You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@kudu.apache.org by gr...@apache.org on 2020/04/06 22:54:42 UTC

[kudu] branch master updated (5432d31 -> 53fb945)

This is an automated email from the ASF dual-hosted git repository.

granthenke pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git.


    from 5432d31  KUDU-3099: Remove System.exit() calls from KuduBackup/KuduRestore
     new 5bc210b  [security] KUDU-3106 update on getEndpointChannelBindings()
     new 53fb945  [docker] Fix the docker thirdparty build

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 docker/Dockerfile                                                    | 2 ++
 .../kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java | 5 +++--
 2 files changed, 5 insertions(+), 2 deletions(-)

[kudu] 02/02: [docker] Fix the docker thirdparty build

Posted by gr...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

granthenke pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git

commit 53fb9459599fa55cbc095fd37202e93e1f279018
Author: Grant Henke <gr...@apache.org>
AuthorDate: Mon Apr 6 12:19:23 2020 -0500

    [docker] Fix the docker thirdparty build
    
    After 458e6ce, the docker thirdparty build was failing because
    `/build-support/ccache-clang` was not available in the thirdparty image.
    
    I tested this fix by running builds based on ubuntu:xenial, centos:6,
    and centos:7 base images.
    
    Change-Id: If25d7b07db4cc20de53b70fe0ab097be6f3756ed
    Reviewed-on: http://gerrit.cloudera.org:8080/15659
    Tested-by: Kudu Jenkins
    Reviewed-by: Andrew Wong <aw...@cloudera.com>
---
 docker/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 6f2eadf..6afcc0d 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -105,6 +105,8 @@ COPY ./thirdparty thirdparty
 COPY ./build-support/enable_devtoolset.sh \
   ./build-support/enable_devtoolset_inner.sh \
   build-support/
+COPY ./build-support/ccache-clang build-support/ccache-clang
+COPY ./build-support/ccache-devtoolset-3 build-support/ccache-devtoolset-3
 RUN build-support/enable_devtoolset.sh \
   thirdparty/build-if-necessary.sh \
   # Remove the files left behind that we don't need.

[kudu] 01/02: [security] KUDU-3106 update on getEndpointChannelBindings()

Posted by gr...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

granthenke pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git

commit 5bc210ba7d1243f31c2fa211faefad707f9d286d
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Mon Apr 6 14:15:11 2020 -0700

    [security] KUDU-3106 update on getEndpointChannelBindings()
    
    Fixed an issue with SecurityUtil::getEndpointChannelBindings() when Java
    security provider converts the certificate signature algorithm's name
    to the upper case.  At least, the upper-case conversion behavior was
    observed when using BouncyCastle 1.65.
    
    Change-Id: Ia788d6d72cfee7958e9db7293740aa22ede8fabd
    Reviewed-on: http://gerrit.cloudera.org:8080/15664
    Tested-by: Kudu Jenkins
    Reviewed-by: Grant Henke <gr...@apache.org>
---
 .../kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java b/java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java
index cab4f1f..11e2cfc 100644
--- a/java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java
+++ b/java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java
@@ -138,12 +138,13 @@ public abstract class SecurityUtil {
         "can only handle X509 certs");
     X509Certificate x509 = (X509Certificate)cert;
     String sigAlg = x509.getSigAlgName();
+    String sigAlgUpper = sigAlg.toUpperCase(Locale.ENGLISH);
 
     // The signature algorithm name is a string like 'SHA256withRSA'.
     // There's no API available to actually find just the digest algorithm,
     // so we resort to some hackery.
-    String[] components = sigAlg.split("with", 2);
-    String digestAlg = CERT_DIGEST_TO_MESSAGE_DIGEST.get(components[0].toUpperCase(Locale.ENGLISH));
+    String[] components = sigAlgUpper.split("WITH", 2);
+    String digestAlg = CERT_DIGEST_TO_MESSAGE_DIGEST.get(components[0]);
     if (digestAlg == null) {
       // RFC 5929: if the certificate's signatureAlgorithm uses no hash functions or
       // uses multiple hash functions, then this channel binding type's channel