Skip to content

New and Noteworthy 6.1

Jump to bottom
Thomas Wolf edited this page Jan 10, 2024 · 2 revisions

JGit

Dependencies

  • Apache MINA sshd has been updated to version 2.8.0 (previously 2.7.0).
    • Affected JGit bundles: org.eclipse.jgit.ssh.apache and org.eclipse.jgit.ssh.apache.agent. As always, these bundles may not work with other versions of Apache MINA sshd because of possible incompatible upstream API changes.
  • Logging: JGit only uses org.slf4j.api, version 1.7.30. The tests and the command-line program from org.eclipse.jgit.pgm now use the org.slf4j.binding.simple logging back-end; log4j has been removed. (Previously, JGit used log4j 1.2.15 in tests and in the command-line program: i.e., the old log4j, not the newer log4j2.)

SSH

The (optional) bundle org.eclipse.jgit.ssh.apache.agent newly also supports communicating with the SSH agent of Microsoft's port of OpenSSH, Win32-OpenSSH, via a Windows named pipe.

Bundle org.eclipse.jgit.ssh.apache fully implements the SSH configuration properties IdentityAgent and AddKeysToAgent.

JGit implements the newer SSH2 agent protocol; the older SSH1 protocol is not supported.

SSH Agent Support on Linux, OS X, BSD

On Linux, OS X, and BSD, the only agent communication mechanism supported is the usual communication via a Unix domain socket. This is the only protocol the OpenSSH SSH agent supports. A Unix domain socket appears as a special file in the file system; this file name is typically available in the environment variable SSH_AUTH_SOCK.

The SSH config IdentityAgent can be set to this socket filename to specify exactly which Unix domain socket to use, or it can be set to SSH_AUTH_SOCK to use the value from that environment variable. If IdentityAgent is not set at all, JGit uses SSH_AUTH_SOCK by default. If the variable is not set, no SSH agent will be used. IdentityAgent can also be set to none to not use any SSH agent.

SSH Agent Support on Windows

On Windows, two different agent communication mechanisms are supported:

  • A transport over a Windows named pipe. This is used by Win32-OpenSSH, and is available for Pageant since version 0.75.
  • A Pageant-specific legacy transport via shared memory; useful for Pageant and GPG's gpg-agent.

Possible settings of IdentityAgent to select a particular transport are

  • //./pipe/openssh-ssh-agent: the Windows named pipe of Win32-OpenSSH.
  • //./pageant: the shared-memory mechanism of Pageant (can also be used for gpg-agent).
  • none: do not use any SSH agent.
  • //./pipe/<any_valid_pipe_name>: use a specific Windows named pipe.

The default transport on Windows if IdentityAgent is not set at all is the Pageant shared-memory transport. Environment variable SSH_AUTH_SOCK needs not be set for Pageant, and must not be set for Win32-OpenSSH.

Neither Pageant (as of version 0.76) nor Win32-OpenSSH (as of version 8.6) support the confirm or lifetime constraints for AddKeysToAgent. Do not use these configurations on Windows with these agents. gpg-agent apparently does support these settings.

To use gpg-agent, choose the Pageant shared memory communication, and run gpg-agent with option enable-putty-support.

Other Changes

The complete list of new features and bug fixes is available in the release notes.

Contributors

The following 20 developers worked on this release:

Alina Djamankulova, Andre Bossert, Antonio Barone, Darius Jokilehto, David Ostrovsky, Fabio Ponciroli, Han-Wen Nienhuys, Ivan Frade, Kaushik Lingarkar, Kyle Zhao, Luca Milanesio, Marcin Czech, Matthias Fromme, Matthias Sohn, Nail Samatov, Nasser Grainawi, Rolf Theunissen, Sebastian Schuberth, Simeon Andreev, Thomas Wolf

Clone this wiki locally