Downgrade SSHD to 0.9.0-4-g5967cfd

Since there is no official 0.9.1 release of the SSHD yet, the
0.9.0-4-g5967cfd version was built from the 0.9.x branch and uploaded to
the Google cloud storage.

This change reverts the following Gerrit commits:

3d9c70c SSHD: Update to 0.13.0
52e4e0c Bump SSHD Mina version to 2.0.8
3921163 Don't use deprecated PGPPublicKeyRingCollection constructor
13452f4 Bump Bouncycastle version to 1.51
5f7d5a7 Update EncryptedContactStore to not use deprecated/removed methods
f69698c Update SSHD to 0.11.1-atlassian-1
67c38c8 Added global request handlers to SshDaemon
c31e17f Update sshd to 0.11.0
b9c66ea Bump SSHD version to 0.10.1 and enable nio2 backend

The reason for the downgrade (copied from the change 60161):

SSHD release 0.9 is known to be free from exhausting thread pool problem
[1]. Unfortunately 0.9 release suffers from sporadic handshake failures
[2].  The fix cannot be cleanly cherry-picked to 0.9 release. The back
port of this fix [3] is tracked under its own issue [4], was uploaded as
PR for SSHD Mina's GH repository [5] and merged recently [6].

Moreover, 0.9 suffers from "Authenticated with partial success" issue
[7]
that was fixed by [8], [9]; this patch must be applied as well.

This reverts commit dc7318b8ee.

[1] https://issues.apache.org/jira/browse/SSHD-348
[2] https://issues.apache.org/jira/browse/SSHD-330
[3] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\
h=2aed686bdb21681a421033c6ee5997e5cd8a9a83
[4] https://issues.apache.org/jira/browse/SSHD-356
[5] https://github.com/apache/mina-sshd/pull/7
[6] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\
h=cc7162acf7ca89561ca57a9c68de735f17bf168b
[7] https://issues.apache.org/jira/browse/SSHD-254
[8] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\
h=28a8ae258b08c6b41ab64ac25f2331168dc0415a
[9] https://gerrit-review.googlesource.com/51516

Change-Id: I889fb02c2cb1aa5df2cf8dcabace086f5094a914
This commit is contained in:
Saša Živkov 2014-12-02 15:06:54 +01:00
parent 58ac7a9e00
commit bde8e9ac6f
6 changed files with 24 additions and 63 deletions

View File

@ -2696,14 +2696,6 @@ namespace. To alias `replication start` to `gerrit replicate`:
[[sshd]]
=== Section sshd
[[sshd.backend]]sshd.backend::
+
Starting from version 0.9.0 Apache SSHD project added support for NIO2
IoSession. To use the new NIO2 session the `backend` option must be set
to `NIO2`.
+
By default, `MINA`.
[[sshd.listenAddress]]sshd.listenAddress::
+
Specifies the local addresses the internal SSHD should listen

View File

@ -15,16 +15,16 @@
# Version should match lib/bouncycastle/BUCK
[library "bouncyCastleProvider"]
name = Bouncy Castle Crypto Provider v151
url = http://www.bouncycastle.org/download/bcprov-jdk15on-151.jar
sha1 = 9ab8afcc2842d5ef06eb775a0a2b12783b99aa80
name = Bouncy Castle Crypto Provider v149
url = http://www.bouncycastle.org/download/bcprov-jdk15on-149.jar
sha1 = f5155f04330459104b79923274db5060c1057b99
remove = bcprov-.*[.]jar
# Version should match lib/bouncycastle/BUCK
[library "bouncyCastleSSL"]
name = Bouncy Castle Crypto SSL v151
url = http://www.bouncycastle.org/download/bcpkix-jdk15on-151.jar
sha1 = 6c8c1f61bf27a09f9b1a8abc201523669bba9597
name = Bouncy Castle Crypto SSL v149
url = http://www.bouncycastle.org/download/bcpkix-jdk15on-149.jar
sha1 = 924cc7ad2f589630c97b918f044296ebf1bb6855
needs = bouncyCastleProvider
remove = bcpkix-.*[.]jar

View File

@ -38,9 +38,6 @@ import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.bc.BcPGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -114,7 +111,7 @@ class EncryptedContactStore implements ContactStore {
private static PGPPublicKeyRingCollection readPubRing(final File pub) {
try (InputStream fin = new FileInputStream(pub);
InputStream in = PGPUtil.getDecoderStream(fin)) {
return new BcPGPPublicKeyRingCollection(in);
return new PGPPublicKeyRingCollection(in);
} catch (IOException e) {
throw new ProvisionException("Cannot read " + pub, e);
} catch (PGPException e) {
@ -170,16 +167,12 @@ class EncryptedContactStore implements ContactStore {
}
}
@SuppressWarnings("deprecation")
private final PGPEncryptedDataGenerator cpk()
throws NoSuchProviderException, PGPException {
final BcPGPDataEncryptorBuilder builder =
new BcPGPDataEncryptorBuilder(PGPEncryptedData.CAST5)
.setSecureRandom(prng);
PGPEncryptedDataGenerator cpk =
new PGPEncryptedDataGenerator(builder, true);
final BcPublicKeyKeyEncryptionMethodGenerator methodGenerator =
new BcPublicKeyKeyEncryptionMethodGenerator(dest);
cpk.addMethod(methodGenerator);
new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, true, prng, "BC");
cpk.addMethod(dest);
return cpk;
}

View File

@ -45,7 +45,6 @@ import org.apache.sshd.common.ForwardingFilter;
import org.apache.sshd.common.KeyExchange;
import org.apache.sshd.common.KeyPairProvider;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.RequestHandler;
import org.apache.sshd.common.Session;
import org.apache.sshd.common.Signature;
import org.apache.sshd.common.SshdSocketAddress;
@ -68,11 +67,10 @@ import org.apache.sshd.common.forward.TcpipServerChannel;
import org.apache.sshd.common.future.CloseFuture;
import org.apache.sshd.common.future.SshFutureListener;
import org.apache.sshd.common.io.IoAcceptor;
import org.apache.sshd.common.io.IoServiceFactoryFactory;
import org.apache.sshd.common.io.IoServiceFactory;
import org.apache.sshd.common.io.IoSession;
import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
import org.apache.sshd.common.io.mina.MinaServiceFactory;
import org.apache.sshd.common.io.mina.MinaSession;
import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
import org.apache.sshd.common.mac.HMACMD5;
import org.apache.sshd.common.mac.HMACMD596;
import org.apache.sshd.common.mac.HMACSHA1;
@ -81,7 +79,6 @@ import org.apache.sshd.common.random.BouncyCastleRandom;
import org.apache.sshd.common.random.JceRandom;
import org.apache.sshd.common.random.SingletonRandomFactory;
import org.apache.sshd.common.session.AbstractSession;
import org.apache.sshd.common.session.ConnectionService;
import org.apache.sshd.common.signature.SignatureDSA;
import org.apache.sshd.common.signature.SignatureRSA;
import org.apache.sshd.common.util.Buffer;
@ -94,10 +91,6 @@ import org.apache.sshd.server.auth.UserAuthPublicKey;
import org.apache.sshd.server.auth.gss.GSSAuthenticator;
import org.apache.sshd.server.auth.gss.UserAuthGSS;
import org.apache.sshd.server.channel.ChannelSession;
import org.apache.sshd.server.global.CancelTcpipForwardHandler;
import org.apache.sshd.server.global.KeepAliveHandler;
import org.apache.sshd.server.global.NoMoreSessionsHandler;
import org.apache.sshd.server.global.TcpipForwardHandler;
import org.apache.sshd.server.kex.DHG1;
import org.apache.sshd.server.kex.DHG14;
import org.apache.sshd.server.session.SessionFactory;
@ -200,13 +193,8 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
final String kerberosPrincipal = cfg.getString(
"sshd", null, "kerberosPrincipal");
SshSessionBackend backend = cfg.getEnum(
"sshd", null, "backend", SshSessionBackend.MINA);
System.setProperty(IoServiceFactoryFactory.class.getName(),
backend == SshSessionBackend.MINA
? MinaServiceFactoryFactory.class.getName()
: Nio2ServiceFactoryFactory.class.getName());
System.setProperty(IoServiceFactory.class.getName(),
MinaServiceFactory.class.getName());
if (SecurityUtils.isBouncyCastleRegistered()) {
initProviderBouncyCastle();
@ -263,12 +251,6 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
return new GerritServerSession(server, ioSession);
}
});
setGlobalRequestHandlers(Arrays.<RequestHandler<ConnectionService>> asList(
new KeepAliveHandler(),
new NoMoreSessionsHandler(),
new TcpipForwardHandler(),
new CancelTcpipForwardHandler()
));
hostKeys = computeHostKeys();
}
@ -318,10 +300,8 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
public synchronized void stop() {
if (acceptor != null) {
try {
acceptor.close(true).await();
acceptor.dispose();
log.info("Stopped Gerrit SSHD");
} catch (InterruptedException e) {
log.warn("Exception caught while closing", e);
} finally {
acceptor = null;
}
@ -607,11 +587,6 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
@Override
public SshFile getFile(String file) {
return null;
}
@Override
public FileSystemView getNormalizedView() {
return null;
}};
}
});

View File

@ -2,19 +2,19 @@ include_defs('//lib/maven.defs')
# This version must match the version that also appears in
# gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
VERSION = '1.51'
VERSION = '1.49'
maven_jar(
name = 'bcprov',
id = 'org.bouncycastle:bcprov-jdk15on:' + VERSION,
sha1 = '9ab8afcc2842d5ef06eb775a0a2b12783b99aa80',
sha1 = 'f5155f04330459104b79923274db5060c1057b99',
license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
)
maven_jar(
name = 'bcpg',
id = 'org.bouncycastle:bcpg-jdk15on:' + VERSION,
sha1 = 'b5fa4c280dfbf8bf7c260bc1e78044c7a1de5133',
sha1 = '081d84be5b125e1997ab0e2244d1a2276b5de76c',
license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
deps = [':bcprov'],
)
@ -22,7 +22,7 @@ maven_jar(
maven_jar(
name = 'bcpkix',
id = 'org.bouncycastle:bcpkix-jdk15on:' + VERSION,
sha1 = '6c8c1f61bf27a09f9b1a8abc201523669bba9597',
sha1 = '924cc7ad2f589630c97b918f044296ebf1bb6855',
license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
deps = [':bcprov'],
)

View File

@ -8,17 +8,18 @@ EXCLUDE = [
maven_jar(
name = 'sshd',
id = 'org.apache.sshd:sshd-core:0.13.0',
sha1 = 'c616c5865cc55473c6d63c6fcf46e60d382be172',
id = 'org.apache.sshd:sshd-core:0.9.0-4-g5967cfd',
sha1 = '8f4b6f7ebc54655dc7d25a77665cf51f2b1288b2',
license = 'Apache2.0',
deps = [':core'],
exclude = EXCLUDE,
repository = GERRIT,
)
maven_jar(
name = 'core',
id = 'org.apache.mina:mina-core:2.0.8',
sha1 = 'd6ff69fa049aeaecdf0c04cafbb1ab53b7487883',
id = 'org.apache.mina:mina-core:2.0.7',
sha1 = 'c878e2aa82de748474a624ec3933e4604e446dec',
license = 'Apache2.0',
exclude = EXCLUDE,
)