woggioni-opencode-agent/rbcs
1
0
Fork 0
forked from woggioni/rbcs
Code Pull Requests Activity

update to netty 4.2.15

Browse Source
This commit is contained in:
Walter Oggioni
2026-06-12 09:43:39 +08:00
parent 77cc044d0e
commit 4b2f2da35f
13 changed files with 1101 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitignore
-2
View File
@@ -4,8 +4,6 @@
# Ignore Gradle build output directory # Ignore Gradle build output directory
build build
rbcs-cli/native-image/*.json
# Ignore JDTLS files # Ignore JDTLS files
.classpath .classpath
.project .project
docker/Dockerfile
+1
View File
@@ -50,6 +50,7 @@ COPY --from=base-native /etc/rbcs /etc/rbcs
COPY --from=base-native /var/lib/rbcs /var/lib/rbcs COPY --from=base-native /var/lib/rbcs /var/lib/rbcs
COPY --from=base-native /var/tmp/rbcs /var/tmp/rbcs COPY --from=base-native /var/tmp/rbcs /var/tmp/rbcs
ADD rbcs-cli.upx /usr/bin/rbcs-cli ADD rbcs-cli.upx /usr/bin/rbcs-cli
ADD logback.xml /etc/rbcs/logback.xml
USER rbcs USER rbcs
WORKDIR /var/lib/rbcs WORKDIR /var/lib/rbcs
ENV RBCS_CONFIGURATION_DIR="/etc/rbcs" ENV RBCS_CONFIGURATION_DIR="/etc/rbcs"
gradle.properties
+2 -2
View File
@@ -2,9 +2,9 @@ org.gradle.configuration-cache=false
org.gradle.parallel=true org.gradle.parallel=true
org.gradle.caching=true org.gradle.caching=true
rbcs.version = 0.5.0 rbcs.version = 0.5.1
lys.version = 2026.05.27 lys.version = 2026.06.08
gitea.maven.url = https://gitea.woggioni.net/api/packages/woggioni/maven gitea.maven.url = https://gitea.woggioni.net/api/packages/woggioni/maven
docker.registry.url=gitea.woggioni.net docker.registry.url=gitea.woggioni.net
rbcs-cli/build.gradle
+4 -4
View File
@@ -90,7 +90,7 @@ Provider<EnvelopeJarTask> envelopeJarTaskProvider = tasks.named(EnvelopePlugin.E
tasks.named(NativeImagePlugin.CONFIGURE_NATIVE_IMAGE_TASK_NAME, NativeImageConfigurationTask) { tasks.named(NativeImagePlugin.CONFIGURE_NATIVE_IMAGE_TASK_NAME, NativeImageConfigurationTask) {
toolchain { toolchain {
languageVersion = JavaLanguageVersion.of(25) languageVersion = JavaLanguageVersion.of(25)
vendor = JvmVendorSpec.GRAAL_VM vendor = JvmVendorSpec.ORACLE
} }
mainClass = "net.woggioni.rbcs.cli.graal.GraalNativeImageConfiguration" mainClass = "net.woggioni.rbcs.cli.graal.GraalNativeImageConfiguration"
classpath = project.files( classpath = project.files(
@@ -108,7 +108,7 @@ tasks.named(NativeImagePlugin.CONFIGURE_NATIVE_IMAGE_TASK_NAME, NativeImageConfi
nativeImage { nativeImage {
toolchain { toolchain {
languageVersion = JavaLanguageVersion.of(25) languageVersion = JavaLanguageVersion.of(25)
vendor = JvmVendorSpec.GRAAL_VM vendor = JvmVendorSpec.ORACLE
} }
mainClass = mainClassName mainClass = mainClassName
//mainModule = mainModuleName //mainModule = mainModuleName
@@ -119,6 +119,7 @@ nativeImage {
compressExecutable = true compressExecutable = true
compressionLevel = 6 compressionLevel = 6
useLZMA = false useLZMA = false
//verbose = true
} }
Provider<UpxTask> upxTaskProvider = tasks.named(NativeImagePlugin.UPX_TASK_NAME, UpxTask) { Provider<UpxTask> upxTaskProvider = tasks.named(NativeImagePlugin.UPX_TASK_NAME, UpxTask) {
@@ -127,7 +128,7 @@ Provider<UpxTask> upxTaskProvider = tasks.named(NativeImagePlugin.UPX_TASK_NAME,
Provider<JlinkTask> jlinkTaskProvider = tasks.named(JlinkPlugin.JLINK_TASK_NAME, JlinkTask) { Provider<JlinkTask> jlinkTaskProvider = tasks.named(JlinkPlugin.JLINK_TASK_NAME, JlinkTask) {
toolchain { toolchain {
languageVersion = JavaLanguageVersion.of(25) languageVersion = JavaLanguageVersion.of(25)
vendor = JvmVendorSpec.GRAAL_VM vendor = JvmVendorSpec.ORACLE
} }
mainClass = mainClassName mainClass = mainClassName
@@ -152,7 +153,6 @@ Provider<JlinkTask> jlinkTaskProvider = tasks.named(JlinkPlugin.JLINK_TASK_NAME,
} }
Provider<Tar> jlinkDistTarTaskProvider = tasks.named(JlinkPlugin.JLINK_DIST_TAR_TASK_NAME, Tar) { Provider<Tar> jlinkDistTarTaskProvider = tasks.named(JlinkPlugin.JLINK_DIST_TAR_TASK_NAME, Tar) {
exclude 'lib/libjvmcicompiler.so'
} }
tasks.named(JavaPlugin.PROCESS_RESOURCES_TASK_NAME, ProcessResources) { tasks.named(JavaPlugin.PROCESS_RESOURCES_TASK_NAME, ProcessResources) {
rbcs-cli/conf/default.iprof
+1
View File
File diff suppressed because one or more lines are too long
rbcs-cli/native-image/native-image.properties
+10 -1
View File
@@ -1,2 +1,11 @@
Args=-O3 -march=x86-64-v2 --gc=serial --initialize-at-run-time=io.netty --enable-url-protocols=jpms -H:+UnlockExperimentalVMOptions -H:+SharedArenaSupport --initialize-at-build-time=net.woggioni.rbcs.common.RbcsUrlStreamHandlerFactory,net.woggioni.rbcs.common.RbcsUrlStreamHandlerFactory$JpmsHandler Args=-O3 \
-march=x86-64-v3 \
--gc=serial \
--enable-url-protocols=jpms \
--pgo=conf/default.iprof \
--initialize-at-run-time=io.netty \
--initialize-at-build-time=net.woggioni.rbcs.common.RbcsUrlStreamHandlerFactory,net.woggioni.rbcs.common.RbcsUrlStreamHandlerFactory$JpmsHandler \
--trace-object-instantiation=ch.qos.logback.classic.Logger \
-H:+UnlockExperimentalVMOptions \
-H:+SharedArenaSupport
#-H:TraceClassInitialization=io.netty.handler.ssl.BouncyCastleAlpnSslUtils #-H:TraceClassInitialization=io.netty.handler.ssl.BouncyCastleAlpnSslUtils
rbcs-cli/native-image/reachability-metadata.json
+1035
View File
File diff suppressed because it is too large Load Diff
rbcs-client/src/main/kotlin/net/woggioni/rbcs/client/RemoteBuildCacheClient.kt
+14 -1
View File
@@ -10,6 +10,7 @@ import java.util.concurrent.TimeUnit
import java.util.concurrent.TimeoutException import java.util.concurrent.TimeoutException
import java.util.concurrent.atomic.AtomicInteger import java.util.concurrent.atomic.AtomicInteger
import javax.net.ssl.TrustManagerFactory import javax.net.ssl.TrustManagerFactory
import javax.net.ssl.X509ExtendedTrustManager
import javax.net.ssl.X509TrustManager import javax.net.ssl.X509TrustManager
import kotlin.random.Random import kotlin.random.Random
import io.netty.util.concurrent.Future as NettyFuture import io.netty.util.concurrent.Future as NettyFuture
@@ -74,13 +75,25 @@ class RemoteBuildCacheClient(private val profile: Configuration.Profile) : AutoC
) )
profile.tlsTruststore?.let { trustStore -> profile.tlsTruststore?.let { trustStore ->
if (!trustStore.verifyServerCertificate) { if (!trustStore.verifyServerCertificate) {
trustManager(object : X509TrustManager { trustManager(object : X509ExtendedTrustManager() {
override fun checkClientTrusted(certChain: Array<out X509Certificate>, p1: String?) { override fun checkClientTrusted(certChain: Array<out X509Certificate>, p1: String?) {
} }
override fun checkClientTrusted(certChain: Array<out X509Certificate>, p1: String?, socket: java.net.Socket) {
}
override fun checkClientTrusted(certChain: Array<out X509Certificate>, p1: String?, engine: javax.net.ssl.SSLEngine) {
}
override fun checkServerTrusted(certChain: Array<out X509Certificate>, p1: String?) { override fun checkServerTrusted(certChain: Array<out X509Certificate>, p1: String?) {
} }
override fun checkServerTrusted(certChain: Array<out X509Certificate>, p1: String?, socket: java.net.Socket) {
}
override fun checkServerTrusted(certChain: Array<out X509Certificate>, p1: String?, engine: javax.net.ssl.SSLEngine) {
}
override fun getAcceptedIssuers() = null override fun getAcceptedIssuers() = null
}) })
} else { } else {
rbcs-common/src/main/kotlin/net/woggioni/rbcs/common/RBCS.kt
+21 -4
View File
@@ -19,6 +19,7 @@ import java.security.cert.X509Certificate
import java.util.EnumSet import java.util.EnumSet
import java.util.ServiceLoader import java.util.ServiceLoader
import javax.net.ssl.TrustManagerFactory import javax.net.ssl.TrustManagerFactory
import javax.net.ssl.X509ExtendedTrustManager
import javax.net.ssl.X509TrustManager import javax.net.ssl.X509TrustManager
import net.woggioni.jwo.JWO import net.woggioni.jwo.JWO
import net.woggioni.jwo.Tuple2 import net.woggioni.jwo.Tuple2
@@ -124,7 +125,7 @@ object RBCS {
return keystore return keystore
} }
fun getTrustManager(trustStore: KeyStore?, certificateRevocationEnabled: Boolean): X509TrustManager { fun getTrustManager(trustStore: KeyStore?, certificateRevocationEnabled: Boolean): X509ExtendedTrustManager {
return if (trustStore != null) { return if (trustStore != null) {
val certificateFactory = CertificateFactory.getInstance("X.509") val certificateFactory = CertificateFactory.getInstance("X.509")
val validator = CertPathValidator.getInstance("PKIX").apply { val validator = CertPathValidator.getInstance("PKIX").apply {
@@ -136,7 +137,7 @@ object RBCS {
val params = PKIXParameters(trustStore).apply { val params = PKIXParameters(trustStore).apply {
isRevocationEnabled = certificateRevocationEnabled isRevocationEnabled = certificateRevocationEnabled
} }
object : X509TrustManager { object : X509ExtendedTrustManager() {
override fun checkClientTrusted(chain: Array<out X509Certificate>, authType: String) { override fun checkClientTrusted(chain: Array<out X509Certificate>, authType: String) {
val clientCertificateChain = certificateFactory.generateCertPath(chain.toList()) val clientCertificateChain = certificateFactory.generateCertPath(chain.toList())
try { try {
@@ -146,10 +147,26 @@ object RBCS {
} }
} }
override fun checkClientTrusted(chain: Array<out X509Certificate>, authType: String, socket: java.net.Socket) {
checkClientTrusted(chain, authType)
}
override fun checkClientTrusted(chain: Array<out X509Certificate>, authType: String, engine: javax.net.ssl.SSLEngine) {
checkClientTrusted(chain, authType)
}
override fun checkServerTrusted(chain: Array<out X509Certificate>, authType: String) { override fun checkServerTrusted(chain: Array<out X509Certificate>, authType: String) {
throw NotImplementedError() throw NotImplementedError()
} }
override fun checkServerTrusted(chain: Array<out X509Certificate>, authType: String, socket: java.net.Socket) {
checkServerTrusted(chain, authType)
}
override fun checkServerTrusted(chain: Array<out X509Certificate>, authType: String, engine: javax.net.ssl.SSLEngine) {
checkServerTrusted(chain, authType)
}
private val acceptedIssuers = trustStore.aliases().asSequence() private val acceptedIssuers = trustStore.aliases().asSequence()
.filter(trustStore::isCertificateEntry) .filter(trustStore::isCertificateEntry)
.map(trustStore::getCertificate) .map(trustStore::getCertificate)
@@ -161,8 +178,8 @@ object RBCS {
} }
} else { } else {
val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
trustManagerFactory.trustManagers.asSequence().filter { it is X509TrustManager } trustManagerFactory.trustManagers.asSequence().filter { it is X509ExtendedTrustManager }
.single() as X509TrustManager .single() as X509ExtendedTrustManager
} }
} }
rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/RemoteBuildCacheServer.kt
+3 -3
View File
@@ -188,7 +188,7 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
?: return anonymousUserGroups?.let { AuthenticationResult(null, it) } ?: return anonymousUserGroups?.let { AuthenticationResult(null, it) }
val ldapName = try { val ldapName = try {
LdapName(subjectDn) LdapName(subjectDn)
} catch (e: Exception) { } catch (_: Exception) {
log.debug(ctx) { log.debug(ctx) {
"Invalid subject DN in header $headerName: $subjectDn" "Invalid subject DN in header $headerName: $subjectDn"
} }
@@ -354,7 +354,7 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
}?.let { }?.let {
pattern.matcher(it.value.toString()) pattern.matcher(it.value.toString())
}?.takeIf(Matcher::matches)?.group(1) }?.takeIf(Matcher::matches)?.group(1)
cfg.users[userName] ?: throw java.lang.RuntimeException("Failed to extract user") cfg.users[userName] ?: throw RuntimeException("Failed to extract user")
} }
} }
@@ -368,7 +368,7 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
}?.let { }?.let {
pattern.matcher(it.value.toString()) pattern.matcher(it.value.toString())
}?.takeIf(Matcher::matches)?.group(1) }?.takeIf(Matcher::matches)?.group(1)
cfg.groups[groupName] ?: throw java.lang.RuntimeException("Failed to extract group") cfg.groups[groupName] ?: throw RuntimeException("Failed to extract group")
} }
} }
rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/configuration/Parser.kt
+4 -4
View File
@@ -344,14 +344,14 @@ object Parser {
roles = parseRoles(child) roles = parseRoles(child)
} }
"group-quota" -> { "group-quota" -> {
userQuota = parseQuota(child)
}
"user-quota" -> {
groupQuota = parseQuota(child) groupQuota = parseQuota(child)
} }
"user-quota" -> {
userQuota = parseQuota(child)
} }
} }
groupName to Group(groupName, roles, userQuota, groupQuota) }
groupName to Group(groupName, roles, groupQuota, userQuota)
}.toMap() }.toMap()
val users = knownUsersMap.map { (name, user) -> val users = knownUsersMap.map { (name, user) ->
name to User(name, user.password, userGroups[name]?.mapNotNull { groups[it] }?.toSet() ?: emptySet(), user.quota) name to User(name, user.password, userGroups[name]?.mapNotNull { groups[it] }?.toSet() ?: emptySet(), user.quota)
rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/handler/ProxyProtocolHandler.kt
+4 -6
View File
@@ -23,24 +23,22 @@ class ProxyProtocolHandler(private val trustedProxyIPs : List<Cidr>) : SimpleCha
) { ) {
val sourceAddress = ctx.channel().remoteAddress() val sourceAddress = ctx.channel().remoteAddress()
if (sourceAddress is InetSocketAddress && if (sourceAddress is InetSocketAddress &&
trustedProxyIPs.isEmpty() || (trustedProxyIPs.isEmpty() ||
trustedProxyIPs.any { it.contains((sourceAddress as InetSocketAddress).address) }.also { trustedProxyIPs.any { it.contains(sourceAddress.address) }.also {
if(!it && log.isTraceEnabled) { if(!it) {
log.trace { log.trace {
"Received a proxied connection request from $sourceAddress which is not a trusted proxy address, " + "Received a proxied connection request from $sourceAddress which is not a trusted proxy address, " +
"the proxy server address will be used instead" "the proxy server address will be used instead"
} }
} }
}) { })) {
val proxiedClientAddress = InetSocketAddress( val proxiedClientAddress = InetSocketAddress(
InetAddress.ofLiteral(msg.sourceAddress()), InetAddress.ofLiteral(msg.sourceAddress()),
msg.sourcePort() msg.sourcePort()
) )
if(log.isTraceEnabled) {
log.trace { log.trace {
"Received proxied connection request from $sourceAddress forwarded for $proxiedClientAddress" "Received proxied connection request from $sourceAddress forwarded for $proxiedClientAddress"
} }
}
ctx.channel().attr(RemoteBuildCacheServer.clientIp).set(proxiedClientAddress) ctx.channel().attr(RemoteBuildCacheServer.clientIp).set(proxiedClientAddress)
} }
} }
rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/handler/ServerHandler.kt
-1
View File
@@ -171,7 +171,6 @@ class ServerHandler(private val serverPrefix: Path, private val cacheHandlerSupp
ctx.pipeline().addBefore(ExceptionHandler.NAME, null, cacheHandler) ctx.pipeline().addBefore(ExceptionHandler.NAME, null, cacheHandler)
key.let(::CacheGetRequest) key.let(::CacheGetRequest)
.let(ctx::fireChannelRead) .let(ctx::fireChannelRead)
?: ctx.channel().write(CacheValueNotFoundResponse(key))
} else { } else {
cacheRequestInProgress = false cacheRequestInProgress = false
log.warn(ctx) { log.warn(ctx) {