Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove SHA1 for support for ssh rsa signing #31857

Merged
merged 7 commits into from
Sep 7, 2024
Merged

Remove SHA1 for support for ssh rsa signing #31857

merged 7 commits into from
Sep 7, 2024

Conversation

42wim
Copy link
Member

@42wim 42wim commented Aug 17, 2024
edited
Loading

https://github.com/go-fed/httpsig seems to be unmaintained.

Switch to github.com/42wim/httpsig which has removed deprecated crypto and default sha256 signing for ssh rsa.

No impact for those that use ed25519 ssh certificates.

This is a breaking change for:

  • gitea.com/gitea/tea (go-sdk) - I'll be sending a PR there too
  • activitypub using deprecated crypto (is this actually used?)

@42wim
Remove SHA1 for support for ssh rsa signing
f375209 
https://github.com/go-fed/httpsig seems to be unmaintained.
Switch to github.com/42wim/httpsig which has removed deprecated crypto
and default sha256 signing for ssh rsa.

No impact for those that use ed25519 ssh certificates.

This is a breaking change for:
- gitea.com/gitea/tea (go-sdk) - I'll be sending a PR there too
- activitypub using deprecated crypto (is this actually used?)
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Aug 17, 2024
@pull-request-size pull-request-size bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Aug 17, 2024
@github-actions github-actions bot added modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code modifies/dependencies labels Aug 17, 2024
@techknowlogick
Copy link
Member

Thanks @42wim, could you run make tidy on this so the licenses file gets updated?

@lunny lunny added the pr/breaking Merging this PR means builds will break. Needs a description what exactly breaks, and how to fix it! label Aug 18, 2024
@lunny lunny added this to the 1.23.0 milestone Aug 18, 2024
@silverwind
Copy link
Member

Here is the diff from that fork: go-fed/httpsig@master...42wim:httpsig:master

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Sep 7, 2024
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Sep 7, 2024
@lunny lunny added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Sep 7, 2024
@techknowlogick techknowlogick merged commit 01dec75 into go-gitea:main Sep 7, 2024
26 checks passed
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Sep 7, 2024
zjjhot added a commit to zjjhot/gitea that referenced this pull request Sep 9, 2024
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
dc3aa48 
* giteaofficial/main:
  [skip ci] Updated licenses and gitignores
  [skip ci] Updated translations via Crowdin
  Remove SHA1 for support for ssh rsa signing (go-gitea#31857)
  Upgrade cache to v0.2.1 (go-gitea#32003)
  Add automatic light/dark option for the colorblind theme (go-gitea#31997)
  [skip ci] Updated translations via Crowdin
  Use global lock instead of NewExclusivePool to allow distributed lock between multiple Gitea instances (go-gitea#31813)
  Use forum.gitea.com instead of old URL (go-gitea#31989)
  Distinguish official vs non-official reviews, add tool tips, and upgr… (go-gitea#31924)
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Dec 6, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@delvh delvh delvh approved these changes

@techknowlogick techknowlogick techknowlogick approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/api This PR adds API routes or modifies them modifies/dependencies modifies/go Pull requests that update Go code pr/breaking Merging this PR means builds will break. Needs a description what exactly breaks, and how to fix it! size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
1.23.0
Development

Successfully merging this pull request may close these issues.
6 participants
@42wim @techknowlogick @silverwind @delvh @lunny @GiteaBot