Re: [asterisk-dev] Jira / Gerrit Integration Issue
On Thu, Jun 10, 2021 at 10:00 AM BJ Weschke wrote: > I’d be willing to take a look at it for you George. > A Volunteer!!! THANKS! I didn't think anyone would respond so soon. :) Basically, the plugin uses the com.sonyericsson.hudson.plugins.gerrit.gerrit-events package to communicate with Gerrit. That in turn uses the com.jcraft.jsch library both through gerrit-events and directly. The gerrit-events package has since been split out of the old hudson/jenkins space into com.sonymobile.tools.gerrit.gerrit-events and that's actively maintained and is what Jenkins currently uses. I _think_, _possibly_, that moving the jira-gerrit-plugin from the old gerrit-events to the new gerrit-events might just fix the issue but I can't be sure.The plugin also has the capability to update Gerrit but we don't use that bit. It may then be easier to just change the plugin to use the Gerrit REST interface for the query stuff. The plugin already has configuration settings for gerrit url, username and password so why it doesn't use the REST interface already I'm not sure. Anyway, take a look and let me know what you think. https://github.com/MeetMe/jira-gerrit-plugin > > Sent from my iPhone > > On Jun 10, 2021, at 11:31 AM, George Joseph wrote: > > > > You already know about the SSH host key issue related to the upgrade of > Gerrit we did on May 28th.That issue we knew about in advance so we > gave everyone advance notice. Well, we discovered another issue related to > SSH but this one was after the fact... > > We use a Jira plugin to display open Gerrit reviews for issues. This > plugin is quite old and we discovered last Tuesday that it was using SSH > Key Exchange Algorithms (kex) that are also quite old and known to be > insecure. With the Gerrit upgrade, those older kex algorithms were removed > so Jira was no longer able to log into gerrit via ssh and retrieve the > reviews. > > So we actually have two issues... First Gerrit really messed up with > their release notes because there was absolutely no mention of the > implications of their upgrading their SSH backend. I've taken that up with > them. Second, the Gerrit plugin for Jira really needs an update but it's > not well maintained and although we could fix it, we're not exactly > overstaffed right now. The Gerrit team did agree to re-enable the older > kex algorithms in their 3.4.1 release but that only helps us in the short > term as they will eventually be deprecated for good. > > So while we should have the integration working again shortly, we're still > not sure what to do in the long term. Would any of you with Java > experience be able to take a look at the jira-gerrit-plugin[1]? It's > actually not that complex but it needs its SSH backend (com.jcraft.jsch) > replaced. If any of you are interested, let me know and I can give you > the details. > > [1] https://github.com/MeetMe/jira-gerrit-plugin > > > > > -- > George Joseph > Asterisk Software Developer > direct/fax +1 256 428 6012 > Check us out at www.sangoma.com and www.asterisk.org > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-dev mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-dev > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-dev mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-dev -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] Jira / Gerrit Integration Issue
I’d be willing to take a look at it for you George. Sent from my iPhone > On Jun 10, 2021, at 11:31 AM, George Joseph wrote: > > > > You already know about the SSH host key issue related to the upgrade of > Gerrit we did on May 28th.That issue we knew about in advance so we gave > everyone advance notice. Well, we discovered another issue related to SSH > but this one was after the fact... > > We use a Jira plugin to display open Gerrit reviews for issues. This plugin > is quite old and we discovered last Tuesday that it was using SSH Key > Exchange Algorithms (kex) that are also quite old and known to be insecure. > With the Gerrit upgrade, those older kex algorithms were removed so Jira was > no longer able to log into gerrit via ssh and retrieve the reviews. > > So we actually have two issues... First Gerrit really messed up with their > release notes because there was absolutely no mention of the implications of > their upgrading their SSH backend. I've taken that up with them. Second, > the Gerrit plugin for Jira really needs an update but it's not well > maintained and although we could fix it, we're not exactly overstaffed right > now. The Gerrit team did agree to re-enable the older kex algorithms in > their 3.4.1 release but that only helps us in the short term as they will > eventually be deprecated for good. > > So while we should have the integration working again shortly, we're still > not sure what to do in the long term. Would any of you with Java experience > be able to take a look at the jira-gerrit-plugin[1]? It's actually not that > complex but it needs its SSH backend (com.jcraft.jsch) replaced. If any of > you are interested, let me know and I can give you the details. > > [1] https://github.com/MeetMe/jira-gerrit-plugin > > > > > -- > George Joseph > Asterisk Software Developer > direct/fax +1 256 428 6012 > Check us out at www.sangoma.com and www.asterisk.org > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-dev mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-dev -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
[asterisk-dev] Jira / Gerrit Integration Issue
You already know about the SSH host key issue related to the upgrade of Gerrit we did on May 28th.That issue we knew about in advance so we gave everyone advance notice. Well, we discovered another issue related to SSH but this one was after the fact... We use a Jira plugin to display open Gerrit reviews for issues. This plugin is quite old and we discovered last Tuesday that it was using SSH Key Exchange Algorithms (kex) that are also quite old and known to be insecure. With the Gerrit upgrade, those older kex algorithms were removed so Jira was no longer able to log into gerrit via ssh and retrieve the reviews. So we actually have two issues... First Gerrit really messed up with their release notes because there was absolutely no mention of the implications of their upgrading their SSH backend. I've taken that up with them. Second, the Gerrit plugin for Jira really needs an update but it's not well maintained and although we could fix it, we're not exactly overstaffed right now. The Gerrit team did agree to re-enable the older kex algorithms in their 3.4.1 release but that only helps us in the short term as they will eventually be deprecated for good. So while we should have the integration working again shortly, we're still not sure what to do in the long term. Would any of you with Java experience be able to take a look at the jira-gerrit-plugin[1]? It's actually not that complex but it needs its SSH backend (com.jcraft.jsch) replaced. If any of you are interested, let me know and I can give you the details. [1] https://github.com/MeetMe/jira-gerrit-plugin -- George Joseph Asterisk Software Developer direct/fax +1 256 428 6012 Check us out at www.sangoma.com and www.asterisk.org [image: image.png] -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
