diff options
author | Saša Živkov <sasa.zivkov@sap.com> | 2014-12-02 15:06:54 +0100 |
---|---|---|
committer | Saša Živkov <sasa.zivkov@sap.com> | 2014-12-04 13:51:59 +0100 |
commit | bde8e9ac6f26a85c1a757ac0fa298f8b0c3c5783 (patch) | |
tree | 4ad59d02b958a0ded0cef4f888cb5fd92628130f | |
parent | 58ac7a9e009b196ec23ca69f3ab971a26cf1ee0e (diff) |
Downgrade SSHD to 0.9.0-4-g5967cfd
Since there is no official 0.9.1 release of the SSHD yet, the
0.9.0-4-g5967cfd version was built from the 0.9.x branch and uploaded to
the Google cloud storage.
This change reverts the following Gerrit commits:
3d9c70c SSHD: Update to 0.13.0
52e4e0c Bump SSHD Mina version to 2.0.8
3921163 Don't use deprecated PGPPublicKeyRingCollection constructor
13452f4 Bump Bouncycastle version to 1.51
5f7d5a7 Update EncryptedContactStore to not use deprecated/removed methods
f69698c Update SSHD to 0.11.1-atlassian-1
67c38c8 Added global request handlers to SshDaemon
c31e17f Update sshd to 0.11.0
b9c66ea Bump SSHD version to 0.10.1 and enable nio2 backend
The reason for the downgrade (copied from the change 60161):
SSHD release 0.9 is known to be free from exhausting thread pool problem
[1]. Unfortunately 0.9 release suffers from sporadic handshake failures
[2]. The fix cannot be cleanly cherry-picked to 0.9 release. The back
port of this fix [3] is tracked under its own issue [4], was uploaded as
PR for SSHD Mina's GH repository [5] and merged recently [6].
Moreover, 0.9 suffers from "Authenticated with partial success" issue
[7]
that was fixed by [8], [9]; this patch must be applied as well.
This reverts commit dc7318b8eeda15732d4d2865fc5a7a0a68b3be15.
[1] https://issues.apache.org/jira/browse/SSHD-348
[2] https://issues.apache.org/jira/browse/SSHD-330
[3] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\
h=2aed686bdb21681a421033c6ee5997e5cd8a9a83
[4] https://issues.apache.org/jira/browse/SSHD-356
[5] https://github.com/apache/mina-sshd/pull/7
[6] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\
h=cc7162acf7ca89561ca57a9c68de735f17bf168b
[7] https://issues.apache.org/jira/browse/SSHD-254
[8] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\
h=28a8ae258b08c6b41ab64ac25f2331168dc0415a
[9] https://gerrit-review.googlesource.com/51516
Change-Id: I889fb02c2cb1aa5df2cf8dcabace086f5094a914
-rw-r--r-- | Documentation/config-gerrit.txt | 8 | ||||
-rw-r--r-- | gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config | 12 | ||||
-rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java | 15 | ||||
-rw-r--r-- | gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java | 35 | ||||
-rw-r--r-- | lib/bouncycastle/BUCK | 8 | ||||
-rw-r--r-- | lib/mina/BUCK | 9 |
6 files changed, 24 insertions, 63 deletions
diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt index dcc3df3682..95d5283e3f 100644 --- a/Documentation/config-gerrit.txt +++ b/Documentation/config-gerrit.txt @@ -2696,14 +2696,6 @@ namespace. To alias `replication start` to `gerrit replicate`: [[sshd]] === Section sshd -[[sshd.backend]]sshd.backend:: -+ -Starting from version 0.9.0 Apache SSHD project added support for NIO2 -IoSession. To use the new NIO2 session the `backend` option must be set -to `NIO2`. -+ -By default, `MINA`. - [[sshd.listenAddress]]sshd.listenAddress:: + Specifies the local addresses the internal SSHD should listen diff --git a/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config b/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config index 16bceeeb51..b5e702f3d4 100644 --- a/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config +++ b/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config @@ -15,16 +15,16 @@ # Version should match lib/bouncycastle/BUCK [library "bouncyCastleProvider"] - name = Bouncy Castle Crypto Provider v151 - url = http://www.bouncycastle.org/download/bcprov-jdk15on-151.jar - sha1 = 9ab8afcc2842d5ef06eb775a0a2b12783b99aa80 + name = Bouncy Castle Crypto Provider v149 + url = http://www.bouncycastle.org/download/bcprov-jdk15on-149.jar + sha1 = f5155f04330459104b79923274db5060c1057b99 remove = bcprov-.*[.]jar # Version should match lib/bouncycastle/BUCK [library "bouncyCastleSSL"] - name = Bouncy Castle Crypto SSL v151 - url = http://www.bouncycastle.org/download/bcpkix-jdk15on-151.jar - sha1 = 6c8c1f61bf27a09f9b1a8abc201523669bba9597 + name = Bouncy Castle Crypto SSL v149 + url = http://www.bouncycastle.org/download/bcpkix-jdk15on-149.jar + sha1 = 924cc7ad2f589630c97b918f044296ebf1bb6855 needs = bouncyCastleProvider remove = bcpkix-.*[.]jar diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java b/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java index d82180deaf..8c1fdb6b79 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java @@ -38,9 +38,6 @@ import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.bouncycastle.openpgp.PGPUtil; -import org.bouncycastle.openpgp.bc.BcPGPPublicKeyRingCollection; -import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder; -import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -114,7 +111,7 @@ class EncryptedContactStore implements ContactStore { private static PGPPublicKeyRingCollection readPubRing(final File pub) { try (InputStream fin = new FileInputStream(pub); InputStream in = PGPUtil.getDecoderStream(fin)) { - return new BcPGPPublicKeyRingCollection(in); + return new PGPPublicKeyRingCollection(in); } catch (IOException e) { throw new ProvisionException("Cannot read " + pub, e); } catch (PGPException e) { @@ -170,16 +167,12 @@ class EncryptedContactStore implements ContactStore { } } + @SuppressWarnings("deprecation") private final PGPEncryptedDataGenerator cpk() throws NoSuchProviderException, PGPException { - final BcPGPDataEncryptorBuilder builder = - new BcPGPDataEncryptorBuilder(PGPEncryptedData.CAST5) - .setSecureRandom(prng); PGPEncryptedDataGenerator cpk = - new PGPEncryptedDataGenerator(builder, true); - final BcPublicKeyKeyEncryptionMethodGenerator methodGenerator = - new BcPublicKeyKeyEncryptionMethodGenerator(dest); - cpk.addMethod(methodGenerator); + new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, true, prng, "BC"); + cpk.addMethod(dest); return cpk; } diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java index 92ab653c9c..ba5465573b 100644 --- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java +++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java @@ -45,7 +45,6 @@ import org.apache.sshd.common.ForwardingFilter; import org.apache.sshd.common.KeyExchange; import org.apache.sshd.common.KeyPairProvider; import org.apache.sshd.common.NamedFactory; -import org.apache.sshd.common.RequestHandler; import org.apache.sshd.common.Session; import org.apache.sshd.common.Signature; import org.apache.sshd.common.SshdSocketAddress; @@ -68,11 +67,10 @@ import org.apache.sshd.common.forward.TcpipServerChannel; import org.apache.sshd.common.future.CloseFuture; import org.apache.sshd.common.future.SshFutureListener; import org.apache.sshd.common.io.IoAcceptor; -import org.apache.sshd.common.io.IoServiceFactoryFactory; +import org.apache.sshd.common.io.IoServiceFactory; import org.apache.sshd.common.io.IoSession; -import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory; +import org.apache.sshd.common.io.mina.MinaServiceFactory; import org.apache.sshd.common.io.mina.MinaSession; -import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory; import org.apache.sshd.common.mac.HMACMD5; import org.apache.sshd.common.mac.HMACMD596; import org.apache.sshd.common.mac.HMACSHA1; @@ -81,7 +79,6 @@ import org.apache.sshd.common.random.BouncyCastleRandom; import org.apache.sshd.common.random.JceRandom; import org.apache.sshd.common.random.SingletonRandomFactory; import org.apache.sshd.common.session.AbstractSession; -import org.apache.sshd.common.session.ConnectionService; import org.apache.sshd.common.signature.SignatureDSA; import org.apache.sshd.common.signature.SignatureRSA; import org.apache.sshd.common.util.Buffer; @@ -94,10 +91,6 @@ import org.apache.sshd.server.auth.UserAuthPublicKey; import org.apache.sshd.server.auth.gss.GSSAuthenticator; import org.apache.sshd.server.auth.gss.UserAuthGSS; import org.apache.sshd.server.channel.ChannelSession; -import org.apache.sshd.server.global.CancelTcpipForwardHandler; -import org.apache.sshd.server.global.KeepAliveHandler; -import org.apache.sshd.server.global.NoMoreSessionsHandler; -import org.apache.sshd.server.global.TcpipForwardHandler; import org.apache.sshd.server.kex.DHG1; import org.apache.sshd.server.kex.DHG14; import org.apache.sshd.server.session.SessionFactory; @@ -200,13 +193,8 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { final String kerberosPrincipal = cfg.getString( "sshd", null, "kerberosPrincipal"); - SshSessionBackend backend = cfg.getEnum( - "sshd", null, "backend", SshSessionBackend.MINA); - - System.setProperty(IoServiceFactoryFactory.class.getName(), - backend == SshSessionBackend.MINA - ? MinaServiceFactoryFactory.class.getName() - : Nio2ServiceFactoryFactory.class.getName()); + System.setProperty(IoServiceFactory.class.getName(), + MinaServiceFactory.class.getName()); if (SecurityUtils.isBouncyCastleRegistered()) { initProviderBouncyCastle(); @@ -263,12 +251,6 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { return new GerritServerSession(server, ioSession); } }); - setGlobalRequestHandlers(Arrays.<RequestHandler<ConnectionService>> asList( - new KeepAliveHandler(), - new NoMoreSessionsHandler(), - new TcpipForwardHandler(), - new CancelTcpipForwardHandler() - )); hostKeys = computeHostKeys(); } @@ -318,10 +300,8 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { public synchronized void stop() { if (acceptor != null) { try { - acceptor.close(true).await(); + acceptor.dispose(); log.info("Stopped Gerrit SSHD"); - } catch (InterruptedException e) { - log.warn("Exception caught while closing", e); } finally { acceptor = null; } @@ -607,11 +587,6 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { @Override public SshFile getFile(String file) { return null; - } - - @Override - public FileSystemView getNormalizedView() { - return null; }}; } }); diff --git a/lib/bouncycastle/BUCK b/lib/bouncycastle/BUCK index d1ec48de1b..99f960e81c 100644 --- a/lib/bouncycastle/BUCK +++ b/lib/bouncycastle/BUCK @@ -2,19 +2,19 @@ include_defs('//lib/maven.defs') # This version must match the version that also appears in # gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config -VERSION = '1.51' +VERSION = '1.49' maven_jar( name = 'bcprov', id = 'org.bouncycastle:bcprov-jdk15on:' + VERSION, - sha1 = '9ab8afcc2842d5ef06eb775a0a2b12783b99aa80', + sha1 = 'f5155f04330459104b79923274db5060c1057b99', license = 'DO_NOT_DISTRIBUTE', #'bouncycastle' ) maven_jar( name = 'bcpg', id = 'org.bouncycastle:bcpg-jdk15on:' + VERSION, - sha1 = 'b5fa4c280dfbf8bf7c260bc1e78044c7a1de5133', + sha1 = '081d84be5b125e1997ab0e2244d1a2276b5de76c', license = 'DO_NOT_DISTRIBUTE', #'bouncycastle' deps = [':bcprov'], ) @@ -22,7 +22,7 @@ maven_jar( maven_jar( name = 'bcpkix', id = 'org.bouncycastle:bcpkix-jdk15on:' + VERSION, - sha1 = '6c8c1f61bf27a09f9b1a8abc201523669bba9597', + sha1 = '924cc7ad2f589630c97b918f044296ebf1bb6855', license = 'DO_NOT_DISTRIBUTE', #'bouncycastle' deps = [':bcprov'], ) diff --git a/lib/mina/BUCK b/lib/mina/BUCK index 5c51d3a22c..ff1df5a40e 100644 --- a/lib/mina/BUCK +++ b/lib/mina/BUCK @@ -8,17 +8,18 @@ EXCLUDE = [ maven_jar( name = 'sshd', - id = 'org.apache.sshd:sshd-core:0.13.0', - sha1 = 'c616c5865cc55473c6d63c6fcf46e60d382be172', + id = 'org.apache.sshd:sshd-core:0.9.0-4-g5967cfd', + sha1 = '8f4b6f7ebc54655dc7d25a77665cf51f2b1288b2', license = 'Apache2.0', deps = [':core'], exclude = EXCLUDE, + repository = GERRIT, ) maven_jar( name = 'core', - id = 'org.apache.mina:mina-core:2.0.8', - sha1 = 'd6ff69fa049aeaecdf0c04cafbb1ab53b7487883', + id = 'org.apache.mina:mina-core:2.0.7', + sha1 = 'c878e2aa82de748474a624ec3933e4604e446dec', license = 'Apache2.0', exclude = EXCLUDE, ) |