Launchpad itself

Merge lp:~cjwatson/launchpad/twisted-13.0.0-p2 into lp:launchpad

  1. twisted-13.0.0-p2
  2. Merge into devel
Proposed by Colin Watson on 2015-11-17
Status: Merged
Merged at revision: 17849
Proposed branch: lp:~cjwatson/launchpad/twisted-13.0.0-p2
Merge into: lp:launchpad
Diff against target: 61 lines (+12/-6)
3 files modified
daemons/sftp.tac (+3/-2)
lib/lp/services/config/schema-lazr.conf (+3/-0)
versions.cfg (+6/-4)
To merge this branch: bzr merge lp:~cjwatson/launchpad/twisted-13.0.0-p2
Reviewer Review Type Date Requested Status
William Grant code 2015-11-17 Approve on 2015-11-18
Review via email: mp+277642@code.launchpad.net

Commit Message

Upgrade to Twisted 13.0.0-p2 and lazr.sshserver 0.1.2, adding support for SHA-2 key exchange and MAC algorithms.

Description of the Change

Upgrade to Twisted 13.0.0-p2 and lazr.sshserver 0.1.2, adding support for SHA-2 key exchange and MAC algorithms.

See https://code.launchpad.net/~cjwatson/launchpad/twisted-13.0.0-p1/+merge/276877 for the rationale for doing backports at all. The Twisted backport is in https://code.launchpad.net/~canonical-launchpad-branches/twisted/+git/twisted/+ref/lp-backport as before, and I'll commit a tarball to lp:lp-source-dependencies if and when this is approved.

This also bumps to a new lazr.sshserver version, which is in https://code.launchpad.net/~cjwatson/lazr.sshserver/moduli/+merge/277641, and adds a small amount of configuration glue to pass in a moduli path suitable for all Debian-derived distributions. With all this I've tested that I can connect to a local codehosting server using diffie-hellman-group-exchange-sha256 and hmac-sha2-256.

To post a comment you must log in.
Colin Watson (cjwatson) wrote :

I've now tested that hmac-sha2-512 works as well. OpenSSH prefers the 256-bit version, probably because it's faster and there isn't much point in a MAC stronger than the key exchange, but the 512-bit version works if forced using -oMACs=hmac-sha2-512.

William Grant (wgrant) :
review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'daemons/sftp.tac'
2--- daemons/sftp.tac 2015-01-12 18:53:31 +0000
3+++ daemons/sftp.tac 2015-11-17 01:49:53 +0000
4@@ -1,4 +1,4 @@
5-# Copyright 2009-2011 Canonical Ltd. This software is licensed under the
6+# Copyright 2009-2015 Canonical Ltd. This software is licensed under the
7 # GNU Affero General Public License version 3 (see the file LICENSE).
8
9 # This is a Twisted application config file. To run, use:
10@@ -59,7 +59,8 @@
11 access_log_path=config.codehosting.access_log,
12 strport=config.codehosting.port,
13 factory_decorator=ssh_factory_decorator,
14- banner=config.codehosting.banner)
15+ banner=config.codehosting.banner,
16+ moduli_path=config.codehosting.moduli_path)
17 svc.setServiceParent(shutdown_cleanly_svc)
18
19 # Service that announces when the daemon is ready
20
21=== modified file 'lib/lp/services/config/schema-lazr.conf'
22--- lib/lp/services/config/schema-lazr.conf 2015-09-26 16:32:29 +0000
23+++ lib/lp/services/config/schema-lazr.conf 2015-11-17 01:49:53 +0000
24@@ -290,6 +290,9 @@
25 # datatype: string
26 banner: none
27
28+# The path to the OpenSSH moduli file to read.
29+moduli_path: /etc/ssh/moduli
30+
31 # datatype: string
32 port: tcp:5022
33
34
35=== modified file 'versions.cfg'
36--- versions.cfg 2015-11-13 14:48:32 +0000
37+++ versions.cfg 2015-11-17 01:49:53 +0000
38@@ -58,7 +58,7 @@
39 lazr.restful = 0.19.10
40 lazr.restfulclient = 0.13.2
41 lazr.smtptest = 1.3
42-lazr.sshserver = 0.1.1
43+lazr.sshserver = 0.1.2
44 lazr.testing = 0.1.1
45 lazr.uri = 1.0.3
46 lpjsmin = 0.5
47@@ -127,9 +127,11 @@
48 testresources = 0.2.7
49 testtools = 0.9.30
50 timeline = 0.0.3
51-# p1 Build of lp:~canonical-launchpad-branches/twisted:lp-backport.
52-# Support diffie-hellman-group14-sha1 key exchange in conch.ssh.
53-Twisted = 13.0.0-p1
54+# Build of lp:~canonical-launchpad-branches/twisted:lp-backport.
55+# p1 Support diffie-hellman-group14-sha1 key exchange in conch.ssh.
56+# p2 Add diffie-hellman-group-exchange-sha256 to twisted.conch.ssh.
57+# Add support in twisted.conch.ssh for hmac-sha2-256 and hmac-sha2-512.
58+Twisted = 13.0.0-p2
59 txAMQP = 0.6.2
60 txfixtures = 0.1.4
61 txlongpoll = 0.2.12