| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Public keys in the SSH configuration's "IdentityFile" are used for
example by Password Managers like KeePassXC
(https://keepassxc.org/docs/#faq-ssh-agent-auth-errors) or 1Password
(https://developer.1password.com/docs/ssh/agent/advanced/#match-key-with-host)
to match keys in the SSH agent with specific hosts.
Bug: jgit-25
Change-Id: I33d47057d9dd54d3d08ba5bb17f730435ac93dac
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This includes the upstream fix for CVE-2023-48795[1] ("strict KEX"
protocol extension mitigating the "Terrapin attack"[2]) in JGit.
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-48795
[2] https://www.terrapin-attack.com/
Bug: jgit-16
Change-Id: Ie9aa5b903ea6795bd1511afea0bebdb537b56148
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Eclipse platform moved to sfl4j 2.x. Hence relax version constraint so
that both 1.7 and 2.x are allowed.
Bug: egit-5
Change-Id: Ie0b00310d8f3f2553457c8668a38978a67b8febe
|
| | | |
| | |
| | |
| | | |
Change-Id: Id1d784ec4870cfb53c4b140fe0bb3fad9eef651d
|
| | | |
| | |
| | |
| | | |
Change-Id: I56458c5345dcd9544868c948e90c9827d25c6850
|
| | | |
| | |
| | |
| | |
| | | |
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Change-Id: Iecfe3f628cfdc437ee0d63fe52653ef952c8c494
|
| | | |
| | |
| | |
| | | |
Change-Id: I89178175549541111cddb88da401899960c0ecac
|
| | | |
| | |
| | |
| | |
| | | |
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Change-Id: I6a40cdef68538fa769f4525eb2ff1ed4a810f11c
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Update maven build, bazel build, and target platform.
Also remove a file in a ./bin directory that got committed by mistake
in commit f5f4bf0ad.
Change-Id: Ia653c71643f8fad290874d723dacdafbef25c13f
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- configure Maven to run build reproducibly [1]
- use UTC timestamp of checked out commit as build timestamp
- add git-describe, git-commit-id, git-commit-id, git-tags,
git-remote-origin-url to MANIFEST.MF files
- configure cyclonedx-maven-plugin to also use UTC timestamp of
checked out commit
- for packaging build use tycho-buildtimestamp-jgit [2] to ensure
version uses the timestamp of the last commit
- SBOMs are not reproducible by design [3] they should have a build
timestamp matching the time when the build was executed and a serial
number which is a unique UUID per build run. Hence exclude them from
comparison [4].
- Use gmavenplus-plugin to format build timestamps. Maven expects
build timestamp in ISO-8601 format, to replace the qualifier in
versions the timestamp format must be compatible with rules for OSGi
version numbers. Didn't find a way to read the properties set by the
git-commit-id-maven-plugin from another plugin. Hence use JGit in a
groovy script to get the commit time of the current HEAD and provide
it in these two formats.
TODO: packaging build (features and p2 repository) is not yet binary
reproducible since that's not yet supported by Tycho [5], artefacts have
reproducible version numbers but file lastModified timestamps are not
yet reproducible.
Test plan for Maven build:
- build using
mvn clean install"
- verify second build is reproducible:
mvn -T1 clean verify artifact:compare
verification seems not to be thread-safe, hence run it with a single
thread using option -T1
For packaging build (still fails due to non-reproducible file
timestamps):
- build using
mvn -f org.eclipse.jgit.packaging/pom.xml clean install
- verify second build is reproducible:
mvn -T1 -f org.eclipse.jgit.packaging/pom.xml clean verify artifact:compare
[1] https://maven.apache.org/guides/mini/guide-reproducible-builds.html
[2] https://wiki.eclipse.org/Tycho/Reproducible_Version_Qualifiers
[3] https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/84
[4] https://maven.apache.org/plugins/maven-artifact-plugin/compare-mojo.html
[5] https://github.com/eclipse-tycho/tycho/issues/233
Change-Id: I0202f55a1b6ae0edd922cfef638beb39d2ce9417
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
consuming it directly from Maven Central.
The bundle net.i2p.crypto.eddsa 0.3.0 contains bad OSGi metadata,
earlier it was repackaged in Orbit tweaking its mandatory dependency to
sun.security.x509 to an optional dependency.
This project seems to be orphaned, probably because Java 15 added
support for eddsa with JEP339 [1].
This repackaged bundle is no longer available after Orbit was renovated
[2] to consume the vast majority of bundles directly from Maven Central
without repacking them. Hence we have to workaround this (probably
false) mandatory dependency. For that export an empty dummy package
"sun.security.x509" to satisfy OSGi.
[1] https://openjdk.org/jeps/339
[2] https://github.com/eclipse-orbit/orbit-simrel/issues/15
Change-Id: I2267e15823ebce6cf1d448e1e16a129f703e0f80
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The byte buffers used here are created by wrapping a byte[].
See https://errorprone.info/bugpattern/ByteBufferBackingArray
Change-Id: Idbc16d5ae4ff9f64b97be07a3cdf190716da191f
|
| | | |
| | |
| | |
| | | |
Change-Id: I4da51c7e089366b016a0cc64f768a151c24bc956
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
OSGi can have its plugin localization at an arbitrary place; there is
no need to have it in a top-level plugin.properties file. In non-OSGi
environments having the files at the root level may mean that these
files clash with each other, or, as in the referenced bug, with some
third-party plug-in's plugin.properties, which may not even have
anything to do with localization.
Move our OSGi localization to a subfolder OSGI-INF/l10n. For OSGi
environments, that's just as good, and for non-OSGi environments it
avoid clashes with other root level items on the classpath or in a fat
JAR.
For fragments, use neither plugin.properties (which would clash with the
host plug-in's plugin.properties) nor fragment.properties (which might
clash with other fragments for the same fragment host bundle). Instead
use names "relative" to the host bundle.
Bug: 582394
Change-Id: Ifbcd046d912e2cfe86c0f7259c5ca8de599d9aa1
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
File#getAbsoluteFile is non-nullable, so this check can never trigger.
Worse, getAbsoluteFile can throw an exception such as
InvalidPathException, and since this call isn't in the "try" block
that checks for that, the exception would then escape the getSession
call.
Noticed because the exception is being thrown in googlesource.com's
custom SshdSessionFactory, causing incoming ssh requests to fail
(noticed using internal tests).
Change-Id: I57f2d5e497ff678b17573f79827b6e1d9a6c9b9f
Signed-off-by: Jonathan Nieder <jrn@google.com>
|
| | | |
| | |
| | |
| | | |
Change-Id: Ifc81f0a96c2ced0b25926b9daa539d9cfc951925
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* stable-6.7:
Prepare 6.7.1-SNAPSHOT builds
Switch back to wagon-ssh-external
Fix generation of maven site
JGit v6.7.0.202309050840-r
Remove unused API problem filters
[releng] Bump japicmp base version to 6.6.0.202305301015-r
Fix list of 3rd party bundles in p2 repo
Add missing source bundle org.osgi.service.cm.source to target platform
Prepare 6.6.2-SNAPSHOT builds
JGit v6.6.1.202309021850-r
Checkout: better directory handling
Document commit-graph options supported by JGit
Fix warning raised for local variable hiding DfsPackFile#index
Suppress boxing warnings in DfsPackFile
Remove unused API problem filters
Suppress boxing warnings in tests
Fix warning about empty block
Update mockito to 5.5.0
Update byte-buddy to 1.14.7
Prepare 6.7.0-SNAPSHOT builds
JGit v6.7.0.202308301100-rc1
Change-Id: Ib2a1000ead5ca6cf3816e9e9496ad5d92f4dc963
|
| | | | |
| | | |
| | | |
| | | | |
Change-Id: I96097ef8c6f198220f513bbc6d5f8881834a1491
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Change-Id: Ibe952d97bc178adb909cdd40f48957f5b68af699
|
| | | | |
| | | |
| | | |
| | | | |
Change-Id: I49751232464e70b7d1dc3292a9f36b7a7015e44f
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Change-Id: I712a9f6830364ed404d03f3a145c055906273544
|
| | | | |
| | | |
| | | |
| | | | |
Change-Id: I936d2d9106a1e3b7a98ec89fec8ae8a92ec765f2
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Change-Id: I255a979e9f48f60a251ef7b74ced3f720f012706
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
Home directory might not be set in DFS.
Change-Id: I3528685838065dc291826fc73a37126af7bf47ce
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The condition looks suspicious, as in case of
(hasElement==null && hasNext())
the check will generate a NPE
Change-Id: I267f9df6746393d72f5102bd5271441422550968
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Support PKCS#11 HSMs (like YubiKey PIV) for SSH authentication.
Use the SunPKCS11 provider as described at [1]. This provider
dynamically loads the library from the PKCS11Provider SSH configuration
and creates a Java KeyStore with that provider. A Java CallbackHandler
is needed to feed PIN prompts from the KeyStore into the JGit
CredentialsProvider framework. Because the JGit CredentialsProvider may
be specific to a SSH session but the PKCS11Provider may be used by
several sessions, the CallbackHandler needs to be configurable per
session.
PIN prompts respect the NumberOfPasswordPrompts SSH configuration. As
long as the library asks only for a PIN, we use the KeyPasswordProvider
to prompt for it. This gives automatic integration in Eclipse with the
Eclipse secure storage, so a user has even the option to store the PIN
there. (Eclipse will then ask for the secure storage master password on
first access, so the usefulness of this is debatable.)
By default the provider uses the first PKCS#11 token (slot list index
zero). This can be overridden by a non-standard PKCS11SlotListIndex
ssh configuration entry. (For OpenSSH interoperability, also set
"IgnoreUnknown PKCS11SlotListIndex" in the SSH config file then.)
Once loaded, the provider and its shared library and the keys
contained remain available until the application exits.
Manually tested using SoftHSM. See file manual_tests.txt. Kudos to
Christopher Lamb for additional manual testing with a real YubiKey,
also on Windows.[2]
[1] https://docs.oracle.com/en/java/javase/11/security/pkcs11-reference-guide1.html
[2] https://www.eclipse.org/forums/index.php/t/1113295/
Change-Id: I544c97e1e24d05e28a9f0e803fd4b9151a76ed11
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes all the javadoc warnings, stops ignoring doclint 'missing'
category and fails the build on javadoc warnings for public and
protected classes and class members.
Since javadoc doesn't allow access specifiers when specifying doclint
configuration we cannot set `-Xdoclint:all,-missing/private`
hence there is no simple way to skip private elements from doclint.
Therefore we check javadoc using the Eclipse Java compiler
(which is used by default) and javadoc configuration in
`.settings/org.eclipse.jdt.core.prefs` files.
This allows more fine grained configuration.
We can reconsider this when javadoc starts supporting access specifiers
in the doclint configuration.
Below are detailled explanations for most modifications.
@inheritDoc
===========
doclint complains about explicits `{@inheritDoc}` when the parent does
not have any documentation. As far as I can tell, javadoc defaults to
inherit comments and should only be used when one wants to append extra
documentation from the parent. Given the parent has no documentation,
remove those usages which doclint complains about.
In some case I have moved up the documentation from the concrete class
up to the abstract class.
Remove `{@inheritDoc}` on overriden methods which don't add additional
documentation since javadoc defaults to inherit javadoc of overridden
methods.
@value to @link
===============
In PackConfig, DEFAULT_SEARCH_FOR_REUSE_TIMEOUT and similar are forged
from Integer.MAX_VALUE and are thus not considered constants (I guess
cause the value would depends on the platform). Replace it with a link
to `Integer.MAX_VALUE`.
In `StringUtils.toBoolean`, @value was used to refer to the
`stringValue` parameter. I have replaced it with `{@code stringValue}`.
{@link <url>} to <a>
====================
@link does not support being given an external URL. Replaces them with
HTML `<a>`.
@since: being invalid
=====================
org.eclipse.jgit/src/org/eclipse/jgit/util/Equality.java has an invalid
tag `@since: ` due to the extra `:`. Javadoc does not complain about it
with version 11.0.18+10 but does with 11.0.19.7. It is invalid
regardless.
invalid HTML syntax
===================
- javadoc doesn't allow <br/>, <p/> and </p> anymore, use <br> and <p>
instead
- replace <tt>code</tt> by {@code code}
- <table> tags don't allow summary attribute, specify caption as
<caption>caption</caption> to fix this
doclint visibility issue
========================
In the private abstract classes `BaseDirCacheEditor` and
`BasePackConnection` links to other methods in the abstract class are
inherited in the public subclasses but doclint gets confused and
considers them unreachable. The HTML documentation for the sub classes
shows the relative links in the sub classes, so it is all correct. It
must be a bug somewhere in javadoc.
Mute those warnings with: @SuppressWarnings("doclint:missing")
Misc
====
Replace `<` and `>` with HTML encoded entities (`< and `>`).
In `SshConstants` I went enclosing a serie of -> arrows in @literal.
Additional tags
===============
Configure maven-javad0c-plugin to allow the following additional tags
defined in https://openjdk.org/jeps/8068562:
- apiNote
- implSpec
- implNote
Missing javadoc
===============
Add missing @params and descriptions
Change-Id: I840056389aa59135cfb360da0d5e40463ce35bd0
Also-By: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | | |
Change-Id: I50ff7ee31046cfc29a087c8963be3deae24b1c9c
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bump the version numbers in pom.xml and in MANIFESTs, and in the bazel
WORKSPACE file. Update the target platforms. Remove work-arounds in
org.eclipse.jgit.ssh.apache that are no longer necessary.
The release notes for Apache MINA sshd are at [1].
[1] https://github.com/apache/mina-sshd/blob/master/docs/changes/2.10.0.md
Bug: 581770
Change-Id: Id27e73e9712b7865353c9b32b5b768f6e998b05e
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* stable-6.5:
Rerun flaky tests 3 times
Prepare 6.5.1-SNAPSHOT builds
JGit v6.5.0.202303070854-r
Ignore generated org.eclipse.jgit.benchmarks/dependency-reduced-pom.xml
[sshd] Fix calculation of timeout in AbstractClientProxyConnector
Silence API error raised for removed BranchRebaseMode#PRESERVE
Change-Id: Ie615980c81371ee26b2395e67e026bbd17422fbd
|
| | | | |
| | | |
| | | |
| | | | |
Change-Id: Idd9977ac08a339906e33beb73f57f8f6885ad86f
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Change-Id: I8da37ead0bd527bc4990ed5f8d5d4fb4f4d5cf01
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The previous implementation mixed nano seconds (elapsed) and milli
seconds (remaining) without conversion.
Change-Id: I9e1654afa47fa32c94808af3b2dd0418a372fb00
|
| | | | |
| | | |
| | | |
| | | | |
Change-Id: I313e3deed8fa00df0406b3d7b73e5b643dc25a05
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Change-Id: I1eb2e87b70c2da1dc81468cdc7ecf7dbd21d4190
|
| | | | |
| | | |
| | | |
| | | | |
Change-Id: Ie95ce8fcc2a570505d23d5a1642e33c041212260
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Change-Id: I00bf91823e2fe6503d52ae23bc1854f0b1d66dbd
|
| | | | |
| | | |
| | | |
| | | | |
Change-Id: Id0c7e51293d53b1eeec081cbbdf6e27d77123200
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Change-Id: I231d3f9b8a59e374477d3a33964061acb2c25ce4
|
| | | | |
| | | |
| | | |
| | | | |
Change-Id: I6fbda9ad8e054a664cb79c3a32baded12ad6802f
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Change-Id: I4e81d5c61d66f748e0c5bc86d95f579b5990e9f4
|
| |/ / /
| | |
| | |
| | | |
Change-Id: I17893f9db12bcb208866f40a06cd4f1ccbb4fe30
|
| | | |
| | |
| | |
| | | |
Change-Id: I4238b6181e96e22e540cf34802a332f868cb6dfb
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Release notes for 2.9.2:
https://github.com/apache/mina-sshd/blob/master/docs/changes/2.9.2.md
Change-Id: I7809bcba1d45b76ab9dcc031f86beb2f69da3788
Signed-off-by: Thomas Wolf <twolf@apache.org>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Check the key length before adding; the addition might overflow.
Change-Id: Icde7c92a5bb267fdd869d5a1c0842967ab1a7fd9
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| | | |
| | |
| | |
| | | |
Change-Id: I47ca5f1d0263caa0bfc7c303042360c6c5ac4dec
|
| | | |
| | |
| | |
| | | |
Change-Id: I44e159eca4131880d74d3078060e7e20f9b5ce76
|
| | | |
| | |
| | |
| | |
| | | |
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Change-Id: Iea3fae9f6f6c5fb0a79f7684334a3e0059738c4f
|
| | | |
| | |
| | |
| | |
| | | |
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Change-Id: I3cc78dbcf8c7970e80bf1499751611110ec2b30b
|
