You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by tw...@apache.org on 2023/04/15 14:47:48 UTC
[mina-sshd] branch master updated: [releng] OSGi: Ensure the BC security provider can be found
This is an automated email from the ASF dual-hosted git repository.
twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
The following commit(s) were added to refs/heads/master by this push:
new f06217f62 [releng] OSGi: Ensure the BC security provider can be found
f06217f62 is described below
commit f06217f62651effc1fb38a98c3ff89a667570c33
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Sat Apr 15 15:10:44 2023 +0200
[releng] OSGi: Ensure the BC security provider can be found
BouncyCastleSecurityProviderRegistrar references the BC security
provider only reflectively. It lives in a package that is not
referenced explicitly anywhere.
To be able to find org.bouncycastle.jce.provider.BouncyCastleProvider,
the package must be on the bundle classpath in OSGi. It wasn't, since
there was no "normal" reference to it.
Add an optional dependency explicitly in the generated MANIFEST.MF of
sshd-osgi.
---
pom.xml | 2 ++
sshd-osgi/pom.xml | 13 +++++++++++++
2 files changed, 15 insertions(+)
diff --git a/pom.xml b/pom.xml
index 2b4a23ff2..19b8f5495 100644
--- a/pom.xml
+++ b/pom.xml
@@ -134,6 +134,7 @@
<sshd.tests.rerun.count>2</sshd.tests.rerun.count>
<dependency.download.silent>true</dependency.download.silent>
+ <bnd.extraImports># A comment indicates 'none'</bnd.extraImports>
</properties>
<profiles>
@@ -1476,6 +1477,7 @@
<Import-Package><![CDATA[
org.apache.sshd*;version="$<range;[===,=+);$<maven_version;${project.version}>>",
org.slf4j*;version="$<range;[==,${slf4j.upper.bound})>",
+ ${bnd.extraImports}
*
]]></Import-Package>
<Export-Package>*;-noimport:=true</Export-Package>
diff --git a/sshd-osgi/pom.xml b/sshd-osgi/pom.xml
index 7cb664109..0e3142656 100644
--- a/sshd-osgi/pom.xml
+++ b/sshd-osgi/pom.xml
@@ -34,6 +34,19 @@
<properties>
<projectRoot>${project.basedir}/..</projectRoot>
+ <!--
+ The BC security provider class resides in a package that is referenced nowhere, except reflectively in the BouncyCastleSecurityRegistrar.
+ The (optional) package import will thus be missing in the generated MANIFEST.MF. However, the BouncyCastleSecurityRegistrar expects to find
+ class org.bouncycastle.jce.provider.BouncyCastleProvider on the classpath; otherwise its isSupported() returns false and Bouncycastle is
+ considered not available.
+
+ However, in OSGi the package will not be on the bundle classpath if there is no Import-Package for it. (And using a Require-Bundle would restrict
+ bundle wiring too much.)
+
+ Arguably this is a shortcoming of the BouncyCastleSecurityRegistrar. For the EdDSASecurityProviderRegistrar, this problem does not exist
+ since the security provider is in a package that is also referenced elsewhere.
+ -->
+ <bnd.extraImports>org.bouncycastle.jce.provider;version="$$<range;[==,+);${bouncycastle.version}>";resolution:=optional,</bnd.extraImports>
</properties>
<dependencies>