Re-enable DSA, DSA_CERT, and RSA_CERT public key authentication.
DSA is discouraged for a long time already, but it might still be
way too disruptive to completely drop it. RSA is discouraged for
far less long, and dropping that would be really disruptive.
Adapt to the changed property handling. Remove work-arounds for
shortcomings of earlier sshd versions.
Use Orbit I20210203173513, which includes sshd 2.6.0. This also bumps
apache.httpclient to 4.5.13 and apache.httpcore to 4.4.14.
Change-Id: I2d24a1ce4cc9f616a94bb5c4bdaedbf20dc6638e
Signed-off-by: David Ostrovsky <david@ostrovsky.org>
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Upgrade wagon-ssh to 3.4.2 in all pom files, thus align
maven-site-plugin versions to 3.9.1 across as well, consistently.
Change-Id: I38f7a6ded3517d1b116169dee1c12deb86eed3a1
Signed-off-by: Marco Miller <marco.miller@ericsson.com>
Instead provide them only in the p2 repository. This way they are
available when installing from the jgit p2 repository but we are not
enforcing the version we bring but can also use the version available in
Eclipse if it matches our requirements.
Bug: 514326
Bug: 566475
Change-Id: I3e8d0bad12cfb0c1003ade3e6f13e9af35626f14
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
- replace target platform for 4.17 staging with final release
- add target platform for Eclipse 4.18 (2020-12)
Change-Id: I4fb60cc346e275b755bba8d32b1964c2673fb615
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
and update
- org.apache.ant to 1.10.9.v20201106-1946
- org.slf4j.binding.log4j12 to 1.7.30.v20201108-2042
Change-Id: Id15d14dea3a61dabde974c3ea9332d47fb19f4d9
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* stable-5.9:
Upgrade maven-resources-plugin to 3.2.0
Upgrade plexus-compiler version to 2.8.8
[bazel] Add missing dependency to slf4j-api
[errorprone] DirCacheEntry: make clear operator precedence
[errorprone] PackWriter#parallelDeltaSearch: avoid suppressed exception
[errorprone] Declare DirCache#version final
Add jgit-4.17-staging target platform for 2020-09
Update target platform to R20200831200620
Signed-off-by: Marco Miller <marco.miller@ericsson.com>
Change-Id: I2e2f41cf6ebbcb45b8978b519db3f1c8f7afb5f4
and update to new Orbit version of the following libraries
- org.apache.commons.codec to 1.14.0.v20200818-1422
- org.apache.httpcomponents.httpclient to 4.5.10.v20200830-2311
- org.bouncycastle.bcpg [1.65.0.v20200527-1955
- org.bouncycastle.bcpkix [1.65.0.v20200527-1955
- org.bouncycastle.bcprov [1.65.1.v20200529-1514
Fix minor issues in target platforms and rename 4.16-staging to 4.16
since that version was released already.
Change-Id: Ifea2600e445e783807a5d94ea23ac3c6550956b5
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
- new jsch and gpg.bc fragments need to be included in their features
as fragments and require only the jgit bundle (not the jgit feature)
- feature org.eclipse.jgit should no longer include bouncycastle
- add missing url for gpg.bc feature in category.xml
- don't mark features as patch features
Change-Id: I4a46e3fed319221a704b754347a6798b4b199fe4
This includes org.bouncycastle.bcprov 1.65.1 in the p2 repository.
Leave the maven and bazel dependencies for Bouncy Castle at 1.65.
Change-Id: I1fb39bd79e7339315f64f8b5dda89cb81dd035af
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
As discussed in the bug, jgit should not include a logging
implementation, and instead rely on the product containing jgit to
configure the logging.
We have recently run into the situation, that installing egit in a (non
eclipse.org) RCP application breaks all the logging due to incompatible
logging implementations. Removal of the jgit logging implementation
should fix this.
Following further changes have been done for jgit command line:
* added log4j.properties to binary build of jgit.pgm. That file existed
in the git repository, but was not included in the eclipse binary build.
(maybe it is in the bazel build)
* removed apache.commons.logging package import from jgit.pgm. That
import is not used, and makes the logging even more confusing.
Bug: 514326
Change-Id: I6dc7d1462f0acfca9e2b1ac87e705617179ffdda
Signed-off-by: Michael Keppler <Michael.Keppler@gmx.de>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Motivation: JSch serves as 'default' implementations of the SSH
transport. If a client application does not use it then there is no need
to pull in this dependency.
Move the classes depending on JSch to an OSGi fragment extending the
org.eclipse.jgit bundle and keep them in the same package as before
since moving them to another package would break API. Defer moving them
to a separate package to the next major release.
Add a new feature org.eclipse.jgit.ssh.jsch feature to enable
installation. With that users can now decide which of the ssh client
integrations (JCraft JSch or Apache Mina SSHD) they want to install.
We will remove the JCraft JSch integration in a later step due to the
reasons discussed in bug 520927.
Bug: 553625
Change-Id: I5979c8a9dbbe878a2e8ac0fbfde7230059d74dc2
Also-by: Michael Dardis <git@md-5.net>
Signed-off-by: Michael Dardis <git@md-5.net>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Signed-off-by: David Ostrovsky <david@ostrovsky.org>
Motivation: BouncyCastle serves as 'default' implementation of
the GPG Signer. If a client application does not use it there is no need
to pull in this dependency, especially since BouncyCastle is a large
library.
Move the classes depending on BouncyCastle to an OSGi fragment extending
the org.eclipse.jgit bundle. They are moved to a distinct internal
package in order to avoid split packages. This doesn't break public API
since these classes were already in an internal package before this
change.
Add a new feature org.eclipse.jgit.gpg.bc to enable installation. With
that users can now decide if they want to install it.
Attempts to sign a commit if org.eclipse.jgit.gpg.bc isn't available
will result in ServiceUnavailableException being thrown.
Bug: 559106
Change-Id: I42fd6c00002e17aa9a7be96ae434b538ea86ccf8
Also-by: Michael Dardis <git@md-5.net>
Signed-off-by: Michael Dardis <git@md-5.net>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Signed-off-by: David Ostrovsky <david@ostrovsky.org>