Author | SHA1 | Message | Date |
---|---|---|---|
Thomas Wolf | e3f7a06764 |
GPG: don't prompt for a passphrase for unprotected keys
BouncyCastle supports reading GPG keys without passphrase since 1.62. Handle this in JGit, too, and don't prompt for a passphrase unless it's necessary. Make two passes over the private key files, a first pass without passphrase provider. If that succeeds it has managed to read a matching key without passphrase. Otherwise, ask the user for the passphrase and make a second pass over the key files. BouncyCastle 1.65 still has no method to get the GPG "key grip" from a given public key, so JGit still cannot determine the correct file to read up front. (The file name is the key grip as 40 hex digits, upper case, with extension ".key"). Bug: 548763 Change-Id: I448181276548c08716d913c7ba1b4bc64c62f952 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
4 years ago |
Matthias Sohn | 77848d635b |
Decouple BouncyCastle from JGit Core
Motivation: BouncyCastle serves as 'default' implementation of the GPG Signer. If a client application does not use it there is no need to pull in this dependency, especially since BouncyCastle is a large library. Move the classes depending on BouncyCastle to an OSGi fragment extending the org.eclipse.jgit bundle. They are moved to a distinct internal package in order to avoid split packages. This doesn't break public API since these classes were already in an internal package before this change. Add a new feature org.eclipse.jgit.gpg.bc to enable installation. With that users can now decide if they want to install it. Attempts to sign a commit if org.eclipse.jgit.gpg.bc isn't available will result in ServiceUnavailableException being thrown. Bug: 559106 Change-Id: I42fd6c00002e17aa9a7be96ae434b538ea86ccf8 Also-by: Michael Dardis <git@md-5.net> Signed-off-by: Michael Dardis <git@md-5.net> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: David Ostrovsky <david@ostrovsky.org> |
4 years ago |
Matthias Sohn | 5c5f7c6b14 |
Update EDL 1.0 license headers to new short SPDX compliant format
This is the format given by the Eclipse legal doc generator [1]. [1] https://www.eclipse.org/projects/tools/documentation.php?id=technology.jgit Bug: 548298 Change-Id: I8d8cabc998ba1b083e3f0906a8d558d391ffb6c4 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> |
4 years ago |
Medha Bhargav Prabhala | 137e91a465 |
Implement signing commits using BouncyCastle
This also includes a change to generating the jgit CLI jar. Shading is no longer possible because it breaks the signature of BouncyCastle. Instead, the Spring Boot Loader Maven plug-in is now used to generate an executable jar. Bug: 382212 Change-Id: I35ee3d4b06d9d479475ab2e51b29bed49661bbdc Also-by: Gunnar Wagenknecht <gunnar@wagenknecht.org> Signed-off-by: Gunnar Wagenknecht <gunnar@wagenknecht.org> Signed-off-by: Medha Bhargav Prabhala <mprabhala@salesforce.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> |
5 years ago |