From b77b83acbb6caf3c59cb88f81828d0cdeda9dbe4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Dec 2024 13:34:56 +0000 Subject: [PATCH 1/4] build: bump github.com/go-git/go-billy/v5 from 5.6.0 to 5.6.1 Bumps [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) from 5.6.0 to 5.6.1. - [Release notes](https://github.com/go-git/go-billy/releases) - [Commits](https://github.com/go-git/go-billy/compare/v5.6.0...v5.6.1) --- updated-dependencies: - dependency-name: github.com/go-git/go-billy/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 4c67dd7db..9df58a335 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/emirpasic/gods v1.18.1 github.com/gliderlabs/ssh v0.3.8 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 - github.com/go-git/go-billy/v5 v5.6.0 + github.com/go-git/go-billy/v5 v5.6.1 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da github.com/google/go-cmp v0.6.0 @@ -33,12 +33,12 @@ require ( github.com/Microsoft/go-winio v0.6.1 // indirect github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect github.com/cloudflare/circl v1.3.7 // indirect - github.com/cyphar/filepath-securejoin v0.2.5 // indirect + github.com/cyphar/filepath-securejoin v0.3.6 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/kr/pretty v0.3.1 // indirect github.com/kr/text v0.2.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/rogpeppe/go-internal v1.11.0 // indirect + github.com/rogpeppe/go-internal v1.12.0 // indirect golang.org/x/mod v0.17.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect diff --git a/go.sum b/go.sum index 83cd5510e..510741e5b 100644 --- a/go.sum +++ b/go.sum @@ -12,8 +12,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo= -github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM= +github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -25,8 +25,8 @@ github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c= github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.6.0 h1:w2hPNtoehvJIxR00Vb4xX94qHQi/ApZfX+nBE2Cjio8= -github.com/go-git/go-billy/v5 v5.6.0/go.mod h1:sFDq7xD3fn3E0GOwUSZqHo9lrkmx8xJhA0ZrfvjBRGM= +github.com/go-git/go-billy/v5 v5.6.1 h1:u+dcrgaguSSkbjzHwelEjc0Yj300NUevrrPphk/SoRA= +github.com/go-git/go-billy/v5 v5.6.1/go.mod h1:0AsLr1z2+Uksi4NlElmMblP5rPcDZNRCD8ujZCRR2BE= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= @@ -55,8 +55,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= From b0d72b34af9c88114673c484e185011a2f6bdadb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Dec 2024 13:35:02 +0000 Subject: [PATCH 2/4] build: bump github.com/elazarl/goproxy from 1.2.1 to 1.2.2 Bumps [github.com/elazarl/goproxy](https://github.com/elazarl/goproxy) from 1.2.1 to 1.2.2. - [Release notes](https://github.com/elazarl/goproxy/releases) - [Commits](https://github.com/elazarl/goproxy/compare/v1.2.1...v1.2.2) --- updated-dependencies: - dependency-name: github.com/elazarl/goproxy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 4c67dd7db..8e8534e8b 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( dario.cat/mergo v1.0.0 github.com/ProtonMail/go-crypto v1.1.3 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 - github.com/elazarl/goproxy v1.2.1 + github.com/elazarl/goproxy v1.2.2 github.com/emirpasic/gods v1.18.1 github.com/gliderlabs/ssh v0.3.8 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 diff --git a/go.sum b/go.sum index 83cd5510e..32ce4e550 100644 --- a/go.sum +++ b/go.sum @@ -17,8 +17,8 @@ github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/elazarl/goproxy v1.2.1 h1:njjgvO6cRG9rIqN2ebkqy6cQz2Njkx7Fsfv/zIZqgug= -github.com/elazarl/goproxy v1.2.1/go.mod h1:YfEbZtqP4AetfO6d40vWchF3znWX7C7Vd6ZMfdL8z64= +github.com/elazarl/goproxy v1.2.2 h1:gBQSetgBgnAW4DTeymUR/zKvXOAf24uH3+V3bilhJ3M= +github.com/elazarl/goproxy v1.2.2/go.mod h1:YfEbZtqP4AetfO6d40vWchF3znWX7C7Vd6ZMfdL8z64= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c= From 2fae1802230d9cf7cec3da49f03c569e9d02a06f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Dec 2024 13:56:10 +0000 Subject: [PATCH 3/4] build: bump github.com/elazarl/goproxy from 1.2.2 to 1.2.3 Bumps [github.com/elazarl/goproxy](https://github.com/elazarl/goproxy) from 1.2.2 to 1.2.3. - [Release notes](https://github.com/elazarl/goproxy/releases) - [Commits](https://github.com/elazarl/goproxy/compare/v1.2.2...v1.2.3) --- updated-dependencies: - dependency-name: github.com/elazarl/goproxy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c34b7d72c..81e261f37 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( dario.cat/mergo v1.0.0 github.com/ProtonMail/go-crypto v1.1.3 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 - github.com/elazarl/goproxy v1.2.2 + github.com/elazarl/goproxy v1.2.3 github.com/emirpasic/gods v1.18.1 github.com/gliderlabs/ssh v0.3.8 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 diff --git a/go.sum b/go.sum index 604fdcac2..ea93e302d 100644 --- a/go.sum +++ b/go.sum @@ -17,8 +17,8 @@ github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGL github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/elazarl/goproxy v1.2.2 h1:gBQSetgBgnAW4DTeymUR/zKvXOAf24uH3+V3bilhJ3M= -github.com/elazarl/goproxy v1.2.2/go.mod h1:YfEbZtqP4AetfO6d40vWchF3znWX7C7Vd6ZMfdL8z64= +github.com/elazarl/goproxy v1.2.3 h1:xwIyKHbaP5yfT6O9KIeYJR5549MXRQkoQMRXGztz8YQ= +github.com/elazarl/goproxy v1.2.3/go.mod h1:YfEbZtqP4AetfO6d40vWchF3znWX7C7Vd6ZMfdL8z64= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c= From 42f9d6bcf457e147a41a611ff9d43936be0c5431 Mon Sep 17 00:00:00 2001 From: Paulo Gomes Date: Thu, 2 Jan 2025 12:14:38 +0000 Subject: [PATCH 4/4] Revert "plumbing: transport/ssh, Add support for SSH @cert-authority." --- plumbing/transport/ssh/auth_method.go | 13 ++- plumbing/transport/ssh/auth_method_test.go | 106 +-------------------- plumbing/transport/ssh/common.go | 17 +--- 3 files changed, 12 insertions(+), 124 deletions(-) diff --git a/plumbing/transport/ssh/auth_method.go b/plumbing/transport/ssh/auth_method.go index f9c598e6f..ac4e3583c 100644 --- a/plumbing/transport/ssh/auth_method.go +++ b/plumbing/transport/ssh/auth_method.go @@ -230,11 +230,11 @@ func (a *PublicKeysCallback) ClientConfig() (*ssh.ClientConfig, error) { // ~/.ssh/known_hosts // /etc/ssh/ssh_known_hosts func NewKnownHostsCallback(files ...string) (ssh.HostKeyCallback, error) { - db, err := newKnownHostsDb(files...) - return db.HostKeyCallback(), err + kh, err := newKnownHosts(files...) + return ssh.HostKeyCallback(kh), err } -func newKnownHostsDb(files ...string) (*knownhosts.HostKeyDB, error) { +func newKnownHosts(files ...string) (knownhosts.HostKeyCallback, error) { var err error if len(files) == 0 { @@ -247,7 +247,7 @@ func newKnownHostsDb(files ...string) (*knownhosts.HostKeyDB, error) { return nil, err } - return knownhosts.NewDB(files...) + return knownhosts.New(files...) } func getDefaultKnownHostsFiles() ([]string, error) { @@ -301,12 +301,11 @@ type HostKeyCallbackHelper struct { // HostKeyCallback is empty a default callback is created using // NewKnownHostsCallback. func (m *HostKeyCallbackHelper) SetHostKeyCallback(cfg *ssh.ClientConfig) (*ssh.ClientConfig, error) { + var err error if m.HostKeyCallback == nil { - db, err := newKnownHostsDb() - if err != nil { + if m.HostKeyCallback, err = NewKnownHostsCallback(); err != nil { return cfg, err } - m.HostKeyCallback = db.HostKeyCallback() } cfg.HostKeyCallback = m.HostKeyCallback diff --git a/plumbing/transport/ssh/auth_method_test.go b/plumbing/transport/ssh/auth_method_test.go index e3f652e35..b275018ae 100644 --- a/plumbing/transport/ssh/auth_method_test.go +++ b/plumbing/transport/ssh/auth_method_test.go @@ -18,8 +18,7 @@ import ( type ( SuiteCommon struct{} - mockKnownHosts struct{} - mockKnownHostsWithCert struct{} + mockKnownHosts struct{} ) func (mockKnownHosts) host() string { return "github.com" } @@ -28,19 +27,6 @@ func (mockKnownHosts) knownHosts() []byte { } func (mockKnownHosts) Network() string { return "tcp" } func (mockKnownHosts) String() string { return "github.com:22" } -func (mockKnownHosts) Algorithms() []string { - return []string{ssh.KeyAlgoRSA, ssh.KeyAlgoRSASHA256, ssh.KeyAlgoRSASHA512} -} - -func (mockKnownHostsWithCert) host() string { return "github.com" } -func (mockKnownHostsWithCert) knownHosts() []byte { - return []byte(`@cert-authority github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==`) -} -func (mockKnownHostsWithCert) Network() string { return "tcp" } -func (mockKnownHostsWithCert) String() string { return "github.com:22" } -func (mockKnownHostsWithCert) Algorithms() []string { - return []string{ssh.CertAlgoRSASHA512v01, ssh.CertAlgoRSASHA256v01, ssh.CertAlgoRSAv01} -} var _ = Suite(&SuiteCommon{}) @@ -244,93 +230,3 @@ func (*SuiteCommon) TestNewKnownHostsCallback(c *C) { err = clb(mock.String(), mock, hostKey) c.Assert(err, IsNil) } - -func (*SuiteCommon) TestNewKnownHostsDbWithoutCert(c *C) { - if runtime.GOOS == "js" { - c.Skip("not available in wasm") - } - - var mock = mockKnownHosts{} - - f, err := util.TempFile(osfs.Default, "", "known-hosts") - c.Assert(err, IsNil) - - _, err = f.Write(mock.knownHosts()) - c.Assert(err, IsNil) - - err = f.Close() - c.Assert(err, IsNil) - - defer util.RemoveAll(osfs.Default, f.Name()) - - f, err = osfs.Default.Open(f.Name()) - c.Assert(err, IsNil) - - defer f.Close() - - db, err := newKnownHostsDb(f.Name()) - c.Assert(err, IsNil) - - algos := db.HostKeyAlgorithms(mock.String()) - c.Assert(algos, HasLen, len(mock.Algorithms())) - - contains := func(container []string, value string) bool { - for _, inner := range container { - if inner == value { - return true - } - } - return false - } - - for _, algorithm := range mock.Algorithms() { - if !contains(algos, algorithm) { - c.Error("algos does not contain ", algorithm) - } - } -} - -func (*SuiteCommon) TestNewKnownHostsDbWithCert(c *C) { - if runtime.GOOS == "js" { - c.Skip("not available in wasm") - } - - var mock = mockKnownHostsWithCert{} - - f, err := util.TempFile(osfs.Default, "", "known-hosts") - c.Assert(err, IsNil) - - _, err = f.Write(mock.knownHosts()) - c.Assert(err, IsNil) - - err = f.Close() - c.Assert(err, IsNil) - - defer util.RemoveAll(osfs.Default, f.Name()) - - f, err = osfs.Default.Open(f.Name()) - c.Assert(err, IsNil) - - defer f.Close() - - db, err := newKnownHostsDb(f.Name()) - c.Assert(err, IsNil) - - algos := db.HostKeyAlgorithms(mock.String()) - c.Assert(algos, HasLen, len(mock.Algorithms())) - - contains := func(container []string, value string) bool { - for _, inner := range container { - if inner == value { - return true - } - } - return false - } - - for _, algorithm := range mock.Algorithms() { - if !contains(algos, algorithm) { - c.Error("algos does not contain ", algorithm) - } - } -} diff --git a/plumbing/transport/ssh/common.go b/plumbing/transport/ssh/common.go index a37024f0e..05dea448f 100644 --- a/plumbing/transport/ssh/common.go +++ b/plumbing/transport/ssh/common.go @@ -11,6 +11,7 @@ import ( "github.com/go-git/go-git/v5/plumbing/transport" "github.com/go-git/go-git/v5/plumbing/transport/internal/common" + "github.com/skeema/knownhosts" "github.com/kevinburke/ssh_config" "golang.org/x/crypto/ssh" @@ -126,25 +127,17 @@ func (c *command) connect() error { } hostWithPort := c.getHostWithPort() if config.HostKeyCallback == nil { - db, err := newKnownHostsDb() + kh, err := newKnownHosts() if err != nil { return err } - - config.HostKeyCallback = db.HostKeyCallback() - config.HostKeyAlgorithms = db.HostKeyAlgorithms(hostWithPort) + config.HostKeyCallback = kh.HostKeyCallback() + config.HostKeyAlgorithms = kh.HostKeyAlgorithms(hostWithPort) } else if len(config.HostKeyAlgorithms) == 0 { // Set the HostKeyAlgorithms based on HostKeyCallback. // For background see https://github.com/go-git/go-git/issues/411 as well as // https://github.com/golang/go/issues/29286 for root cause. - db, err := newKnownHostsDb() - if err != nil { - return err - } - - // Note that the knownhost database is used, as it provides additional functionality - // to handle ssh cert-authorities. - config.HostKeyAlgorithms = db.HostKeyAlgorithms(hostWithPort) + config.HostKeyAlgorithms = knownhosts.HostKeyAlgorithms(config.HostKeyCallback, hostWithPort) } overrideConfig(c.config, config)