Community
Participate
Working Groups
JGit should skip sshd 2.1.0; there were a number of bug fixes that we could use in that version. sshd 2.2.0 is planned for Q1 2019. Note: with sshd >= 2.1.0, we'll need sshd-osgi in Orbit (which is a shaded artifact re-combining sshd-core and sshd-common), or we'll have to include sshd-common and deal with the split package between sshd-core and sshd-common ourselves in the bnd file. (Perhaps just declaring the package as split would be good enough?) When we move to sshd 2.2.0, we should also include sshd-putty. C.f. bug 541273.
Related upstream question: https://issues.apache.org/jira/browse/SSHD-884
FYI, SSHD 2.2.0 also includes an sshd-osgi artifact that should take care of the split between sshd-core and sshd-common - simply use sshd-osgi instead of the other two.
(In reply to Lyor Goldstein from comment #2) > FYI, SSHD 2.2.0 also includes an sshd-osgi artifact I know. If it comes with a source bundle, fine, otherwise we'll have to go with common/core and mark umpteen packages as split.
I don't know what "source bundle" means - but it is easy to see - just clone the Github project and built it. If the source bundle is missing we can probably add it (once I understand what it means) - but let's do it in the next 1-2 days as I would like to release 2.2.0 in the first days of Feb. at the latest.
(In reply to Lyor Goldstein from comment #4) > I don't know what "source bundle" means - but it is easy to see - just clone > the Github project and built it. If the source bundle is missing we can > probably add it (once I understand what it means) - but let's do it in the > next 1-2 days as I would like to release 2.2.0 in the first days of Feb. at > the latest. "Source bundle" or "source artifact": a jar containing the sources. For 2.1.0, these exist when I look them up in Maven central, for instance http://central.maven.org/maven2/org/apache/sshd/sshd-common/2.1.0/ has a sshd-common-2.1.0-sources.jar . I don't know how these get generated; a simple "mvn clean install" does not generate them, and "mvn clean sources:jar install" fails. I don't see you pom.xml using maven-source-plugin... I presume all the 2.2.0 artifacts will have such source artifacts, too. I am unsure about the sshd-osgi artifact, though, since it's a shaded artifact and has no own sources. It should get a source artifact that includes the sshd-core and sshd-common sources.
Thanks for the clarification - I will look into it.
Have created https://issues.apache.org/jira/browse/SSHD-885 for the source bundle + implemented it. Before releasing, I will ask whoever is doing the release to pay special notice to publishing the source bundle as well.
Looks like the apache-release profile in your parent pom[1][2] will run the maven-source-plugin to generate these source bundles. So presumably the sshd-osgi bundle should have a structure (including sources) such that it can actually be processed by that profile. [1] https://github.com/apache/mina-sshd/blob/master/pom.xml#L23 [2] https://github.com/apache/maven-apache-parent/blob/apache-15/pom.xml#L334
Apache MINA SSHD 2.2.0 is released now. We'd need * org.apache.sshd.osgi 2.2.0 [1] (successor of sshd.core) * org.apache.sshd.sftp 2.2.0 [2] * org.apache.sshd.putty 2.2.0 [3] for bug 541273 [1] http://central.maven.org/maven2/org/apache/sshd/sshd-osgi/2.2.0/ [2] http://central.maven.org/maven2/org/apache/sshd/sshd-sftp/2.2.0/ [3] http://central.maven.org/maven2/org/apache/sshd/sshd-putty/2.2.0/ @Matthias, would you do the necessary CQs? I have already prepared and tested the code changes necessary in JGit locally; once the first two bundles are in Orbit, I can push them. Main benefits for updating: * being able to read encrypted new-style OpenSSH private keys (I'll comment on the CQ for sshd.osgi to summarize my e-mail discussion with Sharon regarding the inclusion of bcrypt; c.f. bug 541703). * we can remove some of our own code working around problems in sshd 2.0.0.
Created CQ 19034 [1] for sshd-osgi 2.2.0. I hope I did it all correctly. [1] https://dev.eclipse.org/ipzilla/show_bug.cgi?id=19034
And CQ 19035 [1] for sshd-sftp 2.2.0. [1] https://dev.eclipse.org/ipzilla/show_bug.cgi?id=19035
Created CQ 19036 for sshd-osgi 2.2.0 for Orbit Created CQ 19037 for sshd-sftp 2.2.0 for Orbit
(In reply to Matthias Sohn from comment #12) > Created CQ 19036 for sshd-osgi 2.2.0 for Orbit https://dev.eclipse.org/ipzilla/show_bug.cgi?id=19036 > Created CQ 19037 for sshd-sftp 2.2.0 for Orbit https://dev.eclipse.org/ipzilla/show_bug.cgi?id=19037
(In reply to Matthias Sohn from comment #13) > (In reply to Matthias Sohn from comment #12) > > Created CQ 19036 for sshd-osgi 2.2.0 for Orbit > https://dev.eclipse.org/ipzilla/show_bug.cgi?id=19036 > > > Created CQ 19037 for sshd-sftp 2.2.0 for Orbit > https://dev.eclipse.org/ipzilla/show_bug.cgi?id=19037 Thanks. 19034 and 19035 are approved now; the two ATO CQs are still open. Changes for them are on Gerrit. [1][2] [1] https://git.eclipse.org/r/#/c/137676/ [2] https://git.eclipse.org/r/#/c/137677/
(In reply to Matthias Sohn from comment #13) > (In reply to Matthias Sohn from comment #12) > > Created CQ 19036 for sshd-osgi 2.2.0 for Orbit > https://dev.eclipse.org/ipzilla/show_bug.cgi?id=19036 > > > Created CQ 19037 for sshd-sftp 2.2.0 for Orbit > https://dev.eclipse.org/ipzilla/show_bug.cgi?id=19037 Is there anything we still need to do here to make these two CQs advance?
I asked PMC to +1 the CQs
New Gerrit change created: https://git.eclipse.org/r/141355
New Gerrit change created: https://git.eclipse.org/r/141682
Gerrit change https://git.eclipse.org/r/141355 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=86cee68e0d9282ecc6a49792693309e8d5d9d984
Gerrit change https://git.eclipse.org/r/141682 was merged to [master]. Commit: http://git.eclipse.org/c/egit/egit.git/commit/?id=59f8ec89a7b8440ecbf2ef1a34e876fc84b8f75f