In upcoming Bazel release 5.0 resource_jars attribute was removed: [1].
Replace resource_jars with runtime_deps as recommended in the release
notes.
[1] https://github.com/bazelbuild/bazel/issues/13221
Change-Id: Iab834d647cf63259ca182adc1f862b6001db0cce
update
- org.apache.commons.compress to 1.20.0.v20210713-192
- org.bouncycastle.bcpg to 1.69.0.v20210713-1924
- org.bouncycastle.bcpkix to 1.69.0.v20210713-1924
- org.bouncycastle.bcprov to 1.69.0.v20210713-1924
- add org.bouncycastle.bcutil 1.69.0.v20210713-1924
In bazel build don't expose bouncycastle to org.eclipse.jgit since it's
not used there anymore since code depending on bouncycastle was moved to
org.eclipse.jgit.gpg.bc.
CQ: 21771
CQ: 23471
CQ: 23472
CQ: 23473
CQ: 23474
Change-Id: Id3d94c00c39bbc57e3f49a61150841249dc3985c
The gpg-agent stores secret keys in individual files in the secret
key directory private-keys-v1.d. The files have the key's keygrip
(in upper case) as name and extension ".key".
A keygrip is a SHA1 hash over the parameters of the public key. By
computing this keygrip, we can pre-compute the expected file name and
then check only that one file instead of having to iterate over all
keys stored in that directory.
This file naming scheme is actually an implementation detail of
gpg-agent. It is unlikely to change, though. The keygrip itself is
computed via libgcrypt and will remain stable according to the GPG
main author.[1]
Add an implementation for calculating the keygrip and include tests.
Do not iterate over files in BouncyCastleGpgKeyLocator but only check
the single file identified by the keygrip.
Ideally upstream BouncyCastle would provide such a getKeyGrip() method.
But as it re-builds GPG and libgcrypt internals, it's doubtful it would
be included there, and since BouncyCastle even lacks a number of curve
OIDs for ed25519/curve25519 and uses the short-Weierstrass parameters
instead of the more common Montgomery parameters, including it there
might be quite a bit of work.
[1] http://gnupg.10057.n7.nabble.com/GnuPG-2-1-x-and-2-2-x-keyring-formats-tp54146p54154.html
Bug: 547536
Change-Id: I30022a0e7b33b1bf35aec1222f84591f0c30ddfd
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Motivation: BouncyCastle serves as 'default' implementation of
the GPG Signer. If a client application does not use it there is no need
to pull in this dependency, especially since BouncyCastle is a large
library.
Move the classes depending on BouncyCastle to an OSGi fragment extending
the org.eclipse.jgit bundle. They are moved to a distinct internal
package in order to avoid split packages. This doesn't break public API
since these classes were already in an internal package before this
change.
Add a new feature org.eclipse.jgit.gpg.bc to enable installation. With
that users can now decide if they want to install it.
Attempts to sign a commit if org.eclipse.jgit.gpg.bc isn't available
will result in ServiceUnavailableException being thrown.
Bug: 559106
Change-Id: I42fd6c00002e17aa9a7be96ae434b538ea86ccf8
Also-by: Michael Dardis <git@md-5.net>
Signed-off-by: Michael Dardis <git@md-5.net>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Signed-off-by: David Ostrovsky <david@ostrovsky.org>
David Ostrovsky