作成者 | SHA1 | メッセージ | 日付 |
---|---|---|---|
David Ostrovsky | c82818e0e0 |
Bazel: Remove unused dependencies flagged by unused_deps
Change-Id: I7fcb494fdce4bb3de203236fa51b188b099d842f Signed-off-by: David Ostrovsky <david@ostrovsky.org> |
3年前 |
David Ostrovsky | f8eefdb003 |
Bazel: Format build file with buildifier
Change-Id: I4c0c7ffb04d7bed517faf1a4932d8c76738bff11 Signed-off-by: David Ostrovsky <david@ostrovsky.org> |
3年前 |
Matthias Sohn | 7e38792ead |
Add missing bazel dependency for o.e.j.gpg.bc.test
This was missed in
|
3年前 |
Thomas Wolf | 64cbea8a97 |
GPG: compute the keygrip to find a secret key
The gpg-agent stores secret keys in individual files in the secret key directory private-keys-v1.d. The files have the key's keygrip (in upper case) as name and extension ".key". A keygrip is a SHA1 hash over the parameters of the public key. By computing this keygrip, we can pre-compute the expected file name and then check only that one file instead of having to iterate over all keys stored in that directory. This file naming scheme is actually an implementation detail of gpg-agent. It is unlikely to change, though. The keygrip itself is computed via libgcrypt and will remain stable according to the GPG main author.[1] Add an implementation for calculating the keygrip and include tests. Do not iterate over files in BouncyCastleGpgKeyLocator but only check the single file identified by the keygrip. Ideally upstream BouncyCastle would provide such a getKeyGrip() method. But as it re-builds GPG and libgcrypt internals, it's doubtful it would be included there, and since BouncyCastle even lacks a number of curve OIDs for ed25519/curve25519 and uses the short-Weierstrass parameters instead of the more common Montgomery parameters, including it there might be quite a bit of work. [1] http://gnupg.10057.n7.nabble.com/GnuPG-2-1-x-and-2-2-x-keyring-formats-tp54146p54154.html Bug: 547536 Change-Id: I30022a0e7b33b1bf35aec1222f84591f0c30ddfd Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
3年前 |
Matthias Sohn | 77848d635b |
Decouple BouncyCastle from JGit Core
Motivation: BouncyCastle serves as 'default' implementation of the GPG Signer. If a client application does not use it there is no need to pull in this dependency, especially since BouncyCastle is a large library. Move the classes depending on BouncyCastle to an OSGi fragment extending the org.eclipse.jgit bundle. They are moved to a distinct internal package in order to avoid split packages. This doesn't break public API since these classes were already in an internal package before this change. Add a new feature org.eclipse.jgit.gpg.bc to enable installation. With that users can now decide if they want to install it. Attempts to sign a commit if org.eclipse.jgit.gpg.bc isn't available will result in ServiceUnavailableException being thrown. Bug: 559106 Change-Id: I42fd6c00002e17aa9a7be96ae434b538ea86ccf8 Also-by: Michael Dardis <git@md-5.net> Signed-off-by: Michael Dardis <git@md-5.net> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: David Ostrovsky <david@ostrovsky.org> |
4年前 |