the-distro/nix-gerrit
2
1
Fork 1
Code Issues Pull requests 2 Packages Projects Releases Wiki Activity

gerrit: bump sshd to 2.14.0

Browse source 
This brings back support for wrapped hardware security token backed keys
without breaking connection to it via 'incorrect signature'.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
This commit is contained in:
raito 2024-12-15 17:01:47 +01:00
parent c011f670b3
commit ba2690c950
4 changed files with 67 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
gerrit/bump-sshd-to-2_14_0.patch Normal file
View file

@ -0,0 +1,61 @@
From adbaba47b11683ebddd80e774b984a1c96fb5048 Mon Sep 17 00:00:00 2001
From: Nasser Grainawi <nasser.grainawi@linaro.org>
Date: Tue, 13 Aug 2024 14:01:45 -0700
Subject: [PATCH] Bump SSHD to 2.14.0
This fixes an 'incorrect signature' error when trying to use the keys
generated by SSHD during server init with an OpenSSH client.
Gerrit had downgraded to 2.12.0 from 2.13.1 due to this issue.
This also includes a few other changes since 2.13.2:
* GH-524 Performance improvements
* GH-533 Fix multi-step authentication
* GH-582 Fix filtering in NamedFactory
* GH-587 Prevent NullPointerExceptionon closed channel in NettyIoSession
* GH-590 Better support for FIPS
* GH-597 Pass on Charset in ClientSession.executeRemoteCommand()
https://github.com/apache/mina-sshd/releases/tag/sshd-2.14.0
Release-Notes: Bump SSHD to 2.14.0
Change-Id: Id71702e952f285678775000d21de15e3cbda09c5
---
tools/nongoogle.bzl | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/nongoogle.bzl b/tools/nongoogle.bzl
index 91caf313e013..39697be36465 100644
--- a/tools/nongoogle.bzl
+++ b/tools/nongoogle.bzl
@@ -137,18 +137,18 @@ def declare_nongoogle_deps():
sha1 = "cb2f351bf4463751201f43bb99865235d5ba07ca",
)
- SSHD_VERS = "2.12.0"
+ SSHD_VERS = "2.14.0"
maven_jar(
name = "sshd-osgi",
artifact = "org.apache.sshd:sshd-osgi:" + SSHD_VERS,
- sha1 = "32b8de1cbb722ba75bdf9898e0c41d42af00ce57",
+ sha1 = "6ef66228a088f8ac1383b2ff28f3102f80ebc01a",
)
maven_jar(
name = "sshd-sftp",
artifact = "org.apache.sshd:sshd-sftp:" + SSHD_VERS,
- sha1 = "0f96f00a07b186ea62838a6a4122e8f4cad44df6",
+ sha1 = "c070ac920e72023ae9ab0a3f3a866bece284b470",
)
maven_jar(
@@ -166,7 +166,7 @@ def declare_nongoogle_deps():
maven_jar(
name = "sshd-mina",
artifact = "org.apache.sshd:sshd-mina:" + SSHD_VERS,
- sha1 = "8b202f7d4c0d7b714fd0c93a1352af52aa031149",
+ sha1 = "05e1293af53a196ac3c5a4b01dd88985e8672e9e",
)
maven_jar(

6
gerrit/default.nix
View file

@ -38,15 +38,15 @@ in
find "$dir" -name .git -print0 | xargs -0 rm -rf find "$dir" -name .git -print0 | xargs -0 rm -rf
''; '';
}); });
depsHash = "sha256-Pq04IfyYnEYDbvnv3P8SDp3ONPYS8r3dipV5wwRaudM="; depsHash = "sha256-W2lbytrDZP5PqdO+cG3LZvEP2vVj8c+XA1hnptML2uc=";
patches = [ patches = [
./0001-Syntax-highlight-nix.patch ./0001-Syntax-highlight-nix.patch
./0002-Syntax-highlight-rules.pl.patch ./0002-Syntax-highlight-rules.pl.patch
./0003-Add-titles-to-CLs-over-HTTP.patch ./0003-Add-titles-to-CLs-over-HTTP.patch
./gerrit-cl-431977-bump-sshd.patch # sshd: 2.14.0
./gerrit-cl-431977-part-2-bump-bouncycastle.patch ./bump-sshd-to-2_14_0.patch
]; ];
nativeBuildInputs = [ nativeBuildInputs = [

2
plugins/metrics-reporter-prometheus/default.nix
View file

@ -11,7 +11,7 @@ buildGerritBazelPlugin rec {
rev = "f2ee1de665281596ae300144243fcf94bf6f1f7d"; rev = "f2ee1de665281596ae300144243fcf94bf6f1f7d";
hash = "sha256-iUFzSXKIKBdZBZMpZiejkEEXXI20wTJQRYkufc/YjOM="; hash = "sha256-iUFzSXKIKBdZBZMpZiejkEEXXI20wTJQRYkufc/YjOM=";
}; };
depsHash = "sha256-95JXlLwyxgMPk9z/weZWCdxAabasv6hHVdPPIfFq5ks="; depsHash = "sha256-eKm2RJ7KO1cSh7+27iZQubkB64Sjs7+5VCXj99JKGkI=";
postOverlayPlugin = '' postOverlayPlugin = ''
cp "${src}/external_plugin_deps.bzl" "$out/plugins/external_plugin_deps.bzl" cp "${src}/external_plugin_deps.bzl" "$out/plugins/external_plugin_deps.bzl"
''; '';

4
plugins/oauth/default.nix
View file

@ -1,7 +1,7 @@
# SPDX-FileCopyrightText: 2024 The nix-gerrit Authors <git@lukegb.com> # SPDX-FileCopyrightText: 2024 The nix-gerrit Authors <git@lukegb.com>
# SPDX-License-Identifier: MIT # SPDX-License-Identifier: MIT
{ buildGerritBazelPlugin, fetchgit, lib }: { buildGerritBazelPlugin, fetchgit }:
buildGerritBazelPlugin rec { buildGerritBazelPlugin rec {
name = "oauth"; name = "oauth";
@ -11,7 +11,7 @@ buildGerritBazelPlugin rec {
rev = "98231604d60788bb43490f1a301d792817ac8008"; rev = "98231604d60788bb43490f1a301d792817ac8008";
hash = "sha256-AuVO1Yys8BYqGHZI/adszCUg0JM2v4Td4fe26LdOPLM="; hash = "sha256-AuVO1Yys8BYqGHZI/adszCUg0JM2v4Td4fe26LdOPLM=";
}; };
depsHash = "sha256-LnfVTPvGDpLqAQ1QfAwFv0FA0aCg6H1WUgxVjjYTLoY="; depsHash = "sha256-GukI0DN47YjRJT3WdDr+nVoj2sOJoWsmJQs4Lqhr1e8=";
postOverlayPlugin = '' postOverlayPlugin = ''
cp "${src}/external_plugin_deps.bzl" "$out/plugins/external_plugin_deps.bzl" cp "${src}/external_plugin_deps.bzl" "$out/plugins/external_plugin_deps.bzl"
''; '';