature for a tag is just tacked onto the end of the tag message. The message of a signed tag must end in LF. Bug: 386908 Change-Id: I5e021e3c927f4051825cd7355b129113b949455e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>