Downgrade SSHD to 0.9.0-4-g5967cfd
Since there is no official 0.9.1 release of the SSHD yet, the 0.9.0-4-g5967cfd version was built from the 0.9.x branch and uploaded to the Google cloud storage. This change reverts the following Gerrit commits:3d9c70c
SSHD: Update to 0.13.052e4e0c
Bump SSHD Mina version to 2.0.83921163
Don't use deprecated PGPPublicKeyRingCollection constructor13452f4
Bump Bouncycastle version to 1.515f7d5a7
Update EncryptedContactStore to not use deprecated/removed methodsf69698c
Update SSHD to 0.11.1-atlassian-167c38c8
Added global request handlers to SshDaemonc31e17f
Update sshd to 0.11.0b9c66ea
Bump SSHD version to 0.10.1 and enable nio2 backend The reason for the downgrade (copied from the change 60161): SSHD release 0.9 is known to be free from exhausting thread pool problem [1]. Unfortunately 0.9 release suffers from sporadic handshake failures [2]. The fix cannot be cleanly cherry-picked to 0.9 release. The back port of this fix [3] is tracked under its own issue [4], was uploaded as PR for SSHD Mina's GH repository [5] and merged recently [6]. Moreover, 0.9 suffers from "Authenticated with partial success" issue [7] that was fixed by [8], [9]; this patch must be applied as well. This reverts commitdc7318b8ee
. [1] https://issues.apache.org/jira/browse/SSHD-348 [2] https://issues.apache.org/jira/browse/SSHD-330 [3] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\ h=2aed686bdb21681a421033c6ee5997e5cd8a9a83 [4] https://issues.apache.org/jira/browse/SSHD-356 [5] https://github.com/apache/mina-sshd/pull/7 [6] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\ h=cc7162acf7ca89561ca57a9c68de735f17bf168b [7] https://issues.apache.org/jira/browse/SSHD-254 [8] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\ h=28a8ae258b08c6b41ab64ac25f2331168dc0415a [9] https://gerrit-review.googlesource.com/51516 Change-Id: I889fb02c2cb1aa5df2cf8dcabace086f5094a914
This commit is contained in:
parent
58ac7a9e00
commit
bde8e9ac6f
@ -2696,14 +2696,6 @@ namespace. To alias `replication start` to `gerrit replicate`:
|
||||
[[sshd]]
|
||||
=== Section sshd
|
||||
|
||||
[[sshd.backend]]sshd.backend::
|
||||
+
|
||||
Starting from version 0.9.0 Apache SSHD project added support for NIO2
|
||||
IoSession. To use the new NIO2 session the `backend` option must be set
|
||||
to `NIO2`.
|
||||
+
|
||||
By default, `MINA`.
|
||||
|
||||
[[sshd.listenAddress]]sshd.listenAddress::
|
||||
+
|
||||
Specifies the local addresses the internal SSHD should listen
|
||||
|
@ -15,16 +15,16 @@
|
||||
|
||||
# Version should match lib/bouncycastle/BUCK
|
||||
[library "bouncyCastleProvider"]
|
||||
name = Bouncy Castle Crypto Provider v151
|
||||
url = http://www.bouncycastle.org/download/bcprov-jdk15on-151.jar
|
||||
sha1 = 9ab8afcc2842d5ef06eb775a0a2b12783b99aa80
|
||||
name = Bouncy Castle Crypto Provider v149
|
||||
url = http://www.bouncycastle.org/download/bcprov-jdk15on-149.jar
|
||||
sha1 = f5155f04330459104b79923274db5060c1057b99
|
||||
remove = bcprov-.*[.]jar
|
||||
|
||||
# Version should match lib/bouncycastle/BUCK
|
||||
[library "bouncyCastleSSL"]
|
||||
name = Bouncy Castle Crypto SSL v151
|
||||
url = http://www.bouncycastle.org/download/bcpkix-jdk15on-151.jar
|
||||
sha1 = 6c8c1f61bf27a09f9b1a8abc201523669bba9597
|
||||
name = Bouncy Castle Crypto SSL v149
|
||||
url = http://www.bouncycastle.org/download/bcpkix-jdk15on-149.jar
|
||||
sha1 = 924cc7ad2f589630c97b918f044296ebf1bb6855
|
||||
needs = bouncyCastleProvider
|
||||
remove = bcpkix-.*[.]jar
|
||||
|
||||
|
@ -38,9 +38,6 @@ import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
|
||||
import org.bouncycastle.openpgp.PGPUtil;
|
||||
import org.bouncycastle.openpgp.bc.BcPGPPublicKeyRingCollection;
|
||||
import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder;
|
||||
import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
@ -114,7 +111,7 @@ class EncryptedContactStore implements ContactStore {
|
||||
private static PGPPublicKeyRingCollection readPubRing(final File pub) {
|
||||
try (InputStream fin = new FileInputStream(pub);
|
||||
InputStream in = PGPUtil.getDecoderStream(fin)) {
|
||||
return new BcPGPPublicKeyRingCollection(in);
|
||||
return new PGPPublicKeyRingCollection(in);
|
||||
} catch (IOException e) {
|
||||
throw new ProvisionException("Cannot read " + pub, e);
|
||||
} catch (PGPException e) {
|
||||
@ -170,16 +167,12 @@ class EncryptedContactStore implements ContactStore {
|
||||
}
|
||||
}
|
||||
|
||||
@SuppressWarnings("deprecation")
|
||||
private final PGPEncryptedDataGenerator cpk()
|
||||
throws NoSuchProviderException, PGPException {
|
||||
final BcPGPDataEncryptorBuilder builder =
|
||||
new BcPGPDataEncryptorBuilder(PGPEncryptedData.CAST5)
|
||||
.setSecureRandom(prng);
|
||||
PGPEncryptedDataGenerator cpk =
|
||||
new PGPEncryptedDataGenerator(builder, true);
|
||||
final BcPublicKeyKeyEncryptionMethodGenerator methodGenerator =
|
||||
new BcPublicKeyKeyEncryptionMethodGenerator(dest);
|
||||
cpk.addMethod(methodGenerator);
|
||||
new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, true, prng, "BC");
|
||||
cpk.addMethod(dest);
|
||||
return cpk;
|
||||
}
|
||||
|
||||
|
@ -45,7 +45,6 @@ import org.apache.sshd.common.ForwardingFilter;
|
||||
import org.apache.sshd.common.KeyExchange;
|
||||
import org.apache.sshd.common.KeyPairProvider;
|
||||
import org.apache.sshd.common.NamedFactory;
|
||||
import org.apache.sshd.common.RequestHandler;
|
||||
import org.apache.sshd.common.Session;
|
||||
import org.apache.sshd.common.Signature;
|
||||
import org.apache.sshd.common.SshdSocketAddress;
|
||||
@ -68,11 +67,10 @@ import org.apache.sshd.common.forward.TcpipServerChannel;
|
||||
import org.apache.sshd.common.future.CloseFuture;
|
||||
import org.apache.sshd.common.future.SshFutureListener;
|
||||
import org.apache.sshd.common.io.IoAcceptor;
|
||||
import org.apache.sshd.common.io.IoServiceFactoryFactory;
|
||||
import org.apache.sshd.common.io.IoServiceFactory;
|
||||
import org.apache.sshd.common.io.IoSession;
|
||||
import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
|
||||
import org.apache.sshd.common.io.mina.MinaServiceFactory;
|
||||
import org.apache.sshd.common.io.mina.MinaSession;
|
||||
import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
|
||||
import org.apache.sshd.common.mac.HMACMD5;
|
||||
import org.apache.sshd.common.mac.HMACMD596;
|
||||
import org.apache.sshd.common.mac.HMACSHA1;
|
||||
@ -81,7 +79,6 @@ import org.apache.sshd.common.random.BouncyCastleRandom;
|
||||
import org.apache.sshd.common.random.JceRandom;
|
||||
import org.apache.sshd.common.random.SingletonRandomFactory;
|
||||
import org.apache.sshd.common.session.AbstractSession;
|
||||
import org.apache.sshd.common.session.ConnectionService;
|
||||
import org.apache.sshd.common.signature.SignatureDSA;
|
||||
import org.apache.sshd.common.signature.SignatureRSA;
|
||||
import org.apache.sshd.common.util.Buffer;
|
||||
@ -94,10 +91,6 @@ import org.apache.sshd.server.auth.UserAuthPublicKey;
|
||||
import org.apache.sshd.server.auth.gss.GSSAuthenticator;
|
||||
import org.apache.sshd.server.auth.gss.UserAuthGSS;
|
||||
import org.apache.sshd.server.channel.ChannelSession;
|
||||
import org.apache.sshd.server.global.CancelTcpipForwardHandler;
|
||||
import org.apache.sshd.server.global.KeepAliveHandler;
|
||||
import org.apache.sshd.server.global.NoMoreSessionsHandler;
|
||||
import org.apache.sshd.server.global.TcpipForwardHandler;
|
||||
import org.apache.sshd.server.kex.DHG1;
|
||||
import org.apache.sshd.server.kex.DHG14;
|
||||
import org.apache.sshd.server.session.SessionFactory;
|
||||
@ -200,13 +193,8 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
|
||||
final String kerberosPrincipal = cfg.getString(
|
||||
"sshd", null, "kerberosPrincipal");
|
||||
|
||||
SshSessionBackend backend = cfg.getEnum(
|
||||
"sshd", null, "backend", SshSessionBackend.MINA);
|
||||
|
||||
System.setProperty(IoServiceFactoryFactory.class.getName(),
|
||||
backend == SshSessionBackend.MINA
|
||||
? MinaServiceFactoryFactory.class.getName()
|
||||
: Nio2ServiceFactoryFactory.class.getName());
|
||||
System.setProperty(IoServiceFactory.class.getName(),
|
||||
MinaServiceFactory.class.getName());
|
||||
|
||||
if (SecurityUtils.isBouncyCastleRegistered()) {
|
||||
initProviderBouncyCastle();
|
||||
@ -263,12 +251,6 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
|
||||
return new GerritServerSession(server, ioSession);
|
||||
}
|
||||
});
|
||||
setGlobalRequestHandlers(Arrays.<RequestHandler<ConnectionService>> asList(
|
||||
new KeepAliveHandler(),
|
||||
new NoMoreSessionsHandler(),
|
||||
new TcpipForwardHandler(),
|
||||
new CancelTcpipForwardHandler()
|
||||
));
|
||||
|
||||
hostKeys = computeHostKeys();
|
||||
}
|
||||
@ -318,10 +300,8 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
|
||||
public synchronized void stop() {
|
||||
if (acceptor != null) {
|
||||
try {
|
||||
acceptor.close(true).await();
|
||||
acceptor.dispose();
|
||||
log.info("Stopped Gerrit SSHD");
|
||||
} catch (InterruptedException e) {
|
||||
log.warn("Exception caught while closing", e);
|
||||
} finally {
|
||||
acceptor = null;
|
||||
}
|
||||
@ -607,11 +587,6 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
|
||||
@Override
|
||||
public SshFile getFile(String file) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public FileSystemView getNormalizedView() {
|
||||
return null;
|
||||
}};
|
||||
}
|
||||
});
|
||||
|
@ -2,19 +2,19 @@ include_defs('//lib/maven.defs')
|
||||
|
||||
# This version must match the version that also appears in
|
||||
# gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
|
||||
VERSION = '1.51'
|
||||
VERSION = '1.49'
|
||||
|
||||
maven_jar(
|
||||
name = 'bcprov',
|
||||
id = 'org.bouncycastle:bcprov-jdk15on:' + VERSION,
|
||||
sha1 = '9ab8afcc2842d5ef06eb775a0a2b12783b99aa80',
|
||||
sha1 = 'f5155f04330459104b79923274db5060c1057b99',
|
||||
license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
|
||||
)
|
||||
|
||||
maven_jar(
|
||||
name = 'bcpg',
|
||||
id = 'org.bouncycastle:bcpg-jdk15on:' + VERSION,
|
||||
sha1 = 'b5fa4c280dfbf8bf7c260bc1e78044c7a1de5133',
|
||||
sha1 = '081d84be5b125e1997ab0e2244d1a2276b5de76c',
|
||||
license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
|
||||
deps = [':bcprov'],
|
||||
)
|
||||
@ -22,7 +22,7 @@ maven_jar(
|
||||
maven_jar(
|
||||
name = 'bcpkix',
|
||||
id = 'org.bouncycastle:bcpkix-jdk15on:' + VERSION,
|
||||
sha1 = '6c8c1f61bf27a09f9b1a8abc201523669bba9597',
|
||||
sha1 = '924cc7ad2f589630c97b918f044296ebf1bb6855',
|
||||
license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
|
||||
deps = [':bcprov'],
|
||||
)
|
||||
|
@ -8,17 +8,18 @@ EXCLUDE = [
|
||||
|
||||
maven_jar(
|
||||
name = 'sshd',
|
||||
id = 'org.apache.sshd:sshd-core:0.13.0',
|
||||
sha1 = 'c616c5865cc55473c6d63c6fcf46e60d382be172',
|
||||
id = 'org.apache.sshd:sshd-core:0.9.0-4-g5967cfd',
|
||||
sha1 = '8f4b6f7ebc54655dc7d25a77665cf51f2b1288b2',
|
||||
license = 'Apache2.0',
|
||||
deps = [':core'],
|
||||
exclude = EXCLUDE,
|
||||
repository = GERRIT,
|
||||
)
|
||||
|
||||
maven_jar(
|
||||
name = 'core',
|
||||
id = 'org.apache.mina:mina-core:2.0.8',
|
||||
sha1 = 'd6ff69fa049aeaecdf0c04cafbb1ab53b7487883',
|
||||
id = 'org.apache.mina:mina-core:2.0.7',
|
||||
sha1 = 'c878e2aa82de748474a624ec3933e4604e446dec',
|
||||
license = 'Apache2.0',
|
||||
exclude = EXCLUDE,
|
||||
)
|
||||
|
Loading…
Reference in New Issue
Block a user