diff options
author | David Ostrovsky <david@ostrovsky.org> | 2015-03-04 22:36:10 +0100 |
---|---|---|
committer | David Pursehouse <david.pursehouse@sonymobile.com> | 2015-04-06 12:26:07 +0900 |
commit | e2921b62f6c09d574a25aaa079d538ac499ef382 (patch) | |
tree | b3a6d07307da34070aa6bfe8a4b9c00d759c45b3 | |
parent | 329c32347336214b496f2846d05a80fe927c673e (diff) |
Revert "Downgrade SSHD to 0.9.0-4-g5967cfd"
All versions of SSHD since release 0.10 were suffering from exhaustion
of thread pool. Number of valuable features had to be reverted to
downgrade the SSHD version to 0.9. This blocking bug [1] was fixed [2]
and released in 0.14.0.
Update to the new version of SSHD and revert the downgrade.
This reverts commit bde8e9ac6f26a85c1a757ac0fa298f8b0c3c5783.
[1] https://issues.apache.org/jira/browse/SSHD-348
[2] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commitdiff;h=964e76890cf56da4491199860d0ea8276fbd26a6
Change-Id: Ib5faf1df0cb6bde2e2cd554c9311cc5e55095b04
-rw-r--r-- | Documentation/config-gerrit.txt | 8 | ||||
-rw-r--r-- | gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config | 12 | ||||
-rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java | 13 | ||||
-rw-r--r-- | gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java | 31 | ||||
-rw-r--r-- | lib/bouncycastle/BUCK | 8 | ||||
-rw-r--r-- | lib/mina/BUCK | 9 |
6 files changed, 59 insertions, 22 deletions
diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt index 3368db9f58..f43ea16ee2 100644 --- a/Documentation/config-gerrit.txt +++ b/Documentation/config-gerrit.txt @@ -2863,6 +2863,14 @@ namespace. To alias `replication start` to `gerrit replicate`: [[sshd]] === Section sshd +[[sshd.backend]]sshd.backend:: ++ +Starting from version 0.9.0 Apache SSHD project added support for NIO2 +IoSession. To use the new NIO2 session the `backend` option must be set +to `NIO2`. ++ +By default, `MINA`. + [[sshd.listenAddress]]sshd.listenAddress:: + Specifies the local addresses the internal SSHD should listen diff --git a/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config b/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config index b5e702f3d4..16bceeeb51 100644 --- a/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config +++ b/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config @@ -15,16 +15,16 @@ # Version should match lib/bouncycastle/BUCK [library "bouncyCastleProvider"] - name = Bouncy Castle Crypto Provider v149 - url = http://www.bouncycastle.org/download/bcprov-jdk15on-149.jar - sha1 = f5155f04330459104b79923274db5060c1057b99 + name = Bouncy Castle Crypto Provider v151 + url = http://www.bouncycastle.org/download/bcprov-jdk15on-151.jar + sha1 = 9ab8afcc2842d5ef06eb775a0a2b12783b99aa80 remove = bcprov-.*[.]jar # Version should match lib/bouncycastle/BUCK [library "bouncyCastleSSL"] - name = Bouncy Castle Crypto SSL v149 - url = http://www.bouncycastle.org/download/bcpkix-jdk15on-149.jar - sha1 = 924cc7ad2f589630c97b918f044296ebf1bb6855 + name = Bouncy Castle Crypto SSL v151 + url = http://www.bouncycastle.org/download/bcpkix-jdk15on-151.jar + sha1 = 6c8c1f61bf27a09f9b1a8abc201523669bba9597 needs = bouncyCastleProvider remove = bcpkix-.*[.]jar diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java b/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java index 8c1fdb6b79..f43e976e81 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java @@ -38,6 +38,9 @@ import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.bouncycastle.openpgp.PGPUtil; +import org.bouncycastle.openpgp.bc.BcPGPPublicKeyRingCollection; +import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder; +import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -167,12 +170,16 @@ class EncryptedContactStore implements ContactStore { } } - @SuppressWarnings("deprecation") private final PGPEncryptedDataGenerator cpk() throws NoSuchProviderException, PGPException { + final BcPGPDataEncryptorBuilder builder = + new BcPGPDataEncryptorBuilder(PGPEncryptedData.CAST5) + .setSecureRandom(prng); PGPEncryptedDataGenerator cpk = - new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, true, prng, "BC"); - cpk.addMethod(dest); + new PGPEncryptedDataGenerator(builder, true); + final BcPublicKeyKeyEncryptionMethodGenerator methodGenerator = + new BcPublicKeyKeyEncryptionMethodGenerator(dest); + cpk.addMethod(methodGenerator); return cpk; } diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java index 60514429f8..7f3612bb2c 100644 --- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java +++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java @@ -45,6 +45,7 @@ import org.apache.sshd.common.ForwardingFilter; import org.apache.sshd.common.KeyExchange; import org.apache.sshd.common.KeyPairProvider; import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.RequestHandler; import org.apache.sshd.common.Session; import org.apache.sshd.common.Signature; import org.apache.sshd.common.SshdSocketAddress; @@ -67,10 +68,11 @@ import org.apache.sshd.common.forward.TcpipServerChannel; import org.apache.sshd.common.future.CloseFuture; import org.apache.sshd.common.future.SshFutureListener; import org.apache.sshd.common.io.IoAcceptor; -import org.apache.sshd.common.io.IoServiceFactory; +import org.apache.sshd.common.io.IoServiceFactoryFactory; import org.apache.sshd.common.io.IoSession; -import org.apache.sshd.common.io.mina.MinaServiceFactory; +import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory; import org.apache.sshd.common.io.mina.MinaSession; +import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory; import org.apache.sshd.common.mac.HMACMD5; import org.apache.sshd.common.mac.HMACMD596; import org.apache.sshd.common.mac.HMACSHA1; @@ -79,6 +81,7 @@ import org.apache.sshd.common.random.BouncyCastleRandom; import org.apache.sshd.common.random.JceRandom; import org.apache.sshd.common.random.SingletonRandomFactory; import org.apache.sshd.common.session.AbstractSession; +import org.apache.sshd.common.session.ConnectionService; import org.apache.sshd.common.signature.SignatureDSA; import org.apache.sshd.common.signature.SignatureRSA; import org.apache.sshd.common.util.Buffer; @@ -91,6 +94,10 @@ import org.apache.sshd.server.auth.UserAuthPublicKey; import org.apache.sshd.server.auth.gss.GSSAuthenticator; import org.apache.sshd.server.auth.gss.UserAuthGSS; import org.apache.sshd.server.channel.ChannelSession; +import org.apache.sshd.server.global.CancelTcpipForwardHandler; +import org.apache.sshd.server.global.KeepAliveHandler; +import org.apache.sshd.server.global.NoMoreSessionsHandler; +import org.apache.sshd.server.global.TcpipForwardHandler; import org.apache.sshd.server.kex.DHG1; import org.apache.sshd.server.kex.DHG14; import org.apache.sshd.server.session.SessionFactory; @@ -193,8 +200,13 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { final String kerberosPrincipal = cfg.getString( "sshd", null, "kerberosPrincipal"); - System.setProperty(IoServiceFactory.class.getName(), - MinaServiceFactory.class.getName()); + SshSessionBackend backend = cfg.getEnum( + "sshd", null, "backend", SshSessionBackend.MINA); + + System.setProperty(IoServiceFactoryFactory.class.getName(), + backend == SshSessionBackend.MINA + ? MinaServiceFactoryFactory.class.getName() + : Nio2ServiceFactoryFactory.class.getName()); if (SecurityUtils.isBouncyCastleRegistered()) { initProviderBouncyCastle(); @@ -251,6 +263,12 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { return new GerritServerSession(server, ioSession); } }); + setGlobalRequestHandlers(Arrays.<RequestHandler<ConnectionService>> asList( + new KeepAliveHandler(), + new NoMoreSessionsHandler(), + new TcpipForwardHandler(), + new CancelTcpipForwardHandler() + )); hostKeys = computeHostKeys(); } @@ -587,6 +605,11 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { @Override public SshFile getFile(String file) { return null; + } + + @Override + public FileSystemView getNormalizedView() { + return this; }}; } }); diff --git a/lib/bouncycastle/BUCK b/lib/bouncycastle/BUCK index 99f960e81c..d1ec48de1b 100644 --- a/lib/bouncycastle/BUCK +++ b/lib/bouncycastle/BUCK @@ -2,19 +2,19 @@ include_defs('//lib/maven.defs') # This version must match the version that also appears in # gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config -VERSION = '1.49' +VERSION = '1.51' maven_jar( name = 'bcprov', id = 'org.bouncycastle:bcprov-jdk15on:' + VERSION, - sha1 = 'f5155f04330459104b79923274db5060c1057b99', + sha1 = '9ab8afcc2842d5ef06eb775a0a2b12783b99aa80', license = 'DO_NOT_DISTRIBUTE', #'bouncycastle' ) maven_jar( name = 'bcpg', id = 'org.bouncycastle:bcpg-jdk15on:' + VERSION, - sha1 = '081d84be5b125e1997ab0e2244d1a2276b5de76c', + sha1 = 'b5fa4c280dfbf8bf7c260bc1e78044c7a1de5133', license = 'DO_NOT_DISTRIBUTE', #'bouncycastle' deps = [':bcprov'], ) @@ -22,7 +22,7 @@ maven_jar( maven_jar( name = 'bcpkix', id = 'org.bouncycastle:bcpkix-jdk15on:' + VERSION, - sha1 = '924cc7ad2f589630c97b918f044296ebf1bb6855', + sha1 = '6c8c1f61bf27a09f9b1a8abc201523669bba9597', license = 'DO_NOT_DISTRIBUTE', #'bouncycastle' deps = [':bcprov'], ) diff --git a/lib/mina/BUCK b/lib/mina/BUCK index d866807627..0c9b41ea75 100644 --- a/lib/mina/BUCK +++ b/lib/mina/BUCK @@ -8,18 +8,17 @@ EXCLUDE = [ maven_jar( name = 'sshd', - id = 'org.apache.sshd:sshd-core:0.9.0-4-g5967cfd', - sha1 = '449ec11c4417b295dbf1661585a50c6ec7d9a452', + id = 'org.apache.sshd:sshd-core:0.14.0', + sha1 = 'cb12fa1b1b07fb5ce3aa4f99b189743897bd4fca', license = 'Apache2.0', deps = [':core'], exclude = EXCLUDE, - repository = GERRIT, ) maven_jar( name = 'core', - id = 'org.apache.mina:mina-core:2.0.7', - sha1 = 'c878e2aa82de748474a624ec3933e4604e446dec', + id = 'org.apache.mina:mina-core:2.0.8', + sha1 = 'd6ff69fa049aeaecdf0c04cafbb1ab53b7487883', license = 'Apache2.0', exclude = EXCLUDE, ) |