pool/apache-sshd
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1219175 from Java:packages

Browse Source 
2.14.0 + additional flavour to build all we can

OBS-URL: https://build.opensuse.org/request/show/1219175
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache-sshd?expand=0&rev=9
This commit is contained in:
Dominique Leuenberger 2024-10-30 16:36:57 +00:00 committed by Git OBS Bridge
commit ddb1e85f77
8 changed files with 496 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
View File

@ -1,105 +0,0 @@
From accd3e006a05615cf6eed9369d91fbedcc4eab16 Mon Sep 17 00:00:00 2001
From: Mat Booth <mat.booth@redhat.com>
Date: Thu, 7 Mar 2019 11:27:55 +0000
Subject: [PATCH] Avoid optional dependency on native tomcat APR library
---
pom.xml | 5 -----
sshd-core/pom.xml | 6 ------
.../sshd/agent/local/ProxyAgentFactory.java | 16 +---------------
sshd-osgi/pom.xml | 6 ------
4 files changed, 1 insertion(+), 32 deletions(-)
diff --git a/pom.xml b/pom.xml
index 867ca88..7c29678 100644
--- a/pom.xml
+++ b/pom.xml
@@ -434,11 +434,6 @@
<artifactId>mina-core</artifactId>
<version>2.0.23</version>
</dependency>
- <dependency>
- <groupId>tomcat</groupId>
- <artifactId>tomcat-apr</artifactId>
- <version>5.5.23</version>
- </dependency>
<dependency>
<groupId>net.i2p.crypto</groupId>
diff --git a/sshd-core/pom.xml b/sshd-core/pom.xml
index 6171c5c..73a43a7 100644
--- a/sshd-core/pom.xml
+++ b/sshd-core/pom.xml
@@ -43,12 +43,6 @@
</dependency>
<dependency>
- <groupId>tomcat</groupId>
- <artifactId>tomcat-apr</artifactId>
- <optional>true</optional>
- </dependency>
-
- <dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpg-jdk18on</artifactId>
<optional>true</optional>
diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java b/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java
index ab19539..5757e68 100644
--- a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java
+++ b/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java
@@ -27,8 +27,6 @@ import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.sshd.agent.SshAgent;
import org.apache.sshd.agent.SshAgentFactory;
import org.apache.sshd.agent.SshAgentServer;
-import org.apache.sshd.agent.unix.AprLibrary;
-import org.apache.sshd.agent.unix.UnixAgentFactory;
import org.apache.sshd.common.FactoryManager;
import org.apache.sshd.common.PropertyResolver;
import org.apache.sshd.common.channel.ChannelFactory;
@@ -51,9 +49,7 @@ public class ProxyAgentFactory implements SshAgentFactory {
@Override
public List<ChannelFactory> getChannelForwardingFactories(FactoryManager manager) {
- return isPreferredUnixAgent(manager)
- ? UnixAgentFactory.DEFAULT_FORWARDING_CHANNELS
- : LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS;
+ return LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS;
}
@Override
@@ -104,16 +100,6 @@ public class ProxyAgentFactory implements SshAgentFactory {
}
public static boolean isPreferredUnixAgent(PropertyResolver resolver) {
- if (CoreModuleProperties.PREFER_UNIX_AGENT.getRequired(resolver)) {
- try {
- if (AprLibrary.getInstance() != null) {
- return true;
- }
- } catch (Exception ignore) {
- // ignored
- }
- }
-
return false;
}
}
diff --git a/sshd-osgi/pom.xml b/sshd-osgi/pom.xml
index 5395ceb..f456263 100644
--- a/sshd-osgi/pom.xml
+++ b/sshd-osgi/pom.xml
@@ -81,12 +81,6 @@
<optional>true</optional>
<scope>provided</scope>
</dependency>
- <dependency>
- <groupId>tomcat</groupId>
- <artifactId>tomcat-apr</artifactId>
- <optional>true</optional>
- <scope>provided</scope>
- </dependency>
</dependencies>
<build>
--
2.20.1

3
_multibuild Normal file
View File

@ -0,0 +1,3 @@
<multibuild>
<flavor>extras</flavor>
</multibuild>

3
apache-sshd-2.12.0-src.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e8198fd90ca8089a71547300a7a8f6e853dd5fea6095a6887f79564849e76bd8
size 1857423

3
apache-sshd-2.14.0-src.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:148f5bc1c4ac73dc59024392eb45fc76ae32671dd146cf7962c44f255bae925e
size 1888003

311
apache-sshd.changes
View File

@ -1,3 +1,314 @@
-------------------------------------------------------------------
Thu Oct 17 07:53:50 UTC 2024 - Anton Shvetz <shvetz.anton@gmail.com>
- Updated to upstrem version 2.14.0
- Changes in version 2.14.0
* Bug Fixes
+ GH-524 Performance improvements
+ GH-533 Fix multi-step authentication
+ GH-582 Fix filtering in NamedFactory
+ GH-587 Prevent NullPointerExceptionon closed channel in
NettyIoSession
+ GH-590 Better support for FIPS
+ GH-597 Pass on Charset in
ClientSession.executeRemoteCommand()
* New Features
+ New utility methods SftpClient.put(Path localFile, String
remoteFileName) and SftpClient.put(InputStream in, String
remoteFileName) facilitate SFTP file uploading.
* GH-590 Better support for FIPS
Besides fixing a bug with bc-fips (the RandomGenerator class
exists in normal Bouncy Castle, but not in the FIPS version,
but Apache MINA sshd referenced it even if only bc-fips was
present), support was improved for running in an environment
restricted by FIPS.
There is a new system property
org.apache.sshd.security.fipsEnabled. If set to true, a number
of crypto-algorithms not approved by FIPS 140 are disabled:
+ key exchange methods sntrup761x25519-sha512,
sntrup761x25519-sha512@openssh.com, curve25519-sha256,
curve25519-sha256@libssh.org, curve448-sha512.
+ the chacha20-poly1305 cipher.
+ the bcrypt KDF used in encrypted private key files in
OpenSSH format.
+ all ed25519 keys and signatures.
Additionally, the new "SunJCEWrapper" SecurityProviderRegistrar
(see below) and the EdDSASecurityProviderRegistrar are
disabled, and the BouncyCastleScurityProviderRegistrar looks
only for the "BCFIPS" security provider, not for the normal
"BC" provider.
If the system property is not set to true, FIPS mode can be
enabled programmatically by calling SecurityUtils.setFipsMode()
before any other call to Apache MINA sshd.
* Potential compatibility issues
+ New security provider registrar
There is a new SecurityProviderRegistrar that is registered
by default if there is a SunJCE security provider. It uses
the AES and HmacSHA* implementations from SunJCE even if
Bouncy Castle is also registered. SunJCE has native
implementations, whereas Bouncy Castle may not.
The new registrar has the name "SunJCEWrapper" and can be
configured like any other registrar. It can be disabled via
the system property
org.apache.sshd.security.provider.SunJCEWrapper.enabled=false.
It is also disabled in FIPS mode (see above).
+ GH-582 Fix filtering in NamedFactory
The methods NamedFactory.setupBuiltinFactories(boolean
ignoreUnsupported, ...) and
NamedFactory.setupTransformedFactories(boolean
ignoreUnsupported, ...) had a bug that gave the
"ignoreUnsupported" parameter actually the meaning of
"include unsupported".
This was fixed in this release, but existing code calling
these or one of the following methods:
~ BaseBuilder.setUpDefaultMacs(boolean ignoreUnsupported)
~ BaseBuilder.setUpDefaultCiphers(boolean ignoreUnsupported)
~ ClientBuilder.setUpDefaultCompressionFactories(boolean
ignoreUnsupported)
~ ClientBuilder.setUpDefaultKeyExchanges(boolean
ignoreUnsupported)
~ ClientBuilder.setUpDefaultSignatureFactories(boolean
ignoreUnsupported)
~ ServerBuilder.setUpDefaultCompressionFactories(boolean
ignoreUnsupported)
~ ServerBuilder.setUpDefaultKeyExchanges(boolean
ignoreUnsupported)
~ ServerBuilder.setUpDefaultSignatureFactories(boolean
ignoreUnsupported)
~ any of the methods starting with
SshConfigFileReader.configure
~ SshClientConfigFileReader.configure(...)
~ SshServerConfigFileReader.configure(...)
should be reviewed:
~ if the method is called with parameter value true, the
result will no longer include unsupported algorithms.
Formerly it wrongly did.
~ if the method is called with parameter value false, the
result may include unsupported algorithms. Formerly it
did not.
So if existing code used parameter value false to ensure it
never got unsupported algorithms, change it to true.
* Major Code Re-factoring
+ JDK requirements
~ GH-536 The project now requires JDK 17 at build time, while
the target runtime still remains unchanged to support JDK
8.
- Changes in version 2.13.2
* What's Changed
+ GH-525: Fix sntrup761x25519-sha512 by @tomaswolf in #528
- Changes in version 2.13.1
* What's changed
+ This release does not contain any code changes. It is solely
to rectify the issue that the 2.13.0 release encountered
during the release process, where the source jars were not
created.
- Changes in version 2.13.0
* What's changed
+ GH-318: Handle cascaded proxy jumps by @tomaswolf in #512
+ GH-427: Read initial ACK on channel open prior to direct
stream upload & close streams prior to exit code handling by
@TerraNibble in #464
+ GH-455: ensure BaseCipher.update() fulfills the contract by
@tomaswolf in #463
+ GH-470: Synchronize not thread safe
java.security.KeyPairGenerator.generateKe… by
@zakharovsergey1000 in #467
+ GH-476: Fix Android detection false negative by @wh0
+ GH-475: Switch uses of JSch library to the
com.github.mwiede:jsch fork by @Alex-Vol-Amz
+ GH-472: change client start condition in sshd-spring-sftp by
@alwaystom
+ GH-489: sftp readdir: determine file type from longname by
@tomaswolf in #491
+ GH-486: Add missing U2F {ed25519,ecdsa}-sk public key
equality methods by @lf-
+ SSHD-1237 Handle keep-alive channel requests by @tomaswolf in
#492
+ GH-494: Nio2Session improvements by @evgeny-pasynkov
+ GH-468: Handle excess data in SFTP read requests by
@tomaswolf in #495
+ GH-498: Implement the "sntrup761x25519-sha512@openssh.com"
KEX method by @tomaswolf
+ GH-500: SftpFileSystemProvider: close SftpClient on exception
by @tomaswolf in #501
+ GH-504: Pass reason to sessionNegotiationEnd by @duco-lw in
#505
+ GH-461: Fix heartbeats with wantReply=true by @tomaswolf in
#507
+ GH-493: Fix arcfour128 and arcfour256 ciphers (regression in
2.2.0)
+ GH-509: SFTP v[456] client: validate attribute flags
+ GH-510: Fix class name in BuiltinIoServiceFactoryFactories
(regression in 2.6.0)
* New Features
+ sntrup761x25519-sha512@openssh.com Key Exchange
The key exchange method sntrup761x25519-sha512@openssh.com is
now available if the Bouncy Castle library is available.
This uses a post-quantum key encapsulation method (KEM) to
make key exchange future-proof against quantum attacks.
More information can be found in IETF Memo Secure Shell (SSH)
Key Exchange Method Using Hybrid Streamlined NTRU Prime
sntrup761 and X25519 with SHA-512: sntrup761x25519-sha512.
+ Behavioral changes and enhancements
~ GH-318 Handle cascaded proxy jumps
Proxy jumps can be configured via host configuration
entries in two ways. First, proxies can be chained directly
by specifiying several proxies in one ProxyJump directive:
Host target
Hostname somewhere.example.org
User some_user
IdentityFile ~/.ssh/some_id
ProxyJump jumphost2, jumphost1
Host jumphost1
Hostname jumphost1@example.org
User jumphost1_user
IdentityFile ~/.ssh/id_jumphost1
Host jumphost2
Hostname jumphost2@example.org
User jumphost2_user
IdentityFile ~/.ssh/id_jumphost2
Connecting to server target will first connect to
jumphost1, then tunnel through to jumphost2, and finally
tunnel to target. So the full connection will be
client→jumphost1→jumphost2→target.
Such proxy jump chains were already supported in Apache
MINA SSHD.
Newly, Apache MINA SSHD also supports cascading proxy
jumps, so a configuration like
Host target
Hostname somewhere.example.org
User some_user
IdentityFile ~/.ssh/some_id
ProxyJump jumphost2
Host jumphost1
Hostname jumphost1@example.org
User jumphost1_user
IdentityFile ~/.ssh/id_jumphost1
Host jumphost2
Hostname jumphost2@example.org
ProxyJump jumphost1
User jumphost2_user
IdentityFile ~/.ssh/id_jumphost2
also works now, and produces the same connection
client→jumphost1→jumphost2→target.
It is possible to mis-configure such proxy jump cascades to
have loops. (For instance, if host jumphost1 in the above
example had a ProxyJump jumphost2 directive.) To catch such
misconfigurations, Apache MINA SSHD imposes an upper limit
on the total number of proxy jumps in a connection. An
exception is thrown if there are more than
CoreModuleProperties.MAX_PROXY_JUMPS proxy jumps in a
connection. The default value of this property is 10. Most
real uses of proxy jumps will have one or maybe two proxy
jumps only.
~ GH-461 Fix heartbeats with wantReply=true
The client-side heartbeat mechanism has been updated. Such
heartbeats are configured via the
CoreModuleProperties.HEARTBEAT_INTERVAL property. If this
interval is > 0, heartbeats are sent to the server.
Previously these heartbeats could also be configured with a
CoreModuleProperties.HEARTBEAT_REPLY_WAIT timeout. If the
timeout was <= 0, the client would just send heartbeat
requests without expecting any answers. If the timeout was
> 0, the client would send requests with a flag indicating
that the server should reply. The client would then wait
for the specified duration for the reply and would
terminate the connection if none was received.
This mechanism could cause trouble if the timeout was
fairly long and the server was slow to respond. A timeout
longer than the interval could also delay subsequent
heartbeats.
The CoreModuleProperties.HEARTBEAT_REPLY_WAIT property is
now deprecated.
There is a new configuration property
CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX instead. It
defines a limit for the number of heartbeats sent without
receiving a reply before a session is terminated. If the
value is <= 0, the client still sends heartbeats without
expecting any reply. If the value is > 0, the client will
request a reply from the server for each heartbeat message,
and it will terminate the connection if the number of
unanswered heartbeats reaches
CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX.
This new way to configure heartbeats aligns with the
OpenSSH configuration options ServerAliveInterval and
ServerAliveCountMax.
For compatibility with older configurations that explicitly
define CoreModuleProperties.HEARTBEAT_REPLY_WAIT, the new
code maps this to the new configuration (but only if
CoreModuleProperties.HEARTBEAT_INTERVAL > 0 and the new
property CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX has
not been set) by setting
CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX to
= CoreModuleProperties.HEARTBEAT_REPLY_WAIT <= 0:
CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX = 0
= otherwise: (CoreModuleProperties.HEARTBEAT_REPLY_WAIT /
CoreModuleProperties.HEARTBEAT_INTERVAL) + 1.
~ GH-468 SFTP: validate length of data received: must not be
more than requested
SFTP read operations now check the amount of data they get
back. If it's more than requested an exception is thrown.
SFTP servers must never return more data than the client
requested, but it appears that there are some that do so.
If property SftpModuleProperties.TOLERATE_EXCESS_DATA is
set to true, a warning is logged and such excess data is
silently discarded.
* Potential compatibility issues
+ AES-CBC ciphers removed from server's defaults
The AES-CBC ciphers aes128-cbc, aes192-cbc, and aes256-cbc
have been removed from the default list of cipher algorithms
that a server proposes in the key exchange. OpenSSH has
removed these cipher algorithms from the server proposal in
2014, and has removed them from the client proposal in 2017.
The cipher implementations still exist but they are not
enabled by default. Existing code that explicitly sets the
cipher factories is unaffected. Code that relies on the
default settings will newly create a server that does not
support the CBC-mode ciphers. To enable the CBC-mode ciphers,
one can use for instance
SshServer server = ServerBuilder.builder()
...
.cipherFactories(BuiltinFactory.setUpFactories(false,
BaseBuilder.DEFAULT_CIPHERS_PREFERENCES));
...
.build();
For the SSH client, the CBC ciphers are still enabled by
default to facilitate connecting to legacy servers. We plan
to remove the CBC ciphers from the client's defaults in the
next release.
- Changes in version 2.12.1
* Bug Fixes
+ GH-458 Singleton thread pool for kex message handler flushing
+ SSHD-1338 Restore binary compatibility with 2.9.2
* What's Changed
+ Fix link by @swiedenfeld in #454
+ SSHD-1338 Restore binary compatibility with 2.9.2 by @gnodet
in #456
+ Use a singleton threadpool for kex message handler flushing
by @FliegenKLATSCH in #459
- Enable module: sshd-openpgp
-------------------------------------------------------------------
Thu Oct 17 01:00:02 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Add an "extras" flavour to build without cycles all modules we
can
- Build also a standalone apache-sshd application
- Removed patch:
* 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
+ use tomcat-jni instead and build the module
- Added patches:
* file-name-mapping.patch
+ Do not add version to the assembled artifacts
* password-no-echo.patch
+ Do not echo on the console the password
-------------------------------------------------------------------
Tue Feb 20 11:07:06 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>

140
apache-sshd.spec
View File

@ -16,8 +16,14 @@
#
Name: apache-sshd
Version: 2.12.0
%global flavor @BUILD_FLAVOR@%{nil}
%if "%{flavor}" == "extras"
%bcond_without extras
%else
%bcond_with extras
%endif
%global homedir %{_datadir}/apache-sshd
Version: 2.14.0
Release: 0
Summary: Apache SSHD
# One file has ISC licensing:
@ -26,33 +32,83 @@ License: Apache-2.0 AND ISC
Group: Development/Libraries/Java
URL: https://mina.apache.org/sshd-project
Source0: https://archive.apache.org/dist/mina/sshd/%{version}/apache-sshd-%{version}-src.tar.gz
# Avoid optional dep on tomcat native APR library
Patch0: 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
Patch1: apache-sshd-javadoc.patch
Patch0: apache-sshd-javadoc.patch
Patch1: file-name-mapping.patch
Patch2: password-no-echo.patch
BuildRequires: fdupes
BuildRequires: maven-local
BuildRequires: mvn(junit:junit)
BuildRequires: mvn(net.i2p.crypto:eddsa)
BuildRequires: mvn(org.apache.felix:maven-bundle-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-clean-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-dependency-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-remote-resources-plugin)
BuildRequires: mvn(org.apache.maven.surefire:surefire-junit47)
BuildRequires: mvn(org.apache.maven:maven-archiver)
BuildRequires: mvn(org.apache.tomcat:tomcat-jni)
BuildRequires: mvn(org.apache:apache-jar-resource-bundle)
BuildRequires: mvn(org.apache:apache:pom:) >= 30
BuildRequires: mvn(org.bouncycastle:bcpg-jdk18on)
BuildRequires: mvn(org.bouncycastle:bcpkix-jdk18on)
BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin)
BuildRequires: mvn(org.codehaus.plexus:plexus-archiver)
BuildRequires: mvn(org.slf4j:jcl-over-slf4j)
BuildRequires: mvn(org.slf4j:slf4j-api)
BuildArch: noarch
%if %{with extras}
Name: apache-sshd-%{flavor}
BuildRequires: xmvn-subst
BuildRequires: mvn(io.netty:netty-handler)
BuildRequires: mvn(io.netty:netty-transport)
BuildRequires: mvn(org.apache.maven.plugins:maven-assembly-plugin)
BuildRequires: mvn(org.apache.sshd:sshd-common) = %{version}
BuildRequires: mvn(org.apache.sshd:sshd-core) = %{version}
BuildRequires: mvn(org.apache.sshd:sshd-putty) = %{version}
BuildRequires: mvn(org.apache.sshd:sshd-scp) = %{version}
BuildRequires: mvn(org.apache.sshd:sshd-sftp) = %{version}
BuildRequires: mvn(org.assertj:assertj-core)
BuildRequires: mvn(org.bouncycastle:bcprov-jdk18on)
BuildRequires: mvn(org.bouncycastle:bcutil-jdk18on)
BuildRequires: mvn(org.c02e.jpgpj:jpgpj)
BuildRequires: mvn(org.codehaus.plexus:plexus-archiver)
BuildRequires: mvn(org.eclipse.jgit:org.eclipse.jgit)
BuildRequires: mvn(org.eclipse.jgit:org.eclipse.jgit.pgm)
BuildRequires: mvn(org.slf4j:slf4j-jdk14)
#!BuildRequires: jgit
%else
Name: apache-sshd
BuildRequires: mvn(org.apache.maven.plugins:maven-dependency-plugin)
BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin)
BuildRequires: mvn(org.codehaus.plexus:plexus-archiver)
%endif
%description
Apache SSHD is a 100% pure java library to support the SSH protocols on both
the client and server side.
%if %{with extras}
%package -n apache-sshd-standalone
Summary: Standalone installation of apache-sshd
Requires: apache-sshd
Requires: apache-sshd-extras
Requires: assertj-core
Requires: bouncycastle
Requires: bouncycastle-pg
Requires: bouncycastle-pkix
Requires: bouncycastle-util
Requires: byte-buddy
Requires: ed25519-java
Requires: javaewah
Requires: jcl-over-slf4j
Requires: jctools
Requires: jgit
Requires: jpgpj
Requires: netty
Requires: objectweb-asm
Requires: slf4j
Requires: slf4j-jdk14
Requires: tomcat-lib
%description -n apache-sshd-standalone
This package provides standalone installation of apache-sshd
%endif
%package javadoc
Summary: API documentation for %{name}
@ -60,49 +116,69 @@ Summary: API documentation for %{name}
This package provides %{name}.
%prep
%setup -q
%setup -q -n apache-sshd-%{version}
# Avoid optional dep on tomcat native APR library
%patch -P 0 -p1
%patch -P 1 -p1
%patch -P 2 -p1
rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix
%pom_remove_dep -r tomcat:tomcat-apr
%pom_change_dep -r tomcat:tomcat-apr org.apache.tomcat:tomcat-jni
# Avoid unnecessary dep on spring framework
%pom_remove_dep :spring-framework-bom
%pom_remove_dep :testcontainers-bom sshd-sftp sshd-core
# Build the core modules only
# We don't have dependencies for these modules
%pom_disable_module sshd-benchmarks
%pom_disable_module sshd-mina
%pom_remove_dep -r org.apache.sshd:sshd-mina
%pom_disable_module sshd-spring-sftp
%pom_remove_dep -r org.apache.sshd:sshd-spring-sftp
# don't require bom that we don't package
%pom_remove_dep org.testcontainers:testcontainers-bom sshd-scp
%pom_remove_dep :netty-bom sshd-netty
%if %{with extras}
%pom_disable_module sshd-common
%pom_disable_module sshd-core
%pom_disable_module sshd-osgi
%pom_disable_module sshd-putty
%pom_disable_module sshd-scp
%pom_disable_module sshd-sftp
%else
%pom_disable_module sshd-openpgp
%pom_disable_module sshd-netty
%pom_disable_module sshd-ldap
%pom_disable_module sshd-git
%pom_disable_module sshd-contrib
%pom_disable_module sshd-spring-sftp
%pom_remove_dep -r org.apache.sshd:sshd-spring-sftp
%pom_disable_module sshd-cli
%pom_disable_module sshd-openpgp
%pom_disable_module assembly
# don't require bom that we don't package
%pom_remove_dep org.testcontainers:testcontainers-bom sshd-scp
%endif
# Disable plugins we don't need for RPM builds
%pom_remove_plugin :apache-rat-plugin
%pom_remove_plugin :gmavenplus-plugin
%pom_remove_plugin :maven-checkstyle-plugin
%pom_remove_plugin :maven-enforcer-plugin
%pom_remove_plugin :maven-pmd-plugin
%pom_remove_plugin :animal-sniffer-maven-plugin
%pom_remove_plugin :impsort-maven-plugin
%pom_remove_plugin :maven-clean-plugin
%pom_remove_plugin :formatter-maven-plugin . sshd-core
# We only need the unix-bin execution
%pom_xpath_remove "pom:executions/pom:execution[pom:id='unix-src']" assembly
%pom_xpath_remove "pom:executions/pom:execution[pom:id='windows-bin']" assembly
%pom_xpath_remove "pom:executions/pom:execution[pom:id='windows-src']" assembly
# Suppress generation of uses clauses
%pom_xpath_inject "pom:configuration/pom:instructions" "<_nouses>true</_nouses>" .
%pom_remove_plugin :maven-antrun-plugin sshd-osgi
%{mvn_file} :{*} apache-sshd/@1
%{mvn_package} :sshd __noinstall
%{mvn_package} :apache-sshd __noinstall
%build
# Can't run tests, they require ch.ethz.ganymed:ganymed-ssh2
%{mvn_build} -f -- -Dworkspace.root.dir=$(pwd) \
@ -111,14 +187,36 @@ rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix
%endif
-Dsource=8
%if %{with extras}
mkdir sshd_home
(cd sshd_home
tar --delay-directory-restore -xvf \
../assembly/target/apache-sshd-%{version}.tar.gz
)
%endif
%install
%mvn_install
%fdupes -s %{buildroot}%{_javadocdir}
%if %{with extras}
export SSHD_HOME=$(pwd)/sshd_home/apache-sshd-%{version}
rm $SSHD_HOME/bin/*.bat
install -d -m 0755 %{buildroot}%{homedir}
cp -a $SSHD_HOME/{bin,dependencies,extras,lib} %{buildroot}%{homedir}/
xmvn-subst -s -R %{buildroot} -s %{buildroot}%{homedir}
%endif
%files -f .mfiles
%doc CHANGES.md
%license LICENSE.txt NOTICE.txt assembly/src/main/legal/licenses/jbcrypt.txt
%if %{with extras}
%files -n apache-sshd-standalone
%{homedir}
%endif
%files javadoc -f .mfiles-javadoc
%license LICENSE.txt NOTICE.txt assembly/src/main/legal/licenses/jbcrypt.txt

27
file-name-mapping.patch Normal file
View File

@ -0,0 +1,27 @@
--- apache-sshd-2.12.0/assembly/src/main/components/modules.xml 2024-10-17 09:52:06.438341043 +0200
+++ apache-sshd-2.12.0/assembly/src/main/components/modules.xml 2024-10-17 10:04:38.853297583 +0200
@@ -39,6 +39,7 @@
</excludes>
<outputDirectory>lib</outputDirectory>
<useProjectArtifact>false</useProjectArtifact>
+ <outputFileNameMapping>${artifact.groupId}-${artifact.artifactId}${dashClassifier?}.${artifact.extension}</outputFileNameMapping>
</dependencySet>
<dependencySet>
<includes>
@@ -52,6 +53,7 @@
</includes>
<outputDirectory>extras</outputDirectory>
<useProjectArtifact>false</useProjectArtifact>
+ <outputFileNameMapping>${artifact.groupId}-${artifact.artifactId}${dashClassifier?}.${artifact.extension}</outputFileNameMapping>
</dependencySet>
<dependencySet>
<includes>
@@ -68,6 +70,7 @@
</includes>
<outputDirectory>dependencies</outputDirectory>
<useProjectArtifact>false</useProjectArtifact>
+ <outputFileNameMapping>${artifact.groupId}-${artifact.artifactId}${dashClassifier?}.${artifact.extension}</outputFileNameMapping>
</dependencySet>
</dependencySets>
</component>
\ No newline at end of file

33
password-no-echo.patch Normal file
View File

@ -0,0 +1,33 @@
--- apache-sshd-2.12.0/sshd-cli/src/main/java/org/apache/sshd/cli/client/SshClientCliSupport.java 2024-10-17 09:52:06.441674383 +0200
+++ apache-sshd-2.12.0/sshd-cli/src/main/java/org/apache/sshd/cli/client/SshClientCliSupport.java 2024-10-17 11:13:10.836164379 +0200
@@ -19,6 +19,7 @@
package org.apache.sshd.cli.client;
import java.io.BufferedReader;
+import java.io.Console;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
@@ -492,6 +493,11 @@
throws Throwable {
client.setFilePasswordProvider((session, file, index) -> {
stdout.print("Enter password for private key file=" + file + ": ");
+
+ Console cons = System.console();
+ if (cons != null) {
+ return new String(cons.readPassword());
+ }
return stdin.readLine();
});
@@ -552,6 +558,10 @@
public String getUpdatedPassword(ClientSession clientSession, String prompt, String lang) {
stdout.append(prompt).print(" ");
try {
+ Console cons = System.console();
+ if (cons != null) {
+ return new String(cons.readPassword());
+ }
return stdin.readLine();
} catch (IOException e) {
stderr.append("WARNING: ").append(e.getClass().getSimpleName())