Skip to content

JGIT SSH commit signing / NetBinox removal / JNA as OSGI bundle#9483

Open
matthiasblaesing wants to merge 5 commits into
apache:masterfrom
matthiasblaesing:jgit-signing-alt
Open

JGIT SSH commit signing / NetBinox removal / JNA as OSGI bundle#9483
matthiasblaesing wants to merge 5 commits into
apache:masterfrom
matthiasblaesing:jgit-signing-alt

Conversation

@matthiasblaesing

Copy link
Copy Markdown
Contributor

The primary motivation of this PR is moving the ssh support for JGIT from JSch to the Apache Mina based implementation. According to the JGIT project support for JSch is deprecated and there are no plans to move from the unmaintained version com.jcraft:jsch to com.github.mwiede:jsch.

The move to the Mina based client is also required to enable SSH signing of commits.

As preparation NetBinox, the one of the two OSGI implementations NetBeans currently offers, is dropped as it is essentially unmaintained.

A second necessary preparation is to make JNA available as an OSGI bundle of the correct name. JNA was available to the OSGI environment via package imports, but the agent integration code of jgit declares a bundle requirement and thus needs the correct name. This is accomplished by providing an alias/shim module that reexports the original packages with the correct name in addition to the NetBeans module name.

Closes: #9471
Closes: #7572

@matthiasblaesing matthiasblaesing added DO NOT squash git [ci] enable versioning job ci:all-tests [ci] enable all tests ci:dev-build [ci] produce a dev-build zip artifact (7 days expiration, see link on workflow summary page) labels Jul 2, 2026
@matthiasblaesing matthiasblaesing added this to the NB31 milestone Jul 2, 2026
@matthiasblaesing

Copy link
Copy Markdown
Contributor Author

This is an alternative approach to #9472

Netbinox is a patched version of Equinox (the Eclipse OSGI runtime
conainer). The patch is bases on a Equinox version from 2014. The patch
was evolved to allow "Import-Package" declaration for JDK packages if
they are declared optional. This works as long as the imports are
declared optional. This is not the case for a growing number of
libraries.

NetBeans already carries an up-to-date OSGI container (Apache Felix), so
use that and drop the custom dependency.

In the wake of this the following modules were removed too:

  - o.eclipse.core.contenttype
  - o.eclipse.core.jobs
  - o.eclipse.core.net
  - o.eclipse.core.runtime
  - o.eclipse.core.runtime.compatibility.auth
  - o.eclipse.equinox.app
  - o.eclipse.equinox.common
  - o.eclipse.equinox.preferences
  - o.eclipse.equinox.registry
  - o.eclipse.equinox.security

It is assumed that equinox was added to be able to run eclise modules,
which in turn were required for Mylin (Bugtracking integration). The
latter was dropped, so the dependencies should be removed to reduce the
dependency footprint.
…m -> o.n.libs.jna.platform

Netigso (the NetBeans OSGI Integration layer) makes NetBeans modules
available to the OSGI environment. For JNA this works as long as the
dependent modules use the "Import-Package" header. It fails if the JNA
bundle is imported via "Require-Bundle". The reason for this is the
mismatch between the upstream bundle name and the NetBeans module name.

The alias/shim modules reexport the JNA modules with the upstream bundle
name.
This adds the required dependencies and switches the jgit ssh
integration from JSch to Apache Mina.

This adds four new dependencies:

- Apache MINA SSH Client implementation
  (org.apache.sshd:sshd-osgi and org.apache.sshd:sshd-sftp)
- JGIT ssh client implementation using Apache MINA (inkl. the
  ssh-agent integration)

Adjustments to the implementation:

- The jgit integration for mina does not query the credential provider
  for a passphrase when opening the identity file, but instead uses a
  password callback (existing Credentialsprovider was adjusted to
  tollerate this)
- The NetBeans ssh connection settings allow to choose between
  username/password and key authentication. There is no fallback between
  the two. The concept of a custom SshSessionFactory was transfered from
  the jsch implementation and reimplemented on top of the mina
  integration.
The patching was in place to enable loading commons-lang3 into the
NetBinox container (patched equinox). With NetBinox dropped in favor of
Apache Felix, this can be now removed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ci:all-tests [ci] enable all tests ci:dev-build [ci] produce a dev-build zip artifact (7 days expiration, see link on workflow summary page) DO NOT squash git [ci] enable versioning job

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Check if we can switch from JSch to Apache Mina as JGit backend Unable to verify plugins, then freezes

1 participant