diff options
Diffstat (limited to '1001-vendor-patch-removed-backend-crypto.patch')
| -rw-r--r-- | 1001-vendor-patch-removed-backend-crypto.patch | 1156 |
1 files changed, 1156 insertions, 0 deletions
diff --git a/1001-vendor-patch-removed-backend-crypto.patch b/1001-vendor-patch-removed-backend-crypto.patch new file mode 100644 index 0000000..c8786da --- /dev/null +++ b/1001-vendor-patch-removed-backend-crypto.patch @@ -0,0 +1,1156 @@ +patch removed backend crypto + +the `Makefile` removed a few files containing (unused) crypto +algorithms from the vendor tarball, which are not used in Grafana. +This patch removes all references to the deleted files. + +diff --git a/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go +new file mode 100644 +index 0000000000..871e612a61 +--- /dev/null ++++ b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go +@@ -0,0 +1,25 @@ ++package elgamal ++ ++import ( ++ "io" ++ "math/big" ++) ++ ++// PublicKey represents an ElGamal public key. ++type PublicKey struct { ++ G, P, Y *big.Int ++} ++ ++// PrivateKey represents an ElGamal private key. ++type PrivateKey struct { ++ PublicKey ++ X *big.Int ++} ++ ++func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err error) { ++ panic("ElGamal encryption not available") ++} ++ ++func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) { ++ panic("ElGamal encryption not available") ++} +diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go +index 0a19794a8e..25a5ee9158 100644 +--- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go ++++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go +@@ -22,7 +22,6 @@ import ( + "math/big" + "math/bits" + +- "golang.org/x/crypto/cast5" + "golang.org/x/crypto/openpgp/errors" + ) + +@@ -493,7 +492,7 @@ func (cipher CipherFunction) KeySize() int { + case Cipher3DES: + return 24 + case CipherCAST5: +- return cast5.KeySize ++ panic("cast5 cipher not available") + case CipherAES128: + return 16 + case CipherAES192: +@@ -523,7 +522,7 @@ func (cipher CipherFunction) new(key []byte) (block cipher.Block) { + case Cipher3DES: + block, _ = des.NewTripleDESCipher(key) + case CipherCAST5: +- block, _ = cast5.NewCipher(key) ++ panic("cast5 cipher not available") + case CipherAES128, CipherAES192, CipherAES256: + block, _ = aes.NewCipher(key) + } +diff --git a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go +index 6126030eb9..3a54c5f2b1 100644 +--- a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go ++++ b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go +@@ -5,13 +5,12 @@ + package packet + + import ( +- "crypto/cipher" + "crypto/sha1" + "crypto/subtle" +- "golang.org/x/crypto/openpgp/errors" + "hash" + "io" +- "strconv" ++ ++ "golang.org/x/crypto/openpgp/errors" + ) + + // SymmetricallyEncrypted represents a symmetrically encrypted byte string. The +@@ -45,46 +44,7 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error { + // packet can be read. An incorrect key can, with high probability, be detected + // immediately and this will result in a KeyIncorrect error being returned. + func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) { +- keySize := c.KeySize() +- if keySize == 0 { +- return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c))) +- } +- if len(key) != keySize { +- return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length") +- } +- +- if se.prefix == nil { +- se.prefix = make([]byte, c.blockSize()+2) +- _, err := readFull(se.contents, se.prefix) +- if err != nil { +- return nil, err +- } +- } else if len(se.prefix) != c.blockSize()+2 { +- return nil, errors.InvalidArgumentError("can't try ciphers with different block lengths") +- } +- +- ocfbResync := OCFBResync +- if se.MDC { +- // MDC packets use a different form of OCFB mode. +- ocfbResync = OCFBNoResync +- } +- +- s := NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync) +- if s == nil { +- return nil, errors.ErrKeyIncorrect +- } +- +- plaintext := cipher.StreamReader{S: s, R: se.contents} +- +- if se.MDC { +- // MDC packets have an embedded hash that we need to check. +- h := sha1.New() +- h.Write(se.prefix) +- return &seMDCReader{in: plaintext, h: h}, nil +- } +- +- // Otherwise, we just need to wrap plaintext so that it's a valid ReadCloser. +- return seReader{plaintext}, nil ++ panic("OCFB cipher not available") + } + + // seReader wraps an io.Reader with a no-op Close method. +@@ -254,37 +214,5 @@ func (c noOpCloser) Close() error { + // written. + // If config is nil, sensible defaults will be used. + func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error) { +- if c.KeySize() != len(key) { +- return nil, errors.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length") +- } +- writeCloser := noOpCloser{w} +- ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedMDC) +- if err != nil { +- return +- } +- +- _, err = ciphertext.Write([]byte{symmetricallyEncryptedVersion}) +- if err != nil { +- return +- } +- +- block := c.new(key) +- blockSize := block.BlockSize() +- iv := make([]byte, blockSize) +- _, err = config.Random().Read(iv) +- if err != nil { +- return +- } +- s, prefix := NewOCFBEncrypter(block, iv, OCFBNoResync) +- _, err = ciphertext.Write(prefix) +- if err != nil { +- return +- } +- plaintext := cipher.StreamWriter{S: s, W: ciphertext} +- +- h := sha1.New() +- h.Write(iv) +- h.Write(iv[blockSize-2:]) +- contents = &seMDCWriter{w: plaintext, h: h} +- return ++ panic("OCFB cipher not available") + } +diff --git a/vendor/golang.org/x/crypto/pkcs12/crypto.go b/vendor/golang.org/x/crypto/pkcs12/crypto.go +index 484ca51b71..5f502b8df1 100644 +--- a/vendor/golang.org/x/crypto/pkcs12/crypto.go ++++ b/vendor/golang.org/x/crypto/pkcs12/crypto.go +@@ -11,8 +11,6 @@ import ( + "crypto/x509/pkix" + "encoding/asn1" + "errors" +- +- "golang.org/x/crypto/pkcs12/internal/rc2" + ) + + var ( +@@ -46,10 +44,6 @@ func (shaWithTripleDESCBC) deriveIV(salt, password []byte, iterations int) []byt + + type shaWith40BitRC2CBC struct{} + +-func (shaWith40BitRC2CBC) create(key []byte) (cipher.Block, error) { +- return rc2.New(key, len(key)*8) +-} +- + func (shaWith40BitRC2CBC) deriveKey(salt, password []byte, iterations int) []byte { + return pbkdf(sha1Sum, 20, 64, salt, password, iterations, 1, 5) + } +@@ -70,7 +64,7 @@ func pbDecrypterFor(algorithm pkix.AlgorithmIdentifier, password []byte) (cipher + case algorithm.Algorithm.Equal(oidPBEWithSHAAnd3KeyTripleDESCBC): + cipherType = shaWithTripleDESCBC{} + case algorithm.Algorithm.Equal(oidPBEWithSHAAnd40BitRC2CBC): +- cipherType = shaWith40BitRC2CBC{} ++ panic("RC2 encryption not available") + default: + return nil, 0, NotImplementedError("algorithm " + algorithm.Algorithm.String() + " is not supported") + } +diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go +index ae3ebc03b9..11dbc3c56e 100644 +--- a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go ++++ b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go +@@ -16,14 +16,11 @@ + package web + + import ( +- "encoding/hex" + "fmt" + "net/http" +- "strings" + "sync" + + "github.com/go-kit/log" +- "golang.org/x/crypto/bcrypt" + ) + + // extraHTTPHeaders is a map of HTTP headers that can be added to HTTP +@@ -36,22 +34,6 @@ var extraHTTPHeaders = map[string][]string{ + "Content-Security-Policy": nil, + } + +-func validateUsers(configPath string) error { +- c, err := getConfig(configPath) +- if err != nil { +- return err +- } +- +- for _, p := range c.Users { +- _, err = bcrypt.Cost([]byte(p)) +- if err != nil { +- return err +- } +- } +- +- return nil +-} +- + // validateHeaderConfig checks that the provided header configuration is correct. + // It does not check the validity of all the values, only the ones which are + // well-defined enumerations. +@@ -67,60 +49,3 @@ type webHandler struct { + // only once in parallel as this is CPU intensive. + bcryptMtx sync.Mutex + } +- +-func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { +- c, err := getConfig(u.tlsConfigPath) +- if err != nil { +- u.logger.Log("msg", "Unable to parse configuration", "err", err) +- http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) +- return +- } +- +- // Configure http headers. +- for k, v := range c.HTTPConfig.Header { +- w.Header().Set(k, v) +- } +- +- if len(c.Users) == 0 { +- u.handler.ServeHTTP(w, r) +- return +- } +- +- user, pass, auth := r.BasicAuth() +- if auth { +- hashedPassword, validUser := c.Users[user] +- +- if !validUser { +- // The user is not found. Use a fixed password hash to +- // prevent user enumeration by timing requests. +- // This is a bcrypt-hashed version of "fakepassword". +- hashedPassword = "$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSi" +- } +- +- cacheKey := strings.Join( +- []string{ +- hex.EncodeToString([]byte(user)), +- hex.EncodeToString([]byte(hashedPassword)), +- hex.EncodeToString([]byte(pass)), +- }, ":") +- authOk, ok := u.cache.get(cacheKey) +- +- if !ok { +- // This user, hashedPassword, password is not cached. +- u.bcryptMtx.Lock() +- err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(pass)) +- u.bcryptMtx.Unlock() +- +- authOk = validUser && err == nil +- u.cache.set(cacheKey, authOk) +- } +- +- if authOk && validUser { +- u.handler.ServeHTTP(w, r) +- return +- } +- } +- +- w.Header().Set("WWW-Authenticate", "Basic") +- http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) +-} +diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go +--- grafana-9.2.2/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go 2023-03-13 20:00:00.000000000 -0400 ++++ /tmp/rpkg/grafana-1-v6p2z4of/grafana-9.2.2/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go 2023-03-16 13:43:13.300238021 -0400 +@@ -18,12 +18,8 @@ + "crypto/x509" + "fmt" + "io/ioutil" +- "net" +- "net/http" + "path/filepath" + +- "github.com/go-kit/log" +- "github.com/go-kit/log/level" + "github.com/pkg/errors" + config_util "github.com/prometheus/common/config" + "gopkg.in/yaml.v2" +@@ -177,98 +173,6 @@ + return cfg, nil + } + +-// ListenAndServe starts the server on the given address. Based on the file +-// tlsConfigPath, TLS or basic auth could be enabled. +-func ListenAndServe(server *http.Server, tlsConfigPath string, logger log.Logger) error { +- listener, err := net.Listen("tcp", server.Addr) +- if err != nil { +- return err +- } +- defer listener.Close() +- return Serve(listener, server, tlsConfigPath, logger) +-} +- +-// Server starts the server on the given listener. Based on the file +-// tlsConfigPath, TLS or basic auth could be enabled. +-func Serve(l net.Listener, server *http.Server, tlsConfigPath string, logger log.Logger) error { +- if tlsConfigPath == "" { +- level.Info(logger).Log("msg", "TLS is disabled.", "http2", false) +- return server.Serve(l) +- } +- +- if err := validateUsers(tlsConfigPath); err != nil { +- return err +- } +- +- // Setup basic authentication. +- var handler http.Handler = http.DefaultServeMux +- if server.Handler != nil { +- handler = server.Handler +- } +- +- c, err := getConfig(tlsConfigPath) +- if err != nil { +- return err +- } +- +- server.Handler = &webHandler{ +- tlsConfigPath: tlsConfigPath, +- logger: logger, +- handler: handler, +- cache: newCache(), +- } +- +- config, err := ConfigToTLSConfig(&c.TLSConfig) +- switch err { +- case nil: +- if !c.HTTPConfig.HTTP2 { +- server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler)) +- } +- // Valid TLS config. +- level.Info(logger).Log("msg", "TLS is enabled.", "http2", c.HTTPConfig.HTTP2) +- case errNoTLSConfig: +- // No TLS config, back to plain HTTP. +- level.Info(logger).Log("msg", "TLS is disabled.", "http2", false) +- return server.Serve(l) +- default: +- // Invalid TLS config. +- return err +- } +- +- server.TLSConfig = config +- +- // Set the GetConfigForClient method of the HTTPS server so that the config +- // and certs are reloaded on new connections. +- server.TLSConfig.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) { +- config, err := getTLSConfig(tlsConfigPath) +- if err != nil { +- return nil, err +- } +- config.NextProtos = server.TLSConfig.NextProtos +- return config, nil +- } +- return server.ServeTLS(l, "", "") +-} +- +-// Validate configuration file by reading the configuration and the certificates. +-func Validate(tlsConfigPath string) error { +- if tlsConfigPath == "" { +- return nil +- } +- if err := validateUsers(tlsConfigPath); err != nil { +- return err +- } +- c, err := getConfig(tlsConfigPath) +- if err != nil { +- return err +- } +- _, err = ConfigToTLSConfig(&c.TLSConfig) +- if err == errNoTLSConfig { +- return nil +- } +- return err +-} +- + type cipher uint16 + + func (c *cipher) UnmarshalYAML(unmarshal func(interface{}) error) error { +@@ -351,11 +255,3 @@ + } + return fmt.Sprintf("%v", tv), nil + } +- +-// Listen starts the server on the given address. Based on the file +-// tlsConfigPath, TLS or basic auth could be enabled. +-// +-// Deprecated: Use ListenAndServe instead. +-func Listen(server *http.Server, tlsConfigPath string, logger log.Logger) error { +- return ListenAndServe(server, tlsConfigPath, logger) +-} +diff a/vendor/github.com/go-git/go-git/v5/options.go b/vendor/github.com/go-git/go-git/v5/options.go +--- a/vendor/github.com/go-git/go-git/v5/options.go 2022-10-30 20:00:00.000000000 -0400 ++++ b/vendor/github.com/go-git/go-git/v5/options.go 2022-12-20 10:24:35.162653691 -0500 +@@ -7,7 +7,7 @@ + "strings" + "time" + +- "github.com/ProtonMail/go-crypto/openpgp" ++ // "github.com/ProtonMail/go-crypto/openpgp" + "github.com/go-git/go-git/v5/config" + "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/plumbing/object" +@@ -434,7 +434,7 @@ + // SignKey denotes a key to sign the commit with. A nil value here means the + // commit will not be signed. The private key must be present and already + // decrypted. +- SignKey *openpgp.Entity ++ // SignKey *openpgp.Entity + } + + // Validate validates the fields and sets the default values. +@@ -517,7 +517,7 @@ + Message string + // SignKey denotes a key to sign the tag with. A nil value here means the tag + // will not be signed. The private key must be present and already decrypted. +- SignKey *openpgp.Entity ++ // SignKey *openpgp.Entity + } + + // Validate validates the fields and sets the default values. +diff a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go +--- a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go 2022-10-30 20:00:00.000000000 -0400 ++++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go 2022-12-20 10:33:26.630073026 -0500 +@@ -9,7 +9,7 @@ + "io" + "strings" + +- "github.com/ProtonMail/go-crypto/openpgp" ++ // "github.com/ProtonMail/go-crypto/openpgp" + + "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/plumbing/storer" +@@ -354,7 +354,8 @@ + + // Verify performs PGP verification of the commit with a provided armored + // keyring and returns openpgp.Entity associated with verifying key on success. +-func (c *Commit) Verify(armoredKeyRing string) (*openpgp.Entity, error) { ++func (c *Commit) Verify(armoredKeyRing string) (*int, error) { ++ /* + keyRingReader := strings.NewReader(armoredKeyRing) + keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader) + if err != nil { +@@ -375,6 +376,8 @@ + } + + return openpgp.CheckArmoredDetachedSignature(keyring, er, signature, nil) ++ */ ++ return nil, nil + } + + func indent(t string) string { +diff a/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go +--- a/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go 2022-10-30 20:00:00.000000000 -0400 ++++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go 2022-12-20 10:37:05.542949113 -0500 +@@ -6,9 +6,9 @@ + "fmt" + "io" + stdioutil "io/ioutil" +- "strings" ++ // "strings" + +- "github.com/ProtonMail/go-crypto/openpgp" ++ // "github.com/ProtonMail/go-crypto/openpgp" + + "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/plumbing/storer" +@@ -284,7 +284,8 @@ + + // Verify performs PGP verification of the tag with a provided armored + // keyring and returns openpgp.Entity associated with verifying key on success. +-func (t *Tag) Verify(armoredKeyRing string) (*openpgp.Entity, error) { ++func (t *Tag) Verify(armoredKeyRing string) (*int, error) { ++ /* + keyRingReader := strings.NewReader(armoredKeyRing) + keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader) + if err != nil { +@@ -305,6 +306,8 @@ + } + + return openpgp.CheckArmoredDetachedSignature(keyring, er, signature, nil) ++ */ ++ return nil, nil + } + + // TagIter provides an iterator for a set of tags. +diff a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go +--- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go 2022-10-30 20:00:00.000000000 -0400 ++++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go 2022-12-20 13:42:13.659296361 -0500 +@@ -1,6 +1,7 @@ + package ssh + + import ( ++ /* + "errors" + "fmt" + "io/ioutil" +@@ -14,6 +15,7 @@ + sshagent "github.com/xanzy/ssh-agent" + "golang.org/x/crypto/ssh" + "golang.org/x/crypto/ssh/knownhosts" ++ */ + ) + + const DefaultUsername = "git" +@@ -22,10 +24,12 @@ + // must implement. The clientConfig method returns the ssh client + // configuration needed to establish an ssh connection. + type AuthMethod interface { ++ /* + transport.AuthMethod + // ClientConfig should return a valid ssh.ClientConfig to be used to create + // a connection to the SSH server. + ClientConfig() (*ssh.ClientConfig, error) ++ */ + } + + // The names of the AuthMethod implementations. To be returned by the +@@ -42,78 +46,101 @@ + // KeyboardInteractive implements AuthMethod by using a + // prompt/response sequence controlled by the server. + type KeyboardInteractive struct { ++ /* + User string + Challenge ssh.KeyboardInteractiveChallenge + HostKeyCallbackHelper ++ */ + } + + func (a *KeyboardInteractive) Name() string { +- return KeyboardInteractiveName ++ // return KeyboardInteractiveName ++ return "" + } + + func (a *KeyboardInteractive) String() string { +- return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ // return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ return "" + } + +-func (a *KeyboardInteractive) ClientConfig() (*ssh.ClientConfig, error) { ++func (a *KeyboardInteractive) ClientConfig() (*int, error) { ++ /* + return a.SetHostKeyCallback(&ssh.ClientConfig{ + User: a.User, + Auth: []ssh.AuthMethod{ + a.Challenge, + }, + }) ++ */ ++ return nil, nil + } + + // Password implements AuthMethod by using the given password. + type Password struct { ++ /* + User string + Password string + HostKeyCallbackHelper ++ */ + } + + func (a *Password) Name() string { +- return PasswordName ++ // return PasswordName ++ return "" + } + + func (a *Password) String() string { +- return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ // return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ return "" + } + +-func (a *Password) ClientConfig() (*ssh.ClientConfig, error) { ++func (a *Password) ClientConfig() (*int, error) { ++ /* + return a.SetHostKeyCallback(&ssh.ClientConfig{ + User: a.User, + Auth: []ssh.AuthMethod{ssh.Password(a.Password)}, + }) ++ */ ++ return nil, nil + } + + // PasswordCallback implements AuthMethod by using a callback + // to fetch the password. + type PasswordCallback struct { ++ /* + User string + Callback func() (pass string, err error) + HostKeyCallbackHelper ++ */ + } + + func (a *PasswordCallback) Name() string { +- return PasswordCallbackName ++ // return PasswordCallbackName ++ return "" + } + + func (a *PasswordCallback) String() string { +- return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ // return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ return "" + } + +-func (a *PasswordCallback) ClientConfig() (*ssh.ClientConfig, error) { ++func (a *PasswordCallback) ClientConfig() (*int, error) { ++ /* + return a.SetHostKeyCallback(&ssh.ClientConfig{ + User: a.User, + Auth: []ssh.AuthMethod{ssh.PasswordCallback(a.Callback)}, + }) ++ */ ++ return nil, nil + } + + // PublicKeys implements AuthMethod by using the given key pairs. + type PublicKeys struct { ++ /* + User string + Signer ssh.Signer + HostKeyCallbackHelper ++ */ + } + + // NewPublicKeys returns a PublicKeys from a PEM encoded private key. An +@@ -121,6 +148,7 @@ + // encrypted PEM block otherwise password should be empty. It supports RSA + // (PKCS#1), PKCS#8, DSA (OpenSSL), and ECDSA private keys. + func NewPublicKeys(user string, pemBytes []byte, password string) (*PublicKeys, error) { ++ /* + signer, err := ssh.ParsePrivateKey(pemBytes) + if _, ok := err.(*ssh.PassphraseMissingError); ok { + signer, err = ssh.ParsePrivateKeyWithPassphrase(pemBytes, []byte(password)) +@@ -129,36 +157,47 @@ + return nil, err + } + return &PublicKeys{User: user, Signer: signer}, nil ++ */ ++ return nil, nil + } + + // NewPublicKeysFromFile returns a PublicKeys from a file containing a PEM + // encoded private key. An encryption password should be given if the pemBytes + // contains a password encrypted PEM block otherwise password should be empty. + func NewPublicKeysFromFile(user, pemFile, password string) (*PublicKeys, error) { ++ /* + bytes, err := ioutil.ReadFile(pemFile) + if err != nil { + return nil, err + } + + return NewPublicKeys(user, bytes, password) ++ */ ++ return nil, nil + } + + func (a *PublicKeys) Name() string { +- return PublicKeysName ++ // return PublicKeysName ++ return "" + } + + func (a *PublicKeys) String() string { +- return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ // return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ return "" + } + +-func (a *PublicKeys) ClientConfig() (*ssh.ClientConfig, error) { ++func (a *PublicKeys) ClientConfig() (*int, error) { ++ /* + return a.SetHostKeyCallback(&ssh.ClientConfig{ + User: a.User, + Auth: []ssh.AuthMethod{ssh.PublicKeys(a.Signer)}, + }) ++ */ ++ return nil, nil + } + + func username() (string, error) { ++ /* + var username string + if user, err := user.Current(); err == nil { + username = user.Username +@@ -171,20 +210,25 @@ + } + + return username, nil ++ */ ++ return "", nil + } + + // PublicKeysCallback implements AuthMethod by asking a + // ssh.agent.Agent to act as a signer. + type PublicKeysCallback struct { ++ /* + User string + Callback func() (signers []ssh.Signer, err error) + HostKeyCallbackHelper ++ */ + } + + // NewSSHAgentAuth returns a PublicKeysCallback based on a SSH agent, it opens + // a pipe with the SSH agent and uses the pipe as the implementer of the public + // key callback function. + func NewSSHAgentAuth(u string) (*PublicKeysCallback, error) { ++ /* + var err error + if u == "" { + u, err = username() +@@ -202,21 +246,28 @@ + User: u, + Callback: a.Signers, + }, nil ++ */ ++ return nil, nil + } + + func (a *PublicKeysCallback) Name() string { +- return PublicKeysCallbackName ++ // return PublicKeysCallbackName ++ return "" + } + + func (a *PublicKeysCallback) String() string { +- return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ // return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ return "" + } + +-func (a *PublicKeysCallback) ClientConfig() (*ssh.ClientConfig, error) { ++func (a *PublicKeysCallback) ClientConfig() (*int, error) { ++ /* + return a.SetHostKeyCallback(&ssh.ClientConfig{ + User: a.User, + Auth: []ssh.AuthMethod{ssh.PublicKeysCallback(a.Callback)}, + }) ++ */ ++ return nil, nil + } + + // NewKnownHostsCallback returns ssh.HostKeyCallback based on a file based on a +@@ -229,7 +280,8 @@ + // If SSH_KNOWN_HOSTS is not set the following file locations will be used: + // ~/.ssh/known_hosts + // /etc/ssh/ssh_known_hosts +-func NewKnownHostsCallback(files ...string) (ssh.HostKeyCallback, error) { ++func NewKnownHostsCallback(files ...string) (*int, error) { ++ /* + var err error + + if len(files) == 0 { +@@ -243,9 +295,12 @@ + } + + return knownhosts.New(files...) ++ */ ++ return nil, nil + } + +-func getDefaultKnownHostsFiles() ([]string, error) { ++func getDefaultKnownHostsFiles() (*int, error) { ++ /* + files := filepath.SplitList(os.Getenv("SSH_KNOWN_HOSTS")) + if len(files) != 0 { + return files, nil +@@ -260,9 +315,12 @@ + filepath.Join(homeDirPath, "/.ssh/known_hosts"), + "/etc/ssh/ssh_known_hosts", + }, nil ++ */ ++ return nil, nil + } + +-func filterKnownHostsFiles(files ...string) ([]string, error) { ++func filterKnownHostsFiles(files ...string) (*int, error) { ++ /* + var out []string + for _, file := range files { + _, err := os.Stat(file) +@@ -281,6 +339,8 @@ + } + + return out, nil ++ */ ++ return nil, nil + } + + // HostKeyCallbackHelper is a helper that provides common functionality to +@@ -289,13 +349,14 @@ + // HostKeyCallback is the function type used for verifying server keys. + // If nil default callback will be create using NewKnownHostsCallback + // without argument. +- HostKeyCallback ssh.HostKeyCallback ++ // HostKeyCallback ssh.HostKeyCallback + } + + // SetHostKeyCallback sets the field HostKeyCallback in the given cfg. If + // HostKeyCallback is empty a default callback is created using + // NewKnownHostsCallback. +-func (m *HostKeyCallbackHelper) SetHostKeyCallback(cfg *ssh.ClientConfig) (*ssh.ClientConfig, error) { ++func (m *HostKeyCallbackHelper) SetHostKeyCallback(*int) (*int, error) { ++ /* + var err error + if m.HostKeyCallback == nil { + if m.HostKeyCallback, err = NewKnownHostsCallback(); err != nil { +@@ -305,4 +366,6 @@ + + cfg.HostKeyCallback = m.HostKeyCallback + return cfg, nil ++ */ ++ return nil, nil + } +diff a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go +--- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go 2022-10-30 20:00:00.000000000 -0400 ++++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go 2022-12-20 14:01:25.825788050 -0500 +@@ -2,18 +2,22 @@ + package ssh + + import ( +- "context" ++ // "context" + "fmt" ++ /* + "reflect" + "strconv" + "strings" ++ */ + + "github.com/go-git/go-git/v5/plumbing/transport" + "github.com/go-git/go-git/v5/plumbing/transport/internal/common" + + "github.com/kevinburke/ssh_config" ++ /* + "golang.org/x/crypto/ssh" + "golang.org/x/net/proxy" ++ */ + ) + + // DefaultClient is the default SSH client. +@@ -28,23 +32,26 @@ + } + + // NewClient creates a new SSH client with an optional *ssh.ClientConfig. +-func NewClient(config *ssh.ClientConfig) transport.Transport { +- return common.NewClient(&runner{config: config}) ++func NewClient(*int) transport.Transport { ++ // return common.NewClient(&runner{config: config}) ++ return nil + } + + // DefaultAuthBuilder is the function used to create a default AuthMethod, when + // the user doesn't provide any. + var DefaultAuthBuilder = func(user string) (AuthMethod, error) { +- return NewSSHAgentAuth(user) ++ // return NewSSHAgentAuth(user) ++ return nil, nil + } + + const DefaultPort = 22 + + type runner struct { +- config *ssh.ClientConfig ++ // config *ssh.ClientConfig + } + + func (r *runner) Command(cmd string, ep *transport.Endpoint, auth transport.AuthMethod) (common.Command, error) { ++ /* + c := &command{command: cmd, endpoint: ep, config: r.config} + if auth != nil { + c.setAuth(auth) +@@ -54,9 +61,12 @@ + return nil, err + } + return c, nil ++ */ ++ return nil, nil + } + + type command struct { ++ /* + *ssh.Session + connected bool + command string +@@ -64,24 +74,29 @@ + client *ssh.Client + auth AuthMethod + config *ssh.ClientConfig ++ */ + } + + func (c *command) setAuth(auth transport.AuthMethod) error { ++ /* + a, ok := auth.(AuthMethod) + if !ok { + return transport.ErrInvalidAuthMethod + } + + c.auth = a ++ */ + return nil + } + + func (c *command) Start() error { +- return c.Session.Start(endpointToCommand(c.command, c.endpoint)) ++ // return c.Session.Start(endpointToCommand(c.command, c.endpoint)) ++ return nil + } + + // Close closes the SSH session and connection. + func (c *command) Close() error { ++ /* + if !c.connected { + return nil + } +@@ -99,6 +114,8 @@ + } + + return err ++ */ ++ return nil + } + + // connect connects to the SSH server, unless a AuthMethod was set with +@@ -106,6 +123,7 @@ + // it connects to a SSH agent, using the address stored in the SSH_AUTH_SOCK + // environment var. + func (c *command) connect() error { ++ /* + if c.connected { + return transport.ErrAlreadyConnected + } +@@ -136,10 +154,12 @@ + } + + c.connected = true ++ */ + return nil + } + +-func dial(network, addr string, config *ssh.ClientConfig) (*ssh.Client, error) { ++func dial(network, addr string, config *int) (*int, error) { ++ /* + var ( + ctx = context.Background() + cancel context.CancelFunc +@@ -160,9 +180,12 @@ + return nil, err + } + return ssh.NewClient(c, chans, reqs), nil ++ */ ++ return nil, nil + } + + func (c *command) getHostWithPort() string { ++ /* + if addr, found := c.doGetHostWithPortFromSSHConfig(); found { + return addr + } +@@ -174,9 +197,12 @@ + } + + return fmt.Sprintf("%s:%d", host, port) ++ */ ++ return "" + } + + func (c *command) doGetHostWithPortFromSSHConfig() (addr string, found bool) { ++ /* + if DefaultSSHConfig == nil { + return + } +@@ -202,12 +228,13 @@ + } + + addr = fmt.Sprintf("%s:%d", host, port) ++ */ + return + } + + func (c *command) setAuthFromEndpoint() error { + var err error +- c.auth, err = DefaultAuthBuilder(c.endpoint.User) ++ // c.auth, err = DefaultAuthBuilder(c.endpoint.User) + return err + } + +@@ -215,7 +242,8 @@ + return fmt.Sprintf("%s '%s'", cmd, ep.Path) + } + +-func overrideConfig(overrides *ssh.ClientConfig, c *ssh.ClientConfig) { ++func overrideConfig(overrides *int, c *int) { ++ /* + if overrides == nil { + return + } +@@ -232,4 +260,5 @@ + } + + *c = vc.Interface().(ssh.ClientConfig) ++ */ + } +diff a/vendor/github.com/go-git/go-git/v5/repository.go b/vendor/github.com/go-git/go-git/v5/repository.go +--- a/vendor/github.com/go-git/go-git/v5/repository.go 2022-10-30 20:00:00.000000000 -0400 ++++ b/vendor/github.com/go-git/go-git/v5/repository.go 2022-12-20 13:46:57.584666477 -0500 +@@ -13,7 +13,7 @@ + "strings" + "time" + +- "github.com/ProtonMail/go-crypto/openpgp" ++ // "github.com/ProtonMail/go-crypto/openpgp" + "github.com/go-git/go-billy/v5" + "github.com/go-git/go-billy/v5/osfs" + "github.com/go-git/go-billy/v5/util" +@@ -706,6 +706,7 @@ + Target: hash, + } + ++ /* + if opts.SignKey != nil { + sig, err := r.buildTagSignature(tag, opts.SignKey) + if err != nil { +@@ -714,6 +715,7 @@ + + tag.PGPSignature = sig + } ++ */ + + obj := r.Storer.NewEncodedObject() + if err := tag.Encode(obj); err != nil { +@@ -723,7 +725,8 @@ + return r.Storer.SetEncodedObject(obj) + } + +-func (r *Repository) buildTagSignature(tag *object.Tag, signKey *openpgp.Entity) (string, error) { ++func (r *Repository) buildTagSignature(tag *object.Tag, signKey *int) (string, error) { ++ /* + encoded := &plumbing.MemoryObject{} + if err := tag.Encode(encoded); err != nil { + return "", err +@@ -740,6 +743,8 @@ + } + + return b.String(), nil ++ */ ++ return "", nil + } + + // Tag returns a tag from the repository. +diff a/vendor/github.com/go-git/go-git/v5/worktree_commit.go b/vendor/github.com/go-git/go-git/v5/worktree_commit.go +--- a/vendor/github.com/go-git/go-git/v5/worktree_commit.go 2022-10-30 20:00:00.000000000 -0400 ++++ b/vendor/github.com/go-git/go-git/v5/worktree_commit.go 2022-12-20 13:47:27.671919357 -0500 +@@ -1,7 +1,7 @@ + package git + + import ( +- "bytes" ++ // "bytes" + "path" + "sort" + "strings" +@@ -12,7 +12,7 @@ + "github.com/go-git/go-git/v5/plumbing/object" + "github.com/go-git/go-git/v5/storage" + +- "github.com/ProtonMail/go-crypto/openpgp" ++ // "github.com/ProtonMail/go-crypto/openpgp" + "github.com/go-git/go-billy/v5" + ) + +@@ -101,6 +101,7 @@ + ParentHashes: opts.Parents, + } + ++ /* + if opts.SignKey != nil { + sig, err := w.buildCommitSignature(commit, opts.SignKey) + if err != nil { +@@ -108,6 +109,7 @@ + } + commit.PGPSignature = sig + } ++ */ + + obj := w.r.Storer.NewEncodedObject() + if err := commit.Encode(obj); err != nil { +@@ -116,7 +118,8 @@ + return w.r.Storer.SetEncodedObject(obj) + } + +-func (w *Worktree) buildCommitSignature(commit *object.Commit, signKey *openpgp.Entity) (string, error) { ++func (w *Worktree) buildCommitSignature(commit *object.Commit, signKey *int) (string, error) { ++ /* + encoded := &plumbing.MemoryObject{} + if err := commit.Encode(encoded); err != nil { + return "", err +@@ -130,6 +133,8 @@ + return "", err + } + return b.String(), nil ++ */ ++ return "", nil + } + + // buildTreeHelper converts a given index.Index file into multiple git objects |