Re: [I] Race condition in BufferedIoOutputStream [mina-sshd]
116-7 commented on issue #263: URL: https://github.com/apache/mina-sshd/issues/263#issuecomment-2268459993 @tomaswolf providing the Wireshark cap files will probably not be possible given the aforementioned bureaucracy. For context it's probably safe to assume that there are VPN tunnels, firewalls, and probably proxies in-between the client and server. For context the server is a Bitbucket server and clients are openssh through the git command. Given that the issue only occurs about 1/20 times even when attempting from the same client in the space of about 2 minutes and even when testing during times of low network activity (e.g. very early hours of the morning) my gut feel is that it may be mina-sshd related. There does seem to be an increase in the frequency of the error during times of server load e.g. towards the end of day when more people are committing their code. It's possible that there is some network path that is terminating and re-writing the packets incorrectly but given all the possible intermediate network hardware as well as the general opaqueness of the network/vlan/vpn/etc. it's not possible to trace the issue of such a device. I do have some screenshots from Wireshark though. 1) In the unsuccessful case the TCP handshake completes, the client sends its protocol negotiation but the server responds with its key exchange which then makes its way to the application layer which then panics when it seems the null chars at the start of the key exchange packet. https://github.com/user-attachments/assets/6035deba-48a4-44bb-bcd3-316e63621d99;> https://github.com/user-attachments/assets/6feca034-be42-402c-9c09-bed3db9df1bc;> 2) In the successful case the server's protocol negotiation comes through as expected with a relative sequence of 1 and the following server key exchange init has a sequence of 28. https://github.com/user-attachments/assets/1eab9c4e-c63a-491a-89f7-fed7a93f85e4;> https://github.com/user-attachments/assets/811ca942-fbf4-45b3-9193-c456186ef893;> https://github.com/user-attachments/assets/8b129ba6-95d6-41ac-89d4-b343d63119d4;> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Race condition in BufferedIoOutputStream [mina-sshd]
tomaswolf commented on issue #263: URL: https://github.com/apache/mina-sshd/issues/263#issuecomment-2268364233 @116-7 I've never seen this in any Apache MINA sshd version. In any case it would be unrelated to the race condition mentioned in this issue. We _did_ have one report of what you describe: [SSHD-1204](https://issues.apache.org/jira/browse/SSHD-1204), but it involved an unknown server behind a Palto Alto Networks firewall appliance that identified as "SSH2.0-PaloAltoNetworks_0.2" and an Apache MINA sshd _client_. With a packet trace obtained via Wireshark we were able to prove that this server did send its initial key exchange proposal first, and only afterwards the protocol negotiation, i.e., its identification string. (The packet traces are attached to that issue SSHD-1204.) This firewall thing appeared to be a decrypting SSH proxy, so it's most likely the fault of that Palo Alto firewall, not of whatever server was behind it. Other people also had [trouble with that firewall](https://tanzu.vmware.com/content/pivotal-engineering-journal/troubleshooting-obscure-openssh-failures-2). If you can provide a Wireshark packet trace of the first few packets, which are unencrypted, I could take a look to see if your case is similar. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Can mina sshd be used in Android? [mina-sshd]
albertvaka commented on issue #322: URL: https://github.com/apache/mina-sshd/issues/322#issuecomment-2267725568 Hey, just FYI we do use mina-sshd in Android in the KDE Connect project We just updated from v0.14.0 (from 10 years ago) to v2.13.1 We haven't seen an issue with the Exceptions (yet?), but we did have to add a [workaround](https://invent.kde.org/network/kdeconnect-android/-/blob/90dbdee282e77e00fa88bc13fb1fc2cd6751b1ed/src/org/kde/kdeconnect/Plugins/SftpPlugin/SimpleSftpServer.kt#L213) to not use the `user.home` property. Other than that, Mina SSHD runs quite well on Android. Since Android 11 (API version 30) it can run unmodified. On older versions it's not possible to use the `NativeFileSystemFactory` because to access the filesystem you have to use the Storage Access Framework API, so we had to implement our own `FileSystemFactory ` using that, and we even went further and added more compatibility hacks to support down to Android 5.0, but you probably don't want to go that far. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Can mina sshd be used in Android? [mina-sshd]
albertvaka commented on issue #322: URL: https://github.com/apache/mina-sshd/issues/322#issuecomment-2267710592 Hey, just FYI we do use mina-sshd in Android in the KDE Connect project We just updated from v0.14.0 (from 10 years ago) to v2.13.1 We haven't seen an issue with the Exceptions (yet?), but we did have to add a [workaround](https://invent.kde.org/network/kdeconnect-android/-/blob/90dbdee282e77e00fa88bc13fb1fc2cd6751b1ed/src/org/kde/kdeconnect/Plugins/SftpPlugin/SimpleSftpServer.kt#L213) to not use the `user.home` property. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Race condition in BufferedIoOutputStream [mina-sshd]
116-7 commented on issue #263: URL: https://github.com/apache/mina-sshd/issues/263#issuecomment-2267570753 @tomaswolf sorry to bring this up in this old thread but I have run into an issue with an older version of mina-sshd, 2.8.0 and I am wondering if this fix would resolve the issue. Unfortunately I cannot just update the version myself as the dependency is deep within a piece of software that I do not control the source code to and is also behind multiple layers of corporate bureaucracy let's say. The gist of the issue is that when attempting to establish an ssh session to a mina-sshd 2.8.0 instance there appears to be a race condition that shows up intermittently as a "banner exchange: Connection to xxx.xxx.xxx.xxx port 22: invalid format" error. The sequence appears to be the following: 1) The client opens the connection and the initial TCP handshake completes successfully 2) The server's first data packet with a relative TCP sequence number of 1 (e.g. first packet after the SYN,ACK) is the key exchange init rather than the protocol negotiation. 3) OpenSSH sends a TCP RST and the connection attempt fails because it panics if the first input on the socket isn't the protocol negotiation packet. At step 2 for a successful connection the protocol negotiation packet is sent first and the connection opens as expected but it seems that around 1/20 attempts to connect result in the key exchange init being sent first. Java, and especially multi-threaded Java is not my area of expertise so I'm not sure if this patch would also fix the above issue. I had a look around the project's code to see if I could see anything and it seems like there are some futures and whatnot at play during a session initialisation but I couldn't tell if the key exchange waited for the protocol negotiation to complete. I'm also not sure if your patch being at the level of the output stream writing phase would side-step the need for key exchange to wait for the protocol negotiation future to complete. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Can mina-sshd Implement traffic diversion after ssh and sftp channels are opened? [mina-sshd]
czldb2 closed issue #576: Can mina-sshd Implement traffic diversion after ssh and sftp channels are opened? URL: https://github.com/apache/mina-sshd/issues/576 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] server host key algorithms = ssh-rsa but still try to encryp the key using rsa-sha2-512 [mina-sshd]
baiglin commented on issue #531: URL: https://github.com/apache/mina-sshd/issues/531#issuecomment-2259884314 Thanks a lot @tomaswolf for all the feedback and reactivity. I have forced the rsa signature on our side to indeed cope with the issue. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [VOTE] Release Apache MINA SSHD 2.13.2
On 28/07/2024 13:18, Thomas Wolf wrote: On 25.07.24 20:08 , Gary Gregory wrote: Is there something special I have to do on macOS? I'm getting a lot of: IllegalState Previous attempts to find a Docker environment failed. Will not retry. Please see logs and check configuration I have Docker Desktop 4.33.0 (160616). I tested the src zip file. That's it. In the ZIP file, even bash scripts and SSH private keys have Windows line endings. Bash fails with the most crazy errors if a bash script has CR-LF line endings, and OpenSSH running inside a container may bail on private keys containing CR-LFs instead of plain LFs. O. M. G. Thanks for having investigating the issue and fixed it. -- *Emmanuel Lécharny* P. +33 (0)6 08 33 32 61 elecha...@apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Client auth: "authentication methods that can continue" is mishandled [mina-sshd]
tomaswolf closed issue #533: Client auth: "authentication methods that can continue" is mishandled URL: https://github.com/apache/mina-sshd/issues/533 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] GH-533: Fix ClientUserAuthService iteration through methods [mina-sshd]
tomaswolf merged PR #547: URL: https://github.com/apache/mina-sshd/pull/547 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump org.apache:apache from 32 to 33 [mina-sshd]
gnodet merged PR #572: URL: https://github.com/apache/mina-sshd/pull/572 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump bytebuddy.version from 1.12.6 to 1.14.18 [mina-sshd]
gnodet merged PR #569: URL: https://github.com/apache/mina-sshd/pull/569 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] [GH-539] Implement no-flow-control extension [mina-sshd]
tomaswolf commented on code in PR #565: URL: https://github.com/apache/mina-sshd/pull/565#discussion_r1695310491 ## sshd-core/src/main/java/org/apache/sshd/common/kex/extension/DefaultClientKexExtensionHandler.java: ## @@ -133,4 +151,39 @@ protected void handleServerSignatureAlgorithms(Session session, Collection
Re: [VOTE] Release Apache MINA SSHD 2.13.2
+1 Le mar. 23 juil. 2024 à 18:24, Guillaume Nodet a écrit : > > Hey, > > I've staged a candidate release for an SSHD 2.13.2 release. > This release contains a single bug fix: > * Fix sntrup761x25519-sha512 (https://github.com/apache/mina-sshd/issues/525) > > Official staging repo: > https://dist.apache.org/repos/dist/dev/mina/sshd/2.13.2/ > Maven staging repo: > https://repository.apache.org/content/repositories/orgapachemina-1099 > Git tag: > https://github.com/apache/mina-sshd/commits/sshd-2.13.2 > > Please review and vote ! > > -- > > Guillaume Nodet -- Guillaume Nodet - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [VOTE] Release Apache MINA SSHD 2.13.2
On 25.07.24 20:08 , Gary Gregory wrote: Is there something special I have to do on macOS? I'm getting a lot of: IllegalState Previous attempts to find a Docker environment failed. Will not retry. Please see logs and check configuration I have Docker Desktop 4.33.0 (160616). I tested the src zip file. That's it. In the ZIP file, even bash scripts and SSH private keys have Windows line endings. Bash fails with the most crazy errors if a bash script has CR-LF line endings, and OpenSSH running inside a container may bail on private keys containing CR-LFs instead of plain LFs. I was testing the .tar.gz, and that one works (LF line endings). Commit https://github.com/apache/mina-sshd/commit/5a6cf2f47 should fix this for the next release. Cheers, Thomas P.S.: I don't quite understand why the ZIP worked on Windows; containers should have the same problem on Windows. - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Plan SSHD 3.0 [mina-sshd]
tomaswolf commented on issue #564: URL: https://github.com/apache/mina-sshd/issues/564#issuecomment-2254478276 One more thing: - Pass on the HostConfigEntry to the created session. It needs access to it for various advanced configs (like AddKeysToAgent, to mention just one). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [VOTE] Release Apache MINA SSHD 2.13.2
I switched to Windows and it works, so +1 Apache Maven 3.9.8 (36645f6c9b5079805ea5009217e36f2cffd34256) Maven home: C:\java\apache-maven-3.9.8 Java version: 17.0.11, vendor: Eclipse Adoptium, runtime: C:\Program Files\Eclipse Adoptium\jdk-17.0.11.9-hotspot Default locale: en_US, platform encoding: Cp1252 OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows" Docker Desktop 4.33.0 (160616) Docker version 27.1.1, build 6312585 Gary On 2024/07/27 16:43:52 Emmanuel Lécharny wrote: > FTR I'm using Docker Desktop 4.3.0 (157355) > > On 27/07/2024 00:48, Gary Gregory wrote: > > Hm, odd this is on an Intel mac mini. I'll try again in the AM... > > > > On Fri, Jul 26, 2024 at 6:32 PM Emmanuel Lécharny > > wrote: > >> > >> Weird. > >> > >> I ran the build on mac OS, worked like a charm. > >> > >> But I was on my old Intel based mac, not on my new M3 Mac OS. > >> > >> Could it be something like that, > >> > >> On 26/07/2024 15:33, Gary Gregory wrote: > >>> I have Docker Desktop up and running and "docker ps" returns nothing > >>> running before or after I try to build. > >>> > >>> What am I missing? > >>> > >>> Gary > >>> > >>> > >>> On Thu, Jul 25, 2024 at 5:35 PM Thomas Wolf wrote: > > On 25.07.24 20:08 , Gary Gregory wrote: > > Is there something special I have to do on macOS? > > Not really. > > > I'm getting a lot of: > > IllegalState Previous attempts to find a Docker environment failed. > > Will not retry. Please see logs and check configuration > > > > I have Docker Desktop 4.33.0 (160616). > > The docker engine must be running. But that's all. I'm not aware of > anything special in addition to that. > > Cheers, > > Thomas > >>> > >>> - > >>> To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org > >>> For additional commands, e-mail: dev-h...@mina.apache.org > >>> > >> > >> -- > >> *Emmanuel Lécharny* P. +33 (0)6 08 33 32 61 > >> elecha...@apache.org > >> > >> - > >> To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org > >> For additional commands, e-mail: dev-h...@mina.apache.org > >> > > -- > *Emmanuel Lécharny* P. +33 (0)6 08 33 32 61 > elecha...@apache.org > > - > To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org > For additional commands, e-mail: dev-h...@mina.apache.org > > - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [VOTE] Release Apache MINA SSHD 2.13.2
FTR I'm using Docker Desktop 4.3.0 (157355) On 27/07/2024 00:48, Gary Gregory wrote: Hm, odd this is on an Intel mac mini. I'll try again in the AM... On Fri, Jul 26, 2024 at 6:32 PM Emmanuel Lécharny wrote: Weird. I ran the build on mac OS, worked like a charm. But I was on my old Intel based mac, not on my new M3 Mac OS. Could it be something like that, On 26/07/2024 15:33, Gary Gregory wrote: I have Docker Desktop up and running and "docker ps" returns nothing running before or after I try to build. What am I missing? Gary On Thu, Jul 25, 2024 at 5:35 PM Thomas Wolf wrote: On 25.07.24 20:08 , Gary Gregory wrote: Is there something special I have to do on macOS? Not really. I'm getting a lot of: IllegalState Previous attempts to find a Docker environment failed. Will not retry. Please see logs and check configuration I have Docker Desktop 4.33.0 (160616). The docker engine must be running. But that's all. I'm not aware of anything special in addition to that. Cheers, Thomas - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org -- *Emmanuel Lécharny* P. +33 (0)6 08 33 32 61 elecha...@apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org -- *Emmanuel Lécharny* P. +33 (0)6 08 33 32 61 elecha...@apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] [GH-539] Implement no-flow-control extension [mina-sshd]
tomaswolf commented on code in PR #565: URL: https://github.com/apache/mina-sshd/pull/565#discussion_r1693977545 ## sshd-core/src/main/java/org/apache/sshd/common/session/helpers/KeyExchangeMessageHandler.java: ## @@ -236,7 +237,7 @@ public IoWriteFuture writePacket(Buffer buffer, long timeout, TimeUnit unit) thr int cmd = bufData[buffer.rpos()] & 0xFF; boolean enqueued = false; boolean isLowLevelMessage = cmd <= SshConstants.SSH_MSG_KEX_LAST && cmd != SshConstants.SSH_MSG_SERVICE_REQUEST -&& cmd != SshConstants.SSH_MSG_SERVICE_ACCEPT; +&& cmd != SshConstants.SSH_MSG_SERVICE_ACCEPT && cmd != KexExtensions.SSH_MSG_EXT_INFO; Review Comment: Crap. I misread the code. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] [GH-539] Implement no-flow-control extension [mina-sshd]
tomaswolf commented on code in PR #565: URL: https://github.com/apache/mina-sshd/pull/565#discussion_r1693977545 ## sshd-core/src/main/java/org/apache/sshd/common/session/helpers/KeyExchangeMessageHandler.java: ## @@ -236,7 +237,7 @@ public IoWriteFuture writePacket(Buffer buffer, long timeout, TimeUnit unit) thr int cmd = bufData[buffer.rpos()] & 0xFF; boolean enqueued = false; boolean isLowLevelMessage = cmd <= SshConstants.SSH_MSG_KEX_LAST && cmd != SshConstants.SSH_MSG_SERVICE_REQUEST -&& cmd != SshConstants.SSH_MSG_SERVICE_ACCEPT; +&& cmd != SshConstants.SSH_MSG_SERVICE_ACCEPT && cmd != KexExtensions.SSH_MSG_EXT_INFO; Review Comment: Crap. I misread the code. ## sshd-core/src/main/java/org/apache/sshd/common/session/helpers/KeyExchangeMessageHandler.java: ## @@ -236,7 +237,7 @@ public IoWriteFuture writePacket(Buffer buffer, long timeout, TimeUnit unit) thr int cmd = bufData[buffer.rpos()] & 0xFF; boolean enqueued = false; boolean isLowLevelMessage = cmd <= SshConstants.SSH_MSG_KEX_LAST && cmd != SshConstants.SSH_MSG_SERVICE_REQUEST -&& cmd != SshConstants.SSH_MSG_SERVICE_ACCEPT; +&& cmd != SshConstants.SSH_MSG_SERVICE_ACCEPT && cmd != KexExtensions.SSH_MSG_EXT_INFO; Review Comment: I disagree with this. Yes, it's message number 7, so technically a "transport layer generic messages" as RFC 4253 puts it. However, RFC 4253 was written before RFC 8308, and RFC 4253 excludes already two messages from the range 1-19. Let's see: according to RFC 8308, a client may send SSH_MSG_EXT_INFO only once immediately after its initial SSH_MSG_NEWKEYS. At that point, there is definitely no KEX ongoing (even if the server required an immediate re-KEX by sending another SSH_MSG_KEXINIT, that new KEX can only start once the client has sent _its_ SSH_MSG_KEXINIT, which by definition must be after that SSH_MSG_EXT_INFO message -- otherwise the client would send SSH_MSG_NEWKEYS - SSH_MSG_KEXINIT - SSH_MSG_EXT_INFO, which is illegal according to RFC 8308. A _server_ can likewise send SSH_MSG_EXT_INFO immediately after its initial SSH_MSG_NEWKEYS. The same reasoning as above applies. A server can also send the message immediately preceeding its SSH_MSG_USERAUTH_SUCCESS. But that message cannot be sent while a KEX is on-going; it would be delayed. So to send it immediately preceeding, the SSH_MSG_EXT_INFO _must_ equally be delayed, otherwise one could get the sequence - SSH_MSG_EXT_INFO - SSH_MSG_NEWKEYS - SSH_MSG_USERAUTH_SUCCESS, which also violates RFC 8308. Therefore, SSH_MSG_EXT_INFO **must not** be treated as a "transport layer generic message", and it must never be sent while a KEX is on-going. The other message from RFC 8308, SSH_MSG_NEWCOMPRESS, also cannot be sent during a KEX per section 3.2.1. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Plan SSHD 3.0 [mina-sshd]
tomaswolf commented on issue #564: URL: https://github.com/apache/mina-sshd/issues/564#issuecomment-2254142413 For 3.0.0, I have quite a few things that I'd like to do: * Break API big style :-) Seriously. There are a things in the list below that just cannot be done without breaking API. * Undo that awful sshd-common/sshd-core split. Instead, have sshd-common/sshd-client/sshd-server, _without split packages_. Make then all three proper OSGi bundles, and drop the sshd-osgi re-amalgamation. * A similar split might make sense on SFTP level (sshd-sftp-common/sshd-sftp-client/sshd-sftp-server). * Change the session initialization. Sessions should _not_ initiate communication in their constructor! Have an explicit `start()` method instead, and make sure it's called at an appropriate time. * Have a mechanism to configure a session after it has been instantiated, but before it starts. (Other than global properties on the SshClient!) There needs to be a simple way to configure sessions individually right after they have been created. * Refactor the SSH protocol implementation. It's a mess IMO, split over various levels of inheritance, which just feels wrong. Use composition instead. Give each session a filter chain. Implement the transport layer as a filter in that filter chain. Implement the authentication protocol as a filter atop. Implement the connection protocol atop. A callback from transportation layer to connection layer will be needed to handle getting "unsupported" replies (transport layer) to unknown global requests (connection layer). * Implement client-side proxy protocol (SOCKS, HTTP CONNECT) as a filter that can be inserted beneath the transport layer filter. * Don't require Bouncy Castle for EC keys. Java has built-in support for these even in Java 8. * Don't require net.i2p for ed25519/curve25519. It has a security flaw. Make our code work with any of Java ed25519 (since Java 15), BC ed25519, or net.i2p. (Tried already, but it's messy, and not possible without API breaks. Now that we require Java 17 for building, it would be easier to do.) * Have multi-release JARs (especially for the cipher algorithms and ed25519) * Rethink whether all the machinery for SecurityRegistrars is really needed and worth the maintenance effort. Can't we just use whatever Security providers are installed, and leave it at that? All that dynamic class loading is so fragile, and it might not always use the appropriate class loaders... (see e.g. GH issue 502) Plus umpteen little details changes that I can't enumerate all right now. Some of these ideas might need to be written down in more detail first. Do we have a wiki somewhere? (Confluence? GH wiki pages? Or collaborate in a Google doc?) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] [GH-545] Implements global-requests-ok extension [mina-sshd]
tomaswolf commented on PR #568: URL: https://github.com/apache/mina-sshd/pull/568#issuecomment-2254136432 Could you add tests, please? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] [GH-563] Implement p...@openssh.com extension and keystroke obfuscation [mina-sshd]
tomaswolf commented on PR #567: URL: https://github.com/apache/mina-sshd/pull/567#issuecomment-2254135991 Please double-check on the [OpenSSH mailing list](https://marc.info/?l=openssh-unix-dev=1=2) and the [bugtracker](https://bugzilla.mindrot.org) what problems cropped up in OpenSSH with this "keystroke obfuscation". Off the top of my head: https://bugzilla.mindrot.org/show_bug.cgi?id=3655 . -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] [GH-539] Implement no-flow-control extension [mina-sshd]
mers, and it needs tests involving port forwarding with slow consumers. I'm a bit worried that `no-flow-control` may lead to a lot of data ending up being buffered somewhere. Especially if it's done like in this test: I suspect the "pending queue" will then get very large. That would be a no-go for a server, and might be a problem for a client. If someone tunes a high latency connection by increasing send and receive buffer sizes, might we get into trouble? (Especially on a server. Consider a server with 1000 connections all having `no-flow-control` enabled and streaming lots of data.) ## sshd-core/src/main/java/org/apache/sshd/common/session/helpers/KeyExchangeMessageHandler.java: ## @@ -236,7 +237,7 @@ public IoWriteFuture writePacket(Buffer buffer, long timeout, TimeUnit unit) thr int cmd = bufData[buffer.rpos()] & 0xFF; boolean enqueued = false; boolean isLowLevelMessage = cmd <= SshConstants.SSH_MSG_KEX_LAST && cmd != SshConstants.SSH_MSG_SERVICE_REQUEST -&& cmd != SshConstants.SSH_MSG_SERVICE_ACCEPT; +&& cmd != SshConstants.SSH_MSG_SERVICE_ACCEPT && cmd != KexExtensions.SSH_MSG_EXT_INFO; Review Comment: I disagree with this. Yes, it's message number 7, so technically a "transport layer generic messages" as RFC 4253 puts it. However, RFC 4253 was written before RFC 8308, and RFC 4253 excludes already two messages from the range 1-19. Let's see: according to RFC 8308, a client may send SSH_MSG_EXT_INFO only once immediately after its initial SSH_MSG_NEWKEYS. At that point, there is definitely no KEX ongoing (even if the server required an immediate re-KEX by sending another SSH_MSG_KEXINIT, that new KEX can only start once the client has sent _its_ SSH_MSG_KEXINIT, which by definition must be after that SSH_MSG_EXT_INFO message -- otherwise the client would send SSH_MSG_NEWKEYS - SSH_MSG_KEXINIT - SSH_MSG_EXT_INFO, which is illegal according to RFC 8308. A _server_ can likewise send SSH_MSG_EXT_INFO immediately after its initial SSH_MSG_NEWKEYS. The same reasoning as above applies. A server can also send the message immediately preceeding its SSH_MSG_USERAUTH_SUCCESS. But that message cannot be sent while a KEX is on-going; it would be delayed. So to send it immediately preceeding, the SSH_MSG_EXT_INFO _must_ equally be delayed, otherwise one could get the sequence - SSH_MSG_EXT_INFO - SSH_MSG_NEWKEYS - SSH_MSG_USERAUTH_SUCCESS, which also violates RFC 8308. Therefore, SSH_MSG_EXT_INFO **must not** be treated as a "transport layer generic message", and it must never be sent while a KEX is on-going. The other message from RFC 8308, SSH_MSG_NEWCOMPRESS, also cannot be sent during a KEX per section 3.2.1. ## sshd-core/src/main/java/org/apache/sshd/common/channel/RemoteWindow.java: ## @@ -67,6 +67,11 @@ public void consume(long len) { BufferUtils.validateUint32Value(len, "Invalid consumption length: %d"); checkInitialized("consume"); +if (noFlowControl) { +// flow control is disabled, so just bail out +return; +} + Review Comment: Additionally, `waitAndConsume()` and `waitForSpace()`should also do an early return. The should not wait for anything. `expand` must not do anything. ## sshd-core/src/main/java/org/apache/sshd/common/kex/extension/DefaultServerKexExtensionHandler.java: ## @@ -130,6 +136,23 @@ public void sendKexExtensions(Session session, KexPhase phase) throws Exception } } +@Override +public boolean handleKexExtensionRequest( +Session session, int index, int count, String name, byte[] data) +throws IOException { +if (NoFlowControl.NAME.equals(name)) { +String o = NoFlowControl.INSTANCE.parseExtension(data); +Optional nfc = CoreModuleProperties.NO_FLOW_CONTROL.get(session); +if (NoFlowControl.PREFERRED.equals(o) && nfc.orElse(Boolean.TRUE) +|| NoFlowControl.SUPPORTED.equals(o) && nfc.orElse(Boolean.FALSE)) { +AbstractSession abstractSession += ValidateUtils.checkInstanceOf(session, AbstractSession.class, "Not a supported session: %s", session); +abstractSession.activateNoFlowControl(); +} +} Review Comment: Can we avoid this code duplication between client & server? ## sshd-core/src/main/java/org/apache/sshd/common/channel/Window.java: ## @@ -94,6 +97,8 @@ protected void init(long size, long packetSize, PropertyResolver resolver) { } synchronized (lock) { +Session session = channelInstance.getSession(); // this should only be null during tests +this.noFlowControl = sess
Re: [VOTE] Release Apache MINA SSHD 2.13.2
Hm, odd this is on an Intel mac mini. I'll try again in the AM... On Fri, Jul 26, 2024 at 6:32 PM Emmanuel Lécharny wrote: > > Weird. > > I ran the build on mac OS, worked like a charm. > > But I was on my old Intel based mac, not on my new M3 Mac OS. > > Could it be something like that, > > On 26/07/2024 15:33, Gary Gregory wrote: > > I have Docker Desktop up and running and "docker ps" returns nothing > > running before or after I try to build. > > > > What am I missing? > > > > Gary > > > > > > On Thu, Jul 25, 2024 at 5:35 PM Thomas Wolf wrote: > >> > >> On 25.07.24 20:08 , Gary Gregory wrote: > >>> Is there something special I have to do on macOS? > >> > >> Not really. > >> > >>> I'm getting a lot of: > >>> IllegalState Previous attempts to find a Docker environment failed. > >>> Will not retry. Please see logs and check configuration > >>> > >>> I have Docker Desktop 4.33.0 (160616). > >> > >> The docker engine must be running. But that's all. I'm not aware of > >> anything special in addition to that. > >> > >> Cheers, > >> > >> Thomas > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org > > For additional commands, e-mail: dev-h...@mina.apache.org > > > > -- > *Emmanuel Lécharny* P. +33 (0)6 08 33 32 61 > elecha...@apache.org > > - > To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org > For additional commands, e-mail: dev-h...@mina.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [VOTE] Release Apache MINA SSHD 2.13.2
Weird. I ran the build on mac OS, worked like a charm. But I was on my old Intel based mac, not on my new M3 Mac OS. Could it be something like that, On 26/07/2024 15:33, Gary Gregory wrote: I have Docker Desktop up and running and "docker ps" returns nothing running before or after I try to build. What am I missing? Gary On Thu, Jul 25, 2024 at 5:35 PM Thomas Wolf wrote: On 25.07.24 20:08 , Gary Gregory wrote: Is there something special I have to do on macOS? Not really. I'm getting a lot of: IllegalState Previous attempts to find a Docker environment failed. Will not retry. Please see logs and check configuration I have Docker Desktop 4.33.0 (160616). The docker engine must be running. But that's all. I'm not aware of anything special in addition to that. Cheers, Thomas - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org -- *Emmanuel Lécharny* P. +33 (0)6 08 33 32 61 elecha...@apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump pmd.version from 6.47.0 to 7.4.0 [mina-sshd]
gnodet merged PR #557: URL: https://github.com/apache/mina-sshd/pull/557 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [VOTE] Release Apache MINA SSHD 2.13.2
I have Docker Desktop up and running and "docker ps" returns nothing running before or after I try to build. What am I missing? Gary On Thu, Jul 25, 2024 at 5:35 PM Thomas Wolf wrote: > > On 25.07.24 20:08 , Gary Gregory wrote: > > Is there something special I have to do on macOS? > > Not really. > > > I'm getting a lot of: > > IllegalState Previous attempts to find a Docker environment failed. > > Will not retry. Please see logs and check configuration > > > > I have Docker Desktop 4.33.0 (160616). > > The docker engine must be running. But that's all. I'm not aware of > anything special in addition to that. > > Cheers, > >Thomas - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump spring.version from 5.3.28 to 5.3.37 [mina-sshd]
gnodet merged PR #559: URL: https://github.com/apache/mina-sshd/pull/559 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.0 to 3.4.0 [mina-sshd]
gnodet merged PR #560: URL: https://github.com/apache/mina-sshd/pull/560 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump org.mockito:mockito-core from 4.2.0 to 4.11.0 [mina-sshd]
gnodet merged PR #561: URL: https://github.com/apache/mina-sshd/pull/561 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump grpc.version from 1.27.2 to 1.65.1 [mina-sshd]
gnodet merged PR #558: URL: https://github.com/apache/mina-sshd/pull/558 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump com.google.errorprone:error_prone_core from 2.0.15 to 2.29.2 [mina-sshd]
gnodet merged PR #550: URL: https://github.com/apache/mina-sshd/pull/550 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump org.apache.maven.plugins:maven-jxr-plugin from 3.1.1 to 3.4.0 [mina-sshd]
gnodet merged PR #553: URL: https://github.com/apache/mina-sshd/pull/553 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump org.assertj:assertj-core from 3.24.2 to 3.26.3 [mina-sshd]
gnodet merged PR #556: URL: https://github.com/apache/mina-sshd/pull/556 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump slf4j.version from 1.7.32 to 1.7.36 [mina-sshd]
gnodet merged PR #554: URL: https://github.com/apache/mina-sshd/pull/554 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 [mina-sshd]
gnodet merged PR #555: URL: https://github.com/apache/mina-sshd/pull/555 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump jgit.version from 5.13.3.202401111512-r to 6.10.0.202406032230-r [mina-sshd]
dependabot[bot] closed pull request #549: Bump jgit.version from 5.13.3.20240512-r to 6.10.0.202406032230-r URL: https://github.com/apache/mina-sshd/pull/549 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump org.mockito:mockito-core from 4.2.0 to 5.12.0 [mina-sshd]
dependabot[bot] commented on PR #542: URL: https://github.com/apache/mina-sshd/pull/542#issuecomment-2252485279 Looks like org.mockito:mockito-core is no longer being updated by Dependabot, so this is no longer needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump jgit.version from 5.13.3.202401111512-r to 6.10.0.202406032230-r [mina-sshd]
dependabot[bot] commented on PR #549: URL: https://github.com/apache/mina-sshd/pull/549#issuecomment-2252485288 Looks like these dependencies are no longer being updated by Dependabot, so this is no longer needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump spring.version from 5.3.28 to 6.1.11 [mina-sshd]
dependabot[bot] commented on PR #551: URL: https://github.com/apache/mina-sshd/pull/551#issuecomment-2252485281 Looks like these dependencies are no longer being updated by Dependabot, so this is no longer needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump org.mockito:mockito-core from 4.2.0 to 5.12.0 [mina-sshd]
dependabot[bot] closed pull request #542: Bump org.mockito:mockito-core from 4.2.0 to 5.12.0 URL: https://github.com/apache/mina-sshd/pull/542 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump spring.version from 5.3.28 to 6.1.11 [mina-sshd]
dependabot[bot] closed pull request #551: Bump spring.version from 5.3.28 to 6.1.11 URL: https://github.com/apache/mina-sshd/pull/551 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Switch to JUnit 5 [mina-sshd]
tomaswolf commented on code in PR #546: URL: https://github.com/apache/mina-sshd/pull/546#discussion_r1692874659 ## sshd-common/src/test/java/org/apache/sshd/client/auth/password/PasswordIdentityProviderTest.java: ## @@ -69,7 +70,7 @@ public void testMultiProvider() throws IOException, GeneralSecurityException { private static void assertProviderContents(String message, PasswordIdentityProvider p, Iterable expected) throws IOException, GeneralSecurityException { -assertNotNull(message + ": no provider", p); +assertNotNull(p, message + ": no provider"); assertEquals(message, expected, p.loadPasswords(null)); Review Comment: Oh no, wait. This is calling our own assertEquals! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Switch to JUnit 5 [mina-sshd]
tomaswolf commented on code in PR #546: URL: https://github.com/apache/mina-sshd/pull/546#discussion_r1692868168 ## sshd-common/src/test/java/org/apache/sshd/client/auth/password/PasswordIdentityProviderTest.java: ## @@ -69,7 +70,7 @@ public void testMultiProvider() throws IOException, GeneralSecurityException { private static void assertProviderContents(String message, PasswordIdentityProvider p, Iterable expected) throws IOException, GeneralSecurityException { -assertNotNull(message + ": no provider", p); +assertNotNull(p, message + ": no provider"); assertEquals(message, expected, p.loadPasswords(null)); Review Comment: Shouldn't the message be at the end here? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Test with jdk 21 [mina-sshd]
tomaswolf commented on PR #552: URL: https://github.com/apache/mina-sshd/pull/552#issuecomment-2252400130 sshd-ldap is failing. Apache DS appears to be a dead end; see https://github.com/apache/cxf/pull/1042 . -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Switch to JUnit 5 [mina-sshd]
tomaswolf commented on PR #546: URL: https://github.com/apache/mina-sshd/pull/546#issuecomment-2252323797 It appears that with JUnit5 there needs to be at least one test class in the project itself. sshd-netty has all tests in the sshd-core dependency. sshd-mina worked fine, but sshd-mina does have one test class. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump slf4j.version from 1.7.32 to 2.0.13 [mina-sshd]
dependabot[bot] commented on PR #543: URL: https://github.com/apache/mina-sshd/pull/543#issuecomment-2252311174 OK, I won't notify you about version 2.x.x again, unless you re-open this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump slf4j.version from 1.7.32 to 2.0.13 [mina-sshd]
dependabot[bot] closed pull request #543: Bump slf4j.version from 1.7.32 to 2.0.13 URL: https://github.com/apache/mina-sshd/pull/543 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump slf4j.version from 1.7.32 to 2.0.13 [mina-sshd]
gnodet commented on PR #543: URL: https://github.com/apache/mina-sshd/pull/543#issuecomment-2252311059 @dependabot ignore this major version -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump jgit.version from 5.13.3.202401111512-r to 6.10.0.202406032230-r [mina-sshd]
tomaswolf commented on PR #549: URL: https://github.com/apache/mina-sshd/pull/549#issuecomment-2252282597 JGit 6 requires Java 11 at runtime. (JGit 7 will require Java 17.) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Require JDK 17 at build time (fixes #536) [mina-sshd]
tomaswolf commented on PR #537: URL: https://github.com/apache/mina-sshd/pull/537#issuecomment-2252266506 Deployment is in master-build.yaml. Does that need the extra maven-setup step now, too? Where is that session.rootDirectory coming from? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump net.revelc.code.formatter:formatter-maven-plugin from 2.16.0 to 2.24.1 [mina-sshd]
gnodet merged PR #541: URL: https://github.com/apache/mina-sshd/pull/541 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Require JDK 17 at build time (fixes #536) [mina-sshd]
gnodet commented on PR #537: URL: https://github.com/apache/mina-sshd/pull/537#issuecomment-2252215170 > @gnodet: snapshot deployment fails with > > > Error: Failed to execute goal org.apache.maven.plugins:maven-checkstyle-plugin:3.3.0:check (verify-style) on project sshd: Failed during checkstyle execution: Unable to find configuration file at location: ${session.rootDirectory}/sshd-checkstyle.xml: Could not find resource '${session.rootDirectory}/sshd-checkstyle.xml'. -> [Help 1] It requires maven 3.9.x. Where is the job configured ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Require JDK 17 at build time (fixes #536) [mina-sshd]
tomaswolf commented on PR #537: URL: https://github.com/apache/mina-sshd/pull/537#issuecomment-2252203149 @gnodet: snapshot deployment fails with > Error: Failed to execute goal org.apache.maven.plugins:maven-checkstyle-plugin:3.3.0:check (verify-style) on project sshd: Failed during checkstyle execution: Unable to find configuration file at location: ${session.rootDirectory}/sshd-checkstyle.xml: Could not find resource '${session.rootDirectory}/sshd-checkstyle.xml'. -> [Help 1] -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump net.revelc.code.formatter:formatter-maven-plugin from 2.16.0 to 2.24.1 [mina-sshd]
gnodet commented on PR #541: URL: https://github.com/apache/mina-sshd/pull/541#issuecomment-2252199470 @dependabot recreate -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump net.revelc.code.formatter:formatter-maven-plugin from 2.16.0 to 2.24.1 [mina-sshd]
dependabot[bot] commented on PR #541: URL: https://github.com/apache/mina-sshd/pull/541#issuecomment-2252199058 Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry! If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request `@dependabot recreate`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump net.revelc.code.formatter:formatter-maven-plugin from 2.16.0 to 2.24.1 [mina-sshd]
gnodet commented on PR #541: URL: https://github.com/apache/mina-sshd/pull/541#issuecomment-2252198968 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Validate formatting has been done before CI [mina-sshd]
gnodet merged PR #548: URL: https://github.com/apache/mina-sshd/pull/548 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] server host key algorithms = ssh-rsa but still try to encryp the key using rsa-sha2-512 [mina-sshd]
tomaswolf commented on issue #531: URL: https://github.com/apache/mina-sshd/issues/531#issuecomment-2252188675 Closing this. We cannot do anything about this XFB.Gateway. It appears not to check the announced signature type in the pre-auth request; it only looks whether it knows the announced public key. (Kind of understandable: if that server was written before the SHA2 signature types for RSA were introduced, there was a 1-to-1 relation between key types and signature types. Still, they should have checked that they also know the signature type.) The only way to deal with this is to force ssh-rsa signatures in the client, either programmatically or by setting up the host entry in the SSH config accordingly. The other issue with our client (continuing with publickey even though the server said not to) has been split off and will be solved in issue #533. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] server host key algorithms = ssh-rsa but still try to encryp the key using rsa-sha2-512 [mina-sshd]
tomaswolf closed issue #531: server host key algorithms = ssh-rsa but still try to encryp the key using rsa-sha2-512 URL: https://github.com/apache/mina-sshd/issues/531 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump org.mockito:mockito-core from 4.2.0 to 5.12.0 [mina-sshd]
gnodet commented on PR #542: URL: https://github.com/apache/mina-sshd/pull/542#issuecomment-2252092244 Mockito 5.x requires JDK 11, so this is expected to fail when running tests on JDK 8. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump org.mockito:mockito-core from 4.2.0 to 5.12.0 [mina-sshd]
gnodet commented on PR #542: URL: https://github.com/apache/mina-sshd/pull/542#issuecomment-2252080368 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump net.revelc.code.formatter:formatter-maven-plugin from 2.16.0 to 2.24.1 [mina-sshd]
gnodet commented on PR #541: URL: https://github.com/apache/mina-sshd/pull/541#issuecomment-2252080177 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Require JDK 17 for building [mina-sshd]
gnodet closed issue #536: Require JDK 17 for building URL: https://github.com/apache/mina-sshd/issues/536 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Require JDK 17 for building [mina-sshd]
gnodet closed issue #536: Require JDK 17 for building URL: https://github.com/apache/mina-sshd/issues/536 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Require JDK 17 at build time (fixes #536) [mina-sshd]
gnodet merged PR #537: URL: https://github.com/apache/mina-sshd/pull/537 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [VOTE] Release Apache MINA SSHD 2.13.2
On 25.07.24 20:08 , Gary Gregory wrote: Is there something special I have to do on macOS? Not really. I'm getting a lot of: IllegalState Previous attempts to find a Docker environment failed. Will not retry. Please see logs and check configuration I have Docker Desktop 4.33.0 (160616). The docker engine must be running. But that's all. I'm not aware of anything special in addition to that. Cheers, Thomas - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Performance optimizations [mina-sshd]
tomaswolf merged PR #530: URL: https://github.com/apache/mina-sshd/pull/530 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] sftp subsystem ignores process umask when creating directory [mina-sshd]
tomaswolf commented on issue #535: URL: https://github.com/apache/mina-sshd/issues/535#issuecomment-2251428993 The draft RFCs for SFTP versions 3, 4, and 5 are silent on this matter. For SFTP version 6, the draft RFC says > The server SHOULD NOT apply a 'umask' to the mode bits; but should set the mode bits as specified by the client. The client MUST apply an appropriate 'umask' to the mode bits before sending them. [draft-ietf-secsh-filexfer-07](https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-07#section-6.6) OpenSSH does let the system apply the umask, and its SFTP server can even be run with a custom umask that overrides the system umask. OpenSSH implements SFTP version 3. Maybe the Apache MINA SFTP server part should have a setting for this for SFTP version < 6. (Seems more of a feature request than a bug.) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [VOTE] Release Apache MINA SSHD 2.13.2
Is there something special I have to do on macOS? I'm getting a lot of: IllegalState Previous attempts to find a Docker environment failed. Will not retry. Please see logs and check configuration I have Docker Desktop 4.33.0 (160616). I tested the src zip file. - Can't use "shasum --check ..." since the format of the SHA512 file is not compatible but eyeballing the file seems ok - ASC OK - 'mvn clean verify' Using: openjdk version "17.0.12" 2024-07-16 OpenJDK Runtime Environment Homebrew (build 17.0.12+0) OpenJDK 64-Bit Server VM Homebrew (build 17.0.12+0, mixed mode, sharing) Apache Maven 3.9.8 (36645f6c9b5079805ea5009217e36f2cffd34256) Maven home: /usr/local/Cellar/maven/3.9.8/libexec Java version: 17.0.12, vendor: Homebrew, runtime: /usr/local/Cellar/openjdk@17/17.0.12/libexec/openjdk.jdk/Contents/Home Default locale: en_US, platform encoding: UTF-8 OS name: "mac os x", version: "14.5", arch: "x86_64", family: "mac" Darwin 23.5.0 Darwin Kernel Version 23.5.0: Wed May 1 20:09:52 PDT 2024; root:xnu-10063.121.3~5/RELEASE_X86_64 x86_64 Gary On Thu, Jul 25, 2024 at 11:51 AM wrote: > > +1 > > Jeff > > > On Jul 24, 2024, at 11:52 PM, Emmanuel Lécharny wrote: > > > > My +1 > > > > On 24/07/2024 23:54, Thomas Wolf wrote: > >> On 24.07.24 08:35 , Guillaume Nodet wrote: > >>> I've staged a new build which seems to have the problem fixed. > >>> However, I haven't changed anything, so I'm not really sure what > >>> happened... > >>> > >>> https://repository.apache.org/content/repositories/orgapachemina-1101 > >>> > >>> Guillaume > >> +1 > >> Sources from https://dist.apache.org/repos/dist/dev/mina/sshd/2.13.2/ : > >> * tar.gz unpacks and builds cleanly; tests require docker engine running > >> * sha-512 appears to be correct > >> * asc verifies > >> Binaries from > >> https://repository.apache.org/content/repositories/orgapachemina-1101 : > >> * sshd.osgi MANIFEST.MF looks good now > >> * JGit tests pass > >> * Class version 52 (i.e., Java 8) > >> Thanks, Guillaume! > >> Cheers, > >> Thomas > >>> > >>> Le mar. 23 juil. 2024 à 19:15, Thomas Wolf a écrit : > > On 23.07.24 18:24 , Guillaume Nodet wrote: > > Hey, > > > > I've staged a candidate release for an SSHD 2.13.2 release. > > This release contains a single bug fix: > > * Fix sntrup761x25519-sha512 > > (https://github.com/apache/mina-sshd/issues/525) > > > > Official staging repo: > > https://dist.apache.org/repos/dist/dev/mina/sshd/2.13.2/ > > Maven staging repo: > >https://repository.apache.org/content/repositories/orgapachemina-1099 > > Git tag: > > https://github.com/apache/mina-sshd/commits/sshd-2.13.2 > > > > Please review and vote ! > > > > -2. > > The MANIFEST.MF of sshd-osgi (sshd-osgi-2.13.2.jar) is broken. > > Cheers, > > Thomas > > > > - > To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org > For additional commands, e-mail: dev-h...@mina.apache.org > > >>> > >>> > >> - > >> To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org > >> For additional commands, e-mail: dev-h...@mina.apache.org > > > > -- > > *Emmanuel Lécharny* P. +33 (0)6 08 33 32 61 > > elecha...@apache.org > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org > > For additional commands, e-mail: dev-h...@mina.apache.org > > > > > - > To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org > For additional commands, e-mail: dev-h...@mina.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [VOTE] Release Apache MINA SSHD 2.13.2
+1 Jeff > On Jul 24, 2024, at 11:52 PM, Emmanuel Lécharny wrote: > > My +1 > > On 24/07/2024 23:54, Thomas Wolf wrote: >> On 24.07.24 08:35 , Guillaume Nodet wrote: >>> I've staged a new build which seems to have the problem fixed. >>> However, I haven't changed anything, so I'm not really sure what happened... >>> >>> https://repository.apache.org/content/repositories/orgapachemina-1101 >>> >>> Guillaume >> +1 >> Sources from https://dist.apache.org/repos/dist/dev/mina/sshd/2.13.2/ : >> * tar.gz unpacks and builds cleanly; tests require docker engine running >> * sha-512 appears to be correct >> * asc verifies >> Binaries from >> https://repository.apache.org/content/repositories/orgapachemina-1101 : >> * sshd.osgi MANIFEST.MF looks good now >> * JGit tests pass >> * Class version 52 (i.e., Java 8) >> Thanks, Guillaume! >> Cheers, >> Thomas >>> >>> Le mar. 23 juil. 2024 à 19:15, Thomas Wolf a écrit : On 23.07.24 18:24 , Guillaume Nodet wrote: > Hey, > > I've staged a candidate release for an SSHD 2.13.2 release. > This release contains a single bug fix: > * Fix sntrup761x25519-sha512 > (https://github.com/apache/mina-sshd/issues/525) > > Official staging repo: > https://dist.apache.org/repos/dist/dev/mina/sshd/2.13.2/ > Maven staging repo: >https://repository.apache.org/content/repositories/orgapachemina-1099 > Git tag: > https://github.com/apache/mina-sshd/commits/sshd-2.13.2 > > Please review and vote ! > -2. The MANIFEST.MF of sshd-osgi (sshd-osgi-2.13.2.jar) is broken. Cheers, Thomas - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org >>> >>> >> - >> To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org >> For additional commands, e-mail: dev-h...@mina.apache.org > > -- > *Emmanuel Lécharny* P. +33 (0)6 08 33 32 61 > elecha...@apache.org > > - > To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org > For additional commands, e-mail: dev-h...@mina.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Require JDK 17 at build time (fixes #536) [mina-sshd]
gnodet commented on code in PR #537: URL: https://github.com/apache/mina-sshd/pull/537#discussion_r1691439429 ## pom.xml: ## @@ -137,10 +134,38 @@ -release - -[1.8,1.9) - +toolchains + + +jdkToolchainVersion + + + + + +org.apache.maven.plugins +maven-surefire-plugin + + +${jdkToolchainVersion} + + + + + + + + Review Comment: The only purpose is the following line: https://github.com/apache/mina-sshd/blob/38c19dc435a875e3cd98f17422f1441559632d28/sshd-ldap/pom.xml#L150 LDAP testing requires [JVM specific args](https://github.com/apache/mina-sshd/blob/38c19dc435a875e3cd98f17422f1441559632d28/sshd-ldap/pom.xml#L36), but those are only available on JDK >= 11. We can't use a simple profile activation, as those can only be activated based on the runtime JDK, not on the toolchain selected one. Property based activation is also limited to presence or absence of a property. But I think it should be possible to get rid of those by creating a property, let me simplify it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Require JDK 17 at build time (fixes #536) [mina-sshd]
tomaswolf commented on code in PR #537: URL: https://github.com/apache/mina-sshd/pull/537#discussion_r1691418695 ## pom.xml: ## @@ -137,10 +134,38 @@ -release - -[1.8,1.9) - +toolchains + + +jdkToolchainVersion + + + + + +org.apache.maven.plugins +maven-surefire-plugin + + +${jdkToolchainVersion} + + + + + + + + Review Comment: What are these profiles for? They don't seem to be needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Implements global-requests-ok extension [mina-sshd]
gnodet commented on issue #545: URL: https://github.com/apache/mina-sshd/issues/545#issuecomment-2250218952 > Not sure I agree. I think this expired memo is misguided. RFC 4254 requires parties that do not understand a particular global request to reply with SSH_MSG_REQUEST_FAILURE. A peer that fails or disconnects on receiving an unknown global request is just broken. Sending global requests during key exchange is simply illegal (insofar the "at any time" is a bit misleading, but here RFC 4253 overrides). It would be valid for a party to disconnect if it received a global request during an on-going KEX (i.e., both parties have sent their their KEX_INIT, but no NEW_KEYS has been received yet). However, receiving a global request before receiving that party's KEX_INIT is normal and must be handled. > > The hostkey rotation global request "[hostkeys...@openssh.com](mailto:hostkeys...@openssh.com)" is sent only after a session is authenticated. > > Finally global requests are a feature of the SSH Connection Protocol, which is not even available before authentication has completed. > > I would not complicate our code for this. Did this expired proposal even ever take off? Who implements it? As indicated in https://www.bitvise.com/ssh-client-version-history-8#821, I think the purpose was to better support such "broken" clients. See also https://www.bitvise.com/ssh-server-version-history-8#841, https://www.bitvise.com/ssh-server-version-history-8#837, https://www.bitvise.com/ssh-server-version-history-8#833, https://www.bitvise.com/ssh-server-version-history-8#822, https://www.bitvise.com/ssh-server-version-history-8#821. Anyway, while I agree, this looks a bit outdated, it's really just about sending the `global-requests-ok` as a supported extension, so the impact is very minor to the code. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump ant.version from 1.10.12 to 1.10.14 [mina-sshd]
gnodet merged PR #540: URL: https://github.com/apache/mina-sshd/pull/540 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump com.github.mwiede:jsch from 0.2.17 to 0.2.18 [mina-sshd]
gnodet merged PR #544: URL: https://github.com/apache/mina-sshd/pull/544 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump slf4j.version from 1.7.32 to 2.0.13 [mina-sshd]
tomaswolf commented on PR #543: URL: https://github.com/apache/mina-sshd/pull/543#issuecomment-2250092510 slf4j-api should not be changed. We do _not_ want to require library users to use log4j 2. They can, even if we say our minimum required was 1.7.32. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Implements global-requests-ok extension [mina-sshd]
tomaswolf commented on issue #545: URL: https://github.com/apache/mina-sshd/issues/545#issuecomment-2250082947 Not sure I agree. I think this expired memo is misguided. RFC 4254 requires parties that do not understand a particular global request to reply with SSH_MSG_REQUEST_FAILURE. A peer that fails or disconnects on receiving an unknown global request is just broken. Sending global requests during key exchange is simply illegal (insofar the "at any time" is a bit misleading, but here RFC 4253 overrides). It would be valid for a party to disconnect if it received a global request during an on-going KEX (i.e., both parties have sent their their KEX_INIT, but no NEW_KEYS has been received yet). However, receiving a global request before receiving that party's KEX_INIT is normal and must be handled. The hostkey rotation global request "hostkeys...@openssh.com" is sent only after a session is authenticated. Finally global requests are a feature of the SSH Connection Protocol, which is not even available before authentication has completed. I would not complicate our code for this. Did this expired proposal even ever take off? Who implements it? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Add dependabot [mina-sshd]
gnodet merged PR #538: URL: https://github.com/apache/mina-sshd/pull/538 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Add dependabot [mina-sshd]
garydgregory commented on PR #538: URL: https://github.com/apache/mina-sshd/pull/538#issuecomment-2249986095 I would schedule it weekly personally, to make it a bit less noisy. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Add dependabot [mina-sshd]
tomaswolf commented on PR #538: URL: https://github.com/apache/mina-sshd/pull/538#issuecomment-2249979229 No. We'll see how it goes. But we used to get dependabot updates before without this; for instance #457. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Require JDK 11 for building [mina-sshd]
tomaswolf commented on issue #536: URL: https://github.com/apache/mina-sshd/issues/536#issuecomment-2249775970 You can use JDK 21 in CI, but I would not require it as minimum for building. Still looks more complicated that needed. I'm not at my development machine, so I cannot verify myself that this would work, but it seems to me the following patch would be a minimal change to build with Java 11 and test on JDK 8, 11, 17: ``` diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0eb87ee..7ab3828 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -29,15 +29,14 @@ strategy: matrix: os: [ ubuntu-latest, windows-latest ] -java: [ '8' ] steps: - uses: actions/checkout@v4 - - name: Set up JDK ${{ matrix.java }} + - name: Set up JDK 11 uses: actions/setup-java@v4 with: distribution: temurin - java-version: ${{ matrix.java }} + java-version: '11' - uses: actions/cache@v4 with: @@ -63,7 +62,10 @@ uses: actions/setup-java@v4 with: distribution: temurin - java-version: ${{ matrix.java }} + # Unsure whether this works if matrix.java == 11. If not, need two different setups with a conditional + java-version: | +${{ matrix.java }} +'11' - uses: actions/cache@v4 with: @@ -74,7 +76,7 @@ - name: Build and test with maven # Skip all static checks, they were already done in the compile jobs -run: mvn -B --errors --activate-profiles ci --no-transfer-progress package +run: mvn -B --errors --activate-profiles ci -Dtest.jdk.vendor=temurin -Dtest.jdk.version=${{ matrix.java }} --no-transfer-progress package - name: Archive test results and logs # if: success() || failure() to also get the test results on successful runs. diff --git a/.github/workflows/master-build.yml b/.github/workflows/master-build.yml index 7aa899e..1d5a991 100644 --- a/.github/workflows/master-build.yml +++ b/.github/workflows/master-build.yml @@ -47,7 +47,7 @@ uses: actions/setup-java@v4 with: distribution: temurin - java-version: '8' + java-version: '11' # Create a ~/.m2/settings.xml referencing these environment variable names server-id: 'apache.snapshots.https' server-username: NEXUS_USERNAME diff --git a/pom.xml b/pom.xml index fcbc28d..60ea820 100644 --- a/pom.xml +++ b/pom.xml @@ -138,9 +138,6 @@ release - -[1.8,1.9) - @@ -149,6 +146,20 @@ 4.0 4 + + + +org.apache.maven.plugins +maven-surefire-plugin + + + ${test.jdk.version} + ${test.jdk.vendor} + + + + + ``` This should use toolchains only in CI, so building locally doesn't require people to define toolchains manually. Adapting to build with Java 21 and running tests on 8,11,17,21 would be simple. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Require JDK 11 for building [mina-sshd]
gnodet commented on issue #536: URL: https://github.com/apache/mina-sshd/issues/536#issuecomment-2249734807 > > I'm working on CI. I've set up a `jdk8` profile which removes some plugins that require JDK 11. I don't think toolchains are required here. > > Then we're not really requiring Java 11 for building. So still no multi-release. > > I would require 11 (or even 17) for compiling/building always; just run the tests on different JVMs (8, 11, 17). That's why I mentioned toolchains. I think there is a way to tell surefire to use a specific toolchain. The #537 PR now does that. I've bumped to JDK 21, but we can go down if we want. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [VOTE] Release Apache MINA SSHD 2.13.2
My +1 On 24/07/2024 23:54, Thomas Wolf wrote: On 24.07.24 08:35 , Guillaume Nodet wrote: I've staged a new build which seems to have the problem fixed. However, I haven't changed anything, so I'm not really sure what happened... https://repository.apache.org/content/repositories/orgapachemina-1101 Guillaume +1 Sources from https://dist.apache.org/repos/dist/dev/mina/sshd/2.13.2/ : * tar.gz unpacks and builds cleanly; tests require docker engine running * sha-512 appears to be correct * asc verifies Binaries from https://repository.apache.org/content/repositories/orgapachemina-1101 : * sshd.osgi MANIFEST.MF looks good now * JGit tests pass * Class version 52 (i.e., Java 8) Thanks, Guillaume! Cheers, Thomas Le mar. 23 juil. 2024 à 19:15, Thomas Wolf a écrit : On 23.07.24 18:24 , Guillaume Nodet wrote: Hey, I've staged a candidate release for an SSHD 2.13.2 release. This release contains a single bug fix: * Fix sntrup761x25519-sha512 (https://github.com/apache/mina-sshd/issues/525) Official staging repo: https://dist.apache.org/repos/dist/dev/mina/sshd/2.13.2/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachemina-1099 Git tag: https://github.com/apache/mina-sshd/commits/sshd-2.13.2 Please review and vote ! -2. The MANIFEST.MF of sshd-osgi (sshd-osgi-2.13.2.jar) is broken. Cheers, Thomas - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org -- *Emmanuel Lécharny* P. +33 (0)6 08 33 32 61 elecha...@apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [VOTE] Release Apache MINA SSHD 2.13.2
On 24.07.24 08:35 , Guillaume Nodet wrote: I've staged a new build which seems to have the problem fixed. However, I haven't changed anything, so I'm not really sure what happened... https://repository.apache.org/content/repositories/orgapachemina-1101 Guillaume +1 Sources from https://dist.apache.org/repos/dist/dev/mina/sshd/2.13.2/ : * tar.gz unpacks and builds cleanly; tests require docker engine running * sha-512 appears to be correct * asc verifies Binaries from https://repository.apache.org/content/repositories/orgapachemina-1101 : * sshd.osgi MANIFEST.MF looks good now * JGit tests pass * Class version 52 (i.e., Java 8) Thanks, Guillaume! Cheers, Thomas Le mar. 23 juil. 2024 à 19:15, Thomas Wolf a écrit : On 23.07.24 18:24 , Guillaume Nodet wrote: Hey, I've staged a candidate release for an SSHD 2.13.2 release. This release contains a single bug fix: * Fix sntrup761x25519-sha512 (https://github.com/apache/mina-sshd/issues/525) Official staging repo: https://dist.apache.org/repos/dist/dev/mina/sshd/2.13.2/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachemina-1099 Git tag: https://github.com/apache/mina-sshd/commits/sshd-2.13.2 Please review and vote ! -2. The MANIFEST.MF of sshd-osgi (sshd-osgi-2.13.2.jar) is broken. Cheers, Thomas - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] [SSHD-1161] OpenSSH client certificate publickey authentication [mina-sshd]
stefan-g commented on PR #194: URL: https://github.com/apache/mina-sshd/pull/194#issuecomment-2248173763 is there a way to validate the host cert-authority manually (same like the knowhost would do)? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] [SSHD-1161] OpenSSH client certificate publickey authentication [mina-sshd]
tomaswolf commented on PR #194: URL: https://github.com/apache/mina-sshd/pull/194#issuecomment-2248125788 Yes. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] [SSHD-1161] OpenSSH client certificate publickey authentication [mina-sshd]
stefan-g commented on PR #194: URL: https://github.com/apache/mina-sshd/pull/194#issuecomment-2248108235 thanks for you answer. your test class helped to get a better understanding and i was able to set up a running client example. Is it right that @cert-authority in knowhost file is not check (https://issues.apache.org/jira/browse/SSHD-1167) as ssh connection normally do? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] [SSHD-1161] OpenSSH client certificate publickey authentication [mina-sshd]
tomaswolf commented on PR #194: URL: https://github.com/apache/mina-sshd/pull/194#issuecomment-2247647699 > what is the status of this feature? https://issues.apache.org/jira/browse/SSHD-1161 has two child issues pointing out some things that should be done on the client side to be feature complete. My comment from 2021-05-18 about the server side also still stands. This PR includes a basic test case [ClientOpenSSHCertificatesTest.java](https://github.com/apache/mina-sshd/pull/194/files#diff-f85ba6969a9a5c81884a65bcfcad1cf01dca372d8937578461320e5e31cfb54f) that shows that the basic functionality on the client side works. However, if you look through the test, you'll see that it constructs a `KeyPair` from the certificate and the matching private key. It's been a while; but I do think that child issue SSHD-1170 is related and would mean that the standard built-in key provider should do this. Nobody has worked on these things. If someone does: we welcome PRs. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] [SSHD-1161] OpenSSH client certificate publickey authentication [mina-sshd]
stefan-g commented on PR #194: URL: https://github.com/apache/mina-sshd/pull/194#issuecomment-2247448903 what is the status of this feature? https://issues.apache.org/jira/browse/SSHD-1161 is still open. Does client certifcate authentication work on the latest release? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [VOTE] Release Apache MINA SSHD 2.13.2
I've staged a new build which seems to have the problem fixed. However, I haven't changed anything, so I'm not really sure what happened... https://repository.apache.org/content/repositories/orgapachemina-1101 Guillaume Le mar. 23 juil. 2024 à 19:15, Thomas Wolf a écrit : > > On 23.07.24 18:24 , Guillaume Nodet wrote: > > Hey, > > > > I've staged a candidate release for an SSHD 2.13.2 release. > > This release contains a single bug fix: > > * Fix sntrup761x25519-sha512 > > (https://github.com/apache/mina-sshd/issues/525) > > > > Official staging repo: > >https://dist.apache.org/repos/dist/dev/mina/sshd/2.13.2/ > > Maven staging repo: > >https://repository.apache.org/content/repositories/orgapachemina-1099 > > Git tag: > >https://github.com/apache/mina-sshd/commits/sshd-2.13.2 > > > > Please review and vote ! > > > > -2. > > The MANIFEST.MF of sshd-osgi (sshd-osgi-2.13.2.jar) is broken. > > Cheers, > >Thomas > > > > - > To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org > For additional commands, e-mail: dev-h...@mina.apache.org > -- Guillaume Nodet - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [VOTE] Release Apache MINA SSHD 2.13.2
On 23.07.24 18:24 , Guillaume Nodet wrote: Hey, I've staged a candidate release for an SSHD 2.13.2 release. This release contains a single bug fix: * Fix sntrup761x25519-sha512 (https://github.com/apache/mina-sshd/issues/525) Official staging repo: https://dist.apache.org/repos/dist/dev/mina/sshd/2.13.2/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachemina-1099 Git tag: https://github.com/apache/mina-sshd/commits/sshd-2.13.2 Please review and vote ! -2. The MANIFEST.MF of sshd-osgi (sshd-osgi-2.13.2.jar) is broken. Cheers, Thomas - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Require JDK 11 for building [mina-sshd]
tomaswolf commented on issue #536: URL: https://github.com/apache/mina-sshd/issues/536#issuecomment-2245793633 > I'm working on CI. I've set up a `jdk8` profile which removes some plugins that require JDK 11. I don't think toolchains are required here. Then we're not really requiring Java 11 for building. So still no multi-release. I would require 11 (or even 17) for compiling/building always; just run the tests on different JVMs (8, 11, 17). That's why I mentioned toolchains. I think there is a way to tell surefire to use a specific toolchain. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Require JDK 11 for building [mina-sshd]
gnodet commented on issue #536: URL: https://github.com/apache/mina-sshd/issues/536#issuecomment-2245743326 > This might require changing the CI builds. We still should test on Java 8. Might require maven toolchains. I'm working on CI. I've set up a `jdk8` profile which removes some plugins that require JDK 11. I don't think toolchains are required here. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Require JDK 11 for building [mina-sshd]
tomaswolf commented on issue #536: URL: https://github.com/apache/mina-sshd/issues/536#issuecomment-2245728476 This might require changing the CI builds. We still should test on Java 8. Might require maven toolchains. Otherwise fine by me. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Require JDK 11 for building [mina-sshd]
garydgregory commented on issue #536: URL: https://github.com/apache/mina-sshd/issues/536#issuecomment-2245710786 +1 here. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump org.springframework:spring-core from 5.3.28 to 6.0.15 [mina-sshd]
dependabot[bot] closed pull request #457: Bump org.springframework:spring-core from 5.3.28 to 6.0.15 URL: https://github.com/apache/mina-sshd/pull/457 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump org.springframework:spring-core from 5.3.28 to 6.0.15 [mina-sshd]
dependabot[bot] commented on PR #457: URL: https://github.com/apache/mina-sshd/pull/457#issuecomment-2244006144 Looks like org.springframework:spring-core is up-to-date now, so this is no longer needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Bump org.springframework:spring-core from 5.3.28 to 6.0.15 [mina-sshd]
gnodet commented on PR #457: URL: https://github.com/apache/mina-sshd/pull/457#issuecomment-2244005659 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org