Downgrade SSHD to 0.9.0-4-g5967cfd
Since there is no official 0.9.1 release of the SSHD yet, the
0.9.0-4-g5967cfd version was built from the 0.9.x branch and uploaded to
the Google cloud storage.
This change reverts the following Gerrit commits:
3d9c70c SSHD: Update to 0.13.0
52e4e0c Bump SSHD Mina version to 2.0.8
3921163 Don't use deprecated PGPPublicKeyRingCollection constructor
13452f4 Bump Bouncycastle version to 1.51
5f7d5a7 Update EncryptedContactStore to not use deprecated/removed methods
f69698c Update SSHD to 0.11.1-atlassian-1
67c38c8 Added global request handlers to SshDaemon
c31e17f Update sshd to 0.11.0
b9c66ea Bump SSHD version to 0.10.1 and enable nio2 backend
The reason for the downgrade (copied from the change 60161):
SSHD release 0.9 is known to be free from exhausting thread pool problem
[1]. Unfortunately 0.9 release suffers from sporadic handshake failures
[2]. The fix cannot be cleanly cherry-picked to 0.9 release. The back
port of this fix [3] is tracked under its own issue [4], was uploaded as
PR for SSHD Mina's GH repository [5] and merged recently [6].
Moreover, 0.9 suffers from "Authenticated with partial success" issue
[7]
that was fixed by [8], [9]; this patch must be applied as well.
This reverts commit dc7318b8eeda15732d4d2865fc5a7a0a68b3be15.
[1] https://issues.apache.org/jira/browse/SSHD-348
[2] https://issues.apache.org/jira/browse/SSHD-330
[3] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\
h=2aed686bdb21681a421033c6ee5997e5cd8a9a83
[4] https://issues.apache.org/jira/browse/SSHD-356
[5] https://github.com/apache/mina-sshd/pull/7
[6] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\
h=cc7162acf7ca89561ca57a9c68de735f17bf168b
[7] https://issues.apache.org/jira/browse/SSHD-254
[8] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\
h=28a8ae258b08c6b41ab64ac25f2331168dc0415a
[9] https://gerrit-review.googlesource.com/51516
Change-Id: I889fb02c2cb1aa5df2cf8dcabace086f5094a914
diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt
index dcc3df3..95d5283 100644
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@@ -2696,14 +2696,6 @@
[[sshd]]
=== Section sshd
-[[sshd.backend]]sshd.backend::
-+
-Starting from version 0.9.0 Apache SSHD project added support for NIO2
-IoSession. To use the new NIO2 session the `backend` option must be set
-to `NIO2`.
-+
-By default, `MINA`.
-
[[sshd.listenAddress]]sshd.listenAddress::
+
Specifies the local addresses the internal SSHD should listen
diff --git a/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config b/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
index 16bceee..b5e702f 100644
--- a/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
+++ b/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
@@ -15,16 +15,16 @@
# Version should match lib/bouncycastle/BUCK
[library "bouncyCastleProvider"]
- name = Bouncy Castle Crypto Provider v151
- url = http://www.bouncycastle.org/download/bcprov-jdk15on-151.jar
- sha1 = 9ab8afcc2842d5ef06eb775a0a2b12783b99aa80
+ name = Bouncy Castle Crypto Provider v149
+ url = http://www.bouncycastle.org/download/bcprov-jdk15on-149.jar
+ sha1 = f5155f04330459104b79923274db5060c1057b99
remove = bcprov-.*[.]jar
# Version should match lib/bouncycastle/BUCK
[library "bouncyCastleSSL"]
- name = Bouncy Castle Crypto SSL v151
- url = http://www.bouncycastle.org/download/bcpkix-jdk15on-151.jar
- sha1 = 6c8c1f61bf27a09f9b1a8abc201523669bba9597
+ name = Bouncy Castle Crypto SSL v149
+ url = http://www.bouncycastle.org/download/bcpkix-jdk15on-149.jar
+ sha1 = 924cc7ad2f589630c97b918f044296ebf1bb6855
needs = bouncyCastleProvider
remove = bcpkix-.*[.]jar
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java b/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java
index d82180d..8c1fdb6 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java
@@ -38,9 +38,6 @@
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPUtil;
-import org.bouncycastle.openpgp.bc.BcPGPPublicKeyRingCollection;
-import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder;
-import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -114,7 +111,7 @@
private static PGPPublicKeyRingCollection readPubRing(final File pub) {
try (InputStream fin = new FileInputStream(pub);
InputStream in = PGPUtil.getDecoderStream(fin)) {
- return new BcPGPPublicKeyRingCollection(in);
+ return new PGPPublicKeyRingCollection(in);
} catch (IOException e) {
throw new ProvisionException("Cannot read " + pub, e);
} catch (PGPException e) {
@@ -170,16 +167,12 @@
}
}
+ @SuppressWarnings("deprecation")
private final PGPEncryptedDataGenerator cpk()
throws NoSuchProviderException, PGPException {
- final BcPGPDataEncryptorBuilder builder =
- new BcPGPDataEncryptorBuilder(PGPEncryptedData.CAST5)
- .setSecureRandom(prng);
PGPEncryptedDataGenerator cpk =
- new PGPEncryptedDataGenerator(builder, true);
- final BcPublicKeyKeyEncryptionMethodGenerator methodGenerator =
- new BcPublicKeyKeyEncryptionMethodGenerator(dest);
- cpk.addMethod(methodGenerator);
+ new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, true, prng, "BC");
+ cpk.addMethod(dest);
return cpk;
}
diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
index 92ab653..ba54655 100644
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
@@ -45,7 +45,6 @@
import org.apache.sshd.common.KeyExchange;
import org.apache.sshd.common.KeyPairProvider;
import org.apache.sshd.common.NamedFactory;
-import org.apache.sshd.common.RequestHandler;
import org.apache.sshd.common.Session;
import org.apache.sshd.common.Signature;
import org.apache.sshd.common.SshdSocketAddress;
@@ -68,11 +67,10 @@
import org.apache.sshd.common.future.CloseFuture;
import org.apache.sshd.common.future.SshFutureListener;
import org.apache.sshd.common.io.IoAcceptor;
-import org.apache.sshd.common.io.IoServiceFactoryFactory;
+import org.apache.sshd.common.io.IoServiceFactory;
import org.apache.sshd.common.io.IoSession;
-import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
+import org.apache.sshd.common.io.mina.MinaServiceFactory;
import org.apache.sshd.common.io.mina.MinaSession;
-import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
import org.apache.sshd.common.mac.HMACMD5;
import org.apache.sshd.common.mac.HMACMD596;
import org.apache.sshd.common.mac.HMACSHA1;
@@ -81,7 +79,6 @@
import org.apache.sshd.common.random.JceRandom;
import org.apache.sshd.common.random.SingletonRandomFactory;
import org.apache.sshd.common.session.AbstractSession;
-import org.apache.sshd.common.session.ConnectionService;
import org.apache.sshd.common.signature.SignatureDSA;
import org.apache.sshd.common.signature.SignatureRSA;
import org.apache.sshd.common.util.Buffer;
@@ -94,10 +91,6 @@
import org.apache.sshd.server.auth.gss.GSSAuthenticator;
import org.apache.sshd.server.auth.gss.UserAuthGSS;
import org.apache.sshd.server.channel.ChannelSession;
-import org.apache.sshd.server.global.CancelTcpipForwardHandler;
-import org.apache.sshd.server.global.KeepAliveHandler;
-import org.apache.sshd.server.global.NoMoreSessionsHandler;
-import org.apache.sshd.server.global.TcpipForwardHandler;
import org.apache.sshd.server.kex.DHG1;
import org.apache.sshd.server.kex.DHG14;
import org.apache.sshd.server.session.SessionFactory;
@@ -200,13 +193,8 @@
final String kerberosPrincipal = cfg.getString(
"sshd", null, "kerberosPrincipal");
- SshSessionBackend backend = cfg.getEnum(
- "sshd", null, "backend", SshSessionBackend.MINA);
-
- System.setProperty(IoServiceFactoryFactory.class.getName(),
- backend == SshSessionBackend.MINA
- ? MinaServiceFactoryFactory.class.getName()
- : Nio2ServiceFactoryFactory.class.getName());
+ System.setProperty(IoServiceFactory.class.getName(),
+ MinaServiceFactory.class.getName());
if (SecurityUtils.isBouncyCastleRegistered()) {
initProviderBouncyCastle();
@@ -263,12 +251,6 @@
return new GerritServerSession(server, ioSession);
}
});
- setGlobalRequestHandlers(Arrays.<RequestHandler<ConnectionService>> asList(
- new KeepAliveHandler(),
- new NoMoreSessionsHandler(),
- new TcpipForwardHandler(),
- new CancelTcpipForwardHandler()
- ));
hostKeys = computeHostKeys();
}
@@ -318,10 +300,8 @@
public synchronized void stop() {
if (acceptor != null) {
try {
- acceptor.close(true).await();
+ acceptor.dispose();
log.info("Stopped Gerrit SSHD");
- } catch (InterruptedException e) {
- log.warn("Exception caught while closing", e);
} finally {
acceptor = null;
}
@@ -607,11 +587,6 @@
@Override
public SshFile getFile(String file) {
return null;
- }
-
- @Override
- public FileSystemView getNormalizedView() {
- return null;
}};
}
});
diff --git a/lib/bouncycastle/BUCK b/lib/bouncycastle/BUCK
index d1ec48d..99f960e 100644
--- a/lib/bouncycastle/BUCK
+++ b/lib/bouncycastle/BUCK
@@ -2,19 +2,19 @@
# This version must match the version that also appears in
# gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
-VERSION = '1.51'
+VERSION = '1.49'
maven_jar(
name = 'bcprov',
id = 'org.bouncycastle:bcprov-jdk15on:' + VERSION,
- sha1 = '9ab8afcc2842d5ef06eb775a0a2b12783b99aa80',
+ sha1 = 'f5155f04330459104b79923274db5060c1057b99',
license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
)
maven_jar(
name = 'bcpg',
id = 'org.bouncycastle:bcpg-jdk15on:' + VERSION,
- sha1 = 'b5fa4c280dfbf8bf7c260bc1e78044c7a1de5133',
+ sha1 = '081d84be5b125e1997ab0e2244d1a2276b5de76c',
license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
deps = [':bcprov'],
)
@@ -22,7 +22,7 @@
maven_jar(
name = 'bcpkix',
id = 'org.bouncycastle:bcpkix-jdk15on:' + VERSION,
- sha1 = '6c8c1f61bf27a09f9b1a8abc201523669bba9597',
+ sha1 = '924cc7ad2f589630c97b918f044296ebf1bb6855',
license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
deps = [':bcprov'],
)
diff --git a/lib/mina/BUCK b/lib/mina/BUCK
index 5c51d3a..ff1df5a 100644
--- a/lib/mina/BUCK
+++ b/lib/mina/BUCK
@@ -8,17 +8,18 @@
maven_jar(
name = 'sshd',
- id = 'org.apache.sshd:sshd-core:0.13.0',
- sha1 = 'c616c5865cc55473c6d63c6fcf46e60d382be172',
+ id = 'org.apache.sshd:sshd-core:0.9.0-4-g5967cfd',
+ sha1 = '8f4b6f7ebc54655dc7d25a77665cf51f2b1288b2',
license = 'Apache2.0',
deps = [':core'],
exclude = EXCLUDE,
+ repository = GERRIT,
)
maven_jar(
name = 'core',
- id = 'org.apache.mina:mina-core:2.0.8',
- sha1 = 'd6ff69fa049aeaecdf0c04cafbb1ab53b7487883',
+ id = 'org.apache.mina:mina-core:2.0.7',
+ sha1 = 'c878e2aa82de748474a624ec3933e4604e446dec',
license = 'Apache2.0',
exclude = EXCLUDE,
)
