launchpad-reviewers team mailing list archive

[Colin Watson <cjwatson@xxxxxxxxxxxxx>]

Colin Watson has proposed merging lp:~cjwatson/launchpad/twisted-13.0.0-p2 into lp:launchpad.

Commit message:
Upgrade to Twisted 13.0.0-p2 and lazr.sshserver 0.1.2, adding support for SHA-2 key exchange and MAC algorithms.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)
Related bugs:
  Bug #1445619 in Launchpad itself: "Launchpad SSH services should support SHA-2"
  https://bugs.launchpad.net/launchpad/+bug/1445619

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/twisted-13.0.0-p2/+merge/277642

Upgrade to Twisted 13.0.0-p2 and lazr.sshserver 0.1.2, adding support for SHA-2 key exchange and MAC algorithms.

See https://code.launchpad.net/~cjwatson/launchpad/twisted-13.0.0-p1/+merge/276877 for the rationale for doing backports at all.  The Twisted backport is in https://code.launchpad.net/~canonical-launchpad-branches/twisted/+git/twisted/+ref/lp-backport as before, and I'll commit a tarball to lp:lp-source-dependencies if and when this is approved.

This also bumps to a new lazr.sshserver version, which is in https://code.launchpad.net/~cjwatson/lazr.sshserver/moduli/+merge/277641, and adds a small amount of configuration glue to pass in a moduli path suitable for all Debian-derived distributions.  With all this I've tested that I can connect to a local codehosting server using diffie-hellman-group-exchange-sha256 and hmac-sha2-256.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~cjwatson/launchpad/twisted-13.0.0-p2 into lp:launchpad.

=== modified file 'daemons/sftp.tac'
--- daemons/sftp.tac	2015-01-12 18:53:31 +0000
+++ daemons/sftp.tac	2015-11-17 01:49:53 +0000
@@ -1,4 +1,4 @@
-# Copyright 2009-2011 Canonical Ltd.  This software is licensed under the
+# Copyright 2009-2015 Canonical Ltd.  This software is licensed under the
 # GNU Affero General Public License version 3 (see the file LICENSE).
 
 # This is a Twisted application config file.  To run, use:
@@ -59,7 +59,8 @@
     access_log_path=config.codehosting.access_log,
     strport=config.codehosting.port,
     factory_decorator=ssh_factory_decorator,
-    banner=config.codehosting.banner)
+    banner=config.codehosting.banner,
+    moduli_path=config.codehosting.moduli_path)
 svc.setServiceParent(shutdown_cleanly_svc)
 
 # Service that announces when the daemon is ready

=== modified file 'lib/lp/services/config/schema-lazr.conf'
--- lib/lp/services/config/schema-lazr.conf	2015-09-26 16:32:29 +0000
+++ lib/lp/services/config/schema-lazr.conf	2015-11-17 01:49:53 +0000
@@ -290,6 +290,9 @@
 # datatype: string
 banner: none
 
+# The path to the OpenSSH moduli file to read.
+moduli_path: /etc/ssh/moduli
+
 # datatype: string
 port: tcp:5022
 

=== modified file 'versions.cfg'
--- versions.cfg	2015-11-13 14:48:32 +0000
+++ versions.cfg	2015-11-17 01:49:53 +0000
@@ -58,7 +58,7 @@
 lazr.restful = 0.19.10
 lazr.restfulclient = 0.13.2
 lazr.smtptest = 1.3
-lazr.sshserver = 0.1.1
+lazr.sshserver = 0.1.2
 lazr.testing = 0.1.1
 lazr.uri = 1.0.3
 lpjsmin = 0.5
@@ -127,9 +127,11 @@
 testresources = 0.2.7
 testtools = 0.9.30
 timeline = 0.0.3
-# p1 Build of lp:~canonical-launchpad-branches/twisted:lp-backport.
-#    Support diffie-hellman-group14-sha1 key exchange in conch.ssh.
-Twisted = 13.0.0-p1
+# Build of lp:~canonical-launchpad-branches/twisted:lp-backport.
+# p1 Support diffie-hellman-group14-sha1 key exchange in conch.ssh.
+# p2 Add diffie-hellman-group-exchange-sha256 to twisted.conch.ssh.
+#    Add support in twisted.conch.ssh for hmac-sha2-256 and hmac-sha2-512.
+Twisted = 13.0.0-p2
 txAMQP = 0.6.2
 txfixtures = 0.1.4
 txlongpoll = 0.2.12