Update target platforms, maven and bazel builds to use sshd 2.2.0.
Adapt internal classes to changed sshd interfaces and remove previous
work-arounds for asking repeatedly for key passwords and for loading
keys lazily; both are now done by sshd.
CQ: 19034
CQ: 19035
Bug: 541425
Change-Id: I85e1df6ebb8a94953a912d9b2b8a7b5bdfbd608a
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Same version as used in the latest Eclipse platform. Updating the
JGit target platform results in the new JSch version being included
in the JGit feature in the p2 repo, and thus ultimately in the EGit
update site.
CQ: 19588
Bug: 546130
Change-Id: Id7e4318096f6f29dc4573e15542abdf54582af34
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Update
- org.apache.httpcomponents.httpcore to 4.4.10.v20190123-2214
- org.apache.httpcomponents.httpclient.source to 4.5.6.v20190123-2215
- org.bouncycastle.bcpg to 1.60.0.v20181210-2057
- org.bouncycastle.pkix to 1.60.0.v20181210-2057
- org.bouncycastle.prov to 1.60.0.v20181210-2057
Change-Id: I132b6686aa29b2a76cc529f7cae34115604c754d
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
This also includes a change to generating the jgit CLI jar. Shading is
no longer possible because it breaks the signature of BouncyCastle.
Instead, the Spring Boot Loader Maven plug-in is now used to generate an
executable jar.
Bug: 382212
Change-Id: I35ee3d4b06d9d479475ab2e51b29bed49661bbdc
Also-by: Gunnar Wagenknecht <gunnar@wagenknecht.org>
Signed-off-by: Gunnar Wagenknecht <gunnar@wagenknecht.org>
Signed-off-by: Medha Bhargav Prabhala <mprabhala@salesforce.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Update
- orb.eclipse.jdt:ecj to 3.16.0
- plexus-compiler-eclipse to 2.8.5
Change-Id: I56d6d57c4c49646a9c98d2d1ca01b1b1d92280cf
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Configure Maven build to capture test coverage using jacoco.
Add new org.eclipse.jgit.coverage Maven module to aggregate
jacoco test coverage results and generate test coverage HTML report at
org.eclipse.jgit.coverage/target/site/jacoco-aggregate/index.html
See https://www.eclemma.org/jacoco/trunk/doc/maven.html
Change-Id: Iaeec4033e448ebc16965c05ab54109c4155a307a
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
With the upcoming Eclipse release 2018-12 a new version of Tycho has
been released. Upgrade the Tycho related build steps to the new version
in the Maven build.
Change-Id: Ifff186a9f97ed9faf70f15b20396724b0c9e801c
Signed-off-by: Michael Keppler <Michael.Keppler@gmx.de>
The jgit-last-release-version is used by japicmp as baseline.
Change-Id: If56cc1785b61c92c9a05c8c29c6cb62001e89218
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
In the original contribution of this bundle, japicmp was disabled
as no previous version to compare against existed. Enable it now.
Update the version to compare against to 5.2.0.201812061821-r.
Change-Id: I42f812befde2d0d98db5f87e05230b51af244ae6
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* committer:
Update list of committers
Add new ssh bundles to Maven central scripts
Update maven site reports
Prepare 5.2.1-SNAPSHOT builds
JGit v5.2.0.201812061821-r
Update Orbit to R20181128170323 for 2018-12
Change-Id: I97c6ce5f0c963bfab4d45462f555563d9c5bbe8a
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
- update name of reports which changed name in
maven-project-info-reports-plugin 3.0.0
- add dependency-covergence report
- add dependency-management report
- add index report
- add summary report
Change-Id: I6d406ecd9e082d96b2bd250704d5ca18e7c8f735
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
to consume fix for vulnerability [1] in Apache commons compress which is
fixed in version 1.18.
[1] https://nvd.nist.gov/vuln/detail/CVE-2018-1324
CQ: 18320
Change-Id: I39b1d815e5b8e0208600afafe7a72bb603d04fb8
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Create the bundle and move the SshTestGitServer there. Verified that
the Eclipse build still works and ran JSchSshTest and ApacheSshTest as
junit tests inside Eclipse.
Update maven build and features to account for that. Verified by
running full maven build including packaging.
Update bazel build files to account for that. Verified by a
clean-slate bazel build :all, followed by running the JSchSshTest
and the ApacheSshTest via bazel.
Change-Id: Ia084942f4425b454529de148e00417e7da786a90
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Add a new ssh client implementation based on Apach MINA sshd 2.0.0.
This implementation uses JGit's own config file parser and host entry
resolver. Code inspection of the Apache MINA implementation revealed
a few bugs or idiosyncrasies that immediately would re-introduce bugs
already fixed in the past in JGit.
Apache MINA sshd is not without quirks either, and I had to configure
and override more than I had expected. But at least it was all doable
in clean ways.
Apache MINA boasts support for Bouncy Castle, so in theory this should
open the way to using more ssh key algorithms, such as ed25519.
The implementation is in a separate bundle and is still not used in
the core org.eclipse.jgit bundle. The tests re-use the ssh tests from
the core test bundle.
Bug: 520927
Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Add a simple ssh git server based on Apache MINA sshd, and use it
in new tests that verify ssh operations and in particular a number
of bugs that had cropped up over time in JSch.
The git server supports fetching only, and sftp access.
The tests are all in an abstract base class; the concrete JschSshTest
class only provides ssh-specific test setup. So the same tests could
be run easily also with some other ssh client.
Bug: 520927
Change-Id: Ide6687b717fb497a29fc83f22b07390a26dfce1d
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
The version of maven-surefire-report-plugin was controlled by a project
property, but the maven-surefire-plugin version was set explicitly.
Rename maven-surefire-report-plugin-version to maven-surefire-version,
and use the same property for both plugins' versions.
Change-Id: Ib2aea36f3db969cd038c071d0cd35f9056642518
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
Any additional statements after the statement that is expected to
throw will never be executed in a passing test. This can lead to
inappropriately passing tests where later incorrect assertions are
skipped by the thrown exception. See [1] for examples.
There are no cases of this in the code base, but by enabling the
checker with severity ERROR we can ensure that we don't overlook
any future misuse of ExpectedException.
[1] http://errorprone.info/bugpattern/ExpectedExceptionChecker
Change-Id: I266d4f73f6075bfc1e39fa3d8aee7dee96db61b9
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
The same errors are suppressed when generating javadoc.
Suppress the errors during site generation.
Change-Id: I83bd1c10e5de82f47c351e7edf2c9230be4b1f21
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Zip Slip [1] is an arbitrary file write generic vulnerability, that can
be achieved using a specially crafted zip (or bzip2, gzip, tar, xz, war)
archive, that holds path traversal filenames.
According to Maven's announcement [2] several plugins use plexus-archiver to
unpack dependencies to disk and have been identified as potential triggers
for exposing the vulnerability.
Of those, JGit uses the maven-dependency-plugin and the maven-javadoc-plugin.
Update them to the fixed versions reported in [2].
See the corresponding issues for the maven-dependency-plugin [3] and the
maven-javadoc-plugin [4] for details.
[1] https://snyk.io/research/zip-slip-vulnerability
[2] https://maven.apache.org/security-plexus-archiver.html
[3] https://issues.apache.org/jira/browse/MDEP-611
[4] https://issues.apache.org/jira/browse/MJAVADOC-520
Change-Id: Id3ab2d6161db240f2ab8f82298fa3ecd7a930a43
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
Found instructions for configuring maven-compiler-plugin with ecj in
[1]. Verified that ecj run in this way raises build errors when executed
on commit d3ef5213.
Define profiles "ecj" for using Eclipse compiler and "javac" for using
javac including errorprone. By default ecj will be used.
use ecj:
$ mvn -Pecj clean install
use javac:
$ mvn -Pjavac clean install
TODO: find out how to run ecj with errorprone from Maven.
[1] https://stackoverflow.com/questions/33164976/using-eclipse-java-compiler-ecj-in-maven-builds
Change-Id: I716b603b57612b953e603387c82fd01eb1b5ca97
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
and plexus-compiler-javac-errorprone to 2.8.4.
Change-Id: I36487ce53e70b54d7a04292e666540224c107b43
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
The upgrade was already done 3 weeks ago, this version number was
missing, however.
Change-Id: Ibc794ba8035c46ea2160925b344ded5714b7c987
Signed-off-by: Michael Keppler <Michael.Keppler@gmx.de>
Also update xz to 1.6 as this is the version commons-compress 1.15
wants. Since xz 1.6 is an optional dependency for commons-compress we
need to add a non-optional dependency to xz for
org.eclipse.jgit.pgm.test since one of the tests explicitly requires xz.
Related change adding commons-compress to Orbit:
https://git.eclipse.org/r/#/c/115366/
CQ: 15356
CQ: 15360
Change-Id: I0d61c71bc541cc30464a0fff93775b079dd3ba88
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
com.jcraft.jsch requires com.jcraft.jzlib to provide optional zlib
packet compression support. Add this library so that jgit can handle
packet compression.
CQ: 15292
Bug: 529129
Change-Id: I0297bd0488753547a5f5d47dbf0db508a79dd265
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
This prepares builds on Java 9 [1].
The maven 2 tag "prerequisites" is not honored by maven 3
hence use maven-enforcer-plugin to enforce the minimum
maven version.
[1] https://issues.apache.org/jira/browse/MNG-6148
Change-Id: I57f5051a0641b1bd21f9f888f1a17d8f98e879e5
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
This profile isn't needed any longer since we require Java 8 as minimum
version.
Change-Id: I8a37eaf874473ff4004b9c074a810dddebde54c8
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
This version seems to be much stricter and reports a lot more errors
in the javadoc formatting.
Disable failOnError to prevent the build from failing due to these
newly reported problems. These should be fixed in a follow-up commit.
Change-Id: Ia403cbedf72cfe8bdaf09f30e42e3bf96084ae52
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
- error_prone_core to 2.1.1
- maven-compiler-plugin to 3.6.2
- plexus-compiler-javac{-error-prone} to 2.8.2
Change-Id: I20d864c869f2d03f623ea054b6d08e7ee0eb262a
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
SpotBugs [1] is the spiritual successor of FindBugs, carrying on from
the point where it left off with support of its community.
[1] http://spotbugs.readthedocs.io/
Change-Id: I127f2c54b04265b6565e780116617ffa8a4d7eaf
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
* Adapt to API removals in jetty 9.4+
* Manifests changed to restrict jetty to [9.4.5,10.0.0)
Bug: 514336
Bug: 516514
Change-Id: Ifcfd968084dfa6db0ae07cf541d33a6cdedc1ee2
Signed-off-by: Mat Booth <mat.booth@redhat.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Maven version 3.3.1 is the minimum required version as reported
by running:
mvn versions:display-plugin-updates
Change-Id: I9514013dcffa6cb945496515c3eb4894c9043d7b
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
- japicmp-maven-plugin to 0.8.1
- maven-surefire-plugin to 2.20
- maven-surefire-report-plugin to 2.20
- tycho-extras to 1.0.0
Change-Id: Iecc9a5aeb7811a8ecc8198c8836a4a739be3cc08
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
We detect API changes during the Maven build using japicmp. Update the
reference version to the latest minor version 4.7.0.201704051617-r.
Change-Id: Iab354fbf745cdfe44f71ce0bb64bb838b8bcd57d
Silence the many duplicate code warnings for this generated class.
Change-Id: I3ecb0f986c809dad962b821c5de7cf18865642d3
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* stable-4.6:
Update Jetty to 9.3.17.v20170317
Revert "Update Jetty to 9.4.1.v20170120 in buck build"
Revert "Update Jetty to 9.4.1.v20170120"
Change-Id: I9193b568cce9c72da899a8f3eaaf833956438e13
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Update to the latest 9.3 version until we have a solution for bug 514336
we face with 9.4.x versions.
Change-Id: I6d8d476abe8677ce865a08099bb77330effc700a
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
We detect API changes during the Maven build using japicmp. Update the
reference version to the latest minor version 4.6.0.
Change-Id: I70f65f4a0680671612f21ee1afac7f7ef0152cbb
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
We updated the version we use for packaging the p2 repository in
efbecb97 but missed to update the version we compile against in the
Maven build.
Bug: 513354
Change-Id: I49afd89b43cfd8735568a86ef273723909d694a3
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
MappedLoginService is no longer available in Jetty 9.4 therefore base
TestLoginService on AbstractLoginService.
Apparently Jetty now uses slf4j hence adapt RecordingLogger accordingly
so we can log error messages containing slf4j style formatting anchors
"{}".
Change-Id: Ibb36aba8782882936849b6102001a88b699bb65c
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
(cherry picked from commit 5e8e2179b2)
MappedLoginService is no longer available in Jetty 9.4 therefore base
TestLoginService on AbstractLoginService.
Apparently Jetty now uses slf4j hence adapt RecordingLogger accordingly
so we can log error messages containing slf4j style formatting anchors
"{}".
Change-Id: Ibb36aba8782882936849b6102001a88b699bb65c
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
In one place version 3.0.4 is used, and in another place 3.0.3 is
used.
Define the version (3.0.4) in a property and use that in both places,
so it doesn't get inconsistent again next time the version is bumped.
Change-Id: If3a2489cec78c0c9ef76aa6b941fda51b098e04b
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>