motiejus
/
jgit
1
Fork 0
Code Releases Activity
jgit/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF

99 lines
5.1 KiB
Plaintext
Raw Normal View History

Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
2018-09-23 17:45:45 +03:00
Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-Name: %Bundle-Name
Automatic-Module-Name: org.eclipse.jgit.ssh.apache
Bundle-SymbolicName: org.eclipse.jgit.ssh.apache
Fix bundle localization of Apache SSH bundle The placeholders in manifest and plugin.properties did not match. To avoid similar issues, all placeholders have been changed to Bundle-Vendor and Bundle-Name now. Bug:548503 Change-Id: Ibd4b9bc237b323e614506b97e5fbc99416365040 Signed-off-by: Michael Keppler <Michael.Keppler@gmx.de>
2019-06-21 18:39:20 +03:00
Bundle-Vendor: %Bundle-Vendor
Bundle-Localization: plugin
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
2018-09-23 17:45:45 +03:00
Bundle-ActivationPolicy: lazy
Prepare 6.7.0-SNAPSHOT builds Change-Id: I49751232464e70b7d1dc3292a9f36b7a7015e44f
2023-08-30 18:46:26 +03:00
Bundle-Version: 6.7.0.qualifier
Bump minimum required Java version to 11 Bug: 569917 Change-Id: Ifdcdb022a3f29321b4d10da1cc34acca68ed7b03 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
2020-12-27 12:50:52 +02:00
Bundle-RequiredExecutionEnvironment: JavaSE-11
Prepare 6.7.0-SNAPSHOT builds Change-Id: I50ff7ee31046cfc29a087c8963be3deae24b1c9c
2023-05-24 18:31:26 +03:00
Export-Package: org.eclipse.jgit.internal.transport.sshd;version="6.7.0";x-internal:=true;
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
2018-09-23 17:45:45 +03:00
uses:="org.apache.sshd.client,
org.apache.sshd.client.auth,
org.apache.sshd.client.auth.keyboard,
org.apache.sshd.client.auth.pubkey,
org.apache.sshd.client.config.hosts,
org.apache.sshd.client.future,
org.apache.sshd.client.keyverifier,
org.apache.sshd.client.session,
org.apache.sshd.common.config.keys,
org.apache.sshd.common.io,
org.apache.sshd.common.keyprovider,
org.apache.sshd.common.signature,
org.apache.sshd.common.util.buffer,
org.eclipse.jgit.transport",
Prepare 6.7.0-SNAPSHOT builds Change-Id: I50ff7ee31046cfc29a087c8963be3deae24b1c9c
2023-05-24 18:31:26 +03:00
org.eclipse.jgit.internal.transport.sshd.agent;version="6.7.0";x-internal:=true,
org.eclipse.jgit.internal.transport.sshd.auth;version="6.7.0";x-internal:=true,
ssh: PKCS#11 support Support PKCS#11 HSMs (like YubiKey PIV) for SSH authentication. Use the SunPKCS11 provider as described at [1]. This provider dynamically loads the library from the PKCS11Provider SSH configuration and creates a Java KeyStore with that provider. A Java CallbackHandler is needed to feed PIN prompts from the KeyStore into the JGit CredentialsProvider framework. Because the JGit CredentialsProvider may be specific to a SSH session but the PKCS11Provider may be used by several sessions, the CallbackHandler needs to be configurable per session. PIN prompts respect the NumberOfPasswordPrompts SSH configuration. As long as the library asks only for a PIN, we use the KeyPasswordProvider to prompt for it. This gives automatic integration in Eclipse with the Eclipse secure storage, so a user has even the option to store the PIN there. (Eclipse will then ask for the secure storage master password on first access, so the usefulness of this is debatable.) By default the provider uses the first PKCS#11 token (slot list index zero). This can be overridden by a non-standard PKCS11SlotListIndex ssh configuration entry. (For OpenSSH interoperability, also set "IgnoreUnknown PKCS11SlotListIndex" in the SSH config file then.) Once loaded, the provider and its shared library and the keys contained remain available until the application exits. Manually tested using SoftHSM. See file manual_tests.txt. Kudos to Christopher Lamb for additional manual testing with a real YubiKey, also on Windows.[2] [1] https://docs.oracle.com/en/java/javase/11/security/pkcs11-reference-guide1.html [2] https://www.eclipse.org/forums/index.php/t/1113295/ Change-Id: I544c97e1e24d05e28a9f0e803fd4b9151a76ed11 Signed-off-by: Thomas Wolf <twolf@apache.org>
2023-07-09 21:06:37 +03:00
org.eclipse.jgit.internal.transport.sshd.pkcs11;version="6.7.0";x-internal:=true,
Prepare 6.7.0-SNAPSHOT builds Change-Id: I50ff7ee31046cfc29a087c8963be3deae24b1c9c
2023-05-24 18:31:26 +03:00
org.eclipse.jgit.internal.transport.sshd.proxy;version="6.7.0";x-friends:="org.eclipse.jgit.ssh.apache.test",
org.eclipse.jgit.transport.sshd;version="6.7.0";
Apache MINA sshd client: proxy support This is not about the ssh config ProxyCommand but about programmatic support for HTTP and SOCKS5 proxies. Eclipse allows the user to specify such proxies, and JSch at least contains code to connect through proxies. So our Apache MINA sshd client also should be able to do this. Add interfaces and provide two implementations for HTTP and SOCKS5 proxies. Adapt the core code to be able to deal with proxy connections at all. The built-in client-side support for this in sshd 2.0.0 is woefully inadequate. Tested manually by running proxies and then fetching various real- world repositories via these proxies from different servers. Proxies tested: ssh -D (SOCKS, anonymous), tinyproxy (HTTP, anonymous), and 3proxy (SOCKS & HTTP, username-password authentication). The GSS-API authentication is untested since I have no Kerberos setup. Bug: 520927 Change-Id: I1a5c34687d439b3ef8373c5d58e24004f93e63ae Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
2018-10-21 20:44:34 +03:00
uses:="org.eclipse.jgit.transport,
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
2018-09-23 17:45:45 +03:00
org.apache.sshd.client.config.hosts,
org.apache.sshd.common.keyprovider,
Apache MINA sshd client: proxy support This is not about the ssh config ProxyCommand but about programmatic support for HTTP and SOCKS5 proxies. Eclipse allows the user to specify such proxies, and JSch at least contains code to connect through proxies. So our Apache MINA sshd client also should be able to do this. Add interfaces and provide two implementations for HTTP and SOCKS5 proxies. Adapt the core code to be able to deal with proxy connections at all. The built-in client-side support for this in sshd 2.0.0 is woefully inadequate. Tested manually by running proxies and then fetching various real- world repositories via these proxies from different servers. Proxies tested: ssh -D (SOCKS, anonymous), tinyproxy (HTTP, anonymous), and 3proxy (SOCKS & HTTP, username-password authentication). The GSS-API authentication is untested since I have no Kerberos setup. Bug: 520927 Change-Id: I1a5c34687d439b3ef8373c5d58e24004f93e63ae Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
2018-10-21 20:44:34 +03:00
org.eclipse.jgit.util,
org.apache.sshd.client.session,
sshd: prepare for using an SSH agent Add interfaces Connector and ConnectorFactory. A "connector" is just something that knows how to connect to an ssh-agent and then can make simple synchronous RPC-style requests (request-reply). Add a way to customize an SshdSessionFactory with a ConnectorFactory. Provide a default setup using the Java ServiceLoader mechanism to discover an ConnectorFactory. Implement an SshAgentClient in the internal part. Unfortunately we cannot re-use the implementation in Apache MINA sshd: it's hard-wired to Apache Tomcat APR, and it's also buggy. No behavior changes yet since there is nothing that would provide an actual ConnectorFactory. So for Apache MINA sshd, the SshAgentFactory remains null as before. Change-Id: I963a3d181357df2bdb66298bc702f2b9a6607a30 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
2021-10-20 10:51:43 +03:00
org.apache.sshd.client.keyverifier",
Prepare 6.7.0-SNAPSHOT builds Change-Id: I50ff7ee31046cfc29a087c8963be3deae24b1c9c
2023-05-24 18:31:26 +03:00
org.eclipse.jgit.transport.sshd.agent;version="6.7.0"
Apache MINA sshd client: enable support for ed25519 keys Include the net.i2p.crypto.eddsa bundle via a hard dependency. Add tests for dealing with ed25519 host keys and user key files. Manual tests: fetching from git.eclipse.org with an ed25519 user key, and pushing this change itself using the same ed25519 key. Note that sshd 2.0.0 does not yet support encrypted ed25519 private keys. Bug: 541272 Change-Id: I7072f4014d9eca755b4a2412e19c086235e5eae9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
2018-11-20 00:11:13 +02:00
Import-Package: net.i2p.crypto.eddsa;version="[0.3.0,0.4.0)",
Switch to Apache MINA sshd 2.10.0 Bump the version numbers in pom.xml and in MANIFESTs, and in the bazel WORKSPACE file. Update the target platforms. Remove work-arounds in org.eclipse.jgit.ssh.apache that are no longer necessary. The release notes for Apache MINA sshd are at [1]. [1] https://github.com/apache/mina-sshd/blob/master/docs/changes/2.10.0.md Bug: 581770 Change-Id: Id27e73e9712b7865353c9b32b5b768f6e998b05e Signed-off-by: Thomas Wolf <twolf@apache.org>
2023-04-03 20:33:24 +03:00
org.apache.sshd.agent;version="[2.10.0,2.11.0)",
org.apache.sshd.client;version="[2.10.0,2.11.0)",
org.apache.sshd.client.auth;version="[2.10.0,2.11.0)",
org.apache.sshd.client.auth.keyboard;version="[2.10.0,2.11.0)",
org.apache.sshd.client.auth.password;version="[2.10.0,2.11.0)",
org.apache.sshd.client.auth.pubkey;version="[2.10.0,2.11.0)",
org.apache.sshd.client.channel;version="[2.10.0,2.11.0)",
org.apache.sshd.client.config.hosts;version="[2.10.0,2.11.0)",
org.apache.sshd.client.config.keys;version="[2.10.0,2.11.0)",
org.apache.sshd.client.future;version="[2.10.0,2.11.0)",
org.apache.sshd.client.keyverifier;version="[2.10.0,2.11.0)",
org.apache.sshd.client.session;version="[2.10.0,2.11.0)",
org.apache.sshd.client.session.forward;version="[2.10.0,2.11.0)",
org.apache.sshd.common;version="[2.10.0,2.11.0)",
org.apache.sshd.common.auth;version="[2.10.0,2.11.0)",
org.apache.sshd.common.channel;version="[2.10.0,2.11.0)",
org.apache.sshd.common.compression;version="[2.10.0,2.11.0)",
org.apache.sshd.common.config.keys;version="[2.10.0,2.11.0)",
org.apache.sshd.common.config.keys.loader;version="[2.10.0,2.11.0)",
org.apache.sshd.common.config.keys.loader.openssh.kdf;version="[2.10.0,2.11.0)",
org.apache.sshd.common.config.keys.u2f;version="[2.10.0,2.11.0)",
org.apache.sshd.common.digest;version="[2.10.0,2.11.0)",
org.apache.sshd.common.forward;version="[2.10.0,2.11.0)",
org.apache.sshd.common.future;version="[2.10.0,2.11.0)",
org.apache.sshd.common.helpers;version="[2.10.0,2.11.0)",
org.apache.sshd.common.io;version="[2.10.0,2.11.0)",
org.apache.sshd.common.kex;version="[2.10.0,2.11.0)",
org.apache.sshd.common.kex.extension;version="[2.10.0,2.11.0)",
org.apache.sshd.common.kex.extension.parser;version="[2.10.0,2.11.0)",
org.apache.sshd.common.keyprovider;version="[2.10.0,2.11.0)",
org.apache.sshd.common.mac;version="[2.10.0,2.11.0)",
org.apache.sshd.common.random;version="[2.10.0,2.11.0)",
org.apache.sshd.common.session;version="[2.10.0,2.11.0)",
org.apache.sshd.common.session.helpers;version="[2.10.0,2.11.0)",
org.apache.sshd.common.signature;version="[2.10.0,2.11.0)",
org.apache.sshd.common.util;version="[2.10.0,2.11.0)",
org.apache.sshd.common.util.buffer;version="[2.10.0,2.11.0)",
org.apache.sshd.common.util.buffer.keys;version="[2.10.0,2.11.0)",
org.apache.sshd.common.util.closeable;version="[2.10.0,2.11.0)",
org.apache.sshd.common.util.io;version="[2.10.0,2.11.0)",
org.apache.sshd.common.util.io.der;version="[2.10.0,2.11.0)",
org.apache.sshd.common.util.io.functors;version="[2.10.0,2.11.0)",
org.apache.sshd.common.util.io.resource;version="[2.10.0,2.11.0)",
org.apache.sshd.common.util.logging;version="[2.10.0,2.11.0)",
org.apache.sshd.common.util.net;version="[2.10.0,2.11.0)",
org.apache.sshd.common.util.security;version="[2.10.0,2.11.0)",
org.apache.sshd.core;version="[2.10.0,2.11.0)",
org.apache.sshd.server.auth;version="[2.10.0,2.11.0)",
org.apache.sshd.sftp;version="[2.10.0,2.11.0)",
org.apache.sshd.sftp.client;version="[2.10.0,2.11.0)",
org.apache.sshd.sftp.common;version="[2.10.0,2.11.0)",
Prepare 6.7.0-SNAPSHOT builds Change-Id: I50ff7ee31046cfc29a087c8963be3deae24b1c9c
2023-05-24 18:31:26 +03:00
org.eclipse.jgit.annotations;version="[6.7.0,6.8.0)",
org.eclipse.jgit.errors;version="[6.7.0,6.8.0)",
org.eclipse.jgit.fnmatch;version="[6.7.0,6.8.0)",
org.eclipse.jgit.internal.storage.file;version="[6.7.0,6.8.0)",
org.eclipse.jgit.internal.transport.ssh;version="[6.7.0,6.8.0)",
org.eclipse.jgit.nls;version="[6.7.0,6.8.0)",
org.eclipse.jgit.transport;version="[6.7.0,6.8.0)",
org.eclipse.jgit.util;version="[6.7.0,6.8.0)",
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
2018-09-23 17:45:45 +03:00
org.slf4j;version="[1.7.0,2.0.0)"