buildbot success in on tomcat-85-trunk
The Buildbot has detected a restored build on builder tomcat-85-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-85-trunk/builds/2330 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' triggered this build Build Source Stamp: [branch 8.5.x] 8563619aa8c45bdd891d49ba2cdd16442db9d712 Blamelist: Mark Thomas Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix merge
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 8563619 Fix merge 8563619 is described below commit 8563619aa8c45bdd891d49ba2cdd16442db9d712 Author: Mark Thomas AuthorDate: Fri May 29 20:17:19 2020 +0100 Fix merge --- res/maven/mvn-pub.xml | 3 --- 1 file changed, 3 deletions(-) diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml index 010a00c..17d64a9 100644 --- a/res/maven/mvn-pub.xml +++ b/res/maven/mvn-pub.xml @@ -39,8 +39,6 @@ -<<< HEAD -=== @@ -80,7 +78,6 @@ ->>> 5db7d814d0... Switch to Maven Resolver Ant tasks - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Switch to Maven Resolver Ant tasks
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new e5ae7c6 Switch to Maven Resolver Ant tasks e5ae7c6 is described below commit e5ae7c616531c7b639ccc68b374d1c364a9b4daf Author: Mark Thomas AuthorDate: Fri May 29 10:48:54 2020 +0100 Switch to Maven Resolver Ant tasks --- .gitignore | 2 +- build.xml| 2 +- res/maven/mvn-pub.xml| 279 +++ res/maven/mvn.properties.default | 20 ++- webapps/docs/changelog.xml | 5 + 5 files changed, 192 insertions(+), 116 deletions(-) diff --git a/.gitignore b/.gitignore index 08b1edc..aa1345f 100644 --- a/.gitignore +++ b/.gitignore @@ -36,7 +36,7 @@ mvn.properties *.asc *.jj *.tmp -maven-ant-tasks-*.jar +maven-resolver-ant-tasks-*.jar thumbs.db Thumbs.db bin/setenv.* diff --git a/build.xml b/build.xml index 67b8bcc..64da7e7 100644 --- a/build.xml +++ b/build.xml @@ -2282,7 +2282,7 @@ Apache Tomcat ${version} native binaries for Win64 AMD64/EMT64 platform. - + diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml index 52a9eee..9fd938b 100644 --- a/res/maven/mvn-pub.xml +++ b/res/maven/mvn-pub.xml @@ -1,4 +1,4 @@ - + - + xmlns:resolver="antlib:org.apache.maven.resolver.ant" + xmlns:if="ant:if" + xmlns:unless="ant:unless"> - + + + + + + + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -49,44 +93,32 @@ - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + + @@ -128,34 +160,26 @@ - - - - - - - - - - - - - - - - + + + + + + + + - + + - + - - - - +password="${asf.ldap.password}" +unless:set="maven.auth.useSettings"/> + + + + @@ -193,45 +217,32 @@ - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + - - - - - - - - - - - + + + + + + + + + + + @@ -254,7 +265,7 @@ - + - + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index 150dd05..1e365f2 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -24,15 +24,19 @@ #running this script asf.ldap.username= gpg.exec=C:/software/GNU/GnuPG/gpg.exe +# Set this property to use the user name and password from the Maven +# settings.xml file rather than from asf.ldap.username and prompting for the +# associated password +# maven.auth.useSettings=Anything # ASF Snapshot Repository (hosted on Nexus) maven.snapshot.repo.url=https://repository.apache.org/content/repositories/snapshots -maven.snapshot.repo.repositoryId=apache.snapshots +maven.snapshot.repo.repositoryId=apache.snapshots.https # ASF Release Repository (hosted on Nexus) # Note: Also used for staging releases prior to voting maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/deploy/maven2 -maven.asf.release.repo.repositoryId=apache.releases +maven.asf.release.repo.repositoryId=apache.releases.https # Release version info maven.asf.release.deploy.version=7.0.105 @@ -49,3 +53,15 @@ tomcat.extras.src.path=../.
[tomcat] branch 8.5.x updated: Remove outdated comment
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 63068f8 Remove outdated comment 63068f8 is described below commit 63068f8bd93c62a5e8d17dbfe03fdc3cc6b656c2 Author: Mark Thomas AuthorDate: Fri May 29 20:07:49 2020 +0100 Remove outdated comment --- res/maven/mvn-pub.xml | 3 --- 1 file changed, 3 deletions(-) diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml index 626b6a5..010a00c 100644 --- a/res/maven/mvn-pub.xml +++ b/res/maven/mvn-pub.xml @@ -19,9 +19,6 @@ xmlns:resolver="antlib:org.apache.maven.resolver.ant" xmlns:if="ant:if" xmlns:unless="ant:unless"> - - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Remove outdated comment
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 9936e50 Remove outdated comment 9936e50 is described below commit 9936e50134a7c5489563111f685caac43e7d55de Author: Mark Thomas AuthorDate: Fri May 29 20:07:49 2020 +0100 Remove outdated comment --- res/maven/mvn-pub.xml | 3 --- 1 file changed, 3 deletions(-) diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml index 1865989..ea504a2 100644 --- a/res/maven/mvn-pub.xml +++ b/res/maven/mvn-pub.xml @@ -19,9 +19,6 @@ xmlns:resolver="antlib:org.apache.maven.resolver.ant" xmlns:if="ant:if" xmlns:unless="ant:unless"> - - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Switch to Maven Resolver Ant tasks
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new e5ae7c6 Switch to Maven Resolver Ant tasks e5ae7c6 is described below commit e5ae7c616531c7b639ccc68b374d1c364a9b4daf Author: Mark Thomas AuthorDate: Fri May 29 10:48:54 2020 +0100 Switch to Maven Resolver Ant tasks --- .gitignore | 2 +- build.xml| 2 +- res/maven/mvn-pub.xml| 279 +++ res/maven/mvn.properties.default | 20 ++- webapps/docs/changelog.xml | 5 + 5 files changed, 192 insertions(+), 116 deletions(-) diff --git a/.gitignore b/.gitignore index 08b1edc..aa1345f 100644 --- a/.gitignore +++ b/.gitignore @@ -36,7 +36,7 @@ mvn.properties *.asc *.jj *.tmp -maven-ant-tasks-*.jar +maven-resolver-ant-tasks-*.jar thumbs.db Thumbs.db bin/setenv.* diff --git a/build.xml b/build.xml index 67b8bcc..64da7e7 100644 --- a/build.xml +++ b/build.xml @@ -2282,7 +2282,7 @@ Apache Tomcat ${version} native binaries for Win64 AMD64/EMT64 platform. - + diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml index 52a9eee..9fd938b 100644 --- a/res/maven/mvn-pub.xml +++ b/res/maven/mvn-pub.xml @@ -1,4 +1,4 @@ - + - + xmlns:resolver="antlib:org.apache.maven.resolver.ant" + xmlns:if="ant:if" + xmlns:unless="ant:unless"> - + + + + + + + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -49,44 +93,32 @@ - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + + @@ -128,34 +160,26 @@ - - - - - - - - - - - - - - - - + + + + + + + + - + + - + - - - - +password="${asf.ldap.password}" +unless:set="maven.auth.useSettings"/> + + + + @@ -193,45 +217,32 @@ - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + - - - - - - - - - - - + + + + + + + + + + + @@ -254,7 +265,7 @@ - + - + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index 150dd05..1e365f2 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -24,15 +24,19 @@ #running this script asf.ldap.username= gpg.exec=C:/software/GNU/GnuPG/gpg.exe +# Set this property to use the user name and password from the Maven +# settings.xml file rather than from asf.ldap.username and prompting for the +# associated password +# maven.auth.useSettings=Anything # ASF Snapshot Repository (hosted on Nexus) maven.snapshot.repo.url=https://repository.apache.org/content/repositories/snapshots -maven.snapshot.repo.repositoryId=apache.snapshots +maven.snapshot.repo.repositoryId=apache.snapshots.https # ASF Release Repository (hosted on Nexus) # Note: Also used for staging releases prior to voting maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/deploy/maven2 -maven.asf.release.repo.repositoryId=apache.releases +maven.asf.release.repo.repositoryId=apache.releases.https # Release version info maven.asf.release.deploy.version=7.0.105 @@ -49,3 +53,15 @@ tomcat.extras.src.path=../.
[tomcat] branch 8.5.x updated: Remove outdated comment
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 63068f8 Remove outdated comment 63068f8 is described below commit 63068f8bd93c62a5e8d17dbfe03fdc3cc6b656c2 Author: Mark Thomas AuthorDate: Fri May 29 20:07:49 2020 +0100 Remove outdated comment --- res/maven/mvn-pub.xml | 3 --- 1 file changed, 3 deletions(-) diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml index 626b6a5..010a00c 100644 --- a/res/maven/mvn-pub.xml +++ b/res/maven/mvn-pub.xml @@ -19,9 +19,6 @@ xmlns:resolver="antlib:org.apache.maven.resolver.ant" xmlns:if="ant:if" xmlns:unless="ant:unless"> - - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Remove outdated comment
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 9936e50 Remove outdated comment 9936e50 is described below commit 9936e50134a7c5489563111f685caac43e7d55de Author: Mark Thomas AuthorDate: Fri May 29 20:07:49 2020 +0100 Remove outdated comment --- res/maven/mvn-pub.xml | 3 --- 1 file changed, 3 deletions(-) diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml index 1865989..ea504a2 100644 --- a/res/maven/mvn-pub.xml +++ b/res/maven/mvn-pub.xml @@ -19,9 +19,6 @@ xmlns:resolver="antlib:org.apache.maven.resolver.ant" xmlns:if="ant:if" xmlns:unless="ant:unless"> - - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix merge
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 8563619 Fix merge 8563619 is described below commit 8563619aa8c45bdd891d49ba2cdd16442db9d712 Author: Mark Thomas AuthorDate: Fri May 29 20:17:19 2020 +0100 Fix merge --- res/maven/mvn-pub.xml | 3 --- 1 file changed, 3 deletions(-) diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml index 010a00c..17d64a9 100644 --- a/res/maven/mvn-pub.xml +++ b/res/maven/mvn-pub.xml @@ -39,8 +39,6 @@ -<<< HEAD -=== @@ -80,7 +78,6 @@ ->>> 5db7d814d0... Switch to Maven Resolver Ant tasks - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch 8.5.x updated: Switch to Maven Resolver Ant tasks
On Fri, May 29, 2020 at 9:05 PM wrote: > > +<<< HEAD > +=== > + > +>>> 5db7d814d0... Switch to Maven Resolver Ant tasks > > > The CI run complained and indeed there's a merge conflict here. Rémy
Re: Maven uploads and hashes
On Fri, May 29, 2020 at 8:55 PM Mark Thomas wrote: > On 29/05/2020 19:42, Michael Osipov wrote: > > Am 2020-05-29 um 16:48 schrieb Mark Thomas: > >> On 29/05/2020 15:23, Michael Osipov wrote: > >>> Am 2020-05-29 um 14:05 schrieb Mark Thomas: > Hi, > > Currently we use the (very old) Maven Ant Tasks to upload files to > Nexus. This has a hard-coded feature that adds MD5 and SHA-1 hashes > for > every uploaded file. It also adds hashes for .asc files. > > I investigated manually adding .sha256 and .sha512 files. This > works, bu > the upload process still adds .md5 and .sha1 files for the .sha256 and > .sha512 files. This is workable but not ideal. > > I am currently investigating the possibility of switching to the newer > Maven Resolver Ant Tasks. This is a work in progress. It has a LOT > more > dependencies and the default behaviour is unchanged. I am currently > looking at the source to see if the behaviour could be configured. > > In amongst all of this I had a thought. What if we just made a binary > patch to the Maven Ant Tasks to switch it from creating MD5 and SHA-1 > hashes to creating SHA-256 and SHA-512 hashes? At first glance this > looks to be a small tweak to a single class that should be doable with > BCEL (a bit like a very targetted Jakarta Migration Tool). Is this a > terrible idea? I wanted to get some feedback on this while I continued > to look at the Maven Resolver Ant Tasks. > >>> > >>> I need to add a few lines here since I maintain Maven Resolver these > >>> days. So no need to patch anything, we can work upstream. > >>> We have/had these requests recently for SHA-2 family of hashes. What > >>> hold me off is that Nexus before 2.14.18 did reject SHA-2 hashes for > >>> Central. Moreover, you cannot omit MD5 and SHA-1 for Central because > >>> they are mandatory, you won't pass evaluation on repository.a.o. > >>> Regarding the JARs, I do use Maven Resolver Ant Tasks too at work to > >>> customize Tomcat distributin for several OSes and there is a single JAR > >>> you can use: > >>> > https://repo1.maven.org/maven2/org/apache/maven/resolver/maven-resolver-ant-tasks/1.2.0/maven-resolver-ant-tasks-1.2.0-uber.jar > >>> > >> > >> Ah. I didn't see the uber JAR. That helps a lot. > >> > >>> I would not recommend committing it due to the size, but simply require > >>> it to be in ~/.ant or in ANT_HOME. > >> > >> Agreed. JARs don't belong in source repos. We can download it on demand. > >> > >>> When Aether has been adopted from Eclipse, license has also changed > from > >>> EPL to AL. I see no issues here. > >> > >> Great. > >> > >>> WDYT? > >> > >> Cool. I think we have a possible solution here. > >> > >> 1. Switch to using the maven-resolver-ant-tasks with the uber JAR. > >> > >> This gives us the immediate benefit that we won't be generating .asc.md5 > >> and .asc.sha1 files. I pretty much have this ready to go. I just need to > >> tweak it to use the uber JAR. > >> > >> 2. Update to a newer version of maven-resolver-ant-tasks when a version > >> that adds .sha256 and .sha512 is available. I'd be fine if it added > >> .md5, .sha1, .sha256 and .sha512 > > > > Correct. I have recently updated Resolver. Ant Tasks need some love to > > perform again. This is the next point on my list. As soon as a new Ant > > Tasks release is out, I will head over to Resolver master and provide > > you a branch with a tentative fix for the SHA-2 issue. > > > > Acceptable? > > Perfect. Sounds great. I'm just about to update master to Maven Resolver > Ant Tasks in preparation. I'll back-port as well. > Worth trying at least ;) Rémy
buildbot failure in on tomcat-85-trunk
The Buildbot has detected a new failure on builder tomcat-85-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-85-trunk/builds/2329 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' triggered this build Build Source Stamp: [branch 8.5.x] e4ba8202d24a3230e845a1746c51e3d0bcf996a5 Blamelist: Mark Thomas BUILD FAILED: failed shell_11 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/5208 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] 1699a3db6a6d09ec07b529c8c59f5a70080bdea3 Blamelist: Mark Thomas Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62695] Provide sha512 checksums for Tomcat releases published to Maven
https://bz.apache.org/bugzilla/show_bug.cgi?id=62695 --- Comment #3 from Mark Thomas --- The ASF Nexus instance has now been upgraded to allow this. The Tomcat builds have been switched from the unsupported Maven Ant Tasks to the supported Maven Resolver Ant Tasks. Work is in hand to update the Maven Resolver Ant Tasks to create SHA-256 and SHA-512 hashes. We aren't there yet but progress is being made. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Remove outdated comment
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new e844b7e Remove outdated comment e844b7e is described below commit e844b7e924a3eadf33cee33ee3dfde05dce875c7 Author: Mark Thomas AuthorDate: Fri May 29 20:07:49 2020 +0100 Remove outdated comment --- res/maven/mvn-pub.xml | 3 --- 1 file changed, 3 deletions(-) diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml index 7a4160a..ae4e85d 100644 --- a/res/maven/mvn-pub.xml +++ b/res/maven/mvn-pub.xml @@ -19,9 +19,6 @@ xmlns:resolver="antlib:org.apache.maven.resolver.ant" xmlns:if="ant:if" xmlns:unless="ant:unless"> - - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Remove outdated comment
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 9936e50 Remove outdated comment 9936e50 is described below commit 9936e50134a7c5489563111f685caac43e7d55de Author: Mark Thomas AuthorDate: Fri May 29 20:07:49 2020 +0100 Remove outdated comment --- res/maven/mvn-pub.xml | 3 --- 1 file changed, 3 deletions(-) diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml index 1865989..ea504a2 100644 --- a/res/maven/mvn-pub.xml +++ b/res/maven/mvn-pub.xml @@ -19,9 +19,6 @@ xmlns:resolver="antlib:org.apache.maven.resolver.ant" xmlns:if="ant:if" xmlns:unless="ant:unless"> - - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Switch to Maven Resolver Ant tasks
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new e4ba820 Switch to Maven Resolver Ant tasks e4ba820 is described below commit e4ba8202d24a3230e845a1746c51e3d0bcf996a5 Author: Mark Thomas AuthorDate: Fri May 29 10:48:54 2020 +0100 Switch to Maven Resolver Ant tasks --- .gitignore | 2 +- build.xml| 2 +- res/maven/mvn-pub.xml| 106 +++ res/maven/mvn.properties.default | 8 +-- webapps/docs/changelog.xml | 5 ++ 5 files changed, 86 insertions(+), 37 deletions(-) diff --git a/.gitignore b/.gitignore index 08b1edc..aa1345f 100644 --- a/.gitignore +++ b/.gitignore @@ -36,7 +36,7 @@ mvn.properties *.asc *.jj *.tmp -maven-ant-tasks-*.jar +maven-resolver-ant-tasks-*.jar thumbs.db Thumbs.db bin/setenv.* diff --git a/build.xml b/build.xml index e17c8ea..91929a4 100644 --- a/build.xml +++ b/build.xml @@ -2133,7 +2133,7 @@ Apache Tomcat ${version} native binaries for Win64 AMD64/EMT64 platform. - + diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml index 976afd6..626b6a5 100644 --- a/res/maven/mvn-pub.xml +++ b/res/maven/mvn-pub.xml @@ -16,7 +16,7 @@ limitations under the License. --> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +>>> 5db7d814d0... Switch to Maven Resolver Ant tasks @@ -70,18 +112,19 @@ - + + - + - - - - - - + + + + + + @@ -132,16 +175,17 @@ - + + - + - - - - + + + + @@ -192,19 +236,19 @@ - + - + - - - - - - - + + + + + + + diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index 5898a318..3a864fc 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -61,7 +61,7 @@ tomcat.pom.path=../../res/maven base.path=${user.home}/tomcat-build-libs # - Maven Ant Tasks - -maven-ant-tasks.version=2.1.3 -maven-ant-tasks.home=${base.path}/maven-ant-tasks-${maven-ant-tasks.version} -maven-ant-tasks.loc=https://archive.apache.org/dist/maven/ant-tasks/${maven-ant-tasks.version}/binaries/maven-ant-tasks-${maven-ant-tasks.version}.jar -maven-ant-tasks.jar=${maven-ant-tasks.home}/maven-ant-tasks-${maven-ant-tasks.version}.jar +maven-resolver-ant-tasks.version=1.2.0 +maven-resolver-ant-tasks.home=${base.path}/maven-resolver-ant-tasks-${maven-resolver-ant-tasks.version} +maven-resolver-ant-tasks.loc=https://repo1.maven.org/maven2/org/apache/maven/resolver/maven-resolver-ant-tasks/${maven-resolver-ant-tasks.version}/maven-resolver-ant-tasks-${maven-resolver-ant-tasks.version}-uber.jar +maven-resolver-ant-tasks.jar=${maven-resolver-ant-tasks.home}/maven-resolver-ant-tasks-${maven-resolver-ant-tasks.version}-uber.jar diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 248520e..0ce02e6 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -102,6 +102,11 @@ environment variable that defines a command to which captured stdout and stderr will be redirected. Patch provided by Harald Dunkel. (markt) + +Switch from the unsupported Maven Ant Tasks to the supported Maven +Resolver Ant Tasks to upload artifacts to the ASF Maven repository (and +from there to Maven Central). (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Switch to Maven Resolver Ant tasks
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 5db7d81 Switch to Maven Resolver Ant tasks 5db7d81 is described below commit 5db7d814d046e8aa39ea2252343fba386a497f2e Author: Mark Thomas AuthorDate: Fri May 29 10:48:54 2020 +0100 Switch to Maven Resolver Ant tasks --- .gitignore | 2 +- build.xml| 2 +- res/maven/mvn-pub.xml| 68 +--- res/maven/mvn.properties.default | 8 ++--- webapps/docs/changelog.xml | 5 +++ 5 files changed, 46 insertions(+), 39 deletions(-) diff --git a/.gitignore b/.gitignore index 9783881..9c34d0d 100644 --- a/.gitignore +++ b/.gitignore @@ -37,7 +37,7 @@ mvn.properties *.asc *.jj *.tmp -maven-ant-tasks-*.jar +maven-resolver-ant-tasks-*.jar thumbs.db Thumbs.db bin/setenv.* diff --git a/build.xml b/build.xml index 3de5a25..b008b2d 100644 --- a/build.xml +++ b/build.xml @@ -2151,7 +2151,7 @@ Apache Tomcat ${version} native binaries for Win64 AMD64/EMT64 platform. - + diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml index 45af1ce..1865989 100644 --- a/res/maven/mvn-pub.xml +++ b/res/maven/mvn-pub.xml @@ -16,7 +16,7 @@ limitations under the License. -->
[tomcat] branch master updated: Switch to Maven Resolver Ant tasks
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 1699a3d Switch to Maven Resolver Ant tasks 1699a3d is described below commit 1699a3db6a6d09ec07b529c8c59f5a70080bdea3 Author: Mark Thomas AuthorDate: Fri May 29 10:48:54 2020 +0100 Switch to Maven Resolver Ant tasks --- .gitignore | 2 +- build.xml| 2 +- res/maven/mvn-pub.xml| 68 +--- res/maven/mvn.properties.default | 8 ++--- webapps/docs/changelog.xml | 5 +++ 5 files changed, 46 insertions(+), 39 deletions(-) diff --git a/.gitignore b/.gitignore index 08b1edc..aa1345f 100644 --- a/.gitignore +++ b/.gitignore @@ -36,7 +36,7 @@ mvn.properties *.asc *.jj *.tmp -maven-ant-tasks-*.jar +maven-resolver-ant-tasks-*.jar thumbs.db Thumbs.db bin/setenv.* diff --git a/build.xml b/build.xml index 0f42f21..4236393 100644 --- a/build.xml +++ b/build.xml @@ -2168,7 +2168,7 @@ Apache Tomcat ${version} native binaries for Win64 AMD64/EMT64 platform. - + diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml index 5a72d72..7a4160a 100644 --- a/res/maven/mvn-pub.xml +++ b/res/maven/mvn-pub.xml @@ -16,7 +16,7 @@ limitations under the License. -->
Re: Maven uploads and hashes
On 29/05/2020 19:42, Michael Osipov wrote: > Am 2020-05-29 um 16:48 schrieb Mark Thomas: >> On 29/05/2020 15:23, Michael Osipov wrote: >>> Am 2020-05-29 um 14:05 schrieb Mark Thomas: Hi, Currently we use the (very old) Maven Ant Tasks to upload files to Nexus. This has a hard-coded feature that adds MD5 and SHA-1 hashes for every uploaded file. It also adds hashes for .asc files. I investigated manually adding .sha256 and .sha512 files. This works, bu the upload process still adds .md5 and .sha1 files for the .sha256 and .sha512 files. This is workable but not ideal. I am currently investigating the possibility of switching to the newer Maven Resolver Ant Tasks. This is a work in progress. It has a LOT more dependencies and the default behaviour is unchanged. I am currently looking at the source to see if the behaviour could be configured. In amongst all of this I had a thought. What if we just made a binary patch to the Maven Ant Tasks to switch it from creating MD5 and SHA-1 hashes to creating SHA-256 and SHA-512 hashes? At first glance this looks to be a small tweak to a single class that should be doable with BCEL (a bit like a very targetted Jakarta Migration Tool). Is this a terrible idea? I wanted to get some feedback on this while I continued to look at the Maven Resolver Ant Tasks. >>> >>> I need to add a few lines here since I maintain Maven Resolver these >>> days. So no need to patch anything, we can work upstream. >>> We have/had these requests recently for SHA-2 family of hashes. What >>> hold me off is that Nexus before 2.14.18 did reject SHA-2 hashes for >>> Central. Moreover, you cannot omit MD5 and SHA-1 for Central because >>> they are mandatory, you won't pass evaluation on repository.a.o. >>> Regarding the JARs, I do use Maven Resolver Ant Tasks too at work to >>> customize Tomcat distributin for several OSes and there is a single JAR >>> you can use: >>> https://repo1.maven.org/maven2/org/apache/maven/resolver/maven-resolver-ant-tasks/1.2.0/maven-resolver-ant-tasks-1.2.0-uber.jar >>> >> >> Ah. I didn't see the uber JAR. That helps a lot. >> >>> I would not recommend committing it due to the size, but simply require >>> it to be in ~/.ant or in ANT_HOME. >> >> Agreed. JARs don't belong in source repos. We can download it on demand. >> >>> When Aether has been adopted from Eclipse, license has also changed from >>> EPL to AL. I see no issues here. >> >> Great. >> >>> WDYT? >> >> Cool. I think we have a possible solution here. >> >> 1. Switch to using the maven-resolver-ant-tasks with the uber JAR. >> >> This gives us the immediate benefit that we won't be generating .asc.md5 >> and .asc.sha1 files. I pretty much have this ready to go. I just need to >> tweak it to use the uber JAR. >> >> 2. Update to a newer version of maven-resolver-ant-tasks when a version >> that adds .sha256 and .sha512 is available. I'd be fine if it added >> .md5, .sha1, .sha256 and .sha512 > > Correct. I have recently updated Resolver. Ant Tasks need some love to > perform again. This is the next point on my list. As soon as a new Ant > Tasks release is out, I will head over to Resolver master and provide > you a branch with a tentative fix for the SHA-2 issue. > > Acceptable? Perfect. Sounds great. I'm just about to update master to Maven Resolver Ant Tasks in preparation. I'll back-port as well. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Maven uploads and hashes
Am 2020-05-29 um 16:48 schrieb Mark Thomas: On 29/05/2020 15:23, Michael Osipov wrote: Am 2020-05-29 um 14:05 schrieb Mark Thomas: Hi, Currently we use the (very old) Maven Ant Tasks to upload files to Nexus. This has a hard-coded feature that adds MD5 and SHA-1 hashes for every uploaded file. It also adds hashes for .asc files. I investigated manually adding .sha256 and .sha512 files. This works, bu the upload process still adds .md5 and .sha1 files for the .sha256 and .sha512 files. This is workable but not ideal. I am currently investigating the possibility of switching to the newer Maven Resolver Ant Tasks. This is a work in progress. It has a LOT more dependencies and the default behaviour is unchanged. I am currently looking at the source to see if the behaviour could be configured. In amongst all of this I had a thought. What if we just made a binary patch to the Maven Ant Tasks to switch it from creating MD5 and SHA-1 hashes to creating SHA-256 and SHA-512 hashes? At first glance this looks to be a small tweak to a single class that should be doable with BCEL (a bit like a very targetted Jakarta Migration Tool). Is this a terrible idea? I wanted to get some feedback on this while I continued to look at the Maven Resolver Ant Tasks. I need to add a few lines here since I maintain Maven Resolver these days. So no need to patch anything, we can work upstream. We have/had these requests recently for SHA-2 family of hashes. What hold me off is that Nexus before 2.14.18 did reject SHA-2 hashes for Central. Moreover, you cannot omit MD5 and SHA-1 for Central because they are mandatory, you won't pass evaluation on repository.a.o. Regarding the JARs, I do use Maven Resolver Ant Tasks too at work to customize Tomcat distributin for several OSes and there is a single JAR you can use: https://repo1.maven.org/maven2/org/apache/maven/resolver/maven-resolver-ant-tasks/1.2.0/maven-resolver-ant-tasks-1.2.0-uber.jar Ah. I didn't see the uber JAR. That helps a lot. I would not recommend committing it due to the size, but simply require it to be in ~/.ant or in ANT_HOME. Agreed. JARs don't belong in source repos. We can download it on demand. When Aether has been adopted from Eclipse, license has also changed from EPL to AL. I see no issues here. Great. WDYT? Cool. I think we have a possible solution here. 1. Switch to using the maven-resolver-ant-tasks with the uber JAR. This gives us the immediate benefit that we won't be generating .asc.md5 and .asc.sha1 files. I pretty much have this ready to go. I just need to tweak it to use the uber JAR. 2. Update to a newer version of maven-resolver-ant-tasks when a version that adds .sha256 and .sha512 is available. I'd be fine if it added .md5, .sha1, .sha256 and .sha512 Correct. I have recently updated Resolver. Ant Tasks need some love to perform again. This is the next point on my list. As soon as a new Ant Tasks release is out, I will head over to Resolver master and provide you a branch with a tentative fix for the SHA-2 issue. Acceptable? - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in on tomcat-85-trunk
The Buildbot has detected a restored build on builder tomcat-85-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-85-trunk/builds/2328 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' triggered this build Build Source Stamp: [branch 8.5.x] c2c4d97e78a1af6ea10f5428e9f790d908099ccc Blamelist: remm Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Skip test for APR
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new c2c4d97 Skip test for APR c2c4d97 is described below commit c2c4d97e78a1af6ea10f5428e9f790d908099ccc Author: remm AuthorDate: Fri May 29 18:56:21 2020 +0200 Skip test for APR --- test/org/apache/tomcat/util/net/TestResolverSSL.java | 4 1 file changed, 4 insertions(+) diff --git a/test/org/apache/tomcat/util/net/TestResolverSSL.java b/test/org/apache/tomcat/util/net/TestResolverSSL.java index 984e261..c17734d 100644 --- a/test/org/apache/tomcat/util/net/TestResolverSSL.java +++ b/test/org/apache/tomcat/util/net/TestResolverSSL.java @@ -22,6 +22,7 @@ import java.io.PrintWriter; import javax.servlet.ServletException; import org.junit.Assert; +import org.junit.Assume; import org.junit.Test; import org.apache.catalina.Container; @@ -38,6 +39,9 @@ public class TestResolverSSL extends TomcatBaseTest { @Test public void testSslEnv() throws Exception { +Assume.assumeTrue("SSL renegotiation has to be supported for this test", +TesterSupport.isRenegotiationSupported(getTomcatInstance())); + Tomcat tomcat = getTomcatInstance(); Container root = tomcat.getHost().findChild(""); root.getPipeline().addValve(new ResolverTestValve()); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in on tomcat-85-trunk
The Buildbot has detected a new failure on builder tomcat-85-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-85-trunk/builds/2327 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' triggered this build Build Source Stamp: [branch 8.5.x] 50081bb317632a4c9db198fad399cc4dc00289eb Blamelist: remm BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in on tomcat-9-trunk
The Buildbot has detected a restored build on builder tomcat-9-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-9-trunk/builds/255 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-9-commit' triggered this build Build Source Stamp: [branch 9.0.x] 13d40ae5156a539a71fa842840ccc9b1569107b9 Blamelist: remm Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64478] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
https://bz.apache.org/bugzilla/show_bug.cgi?id=64478 Mark Thomas changed: What|Removed |Added Resolution|FIXED |INVALID --- Comment #6 from Mark Thomas --- Glad to see you fixed your issue. Restoring the correct status. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/5207 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] d381b0b84a168681944e202a63a294766a11926d Blamelist: remm BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64478] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
https://bz.apache.org/bugzilla/show_bug.cgi?id=64478 Md. Adnan Rashidul Islam changed: What|Removed |Added Resolution|INVALID |FIXED --- Comment #5 from Md. Adnan Rashidul Islam --- Hi Mark, Thanks. We have resolved the issue. The http request has been sent by reverse proxy from HTTP/0.9 protocol with the tailing double pair of RCFL which is not supported by HTTP/1.1. So we have changed the RCFL and then it works. Thanks. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/04: WIP for more TLS env resolution
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit ddc3027029dae386221d355686278dde608c60ee Author: remm AuthorDate: Thu May 28 16:28:19 2020 +0200 WIP for more TLS env resolution Make explicit each missing env value, to help eventual documenting. --- .../catalina/valves/rewrite/ResolverImpl.java | 107 +++-- 1 file changed, 97 insertions(+), 10 deletions(-) diff --git a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java index 8c108ab..b9749e0 100644 --- a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java +++ b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java @@ -16,10 +16,12 @@ */ package org.apache.catalina.valves.rewrite; +import java.io.IOException; import java.nio.charset.Charset; +import java.security.cert.X509Certificate; import java.util.Calendar; +import java.util.concurrent.TimeUnit; -import org.apache.catalina.Globals; import org.apache.catalina.WebResource; import org.apache.catalina.WebResourceRoot; import org.apache.catalina.connector.Request; @@ -135,16 +137,101 @@ public class ResolverImpl extends Resolver { @Override public String resolveSsl(String key) { -if (key.equals("SSL_PROTOCOL")) { -return String.valueOf(request.getAttribute(SSLSupport.PROTOCOL_VERSION_KEY)); -} else if (key.equals("SSL_SESSION_ID")) { -return String.valueOf(request.getAttribute(Globals.SSL_SESSION_ID_ATTR)); -} else if (key.equals("SSL_CIPHER")) { -return String.valueOf(request.getAttribute(Globals.CIPHER_SUITE_ATTR)); -} else if (key.equals("SSL_CIPHER_USEKEYSIZE")) { -return String.valueOf(request.getAttribute(Globals.KEY_SIZE_ATTR)); +SSLSupport sslSupport = (SSLSupport) request.getAttribute(SSLSupport.SESSION_MGR); +try { +// FIXME SSL_SESSION_RESUMED +// FIXME SSL_SECURE_RENEG +// FIXME SSL_CIPHER_EXPORT +// FIXME SSL_CIPHER_ALGKEYSIZE +// FIXME SSL_COMPRESS_METHOD +// FIXME SSL_SRP_USER +// FIXME SSL_SRP_USERINFO +// FIXME SSL_TLS_SNI +if (key.equals("SSL_PROTOCOL")) { +return sslSupport.getProtocol(); +} else if (key.equals("SSL_SESSION_ID")) { +return sslSupport.getSessionId(); +} else if (key.equals("SSL_CIPHER")) { +return sslSupport.getCipherSuite(); +} else if (key.equals("SSL_CIPHER_USEKEYSIZE")) { +return sslSupport.getKeySize().toString(); +} else if (key.startsWith("SSL_CLIENT_")) { +X509Certificate[] certificates = sslSupport.getPeerCertificateChain(); +if (certificates != null && certificates.length > 0) { +key = key.substring("SSL_CLIENT_".length()); +String result = resolveSslCertificates(key, certificates); +if (result != null) { +return result; +} else if (key.startsWith("SAN_OTHER_msUPN_")) { +key = key.substring("SAN_OTHER_msUPN_".length()); +// FIXME return certificates[0].getSubjectAlternativeNames() +} else if (key.equals("CERT_RFC4523_CEA")) { +// FIXME return certificates[0]; +} else if (key.equals("VERIFY")) { +// FIXME return certificates[0]; +} +} +} else if (key.startsWith("SSL_SERVER_")) { +X509Certificate[] certificates = sslSupport.getLocalCertificateChain(); +if (certificates != null && certificates.length > 0) { +key = key.substring("SSL_SERVER_".length()); +String result = resolveSslCertificates(key, certificates); +if (result != null) { +return result; +} else if (key.startsWith("SAN_OTHER_dnsSRV_")) { +key = key.substring("SAN_OTHER_dnsSRV_".length()); +// FIXME return certificates[0].getSubjectAlternativeNames() +} +} +} +} catch (IOException e) { +// TLS access error +} +return null; +} + +private String resolveSslCertificates(String key, X509Certificate[] certificates) { +if (key.equals("M_VERSION")) { +return String.valueOf(certificates[0].getVersion()); +} else if (key.equals("M_SERIAL")) { +return certificates[0].getSerialNumber().toString(); +} else if (key.equals("S_DN")) { +return certificates[0].getSubjectDN().getName(); +} else
[tomcat] 02/04: Implement more of the SSL env
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 7c5f05d9542f77e6d4a9c04d46c64188844c4026 Author: remm AuthorDate: Fri May 29 17:17:51 2020 +0200 Implement more of the SSL env With a test case to see the result. The rest seems difficult to implement. --- .../catalina/valves/rewrite/ResolverImpl.java | 68 +-- .../apache/tomcat/util/net/TestResolverSSL.java| 134 + 2 files changed, 189 insertions(+), 13 deletions(-) diff --git a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java index b9749e0..005c301 100644 --- a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java +++ b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java @@ -18,15 +18,21 @@ package org.apache.catalina.valves.rewrite; import java.io.IOException; import java.nio.charset.Charset; +import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Calendar; +import java.util.Set; import java.util.concurrent.TimeUnit; import org.apache.catalina.WebResource; import org.apache.catalina.WebResourceRoot; import org.apache.catalina.connector.Request; +import org.apache.tomcat.util.codec.binary.Base64; import org.apache.tomcat.util.http.FastHttpDateFormat; import org.apache.tomcat.util.net.SSLSupport; +import org.apache.tomcat.util.net.openssl.ciphers.Cipher; +import org.apache.tomcat.util.net.openssl.ciphers.EncryptionLevel; +import org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser; public class ResolverImpl extends Resolver { @@ -139,20 +145,39 @@ public class ResolverImpl extends Resolver { public String resolveSsl(String key) { SSLSupport sslSupport = (SSLSupport) request.getAttribute(SSLSupport.SESSION_MGR); try { -// FIXME SSL_SESSION_RESUMED -// FIXME SSL_SECURE_RENEG -// FIXME SSL_CIPHER_EXPORT -// FIXME SSL_CIPHER_ALGKEYSIZE -// FIXME SSL_COMPRESS_METHOD +// FIXME SSL_SESSION_RESUMED in SSLHostConfig +// FIXME SSL_SECURE_RENEG in SSLHostConfig +// FIXME SSL_COMPRESS_METHOD in SSLHostConfig +// FIXME SSL_TLS_SNI from handshake // FIXME SSL_SRP_USER // FIXME SSL_SRP_USERINFO -// FIXME SSL_TLS_SNI -if (key.equals("SSL_PROTOCOL")) { +if (key.equals("HTTPS")) { +return String.valueOf(sslSupport != null); +} else if (key.equals("SSL_PROTOCOL")) { return sslSupport.getProtocol(); } else if (key.equals("SSL_SESSION_ID")) { return sslSupport.getSessionId(); } else if (key.equals("SSL_CIPHER")) { return sslSupport.getCipherSuite(); +} else if (key.equals("SSL_CIPHER_EXPORT")) { +String cipherSuite = sslSupport.getCipherSuite(); +Set cipherList = OpenSSLCipherConfigurationParser.parse(cipherSuite); +if (cipherList.size() == 1) { +Cipher cipher = cipherList.iterator().next(); +if (cipher.getLevel().equals(EncryptionLevel.EXP40) +|| cipher.getLevel().equals(EncryptionLevel.EXP56)) { +return "true"; +} else { +return "false"; +} +} +} else if (key.equals("SSL_CIPHER_ALGKEYSIZE")) { +String cipherSuite = sslSupport.getCipherSuite(); +Set cipherList = OpenSSLCipherConfigurationParser.parse(cipherSuite); +if (cipherList.size() == 1) { +Cipher cipher = cipherList.iterator().next(); +return String.valueOf(cipher.getAlg_bits()); +} } else if (key.equals("SSL_CIPHER_USEKEYSIZE")) { return sslSupport.getKeySize().toString(); } else if (key.startsWith("SSL_CLIENT_")) { @@ -166,9 +191,9 @@ public class ResolverImpl extends Resolver { key = key.substring("SAN_OTHER_msUPN_".length()); // FIXME return certificates[0].getSubjectAlternativeNames() } else if (key.equals("CERT_RFC4523_CEA")) { -// FIXME return certificates[0]; +// FIXME return certificates[0] } else if (key.equals("VERIFY")) { -// FIXME return certificates[0]; +// FIXME return verification state } } } else if (key.startsWith("SSL_SERVER_")) { @@ -199,7 +224,7 @@ public class ResolverImpl extends Resolver { return certificate
[tomcat] branch 8.5.x updated (e476a95 -> 50081bb)
This is an automated email from the ASF dual-hosted git repository. remm pushed a change to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from e476a95 Make enums public new ddc3027 WIP for more TLS env resolution new 7c5f05d Implement more of the SSL env new bc89d09 Javax package new 50081bb No access to local certs for 8.5 The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../catalina/valves/rewrite/ResolverImpl.java | 139 +++-- .../apache/tomcat/util/net/TestResolverSSL.java| 134 2 files changed, 263 insertions(+), 10 deletions(-) create mode 100644 test/org/apache/tomcat/util/net/TestResolverSSL.java - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 04/04: No access to local certs for 8.5
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 50081bb317632a4c9db198fad399cc4dc00289eb Author: remm AuthorDate: Fri May 29 17:25:15 2020 +0200 No access to local certs for 8.5 Cannot add the API to SSLSupport, so skipping. --- java/org/apache/catalina/valves/rewrite/ResolverImpl.java | 12 +--- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java index 005c301..1211d4b 100644 --- a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java +++ b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java @@ -197,17 +197,7 @@ public class ResolverImpl extends Resolver { } } } else if (key.startsWith("SSL_SERVER_")) { -X509Certificate[] certificates = sslSupport.getLocalCertificateChain(); -if (certificates != null && certificates.length > 0) { -key = key.substring("SSL_SERVER_".length()); -String result = resolveSslCertificates(key, certificates); -if (result != null) { -return result; -} else if (key.startsWith("SAN_OTHER_dnsSRV_")) { -key = key.substring("SAN_OTHER_dnsSRV_".length()); -// FIXME return certificates[0].getSubjectAlternativeNames() -} -} +// No access to local certificates with 8.5 } } catch (IOException e) { // TLS access error - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 03/04: Javax package
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit bc89d09015640cb963af0af7369c7efbc45df0cd Author: remm AuthorDate: Fri May 29 17:21:25 2020 +0200 Javax package --- test/org/apache/tomcat/util/net/TestResolverSSL.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/org/apache/tomcat/util/net/TestResolverSSL.java b/test/org/apache/tomcat/util/net/TestResolverSSL.java index d58c3bc..984e261 100644 --- a/test/org/apache/tomcat/util/net/TestResolverSSL.java +++ b/test/org/apache/tomcat/util/net/TestResolverSSL.java @@ -19,7 +19,7 @@ package org.apache.tomcat.util.net; import java.io.IOException; import java.io.PrintWriter; -import jakarta.servlet.ServletException; +import javax.servlet.ServletException; import org.junit.Assert; import org.junit.Test; - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 03/03: Javax package
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 13d40ae5156a539a71fa842840ccc9b1569107b9 Author: remm AuthorDate: Fri May 29 17:21:25 2020 +0200 Javax package --- test/org/apache/tomcat/util/net/TestResolverSSL.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/org/apache/tomcat/util/net/TestResolverSSL.java b/test/org/apache/tomcat/util/net/TestResolverSSL.java index d58c3bc..984e261 100644 --- a/test/org/apache/tomcat/util/net/TestResolverSSL.java +++ b/test/org/apache/tomcat/util/net/TestResolverSSL.java @@ -19,7 +19,7 @@ package org.apache.tomcat.util.net; import java.io.IOException; import java.io.PrintWriter; -import jakarta.servlet.ServletException; +import javax.servlet.ServletException; import org.junit.Assert; import org.junit.Test; - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/03: Implement more of the SSL env
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 67c77a65c581376b755d8dac4f127c5f3aa1cc47 Author: remm AuthorDate: Fri May 29 17:17:51 2020 +0200 Implement more of the SSL env With a test case to see the result. The rest seems difficult to implement. --- .../catalina/valves/rewrite/ResolverImpl.java | 68 +-- .../apache/tomcat/util/net/TestResolverSSL.java| 134 + 2 files changed, 189 insertions(+), 13 deletions(-) diff --git a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java index ea44acc..51566f0 100644 --- a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java +++ b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java @@ -18,15 +18,21 @@ package org.apache.catalina.valves.rewrite; import java.io.IOException; import java.nio.charset.Charset; +import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Calendar; +import java.util.Set; import java.util.concurrent.TimeUnit; import org.apache.catalina.WebResource; import org.apache.catalina.WebResourceRoot; import org.apache.catalina.connector.Request; +import org.apache.tomcat.util.codec.binary.Base64; import org.apache.tomcat.util.http.FastHttpDateFormat; import org.apache.tomcat.util.net.SSLSupport; +import org.apache.tomcat.util.net.openssl.ciphers.Cipher; +import org.apache.tomcat.util.net.openssl.ciphers.EncryptionLevel; +import org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser; public class ResolverImpl extends Resolver { @@ -139,20 +145,39 @@ public class ResolverImpl extends Resolver { public String resolveSsl(String key) { SSLSupport sslSupport = (SSLSupport) request.getAttribute(SSLSupport.SESSION_MGR); try { -// FIXME SSL_SESSION_RESUMED -// FIXME SSL_SECURE_RENEG -// FIXME SSL_CIPHER_EXPORT -// FIXME SSL_CIPHER_ALGKEYSIZE -// FIXME SSL_COMPRESS_METHOD +// FIXME SSL_SESSION_RESUMED in SSLHostConfig +// FIXME SSL_SECURE_RENEG in SSLHostConfig +// FIXME SSL_COMPRESS_METHOD in SSLHostConfig +// FIXME SSL_TLS_SNI from handshake // FIXME SSL_SRP_USER // FIXME SSL_SRP_USERINFO -// FIXME SSL_TLS_SNI -if (key.equals("SSL_PROTOCOL")) { +if (key.equals("HTTPS")) { +return String.valueOf(sslSupport != null); +} else if (key.equals("SSL_PROTOCOL")) { return sslSupport.getProtocol(); } else if (key.equals("SSL_SESSION_ID")) { return sslSupport.getSessionId(); } else if (key.equals("SSL_CIPHER")) { return sslSupport.getCipherSuite(); +} else if (key.equals("SSL_CIPHER_EXPORT")) { +String cipherSuite = sslSupport.getCipherSuite(); +Set cipherList = OpenSSLCipherConfigurationParser.parse(cipherSuite); +if (cipherList.size() == 1) { +Cipher cipher = cipherList.iterator().next(); +if (cipher.getLevel().equals(EncryptionLevel.EXP40) +|| cipher.getLevel().equals(EncryptionLevel.EXP56)) { +return "true"; +} else { +return "false"; +} +} +} else if (key.equals("SSL_CIPHER_ALGKEYSIZE")) { +String cipherSuite = sslSupport.getCipherSuite(); +Set cipherList = OpenSSLCipherConfigurationParser.parse(cipherSuite); +if (cipherList.size() == 1) { +Cipher cipher = cipherList.iterator().next(); +return String.valueOf(cipher.getAlg_bits()); +} } else if (key.equals("SSL_CIPHER_USEKEYSIZE")) { return sslSupport.getKeySize().toString(); } else if (key.startsWith("SSL_CLIENT_")) { @@ -166,9 +191,9 @@ public class ResolverImpl extends Resolver { key = key.substring("SAN_OTHER_msUPN_".length()); // FIXME return certificates[0].getSubjectAlternativeNames() } else if (key.equals("CERT_RFC4523_CEA")) { -// FIXME return certificates[0]; +// FIXME return certificates[0] } else if (key.equals("VERIFY")) { -// FIXME return certificates[0]; +// FIXME return verification state } } } else if (key.startsWith("SSL_SERVER_")) { @@ -199,7 +224,7 @@ public class ResolverImpl extends Resolver { return certificate
[tomcat] 01/03: WIP for more TLS env resolution
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 567492f2c0f346737724ebbc7d410050dc699bc4 Author: remm AuthorDate: Thu May 28 16:28:19 2020 +0200 WIP for more TLS env resolution Make explicit each missing env value, to help eventual documenting. --- .../catalina/valves/rewrite/ResolverImpl.java | 107 +++-- 1 file changed, 97 insertions(+), 10 deletions(-) diff --git a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java index 1ae6600..ea44acc 100644 --- a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java +++ b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java @@ -16,10 +16,12 @@ */ package org.apache.catalina.valves.rewrite; +import java.io.IOException; import java.nio.charset.Charset; +import java.security.cert.X509Certificate; import java.util.Calendar; +import java.util.concurrent.TimeUnit; -import org.apache.catalina.Globals; import org.apache.catalina.WebResource; import org.apache.catalina.WebResourceRoot; import org.apache.catalina.connector.Request; @@ -135,16 +137,101 @@ public class ResolverImpl extends Resolver { @Override public String resolveSsl(String key) { -if (key.equals("SSL_PROTOCOL")) { -return String.valueOf(request.getAttribute(SSLSupport.PROTOCOL_VERSION_KEY)); -} else if (key.equals("SSL_SESSION_ID")) { -return String.valueOf(request.getAttribute(Globals.SSL_SESSION_ID_ATTR)); -} else if (key.equals("SSL_CIPHER")) { -return String.valueOf(request.getAttribute(Globals.CIPHER_SUITE_ATTR)); -} else if (key.equals("SSL_CIPHER_USEKEYSIZE")) { -return String.valueOf(request.getAttribute(Globals.KEY_SIZE_ATTR)); +SSLSupport sslSupport = (SSLSupport) request.getAttribute(SSLSupport.SESSION_MGR); +try { +// FIXME SSL_SESSION_RESUMED +// FIXME SSL_SECURE_RENEG +// FIXME SSL_CIPHER_EXPORT +// FIXME SSL_CIPHER_ALGKEYSIZE +// FIXME SSL_COMPRESS_METHOD +// FIXME SSL_SRP_USER +// FIXME SSL_SRP_USERINFO +// FIXME SSL_TLS_SNI +if (key.equals("SSL_PROTOCOL")) { +return sslSupport.getProtocol(); +} else if (key.equals("SSL_SESSION_ID")) { +return sslSupport.getSessionId(); +} else if (key.equals("SSL_CIPHER")) { +return sslSupport.getCipherSuite(); +} else if (key.equals("SSL_CIPHER_USEKEYSIZE")) { +return sslSupport.getKeySize().toString(); +} else if (key.startsWith("SSL_CLIENT_")) { +X509Certificate[] certificates = sslSupport.getPeerCertificateChain(); +if (certificates != null && certificates.length > 0) { +key = key.substring("SSL_CLIENT_".length()); +String result = resolveSslCertificates(key, certificates); +if (result != null) { +return result; +} else if (key.startsWith("SAN_OTHER_msUPN_")) { +key = key.substring("SAN_OTHER_msUPN_".length()); +// FIXME return certificates[0].getSubjectAlternativeNames() +} else if (key.equals("CERT_RFC4523_CEA")) { +// FIXME return certificates[0]; +} else if (key.equals("VERIFY")) { +// FIXME return certificates[0]; +} +} +} else if (key.startsWith("SSL_SERVER_")) { +X509Certificate[] certificates = sslSupport.getLocalCertificateChain(); +if (certificates != null && certificates.length > 0) { +key = key.substring("SSL_SERVER_".length()); +String result = resolveSslCertificates(key, certificates); +if (result != null) { +return result; +} else if (key.startsWith("SAN_OTHER_dnsSRV_")) { +key = key.substring("SAN_OTHER_dnsSRV_".length()); +// FIXME return certificates[0].getSubjectAlternativeNames() +} +} +} +} catch (IOException e) { +// TLS access error +} +return null; +} + +private String resolveSslCertificates(String key, X509Certificate[] certificates) { +if (key.equals("M_VERSION")) { +return String.valueOf(certificates[0].getVersion()); +} else if (key.equals("M_SERIAL")) { +return certificates[0].getSerialNumber().toString(); +} else if (key.equals("S_DN")) { +return certificates[0].getSubjectDN().getName(); +} else
[tomcat] branch 9.0.x updated (1fffbd9 -> 13d40ae)
This is an automated email from the ASF dual-hosted git repository. remm pushed a change to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 1fffbd9 Make enums public new 567492f WIP for more TLS env resolution new 67c77a6 Implement more of the SSL env new 13d40ae Javax package The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../catalina/valves/rewrite/ResolverImpl.java | 149 +++-- .../apache/tomcat/util/net/TestResolverSSL.java| 134 ++ 2 files changed, 273 insertions(+), 10 deletions(-) create mode 100644 test/org/apache/tomcat/util/net/TestResolverSSL.java - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Implement more of the SSL env
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new d381b0b Implement more of the SSL env d381b0b is described below commit d381b0b84a168681944e202a63a294766a11926d Author: remm AuthorDate: Fri May 29 17:17:51 2020 +0200 Implement more of the SSL env With a test case to see the result. The rest seems difficult to implement. --- .../catalina/valves/rewrite/ResolverImpl.java | 68 +-- .../apache/tomcat/util/net/TestResolverSSL.java| 134 + 2 files changed, 189 insertions(+), 13 deletions(-) diff --git a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java index ea44acc..51566f0 100644 --- a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java +++ b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java @@ -18,15 +18,21 @@ package org.apache.catalina.valves.rewrite; import java.io.IOException; import java.nio.charset.Charset; +import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Calendar; +import java.util.Set; import java.util.concurrent.TimeUnit; import org.apache.catalina.WebResource; import org.apache.catalina.WebResourceRoot; import org.apache.catalina.connector.Request; +import org.apache.tomcat.util.codec.binary.Base64; import org.apache.tomcat.util.http.FastHttpDateFormat; import org.apache.tomcat.util.net.SSLSupport; +import org.apache.tomcat.util.net.openssl.ciphers.Cipher; +import org.apache.tomcat.util.net.openssl.ciphers.EncryptionLevel; +import org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser; public class ResolverImpl extends Resolver { @@ -139,20 +145,39 @@ public class ResolverImpl extends Resolver { public String resolveSsl(String key) { SSLSupport sslSupport = (SSLSupport) request.getAttribute(SSLSupport.SESSION_MGR); try { -// FIXME SSL_SESSION_RESUMED -// FIXME SSL_SECURE_RENEG -// FIXME SSL_CIPHER_EXPORT -// FIXME SSL_CIPHER_ALGKEYSIZE -// FIXME SSL_COMPRESS_METHOD +// FIXME SSL_SESSION_RESUMED in SSLHostConfig +// FIXME SSL_SECURE_RENEG in SSLHostConfig +// FIXME SSL_COMPRESS_METHOD in SSLHostConfig +// FIXME SSL_TLS_SNI from handshake // FIXME SSL_SRP_USER // FIXME SSL_SRP_USERINFO -// FIXME SSL_TLS_SNI -if (key.equals("SSL_PROTOCOL")) { +if (key.equals("HTTPS")) { +return String.valueOf(sslSupport != null); +} else if (key.equals("SSL_PROTOCOL")) { return sslSupport.getProtocol(); } else if (key.equals("SSL_SESSION_ID")) { return sslSupport.getSessionId(); } else if (key.equals("SSL_CIPHER")) { return sslSupport.getCipherSuite(); +} else if (key.equals("SSL_CIPHER_EXPORT")) { +String cipherSuite = sslSupport.getCipherSuite(); +Set cipherList = OpenSSLCipherConfigurationParser.parse(cipherSuite); +if (cipherList.size() == 1) { +Cipher cipher = cipherList.iterator().next(); +if (cipher.getLevel().equals(EncryptionLevel.EXP40) +|| cipher.getLevel().equals(EncryptionLevel.EXP56)) { +return "true"; +} else { +return "false"; +} +} +} else if (key.equals("SSL_CIPHER_ALGKEYSIZE")) { +String cipherSuite = sslSupport.getCipherSuite(); +Set cipherList = OpenSSLCipherConfigurationParser.parse(cipherSuite); +if (cipherList.size() == 1) { +Cipher cipher = cipherList.iterator().next(); +return String.valueOf(cipher.getAlg_bits()); +} } else if (key.equals("SSL_CIPHER_USEKEYSIZE")) { return sslSupport.getKeySize().toString(); } else if (key.startsWith("SSL_CLIENT_")) { @@ -166,9 +191,9 @@ public class ResolverImpl extends Resolver { key = key.substring("SAN_OTHER_msUPN_".length()); // FIXME return certificates[0].getSubjectAlternativeNames() } else if (key.equals("CERT_RFC4523_CEA")) { -// FIXME return certificates[0]; +// FIXME return certificates[0] } else if (key.equals("VERIFY")) { -// FIXME return certificates[0]; +// FIXME return verification state } }
Re: Maven uploads and hashes
On 29/05/2020 15:23, Michael Osipov wrote: > Am 2020-05-29 um 14:05 schrieb Mark Thomas: >> Hi, >> >> Currently we use the (very old) Maven Ant Tasks to upload files to >> Nexus. This has a hard-coded feature that adds MD5 and SHA-1 hashes for >> every uploaded file. It also adds hashes for .asc files. >> >> I investigated manually adding .sha256 and .sha512 files. This works, bu >> the upload process still adds .md5 and .sha1 files for the .sha256 and >> .sha512 files. This is workable but not ideal. >> >> I am currently investigating the possibility of switching to the newer >> Maven Resolver Ant Tasks. This is a work in progress. It has a LOT more >> dependencies and the default behaviour is unchanged. I am currently >> looking at the source to see if the behaviour could be configured. >> >> In amongst all of this I had a thought. What if we just made a binary >> patch to the Maven Ant Tasks to switch it from creating MD5 and SHA-1 >> hashes to creating SHA-256 and SHA-512 hashes? At first glance this >> looks to be a small tweak to a single class that should be doable with >> BCEL (a bit like a very targetted Jakarta Migration Tool). Is this a >> terrible idea? I wanted to get some feedback on this while I continued >> to look at the Maven Resolver Ant Tasks. > > I need to add a few lines here since I maintain Maven Resolver these > days. So no need to patch anything, we can work upstream. > We have/had these requests recently for SHA-2 family of hashes. What > hold me off is that Nexus before 2.14.18 did reject SHA-2 hashes for > Central. Moreover, you cannot omit MD5 and SHA-1 for Central because > they are mandatory, you won't pass evaluation on repository.a.o. > Regarding the JARs, I do use Maven Resolver Ant Tasks too at work to > customize Tomcat distributin for several OSes and there is a single JAR > you can use: > https://repo1.maven.org/maven2/org/apache/maven/resolver/maven-resolver-ant-tasks/1.2.0/maven-resolver-ant-tasks-1.2.0-uber.jar Ah. I didn't see the uber JAR. That helps a lot. > I would not recommend committing it due to the size, but simply require > it to be in ~/.ant or in ANT_HOME. Agreed. JARs don't belong in source repos. We can download it on demand. > When Aether has been adopted from Eclipse, license has also changed from > EPL to AL. I see no issues here. Great. > WDYT? Cool. I think we have a possible solution here. 1. Switch to using the maven-resolver-ant-tasks with the uber JAR. This gives us the immediate benefit that we won't be generating .asc.md5 and .asc.sha1 files. I pretty much have this ready to go. I just need to tweak it to use the uber JAR. 2. Update to a newer version of maven-resolver-ant-tasks when a version that adds .sha256 and .sha512 is available. I'd be fine if it added .md5, .sha1, .sha256 and .sha512 Job done. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64442] Re-use roles and groups defined on users on MemoryUserDatabase creation
https://bz.apache.org/bugzilla/show_bug.cgi?id=64442 --- Comment #16 from Mark Thomas --- Do you want to commit this change before I tag the next release next week? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Maven uploads and hashes
Am 2020-05-29 um 14:05 schrieb Mark Thomas: Hi, Currently we use the (very old) Maven Ant Tasks to upload files to Nexus. This has a hard-coded feature that adds MD5 and SHA-1 hashes for every uploaded file. It also adds hashes for .asc files. I investigated manually adding .sha256 and .sha512 files. This works, bu the upload process still adds .md5 and .sha1 files for the .sha256 and .sha512 files. This is workable but not ideal. I am currently investigating the possibility of switching to the newer Maven Resolver Ant Tasks. This is a work in progress. It has a LOT more dependencies and the default behaviour is unchanged. I am currently looking at the source to see if the behaviour could be configured. In amongst all of this I had a thought. What if we just made a binary patch to the Maven Ant Tasks to switch it from creating MD5 and SHA-1 hashes to creating SHA-256 and SHA-512 hashes? At first glance this looks to be a small tweak to a single class that should be doable with BCEL (a bit like a very targetted Jakarta Migration Tool). Is this a terrible idea? I wanted to get some feedback on this while I continued to look at the Maven Resolver Ant Tasks. I need to add a few lines here since I maintain Maven Resolver these days. So no need to patch anything, we can work upstream. We have/had these requests recently for SHA-2 family of hashes. What hold me off is that Nexus before 2.14.18 did reject SHA-2 hashes for Central. Moreover, you cannot omit MD5 and SHA-1 for Central because they are mandatory, you won't pass evaluation on repository.a.o. Regarding the JARs, I do use Maven Resolver Ant Tasks too at work to customize Tomcat distributin for several OSes and there is a single JAR you can use: https://repo1.maven.org/maven2/org/apache/maven/resolver/maven-resolver-ant-tasks/1.2.0/maven-resolver-ant-tasks-1.2.0-uber.jar I would not recommend committing it due to the size, but simply require it to be in ~/.ant or in ANT_HOME. When Aether has been adopted from Eclipse, license has also changed from EPL to AL. I see no issues here. WDYT? - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Maven uploads and hashes
On 29/05/2020 13:05, Mark Thomas wrote: > Hi, > > Currently we use the (very old) Maven Ant Tasks to upload files to > Nexus. This has a hard-coded feature that adds MD5 and SHA-1 hashes for > every uploaded file. It also adds hashes for .asc files. > > I investigated manually adding .sha256 and .sha512 files. This works, bu > the upload process still adds .md5 and .sha1 files for the .sha256 and > .sha512 files. This is workable but not ideal. > > I am currently investigating the possibility of switching to the newer > Maven Resolver Ant Tasks. This is a work in progress. It has a LOT more > dependencies and the default behaviour is unchanged. I am currently > looking at the source to see if the behaviour could be configured. > > In amongst all of this I had a thought. What if we just made a binary > patch to the Maven Ant Tasks to switch it from creating MD5 and SHA-1 > hashes to creating SHA-256 and SHA-512 hashes? At first glance this > looks to be a small tweak to a single class that should be doable with > BCEL (a bit like a very targetted Jakarta Migration Tool). Is this a > terrible idea? I wanted to get some feedback on this while I continued > to look at the Maven Resolver Ant Tasks. A little more information with a summary. Maven Ant Tasks - single JAR - creates hashes for .asc, sha256 and sha512 files if added manually - hard coded to MD5 and SHA-1 - relevant code is ALv2 licensed (and ASF owned) so modification is trivial Maven Resolver Ant Tasks - multiple (10s?) JARs - doesn't create hashes for .asc files (by default) - creates hashes for sha256 and sha512 files if added manually - hard coded to MD5 and SHA-1 - relevant code (Eclipse Aether) is EPL 1.0 licensed which makes it category B and therefore trickier for us to modify Both approaches are either deprecated /retired or depend on deprecated / retired components. I'm continuing to look for other options. Next up the Nexus Staging Ant Tasks. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Maven uploads and hashes
Hi, Currently we use the (very old) Maven Ant Tasks to upload files to Nexus. This has a hard-coded feature that adds MD5 and SHA-1 hashes for every uploaded file. It also adds hashes for .asc files. I investigated manually adding .sha256 and .sha512 files. This works, bu the upload process still adds .md5 and .sha1 files for the .sha256 and .sha512 files. This is workable but not ideal. I am currently investigating the possibility of switching to the newer Maven Resolver Ant Tasks. This is a work in progress. It has a LOT more dependencies and the default behaviour is unchanged. I am currently looking at the source to see if the behaviour could be configured. In amongst all of this I had a thought. What if we just made a binary patch to the Maven Ant Tasks to switch it from creating MD5 and SHA-1 hashes to creating SHA-256 and SHA-512 hashes? At first glance this looks to be a small tweak to a single class that should be doable with BCEL (a bit like a very targetted Jakarta Migration Tool). Is this a terrible idea? I wanted to get some feedback on this while I continued to look at the Maven Resolver Ant Tasks. Thoughts? Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in on tomcat-9-trunk
The Buildbot has detected a new failure on builder tomcat-9-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-9-trunk/builds/254 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-9-commit' triggered this build Build Source Stamp: [branch 9.0.x] 1fffbd907262a13425293a60f9b64b6293b0865e Blamelist: remm BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/5206 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] 019ddc3080bf76c0231eebc39deff5f10f3aaad3 Blamelist: remm Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Make enums public
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 1fffbd9 Make enums public 1fffbd9 is described below commit 1fffbd907262a13425293a60f9b64b6293b0865e Author: remm AuthorDate: Fri May 29 11:34:54 2020 +0200 Make enums public Otherwise, the Cipher public methods are actually not fully usable. --- java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java | 2 +- java/org/apache/tomcat/util/net/openssl/ciphers/EncryptionLevel.java | 2 +- java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java | 2 +- java/org/apache/tomcat/util/net/openssl/ciphers/MessageDigest.java | 2 +- java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java| 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java b/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java index 09aa32f..7bf5df4 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java @@ -17,7 +17,7 @@ package org.apache.tomcat.util.net.openssl.ciphers; -enum Encryption { +public enum Encryption { AES128, AES128CCM, AES128CCM8, diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/EncryptionLevel.java b/java/org/apache/tomcat/util/net/openssl/ciphers/EncryptionLevel.java index 466828a..209b8d3 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/EncryptionLevel.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/EncryptionLevel.java @@ -17,7 +17,7 @@ package org.apache.tomcat.util.net.openssl.ciphers; -enum EncryptionLevel { +public enum EncryptionLevel { STRONG_NONE, EXP40, EXP56, diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java b/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java index 03f28d9..3b0157b 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java @@ -17,7 +17,7 @@ package org.apache.tomcat.util.net.openssl.ciphers; -enum KeyExchange { +public enum KeyExchange { EECDH /* SSL_kEECDH - ephemeral ECDH */, RSA /* SSL_kRSA - RSA key exchange */, DHr /* SSL_kDHr - DH cert, RSA CA cert */ /* no such ciphersuites supported! */, diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/MessageDigest.java b/java/org/apache/tomcat/util/net/openssl/ciphers/MessageDigest.java index 967930a..36d63dc 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/MessageDigest.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/MessageDigest.java @@ -17,7 +17,7 @@ package org.apache.tomcat.util.net.openssl.ciphers; -enum MessageDigest { +public enum MessageDigest { MD5, SHA1, GOST94, diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java b/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java index 530579d..4b4b801 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java @@ -19,7 +19,7 @@ package org.apache.tomcat.util.net.openssl.ciphers; import org.apache.tomcat.util.net.Constants; -enum Protocol { +public enum Protocol { SSLv3(Constants.SSL_PROTO_SSLv3), SSLv2(Constants.SSL_PROTO_SSLv2), - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Make enums public
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new e476a95 Make enums public e476a95 is described below commit e476a95406af3f9b0c3c952ed18dec6848a5c4c0 Author: remm AuthorDate: Fri May 29 11:34:54 2020 +0200 Make enums public Otherwise, the Cipher public methods are actually not fully usable. --- java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java | 2 +- java/org/apache/tomcat/util/net/openssl/ciphers/EncryptionLevel.java | 2 +- java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java | 2 +- java/org/apache/tomcat/util/net/openssl/ciphers/MessageDigest.java | 2 +- java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java| 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java b/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java index 09aa32f..7bf5df4 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java @@ -17,7 +17,7 @@ package org.apache.tomcat.util.net.openssl.ciphers; -enum Encryption { +public enum Encryption { AES128, AES128CCM, AES128CCM8, diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/EncryptionLevel.java b/java/org/apache/tomcat/util/net/openssl/ciphers/EncryptionLevel.java index 466828a..209b8d3 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/EncryptionLevel.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/EncryptionLevel.java @@ -17,7 +17,7 @@ package org.apache.tomcat.util.net.openssl.ciphers; -enum EncryptionLevel { +public enum EncryptionLevel { STRONG_NONE, EXP40, EXP56, diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java b/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java index 03f28d9..3b0157b 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java @@ -17,7 +17,7 @@ package org.apache.tomcat.util.net.openssl.ciphers; -enum KeyExchange { +public enum KeyExchange { EECDH /* SSL_kEECDH - ephemeral ECDH */, RSA /* SSL_kRSA - RSA key exchange */, DHr /* SSL_kDHr - DH cert, RSA CA cert */ /* no such ciphersuites supported! */, diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/MessageDigest.java b/java/org/apache/tomcat/util/net/openssl/ciphers/MessageDigest.java index 967930a..36d63dc 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/MessageDigest.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/MessageDigest.java @@ -17,7 +17,7 @@ package org.apache.tomcat.util.net.openssl.ciphers; -enum MessageDigest { +public enum MessageDigest { MD5, SHA1, GOST94, diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java b/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java index 530579d..4b4b801 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java @@ -19,7 +19,7 @@ package org.apache.tomcat.util.net.openssl.ciphers; import org.apache.tomcat.util.net.Constants; -enum Protocol { +public enum Protocol { SSLv3(Constants.SSL_PROTO_SSLv3), SSLv2(Constants.SSL_PROTO_SSLv2), - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Make enums public
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 019ddc3 Make enums public 019ddc3 is described below commit 019ddc3080bf76c0231eebc39deff5f10f3aaad3 Author: remm AuthorDate: Fri May 29 11:34:54 2020 +0200 Make enums public Otherwise, the Cipher public methods are actually not fully usable. --- java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java | 2 +- java/org/apache/tomcat/util/net/openssl/ciphers/EncryptionLevel.java | 2 +- java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java | 2 +- java/org/apache/tomcat/util/net/openssl/ciphers/MessageDigest.java | 2 +- java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java| 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java b/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java index 09aa32f..7bf5df4 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/Encryption.java @@ -17,7 +17,7 @@ package org.apache.tomcat.util.net.openssl.ciphers; -enum Encryption { +public enum Encryption { AES128, AES128CCM, AES128CCM8, diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/EncryptionLevel.java b/java/org/apache/tomcat/util/net/openssl/ciphers/EncryptionLevel.java index 466828a..209b8d3 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/EncryptionLevel.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/EncryptionLevel.java @@ -17,7 +17,7 @@ package org.apache.tomcat.util.net.openssl.ciphers; -enum EncryptionLevel { +public enum EncryptionLevel { STRONG_NONE, EXP40, EXP56, diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java b/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java index 03f28d9..3b0157b 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/KeyExchange.java @@ -17,7 +17,7 @@ package org.apache.tomcat.util.net.openssl.ciphers; -enum KeyExchange { +public enum KeyExchange { EECDH /* SSL_kEECDH - ephemeral ECDH */, RSA /* SSL_kRSA - RSA key exchange */, DHr /* SSL_kDHr - DH cert, RSA CA cert */ /* no such ciphersuites supported! */, diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/MessageDigest.java b/java/org/apache/tomcat/util/net/openssl/ciphers/MessageDigest.java index 967930a..36d63dc 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/MessageDigest.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/MessageDigest.java @@ -17,7 +17,7 @@ package org.apache.tomcat.util.net.openssl.ciphers; -enum MessageDigest { +public enum MessageDigest { MD5, SHA1, GOST94, diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java b/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java index 530579d..4b4b801 100644 --- a/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java +++ b/java/org/apache/tomcat/util/net/openssl/ciphers/Protocol.java @@ -19,7 +19,7 @@ package org.apache.tomcat.util.net.openssl.ciphers; import org.apache.tomcat.util.net.Constants; -enum Protocol { +public enum Protocol { SSLv3(Constants.SSL_PROTO_SSLv3), SSLv2(Constants.SSL_PROTO_SSLv2), - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org