Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add bouncycastle / eddsa plugins as optional and remove trilead #98

Merged
merged 1 commit into from
Jun 4, 2024

Conversation

jtnord
Copy link
Member

@jtnord jtnord commented May 13, 2024

Apache Mina only currently supports EDDSA curves via the eddsa library.

It can additionally support more types if BouncyCastle is present.

Whilst the eddsa library should not be needed (as BC supports this) mina makes no use of this, nor will it attempt to use EdDSA from the java platform if running on jdk > 15 that has this added.

As such these 2 libraries are added via optional plugins, so that if they are present then this extra support will be available.

obsoletes #91

Testing done

has been used in interactice testing with a customer git and ssh server in combination with jenkinsci/git-client-plugin#1127

Submitter checklist

mina-sshd-api-common/pom.xml Outdated Show resolved Hide resolved
@jtnord
Copy link
Member Author

jtnord commented May 23, 2024

(needs appropriate labels, will break the bom unless jenkinsci/bom#3231 is addressed)

Plugin depending on trilead (a different ssh implementaion)
makes no logical sense.

Add optional dependencies to bouncycasle and eddsa plugin.

The latter is needed for EdDSA keys, the former can add extra things
from BouncyCastle.

This prevents some classloading excpeptions where the context
classloader is set to a class that can see bouncycastle or eddsa code
yet the classloader of code in these plugin can not.

Now if eddsa or bouncycastle plugins are installed this plugin will
consistently be able to see the code.

remove management of ssh-credentials plugin
@olamy
Copy link
Member

olamy commented May 27, 2024

@jtnord we should be ok to merge it now?

@jtnord
Copy link
Member Author

jtnord commented May 28, 2024

jenkinsci/bom#3231 is still unaddressed so merging will lead to errors like: https://ci.jenkins.io/job/Tools/job/bom/job/PR-3218/4/testReport/

TBH - move fast and break things - I maintain the way the BOM is working is broken, I have provided a PR to change the way it works that is shown to work and it is not the job of this or any other plugins to work around it. I am neither a maintainer of this plugin nor of the BOM :-)

@olamy
Copy link
Member

olamy commented May 28, 2024

ah this remember the usual issue (such jenkinsci/maven-hpi-plugin#391)
well if the only way to move forward is to change some tests to use RealJenkinsRule.
I can do few to at least to unlock the situation as nothing might move.

@jtnord
Copy link
Member Author

jtnord commented May 28, 2024

ah this remember the usual issue (such jenkinsci/maven-hpi-plugin#391)

I don't think that we should try and work around this in maven-hpi-plugin it is likely to cause different issues, in that a plugins tests expect some environment with a given set of plugins, but get something very different when run under the PCT.

(it would also mean that all the FIPS tests would need to be disabled when running in the BOM build as anything that gets the eddsa plugin (which is in the fat war!) and sets FIPS mode in the test harness will get a failed startup!)

@olamy
Copy link
Member

olamy commented May 29, 2024

(it would also mean that all the FIPS tests would need to be disabled when running in the BOM build as anything that gets the eddsa plugin (which is in the fat war!) and sets FIPS mode in the test harness will get a failed startup!)

what can we consider as trigger to detect the current context is BOM build?

System.getProperty("jth.jenkins-war.path") != null?

or add a new specific property in the bom build script?

@jglick
Copy link
Member

jglick commented May 29, 2024

Better not Volkswagen it. jenkinsci/bom#3232 should suffice (I am just waiting for an opinion from @MarkEWaite today).

@jtnord jtnord marked this pull request as ready for review May 29, 2024 13:29
@jtnord jtnord requested a review from a team as a code owner May 29, 2024 13:29
Copy link
Member

@jglick jglick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK I think, though I can hardly predict the consequences. Can I assume this has been tested in RealJenkinsRule or otherwise with realistic class loading, ideally also with some of the optional dependencies disabled? I suppose this should be marked developer insofar as it is needed for something else but not an interesting update for end users?

<artifactId>bom-2.426.x</artifactId>
<!--
TODO remove the eddsa-api management below when the bom upadte includes eddsa-api
https://github.com/jenkinsci/bom/pull/3230
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jtnord
Copy link
Member Author

jtnord commented Jun 4, 2024

@Dohbedoh @jglick any chance of a merge to get a release?

@Dohbedoh Dohbedoh merged commit 06de17b into jenkinsci:main Jun 4, 2024
15 checks passed
@Dohbedoh
Copy link
Contributor

Dohbedoh commented Jun 4, 2024

@jtnord Here you go https://github.com/jenkinsci/mina-sshd-api-plugin/releases/tag/2.12.1-111.v06de17b_e0ed5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants