3731c12a89
Resolves: rhbz#2193018
1157 lines
32 KiB
Diff
1157 lines
32 KiB
Diff
patch removed backend crypto
|
|
|
|
the `Makefile` removed a few files containing (unused) crypto
|
|
algorithms from the vendor tarball, which are not used in Grafana.
|
|
This patch removes all references to the deleted files.
|
|
|
|
diff --git a/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
|
|
new file mode 100644
|
|
index 0000000000..871e612a61
|
|
--- /dev/null
|
|
+++ b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
|
|
@@ -0,0 +1,25 @@
|
|
+package elgamal
|
|
+
|
|
+import (
|
|
+ "io"
|
|
+ "math/big"
|
|
+)
|
|
+
|
|
+// PublicKey represents an ElGamal public key.
|
|
+type PublicKey struct {
|
|
+ G, P, Y *big.Int
|
|
+}
|
|
+
|
|
+// PrivateKey represents an ElGamal private key.
|
|
+type PrivateKey struct {
|
|
+ PublicKey
|
|
+ X *big.Int
|
|
+}
|
|
+
|
|
+func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err error) {
|
|
+ panic("ElGamal encryption not available")
|
|
+}
|
|
+
|
|
+func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) {
|
|
+ panic("ElGamal encryption not available")
|
|
+}
|
|
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
|
|
index 0a19794a8e..25a5ee9158 100644
|
|
--- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go
|
|
+++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
|
|
@@ -22,7 +22,6 @@ import (
|
|
"math/big"
|
|
"math/bits"
|
|
|
|
- "golang.org/x/crypto/cast5"
|
|
"golang.org/x/crypto/openpgp/errors"
|
|
)
|
|
|
|
@@ -493,7 +492,7 @@ func (cipher CipherFunction) KeySize() int {
|
|
case Cipher3DES:
|
|
return 24
|
|
case CipherCAST5:
|
|
- return cast5.KeySize
|
|
+ panic("cast5 cipher not available")
|
|
case CipherAES128:
|
|
return 16
|
|
case CipherAES192:
|
|
@@ -523,7 +522,7 @@ func (cipher CipherFunction) new(key []byte) (block cipher.Block) {
|
|
case Cipher3DES:
|
|
block, _ = des.NewTripleDESCipher(key)
|
|
case CipherCAST5:
|
|
- block, _ = cast5.NewCipher(key)
|
|
+ panic("cast5 cipher not available")
|
|
case CipherAES128, CipherAES192, CipherAES256:
|
|
block, _ = aes.NewCipher(key)
|
|
}
|
|
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
|
|
index 6126030eb9..3a54c5f2b1 100644
|
|
--- a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
|
|
+++ b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
|
|
@@ -5,13 +5,12 @@
|
|
package packet
|
|
|
|
import (
|
|
- "crypto/cipher"
|
|
"crypto/sha1"
|
|
"crypto/subtle"
|
|
- "golang.org/x/crypto/openpgp/errors"
|
|
"hash"
|
|
"io"
|
|
- "strconv"
|
|
+
|
|
+ "golang.org/x/crypto/openpgp/errors"
|
|
)
|
|
|
|
// SymmetricallyEncrypted represents a symmetrically encrypted byte string. The
|
|
@@ -45,46 +44,7 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error {
|
|
// packet can be read. An incorrect key can, with high probability, be detected
|
|
// immediately and this will result in a KeyIncorrect error being returned.
|
|
func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) {
|
|
- keySize := c.KeySize()
|
|
- if keySize == 0 {
|
|
- return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c)))
|
|
- }
|
|
- if len(key) != keySize {
|
|
- return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length")
|
|
- }
|
|
-
|
|
- if se.prefix == nil {
|
|
- se.prefix = make([]byte, c.blockSize()+2)
|
|
- _, err := readFull(se.contents, se.prefix)
|
|
- if err != nil {
|
|
- return nil, err
|
|
- }
|
|
- } else if len(se.prefix) != c.blockSize()+2 {
|
|
- return nil, errors.InvalidArgumentError("can't try ciphers with different block lengths")
|
|
- }
|
|
-
|
|
- ocfbResync := OCFBResync
|
|
- if se.MDC {
|
|
- // MDC packets use a different form of OCFB mode.
|
|
- ocfbResync = OCFBNoResync
|
|
- }
|
|
-
|
|
- s := NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync)
|
|
- if s == nil {
|
|
- return nil, errors.ErrKeyIncorrect
|
|
- }
|
|
-
|
|
- plaintext := cipher.StreamReader{S: s, R: se.contents}
|
|
-
|
|
- if se.MDC {
|
|
- // MDC packets have an embedded hash that we need to check.
|
|
- h := sha1.New()
|
|
- h.Write(se.prefix)
|
|
- return &seMDCReader{in: plaintext, h: h}, nil
|
|
- }
|
|
-
|
|
- // Otherwise, we just need to wrap plaintext so that it's a valid ReadCloser.
|
|
- return seReader{plaintext}, nil
|
|
+ panic("OCFB cipher not available")
|
|
}
|
|
|
|
// seReader wraps an io.Reader with a no-op Close method.
|
|
@@ -254,37 +214,5 @@ func (c noOpCloser) Close() error {
|
|
// written.
|
|
// If config is nil, sensible defaults will be used.
|
|
func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error) {
|
|
- if c.KeySize() != len(key) {
|
|
- return nil, errors.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length")
|
|
- }
|
|
- writeCloser := noOpCloser{w}
|
|
- ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedMDC)
|
|
- if err != nil {
|
|
- return
|
|
- }
|
|
-
|
|
- _, err = ciphertext.Write([]byte{symmetricallyEncryptedVersion})
|
|
- if err != nil {
|
|
- return
|
|
- }
|
|
-
|
|
- block := c.new(key)
|
|
- blockSize := block.BlockSize()
|
|
- iv := make([]byte, blockSize)
|
|
- _, err = config.Random().Read(iv)
|
|
- if err != nil {
|
|
- return
|
|
- }
|
|
- s, prefix := NewOCFBEncrypter(block, iv, OCFBNoResync)
|
|
- _, err = ciphertext.Write(prefix)
|
|
- if err != nil {
|
|
- return
|
|
- }
|
|
- plaintext := cipher.StreamWriter{S: s, W: ciphertext}
|
|
-
|
|
- h := sha1.New()
|
|
- h.Write(iv)
|
|
- h.Write(iv[blockSize-2:])
|
|
- contents = &seMDCWriter{w: plaintext, h: h}
|
|
- return
|
|
+ panic("OCFB cipher not available")
|
|
}
|
|
diff --git a/vendor/golang.org/x/crypto/pkcs12/crypto.go b/vendor/golang.org/x/crypto/pkcs12/crypto.go
|
|
index 484ca51b71..5f502b8df1 100644
|
|
--- a/vendor/golang.org/x/crypto/pkcs12/crypto.go
|
|
+++ b/vendor/golang.org/x/crypto/pkcs12/crypto.go
|
|
@@ -11,8 +11,6 @@ import (
|
|
"crypto/x509/pkix"
|
|
"encoding/asn1"
|
|
"errors"
|
|
-
|
|
- "golang.org/x/crypto/pkcs12/internal/rc2"
|
|
)
|
|
|
|
var (
|
|
@@ -46,10 +44,6 @@ func (shaWithTripleDESCBC) deriveIV(salt, password []byte, iterations int) []byt
|
|
|
|
type shaWith40BitRC2CBC struct{}
|
|
|
|
-func (shaWith40BitRC2CBC) create(key []byte) (cipher.Block, error) {
|
|
- return rc2.New(key, len(key)*8)
|
|
-}
|
|
-
|
|
func (shaWith40BitRC2CBC) deriveKey(salt, password []byte, iterations int) []byte {
|
|
return pbkdf(sha1Sum, 20, 64, salt, password, iterations, 1, 5)
|
|
}
|
|
@@ -70,7 +64,7 @@ func pbDecrypterFor(algorithm pkix.AlgorithmIdentifier, password []byte) (cipher
|
|
case algorithm.Algorithm.Equal(oidPBEWithSHAAnd3KeyTripleDESCBC):
|
|
cipherType = shaWithTripleDESCBC{}
|
|
case algorithm.Algorithm.Equal(oidPBEWithSHAAnd40BitRC2CBC):
|
|
- cipherType = shaWith40BitRC2CBC{}
|
|
+ panic("RC2 encryption not available")
|
|
default:
|
|
return nil, 0, NotImplementedError("algorithm " + algorithm.Algorithm.String() + " is not supported")
|
|
}
|
|
diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
|
|
index ae3ebc03b9..11dbc3c56e 100644
|
|
--- a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
|
|
+++ b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
|
|
@@ -16,14 +16,11 @@
|
|
package web
|
|
|
|
import (
|
|
- "encoding/hex"
|
|
"fmt"
|
|
"net/http"
|
|
- "strings"
|
|
"sync"
|
|
|
|
"github.com/go-kit/log"
|
|
- "golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
// extraHTTPHeaders is a map of HTTP headers that can be added to HTTP
|
|
@@ -36,22 +34,6 @@ var extraHTTPHeaders = map[string][]string{
|
|
"Content-Security-Policy": nil,
|
|
}
|
|
|
|
-func validateUsers(configPath string) error {
|
|
- c, err := getConfig(configPath)
|
|
- if err != nil {
|
|
- return err
|
|
- }
|
|
-
|
|
- for _, p := range c.Users {
|
|
- _, err = bcrypt.Cost([]byte(p))
|
|
- if err != nil {
|
|
- return err
|
|
- }
|
|
- }
|
|
-
|
|
- return nil
|
|
-}
|
|
-
|
|
// validateHeaderConfig checks that the provided header configuration is correct.
|
|
// It does not check the validity of all the values, only the ones which are
|
|
// well-defined enumerations.
|
|
@@ -67,60 +49,3 @@ type webHandler struct {
|
|
// only once in parallel as this is CPU intensive.
|
|
bcryptMtx sync.Mutex
|
|
}
|
|
-
|
|
-func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
- c, err := getConfig(u.tlsConfigPath)
|
|
- if err != nil {
|
|
- u.logger.Log("msg", "Unable to parse configuration", "err", err)
|
|
- http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
|
- return
|
|
- }
|
|
-
|
|
- // Configure http headers.
|
|
- for k, v := range c.HTTPConfig.Header {
|
|
- w.Header().Set(k, v)
|
|
- }
|
|
-
|
|
- if len(c.Users) == 0 {
|
|
- u.handler.ServeHTTP(w, r)
|
|
- return
|
|
- }
|
|
-
|
|
- user, pass, auth := r.BasicAuth()
|
|
- if auth {
|
|
- hashedPassword, validUser := c.Users[user]
|
|
-
|
|
- if !validUser {
|
|
- // The user is not found. Use a fixed password hash to
|
|
- // prevent user enumeration by timing requests.
|
|
- // This is a bcrypt-hashed version of "fakepassword".
|
|
- hashedPassword = "$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSi"
|
|
- }
|
|
-
|
|
- cacheKey := strings.Join(
|
|
- []string{
|
|
- hex.EncodeToString([]byte(user)),
|
|
- hex.EncodeToString([]byte(hashedPassword)),
|
|
- hex.EncodeToString([]byte(pass)),
|
|
- }, ":")
|
|
- authOk, ok := u.cache.get(cacheKey)
|
|
-
|
|
- if !ok {
|
|
- // This user, hashedPassword, password is not cached.
|
|
- u.bcryptMtx.Lock()
|
|
- err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(pass))
|
|
- u.bcryptMtx.Unlock()
|
|
-
|
|
- authOk = validUser && err == nil
|
|
- u.cache.set(cacheKey, authOk)
|
|
- }
|
|
-
|
|
- if authOk && validUser {
|
|
- u.handler.ServeHTTP(w, r)
|
|
- return
|
|
- }
|
|
- }
|
|
-
|
|
- w.Header().Set("WWW-Authenticate", "Basic")
|
|
- http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
|
-}
|
|
diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go
|
|
--- grafana-9.2.2/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go 2023-03-13 20:00:00.000000000 -0400
|
|
+++ /tmp/rpkg/grafana-1-v6p2z4of/grafana-9.2.2/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go 2023-03-16 13:43:13.300238021 -0400
|
|
@@ -18,12 +18,8 @@
|
|
"crypto/x509"
|
|
"fmt"
|
|
"io/ioutil"
|
|
- "net"
|
|
- "net/http"
|
|
"path/filepath"
|
|
|
|
- "github.com/go-kit/log"
|
|
- "github.com/go-kit/log/level"
|
|
"github.com/pkg/errors"
|
|
config_util "github.com/prometheus/common/config"
|
|
"gopkg.in/yaml.v2"
|
|
@@ -177,98 +173,6 @@
|
|
return cfg, nil
|
|
}
|
|
|
|
-// ListenAndServe starts the server on the given address. Based on the file
|
|
-// tlsConfigPath, TLS or basic auth could be enabled.
|
|
-func ListenAndServe(server *http.Server, tlsConfigPath string, logger log.Logger) error {
|
|
- listener, err := net.Listen("tcp", server.Addr)
|
|
- if err != nil {
|
|
- return err
|
|
- }
|
|
- defer listener.Close()
|
|
- return Serve(listener, server, tlsConfigPath, logger)
|
|
-}
|
|
-
|
|
-// Server starts the server on the given listener. Based on the file
|
|
-// tlsConfigPath, TLS or basic auth could be enabled.
|
|
-func Serve(l net.Listener, server *http.Server, tlsConfigPath string, logger log.Logger) error {
|
|
- if tlsConfigPath == "" {
|
|
- level.Info(logger).Log("msg", "TLS is disabled.", "http2", false)
|
|
- return server.Serve(l)
|
|
- }
|
|
-
|
|
- if err := validateUsers(tlsConfigPath); err != nil {
|
|
- return err
|
|
- }
|
|
-
|
|
- // Setup basic authentication.
|
|
- var handler http.Handler = http.DefaultServeMux
|
|
- if server.Handler != nil {
|
|
- handler = server.Handler
|
|
- }
|
|
-
|
|
- c, err := getConfig(tlsConfigPath)
|
|
- if err != nil {
|
|
- return err
|
|
- }
|
|
-
|
|
- server.Handler = &webHandler{
|
|
- tlsConfigPath: tlsConfigPath,
|
|
- logger: logger,
|
|
- handler: handler,
|
|
- cache: newCache(),
|
|
- }
|
|
-
|
|
- config, err := ConfigToTLSConfig(&c.TLSConfig)
|
|
- switch err {
|
|
- case nil:
|
|
- if !c.HTTPConfig.HTTP2 {
|
|
- server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
|
|
- }
|
|
- // Valid TLS config.
|
|
- level.Info(logger).Log("msg", "TLS is enabled.", "http2", c.HTTPConfig.HTTP2)
|
|
- case errNoTLSConfig:
|
|
- // No TLS config, back to plain HTTP.
|
|
- level.Info(logger).Log("msg", "TLS is disabled.", "http2", false)
|
|
- return server.Serve(l)
|
|
- default:
|
|
- // Invalid TLS config.
|
|
- return err
|
|
- }
|
|
-
|
|
- server.TLSConfig = config
|
|
-
|
|
- // Set the GetConfigForClient method of the HTTPS server so that the config
|
|
- // and certs are reloaded on new connections.
|
|
- server.TLSConfig.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) {
|
|
- config, err := getTLSConfig(tlsConfigPath)
|
|
- if err != nil {
|
|
- return nil, err
|
|
- }
|
|
- config.NextProtos = server.TLSConfig.NextProtos
|
|
- return config, nil
|
|
- }
|
|
- return server.ServeTLS(l, "", "")
|
|
-}
|
|
-
|
|
-// Validate configuration file by reading the configuration and the certificates.
|
|
-func Validate(tlsConfigPath string) error {
|
|
- if tlsConfigPath == "" {
|
|
- return nil
|
|
- }
|
|
- if err := validateUsers(tlsConfigPath); err != nil {
|
|
- return err
|
|
- }
|
|
- c, err := getConfig(tlsConfigPath)
|
|
- if err != nil {
|
|
- return err
|
|
- }
|
|
- _, err = ConfigToTLSConfig(&c.TLSConfig)
|
|
- if err == errNoTLSConfig {
|
|
- return nil
|
|
- }
|
|
- return err
|
|
-}
|
|
-
|
|
type cipher uint16
|
|
|
|
func (c *cipher) UnmarshalYAML(unmarshal func(interface{}) error) error {
|
|
@@ -351,11 +255,3 @@
|
|
}
|
|
return fmt.Sprintf("%v", tv), nil
|
|
}
|
|
-
|
|
-// Listen starts the server on the given address. Based on the file
|
|
-// tlsConfigPath, TLS or basic auth could be enabled.
|
|
-//
|
|
-// Deprecated: Use ListenAndServe instead.
|
|
-func Listen(server *http.Server, tlsConfigPath string, logger log.Logger) error {
|
|
- return ListenAndServe(server, tlsConfigPath, logger)
|
|
-}
|
|
diff a/vendor/github.com/go-git/go-git/v5/options.go b/vendor/github.com/go-git/go-git/v5/options.go
|
|
--- a/vendor/github.com/go-git/go-git/v5/options.go 2022-10-30 20:00:00.000000000 -0400
|
|
+++ b/vendor/github.com/go-git/go-git/v5/options.go 2022-12-20 10:24:35.162653691 -0500
|
|
@@ -7,7 +7,7 @@
|
|
"strings"
|
|
"time"
|
|
|
|
- "github.com/ProtonMail/go-crypto/openpgp"
|
|
+ // "github.com/ProtonMail/go-crypto/openpgp"
|
|
"github.com/go-git/go-git/v5/config"
|
|
"github.com/go-git/go-git/v5/plumbing"
|
|
"github.com/go-git/go-git/v5/plumbing/object"
|
|
@@ -434,7 +434,7 @@
|
|
// SignKey denotes a key to sign the commit with. A nil value here means the
|
|
// commit will not be signed. The private key must be present and already
|
|
// decrypted.
|
|
- SignKey *openpgp.Entity
|
|
+ // SignKey *openpgp.Entity
|
|
}
|
|
|
|
// Validate validates the fields and sets the default values.
|
|
@@ -517,7 +517,7 @@
|
|
Message string
|
|
// SignKey denotes a key to sign the tag with. A nil value here means the tag
|
|
// will not be signed. The private key must be present and already decrypted.
|
|
- SignKey *openpgp.Entity
|
|
+ // SignKey *openpgp.Entity
|
|
}
|
|
|
|
// Validate validates the fields and sets the default values.
|
|
diff a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go
|
|
--- a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go 2022-10-30 20:00:00.000000000 -0400
|
|
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go 2022-12-20 10:33:26.630073026 -0500
|
|
@@ -9,7 +9,7 @@
|
|
"io"
|
|
"strings"
|
|
|
|
- "github.com/ProtonMail/go-crypto/openpgp"
|
|
+ // "github.com/ProtonMail/go-crypto/openpgp"
|
|
|
|
"github.com/go-git/go-git/v5/plumbing"
|
|
"github.com/go-git/go-git/v5/plumbing/storer"
|
|
@@ -354,7 +354,8 @@
|
|
|
|
// Verify performs PGP verification of the commit with a provided armored
|
|
// keyring and returns openpgp.Entity associated with verifying key on success.
|
|
-func (c *Commit) Verify(armoredKeyRing string) (*openpgp.Entity, error) {
|
|
+func (c *Commit) Verify(armoredKeyRing string) (*int, error) {
|
|
+ /*
|
|
keyRingReader := strings.NewReader(armoredKeyRing)
|
|
keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader)
|
|
if err != nil {
|
|
@@ -375,6 +376,8 @@
|
|
}
|
|
|
|
return openpgp.CheckArmoredDetachedSignature(keyring, er, signature, nil)
|
|
+ */
|
|
+ return nil, nil
|
|
}
|
|
|
|
func indent(t string) string {
|
|
diff a/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go
|
|
--- a/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go 2022-10-30 20:00:00.000000000 -0400
|
|
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go 2022-12-20 10:37:05.542949113 -0500
|
|
@@ -6,9 +6,9 @@
|
|
"fmt"
|
|
"io"
|
|
stdioutil "io/ioutil"
|
|
- "strings"
|
|
+ // "strings"
|
|
|
|
- "github.com/ProtonMail/go-crypto/openpgp"
|
|
+ // "github.com/ProtonMail/go-crypto/openpgp"
|
|
|
|
"github.com/go-git/go-git/v5/plumbing"
|
|
"github.com/go-git/go-git/v5/plumbing/storer"
|
|
@@ -284,7 +284,8 @@
|
|
|
|
// Verify performs PGP verification of the tag with a provided armored
|
|
// keyring and returns openpgp.Entity associated with verifying key on success.
|
|
-func (t *Tag) Verify(armoredKeyRing string) (*openpgp.Entity, error) {
|
|
+func (t *Tag) Verify(armoredKeyRing string) (*int, error) {
|
|
+ /*
|
|
keyRingReader := strings.NewReader(armoredKeyRing)
|
|
keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader)
|
|
if err != nil {
|
|
@@ -305,6 +306,8 @@
|
|
}
|
|
|
|
return openpgp.CheckArmoredDetachedSignature(keyring, er, signature, nil)
|
|
+ */
|
|
+ return nil, nil
|
|
}
|
|
|
|
// TagIter provides an iterator for a set of tags.
|
|
diff a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go
|
|
--- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go 2022-10-30 20:00:00.000000000 -0400
|
|
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go 2022-12-20 13:42:13.659296361 -0500
|
|
@@ -1,6 +1,7 @@
|
|
package ssh
|
|
|
|
import (
|
|
+ /*
|
|
"errors"
|
|
"fmt"
|
|
"io/ioutil"
|
|
@@ -14,6 +15,7 @@
|
|
sshagent "github.com/xanzy/ssh-agent"
|
|
"golang.org/x/crypto/ssh"
|
|
"golang.org/x/crypto/ssh/knownhosts"
|
|
+ */
|
|
)
|
|
|
|
const DefaultUsername = "git"
|
|
@@ -22,10 +24,12 @@
|
|
// must implement. The clientConfig method returns the ssh client
|
|
// configuration needed to establish an ssh connection.
|
|
type AuthMethod interface {
|
|
+ /*
|
|
transport.AuthMethod
|
|
// ClientConfig should return a valid ssh.ClientConfig to be used to create
|
|
// a connection to the SSH server.
|
|
ClientConfig() (*ssh.ClientConfig, error)
|
|
+ */
|
|
}
|
|
|
|
// The names of the AuthMethod implementations. To be returned by the
|
|
@@ -42,78 +46,101 @@
|
|
// KeyboardInteractive implements AuthMethod by using a
|
|
// prompt/response sequence controlled by the server.
|
|
type KeyboardInteractive struct {
|
|
+ /*
|
|
User string
|
|
Challenge ssh.KeyboardInteractiveChallenge
|
|
HostKeyCallbackHelper
|
|
+ */
|
|
}
|
|
|
|
func (a *KeyboardInteractive) Name() string {
|
|
- return KeyboardInteractiveName
|
|
+ // return KeyboardInteractiveName
|
|
+ return ""
|
|
}
|
|
|
|
func (a *KeyboardInteractive) String() string {
|
|
- return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
|
|
+ // return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
|
|
+ return ""
|
|
}
|
|
|
|
-func (a *KeyboardInteractive) ClientConfig() (*ssh.ClientConfig, error) {
|
|
+func (a *KeyboardInteractive) ClientConfig() (*int, error) {
|
|
+ /*
|
|
return a.SetHostKeyCallback(&ssh.ClientConfig{
|
|
User: a.User,
|
|
Auth: []ssh.AuthMethod{
|
|
a.Challenge,
|
|
},
|
|
})
|
|
+ */
|
|
+ return nil, nil
|
|
}
|
|
|
|
// Password implements AuthMethod by using the given password.
|
|
type Password struct {
|
|
+ /*
|
|
User string
|
|
Password string
|
|
HostKeyCallbackHelper
|
|
+ */
|
|
}
|
|
|
|
func (a *Password) Name() string {
|
|
- return PasswordName
|
|
+ // return PasswordName
|
|
+ return ""
|
|
}
|
|
|
|
func (a *Password) String() string {
|
|
- return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
|
|
+ // return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
|
|
+ return ""
|
|
}
|
|
|
|
-func (a *Password) ClientConfig() (*ssh.ClientConfig, error) {
|
|
+func (a *Password) ClientConfig() (*int, error) {
|
|
+ /*
|
|
return a.SetHostKeyCallback(&ssh.ClientConfig{
|
|
User: a.User,
|
|
Auth: []ssh.AuthMethod{ssh.Password(a.Password)},
|
|
})
|
|
+ */
|
|
+ return nil, nil
|
|
}
|
|
|
|
// PasswordCallback implements AuthMethod by using a callback
|
|
// to fetch the password.
|
|
type PasswordCallback struct {
|
|
+ /*
|
|
User string
|
|
Callback func() (pass string, err error)
|
|
HostKeyCallbackHelper
|
|
+ */
|
|
}
|
|
|
|
func (a *PasswordCallback) Name() string {
|
|
- return PasswordCallbackName
|
|
+ // return PasswordCallbackName
|
|
+ return ""
|
|
}
|
|
|
|
func (a *PasswordCallback) String() string {
|
|
- return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
|
|
+ // return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
|
|
+ return ""
|
|
}
|
|
|
|
-func (a *PasswordCallback) ClientConfig() (*ssh.ClientConfig, error) {
|
|
+func (a *PasswordCallback) ClientConfig() (*int, error) {
|
|
+ /*
|
|
return a.SetHostKeyCallback(&ssh.ClientConfig{
|
|
User: a.User,
|
|
Auth: []ssh.AuthMethod{ssh.PasswordCallback(a.Callback)},
|
|
})
|
|
+ */
|
|
+ return nil, nil
|
|
}
|
|
|
|
// PublicKeys implements AuthMethod by using the given key pairs.
|
|
type PublicKeys struct {
|
|
+ /*
|
|
User string
|
|
Signer ssh.Signer
|
|
HostKeyCallbackHelper
|
|
+ */
|
|
}
|
|
|
|
// NewPublicKeys returns a PublicKeys from a PEM encoded private key. An
|
|
@@ -121,6 +148,7 @@
|
|
// encrypted PEM block otherwise password should be empty. It supports RSA
|
|
// (PKCS#1), PKCS#8, DSA (OpenSSL), and ECDSA private keys.
|
|
func NewPublicKeys(user string, pemBytes []byte, password string) (*PublicKeys, error) {
|
|
+ /*
|
|
signer, err := ssh.ParsePrivateKey(pemBytes)
|
|
if _, ok := err.(*ssh.PassphraseMissingError); ok {
|
|
signer, err = ssh.ParsePrivateKeyWithPassphrase(pemBytes, []byte(password))
|
|
@@ -129,36 +157,47 @@
|
|
return nil, err
|
|
}
|
|
return &PublicKeys{User: user, Signer: signer}, nil
|
|
+ */
|
|
+ return nil, nil
|
|
}
|
|
|
|
// NewPublicKeysFromFile returns a PublicKeys from a file containing a PEM
|
|
// encoded private key. An encryption password should be given if the pemBytes
|
|
// contains a password encrypted PEM block otherwise password should be empty.
|
|
func NewPublicKeysFromFile(user, pemFile, password string) (*PublicKeys, error) {
|
|
+ /*
|
|
bytes, err := ioutil.ReadFile(pemFile)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return NewPublicKeys(user, bytes, password)
|
|
+ */
|
|
+ return nil, nil
|
|
}
|
|
|
|
func (a *PublicKeys) Name() string {
|
|
- return PublicKeysName
|
|
+ // return PublicKeysName
|
|
+ return ""
|
|
}
|
|
|
|
func (a *PublicKeys) String() string {
|
|
- return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
|
|
+ // return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
|
|
+ return ""
|
|
}
|
|
|
|
-func (a *PublicKeys) ClientConfig() (*ssh.ClientConfig, error) {
|
|
+func (a *PublicKeys) ClientConfig() (*int, error) {
|
|
+ /*
|
|
return a.SetHostKeyCallback(&ssh.ClientConfig{
|
|
User: a.User,
|
|
Auth: []ssh.AuthMethod{ssh.PublicKeys(a.Signer)},
|
|
})
|
|
+ */
|
|
+ return nil, nil
|
|
}
|
|
|
|
func username() (string, error) {
|
|
+ /*
|
|
var username string
|
|
if user, err := user.Current(); err == nil {
|
|
username = user.Username
|
|
@@ -171,20 +210,25 @@
|
|
}
|
|
|
|
return username, nil
|
|
+ */
|
|
+ return "", nil
|
|
}
|
|
|
|
// PublicKeysCallback implements AuthMethod by asking a
|
|
// ssh.agent.Agent to act as a signer.
|
|
type PublicKeysCallback struct {
|
|
+ /*
|
|
User string
|
|
Callback func() (signers []ssh.Signer, err error)
|
|
HostKeyCallbackHelper
|
|
+ */
|
|
}
|
|
|
|
// NewSSHAgentAuth returns a PublicKeysCallback based on a SSH agent, it opens
|
|
// a pipe with the SSH agent and uses the pipe as the implementer of the public
|
|
// key callback function.
|
|
func NewSSHAgentAuth(u string) (*PublicKeysCallback, error) {
|
|
+ /*
|
|
var err error
|
|
if u == "" {
|
|
u, err = username()
|
|
@@ -202,21 +246,28 @@
|
|
User: u,
|
|
Callback: a.Signers,
|
|
}, nil
|
|
+ */
|
|
+ return nil, nil
|
|
}
|
|
|
|
func (a *PublicKeysCallback) Name() string {
|
|
- return PublicKeysCallbackName
|
|
+ // return PublicKeysCallbackName
|
|
+ return ""
|
|
}
|
|
|
|
func (a *PublicKeysCallback) String() string {
|
|
- return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
|
|
+ // return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
|
|
+ return ""
|
|
}
|
|
|
|
-func (a *PublicKeysCallback) ClientConfig() (*ssh.ClientConfig, error) {
|
|
+func (a *PublicKeysCallback) ClientConfig() (*int, error) {
|
|
+ /*
|
|
return a.SetHostKeyCallback(&ssh.ClientConfig{
|
|
User: a.User,
|
|
Auth: []ssh.AuthMethod{ssh.PublicKeysCallback(a.Callback)},
|
|
})
|
|
+ */
|
|
+ return nil, nil
|
|
}
|
|
|
|
// NewKnownHostsCallback returns ssh.HostKeyCallback based on a file based on a
|
|
@@ -229,7 +280,8 @@
|
|
// If SSH_KNOWN_HOSTS is not set the following file locations will be used:
|
|
// ~/.ssh/known_hosts
|
|
// /etc/ssh/ssh_known_hosts
|
|
-func NewKnownHostsCallback(files ...string) (ssh.HostKeyCallback, error) {
|
|
+func NewKnownHostsCallback(files ...string) (*int, error) {
|
|
+ /*
|
|
var err error
|
|
|
|
if len(files) == 0 {
|
|
@@ -243,9 +295,12 @@
|
|
}
|
|
|
|
return knownhosts.New(files...)
|
|
+ */
|
|
+ return nil, nil
|
|
}
|
|
|
|
-func getDefaultKnownHostsFiles() ([]string, error) {
|
|
+func getDefaultKnownHostsFiles() (*int, error) {
|
|
+ /*
|
|
files := filepath.SplitList(os.Getenv("SSH_KNOWN_HOSTS"))
|
|
if len(files) != 0 {
|
|
return files, nil
|
|
@@ -260,9 +315,12 @@
|
|
filepath.Join(homeDirPath, "/.ssh/known_hosts"),
|
|
"/etc/ssh/ssh_known_hosts",
|
|
}, nil
|
|
+ */
|
|
+ return nil, nil
|
|
}
|
|
|
|
-func filterKnownHostsFiles(files ...string) ([]string, error) {
|
|
+func filterKnownHostsFiles(files ...string) (*int, error) {
|
|
+ /*
|
|
var out []string
|
|
for _, file := range files {
|
|
_, err := os.Stat(file)
|
|
@@ -281,6 +339,8 @@
|
|
}
|
|
|
|
return out, nil
|
|
+ */
|
|
+ return nil, nil
|
|
}
|
|
|
|
// HostKeyCallbackHelper is a helper that provides common functionality to
|
|
@@ -289,13 +349,14 @@
|
|
// HostKeyCallback is the function type used for verifying server keys.
|
|
// If nil default callback will be create using NewKnownHostsCallback
|
|
// without argument.
|
|
- HostKeyCallback ssh.HostKeyCallback
|
|
+ // HostKeyCallback ssh.HostKeyCallback
|
|
}
|
|
|
|
// SetHostKeyCallback sets the field HostKeyCallback in the given cfg. If
|
|
// HostKeyCallback is empty a default callback is created using
|
|
// NewKnownHostsCallback.
|
|
-func (m *HostKeyCallbackHelper) SetHostKeyCallback(cfg *ssh.ClientConfig) (*ssh.ClientConfig, error) {
|
|
+func (m *HostKeyCallbackHelper) SetHostKeyCallback(*int) (*int, error) {
|
|
+ /*
|
|
var err error
|
|
if m.HostKeyCallback == nil {
|
|
if m.HostKeyCallback, err = NewKnownHostsCallback(); err != nil {
|
|
@@ -305,4 +366,6 @@
|
|
|
|
cfg.HostKeyCallback = m.HostKeyCallback
|
|
return cfg, nil
|
|
+ */
|
|
+ return nil, nil
|
|
}
|
|
diff a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go
|
|
--- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go 2022-10-30 20:00:00.000000000 -0400
|
|
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go 2022-12-20 14:01:25.825788050 -0500
|
|
@@ -2,18 +2,22 @@
|
|
package ssh
|
|
|
|
import (
|
|
- "context"
|
|
+ // "context"
|
|
"fmt"
|
|
+ /*
|
|
"reflect"
|
|
"strconv"
|
|
"strings"
|
|
+ */
|
|
|
|
"github.com/go-git/go-git/v5/plumbing/transport"
|
|
"github.com/go-git/go-git/v5/plumbing/transport/internal/common"
|
|
|
|
"github.com/kevinburke/ssh_config"
|
|
+ /*
|
|
"golang.org/x/crypto/ssh"
|
|
"golang.org/x/net/proxy"
|
|
+ */
|
|
)
|
|
|
|
// DefaultClient is the default SSH client.
|
|
@@ -28,23 +32,26 @@
|
|
}
|
|
|
|
// NewClient creates a new SSH client with an optional *ssh.ClientConfig.
|
|
-func NewClient(config *ssh.ClientConfig) transport.Transport {
|
|
- return common.NewClient(&runner{config: config})
|
|
+func NewClient(*int) transport.Transport {
|
|
+ // return common.NewClient(&runner{config: config})
|
|
+ return nil
|
|
}
|
|
|
|
// DefaultAuthBuilder is the function used to create a default AuthMethod, when
|
|
// the user doesn't provide any.
|
|
var DefaultAuthBuilder = func(user string) (AuthMethod, error) {
|
|
- return NewSSHAgentAuth(user)
|
|
+ // return NewSSHAgentAuth(user)
|
|
+ return nil, nil
|
|
}
|
|
|
|
const DefaultPort = 22
|
|
|
|
type runner struct {
|
|
- config *ssh.ClientConfig
|
|
+ // config *ssh.ClientConfig
|
|
}
|
|
|
|
func (r *runner) Command(cmd string, ep *transport.Endpoint, auth transport.AuthMethod) (common.Command, error) {
|
|
+ /*
|
|
c := &command{command: cmd, endpoint: ep, config: r.config}
|
|
if auth != nil {
|
|
c.setAuth(auth)
|
|
@@ -54,9 +61,12 @@
|
|
return nil, err
|
|
}
|
|
return c, nil
|
|
+ */
|
|
+ return nil, nil
|
|
}
|
|
|
|
type command struct {
|
|
+ /*
|
|
*ssh.Session
|
|
connected bool
|
|
command string
|
|
@@ -64,24 +74,29 @@
|
|
client *ssh.Client
|
|
auth AuthMethod
|
|
config *ssh.ClientConfig
|
|
+ */
|
|
}
|
|
|
|
func (c *command) setAuth(auth transport.AuthMethod) error {
|
|
+ /*
|
|
a, ok := auth.(AuthMethod)
|
|
if !ok {
|
|
return transport.ErrInvalidAuthMethod
|
|
}
|
|
|
|
c.auth = a
|
|
+ */
|
|
return nil
|
|
}
|
|
|
|
func (c *command) Start() error {
|
|
- return c.Session.Start(endpointToCommand(c.command, c.endpoint))
|
|
+ // return c.Session.Start(endpointToCommand(c.command, c.endpoint))
|
|
+ return nil
|
|
}
|
|
|
|
// Close closes the SSH session and connection.
|
|
func (c *command) Close() error {
|
|
+ /*
|
|
if !c.connected {
|
|
return nil
|
|
}
|
|
@@ -99,6 +114,8 @@
|
|
}
|
|
|
|
return err
|
|
+ */
|
|
+ return nil
|
|
}
|
|
|
|
// connect connects to the SSH server, unless a AuthMethod was set with
|
|
@@ -106,6 +123,7 @@
|
|
// it connects to a SSH agent, using the address stored in the SSH_AUTH_SOCK
|
|
// environment var.
|
|
func (c *command) connect() error {
|
|
+ /*
|
|
if c.connected {
|
|
return transport.ErrAlreadyConnected
|
|
}
|
|
@@ -136,10 +154,12 @@
|
|
}
|
|
|
|
c.connected = true
|
|
+ */
|
|
return nil
|
|
}
|
|
|
|
-func dial(network, addr string, config *ssh.ClientConfig) (*ssh.Client, error) {
|
|
+func dial(network, addr string, config *int) (*int, error) {
|
|
+ /*
|
|
var (
|
|
ctx = context.Background()
|
|
cancel context.CancelFunc
|
|
@@ -160,9 +180,12 @@
|
|
return nil, err
|
|
}
|
|
return ssh.NewClient(c, chans, reqs), nil
|
|
+ */
|
|
+ return nil, nil
|
|
}
|
|
|
|
func (c *command) getHostWithPort() string {
|
|
+ /*
|
|
if addr, found := c.doGetHostWithPortFromSSHConfig(); found {
|
|
return addr
|
|
}
|
|
@@ -174,9 +197,12 @@
|
|
}
|
|
|
|
return fmt.Sprintf("%s:%d", host, port)
|
|
+ */
|
|
+ return ""
|
|
}
|
|
|
|
func (c *command) doGetHostWithPortFromSSHConfig() (addr string, found bool) {
|
|
+ /*
|
|
if DefaultSSHConfig == nil {
|
|
return
|
|
}
|
|
@@ -202,12 +228,13 @@
|
|
}
|
|
|
|
addr = fmt.Sprintf("%s:%d", host, port)
|
|
+ */
|
|
return
|
|
}
|
|
|
|
func (c *command) setAuthFromEndpoint() error {
|
|
var err error
|
|
- c.auth, err = DefaultAuthBuilder(c.endpoint.User)
|
|
+ // c.auth, err = DefaultAuthBuilder(c.endpoint.User)
|
|
return err
|
|
}
|
|
|
|
@@ -215,7 +242,8 @@
|
|
return fmt.Sprintf("%s '%s'", cmd, ep.Path)
|
|
}
|
|
|
|
-func overrideConfig(overrides *ssh.ClientConfig, c *ssh.ClientConfig) {
|
|
+func overrideConfig(overrides *int, c *int) {
|
|
+ /*
|
|
if overrides == nil {
|
|
return
|
|
}
|
|
@@ -232,4 +260,5 @@
|
|
}
|
|
|
|
*c = vc.Interface().(ssh.ClientConfig)
|
|
+ */
|
|
}
|
|
diff a/vendor/github.com/go-git/go-git/v5/repository.go b/vendor/github.com/go-git/go-git/v5/repository.go
|
|
--- a/vendor/github.com/go-git/go-git/v5/repository.go 2022-10-30 20:00:00.000000000 -0400
|
|
+++ b/vendor/github.com/go-git/go-git/v5/repository.go 2022-12-20 13:46:57.584666477 -0500
|
|
@@ -13,7 +13,7 @@
|
|
"strings"
|
|
"time"
|
|
|
|
- "github.com/ProtonMail/go-crypto/openpgp"
|
|
+ // "github.com/ProtonMail/go-crypto/openpgp"
|
|
"github.com/go-git/go-billy/v5"
|
|
"github.com/go-git/go-billy/v5/osfs"
|
|
"github.com/go-git/go-billy/v5/util"
|
|
@@ -706,6 +706,7 @@
|
|
Target: hash,
|
|
}
|
|
|
|
+ /*
|
|
if opts.SignKey != nil {
|
|
sig, err := r.buildTagSignature(tag, opts.SignKey)
|
|
if err != nil {
|
|
@@ -714,6 +715,7 @@
|
|
|
|
tag.PGPSignature = sig
|
|
}
|
|
+ */
|
|
|
|
obj := r.Storer.NewEncodedObject()
|
|
if err := tag.Encode(obj); err != nil {
|
|
@@ -723,7 +725,8 @@
|
|
return r.Storer.SetEncodedObject(obj)
|
|
}
|
|
|
|
-func (r *Repository) buildTagSignature(tag *object.Tag, signKey *openpgp.Entity) (string, error) {
|
|
+func (r *Repository) buildTagSignature(tag *object.Tag, signKey *int) (string, error) {
|
|
+ /*
|
|
encoded := &plumbing.MemoryObject{}
|
|
if err := tag.Encode(encoded); err != nil {
|
|
return "", err
|
|
@@ -740,6 +743,8 @@
|
|
}
|
|
|
|
return b.String(), nil
|
|
+ */
|
|
+ return "", nil
|
|
}
|
|
|
|
// Tag returns a tag from the repository.
|
|
diff a/vendor/github.com/go-git/go-git/v5/worktree_commit.go b/vendor/github.com/go-git/go-git/v5/worktree_commit.go
|
|
--- a/vendor/github.com/go-git/go-git/v5/worktree_commit.go 2022-10-30 20:00:00.000000000 -0400
|
|
+++ b/vendor/github.com/go-git/go-git/v5/worktree_commit.go 2022-12-20 13:47:27.671919357 -0500
|
|
@@ -1,7 +1,7 @@
|
|
package git
|
|
|
|
import (
|
|
- "bytes"
|
|
+ // "bytes"
|
|
"path"
|
|
"sort"
|
|
"strings"
|
|
@@ -12,7 +12,7 @@
|
|
"github.com/go-git/go-git/v5/plumbing/object"
|
|
"github.com/go-git/go-git/v5/storage"
|
|
|
|
- "github.com/ProtonMail/go-crypto/openpgp"
|
|
+ // "github.com/ProtonMail/go-crypto/openpgp"
|
|
"github.com/go-git/go-billy/v5"
|
|
)
|
|
|
|
@@ -101,6 +101,7 @@
|
|
ParentHashes: opts.Parents,
|
|
}
|
|
|
|
+ /*
|
|
if opts.SignKey != nil {
|
|
sig, err := w.buildCommitSignature(commit, opts.SignKey)
|
|
if err != nil {
|
|
@@ -108,6 +109,7 @@
|
|
}
|
|
commit.PGPSignature = sig
|
|
}
|
|
+ */
|
|
|
|
obj := w.r.Storer.NewEncodedObject()
|
|
if err := commit.Encode(obj); err != nil {
|
|
@@ -116,7 +118,8 @@
|
|
return w.r.Storer.SetEncodedObject(obj)
|
|
}
|
|
|
|
-func (w *Worktree) buildCommitSignature(commit *object.Commit, signKey *openpgp.Entity) (string, error) {
|
|
+func (w *Worktree) buildCommitSignature(commit *object.Commit, signKey *int) (string, error) {
|
|
+ /*
|
|
encoded := &plumbing.MemoryObject{}
|
|
if err := commit.Encode(encoded); err != nil {
|
|
return "", err
|
|
@@ -130,6 +133,8 @@
|
|
return "", err
|
|
}
|
|
return b.String(), nil
|
|
+ */
|
|
+ return "", nil
|
|
}
|
|
|
|
// buildTreeHelper converts a given index.Index file into multiple git objects
|