update to netty 4.2.15

.gitignore

@@ -4,8 +4,6 @@
 # Ignore Gradle build output directory
 build
 
-rbcs-cli/native-image/*.json
-
 # Ignore JDTLS files
 .classpath
 .project

docker/Dockerfile

@@ -50,6 +50,7 @@ COPY --from=base-native /etc/rbcs /etc/rbcs
 COPY --from=base-native /var/lib/rbcs /var/lib/rbcs
 COPY --from=base-native /var/tmp/rbcs /var/tmp/rbcs
 ADD rbcs-cli.upx /usr/bin/rbcs-cli
+ADD logback.xml /etc/rbcs/logback.xml
 USER rbcs
 WORKDIR /var/lib/rbcs
 ENV RBCS_CONFIGURATION_DIR="/etc/rbcs"

gradle.properties

@@ -2,9 +2,9 @@ org.gradle.configuration-cache=false
 org.gradle.parallel=true
 org.gradle.caching=true
 
-rbcs.version = 0.5.0
+rbcs.version = 0.5.1
 
-lys.version = 2026.05.27
+lys.version = 2026.06.08
 
 gitea.maven.url = https://gitea.woggioni.net/api/packages/woggioni/maven
 docker.registry.url=gitea.woggioni.net

rbcs-cli/build.gradle

@@ -90,7 +90,7 @@ Provider<EnvelopeJarTask> envelopeJarTaskProvider = tasks.named(EnvelopePlugin.E
 tasks.named(NativeImagePlugin.CONFIGURE_NATIVE_IMAGE_TASK_NAME, NativeImageConfigurationTask) {
     toolchain {
         languageVersion = JavaLanguageVersion.of(25)
-        vendor = JvmVendorSpec.GRAAL_VM
+        vendor = JvmVendorSpec.ORACLE
     }
     mainClass = "net.woggioni.rbcs.cli.graal.GraalNativeImageConfiguration"
     classpath = project.files(
@@ -108,10 +108,10 @@ tasks.named(NativeImagePlugin.CONFIGURE_NATIVE_IMAGE_TASK_NAME, NativeImageConfi
 nativeImage {
     toolchain {
         languageVersion = JavaLanguageVersion.of(25)
-        vendor = JvmVendorSpec.GRAAL_VM
+        vendor = JvmVendorSpec.ORACLE
     }
     mainClass = mainClassName
-//    mainModule = mainModuleName
+    //mainModule = mainModuleName
     useMusl = true
     buildStaticImage = true
     linkAtBuildTime = false
@@ -119,6 +119,7 @@ nativeImage {
     compressExecutable = true
     compressionLevel = 6
     useLZMA = false
+    //verbose = true
 }
 
 Provider<UpxTask> upxTaskProvider = tasks.named(NativeImagePlugin.UPX_TASK_NAME, UpxTask) {
@@ -127,7 +128,7 @@ Provider<UpxTask> upxTaskProvider = tasks.named(NativeImagePlugin.UPX_TASK_NAME,
 Provider<JlinkTask> jlinkTaskProvider = tasks.named(JlinkPlugin.JLINK_TASK_NAME, JlinkTask) {
     toolchain {
         languageVersion = JavaLanguageVersion.of(25)
-        vendor = JvmVendorSpec.GRAAL_VM
+        vendor = JvmVendorSpec.ORACLE
     }
 
     mainClass = mainClassName
@@ -152,7 +153,6 @@ Provider<JlinkTask> jlinkTaskProvider = tasks.named(JlinkPlugin.JLINK_TASK_NAME,
 }
 
 Provider<Tar> jlinkDistTarTaskProvider = tasks.named(JlinkPlugin.JLINK_DIST_TAR_TASK_NAME, Tar) {
-    exclude 'lib/libjvmcicompiler.so'
 }
 
 tasks.named(JavaPlugin.PROCESS_RESOURCES_TASK_NAME, ProcessResources) {

rbcs-cli/native-image/native-image.properties

@@ -1,2 +1,11 @@
-Args=-O3 -march=x86-64-v2 --gc=serial --initialize-at-run-time=io.netty --enable-url-protocols=jpms -H:+UnlockExperimentalVMOptions -H:+SharedArenaSupport --initialize-at-build-time=net.woggioni.rbcs.common.RbcsUrlStreamHandlerFactory,net.woggioni.rbcs.common.RbcsUrlStreamHandlerFactory$JpmsHandler
+Args=-O3 \
+   -march=x86-64-v3 \
+   --gc=serial \
+   --enable-url-protocols=jpms \
+   --pgo=conf/default.iprof \
+   --initialize-at-run-time=io.netty \
+   --initialize-at-build-time=net.woggioni.rbcs.common.RbcsUrlStreamHandlerFactory,net.woggioni.rbcs.common.RbcsUrlStreamHandlerFactory$JpmsHandler \
+   --trace-object-instantiation=ch.qos.logback.classic.Logger \
+   -H:+UnlockExperimentalVMOptions \
+   -H:+SharedArenaSupport
 #-H:TraceClassInitialization=io.netty.handler.ssl.BouncyCastleAlpnSslUtils

rbcs-client/src/main/kotlin/net/woggioni/rbcs/client/RemoteBuildCacheClient.kt

@@ -10,6 +10,7 @@ import java.util.concurrent.TimeUnit
 import java.util.concurrent.TimeoutException
 import java.util.concurrent.atomic.AtomicInteger
 import javax.net.ssl.TrustManagerFactory
+import javax.net.ssl.X509ExtendedTrustManager
 import javax.net.ssl.X509TrustManager
 import kotlin.random.Random
 import io.netty.util.concurrent.Future as NettyFuture
@@ -74,13 +75,25 @@ class RemoteBuildCacheClient(private val profile: Configuration.Profile) : AutoC
                     )
                     profile.tlsTruststore?.let { trustStore ->
                         if (!trustStore.verifyServerCertificate) {
-                            trustManager(object : X509TrustManager {
+                            trustManager(object : X509ExtendedTrustManager() {
                                 override fun checkClientTrusted(certChain: Array<out X509Certificate>, p1: String?) {
                                 }
 
+                                override fun checkClientTrusted(certChain: Array<out X509Certificate>, p1: String?, socket: java.net.Socket) {
+                                }
+
+                                override fun checkClientTrusted(certChain: Array<out X509Certificate>, p1: String?, engine: javax.net.ssl.SSLEngine) {
+                                }
+
                                 override fun checkServerTrusted(certChain: Array<out X509Certificate>, p1: String?) {
                                 }
 
+                                override fun checkServerTrusted(certChain: Array<out X509Certificate>, p1: String?, socket: java.net.Socket) {
+                                }
+
+                                override fun checkServerTrusted(certChain: Array<out X509Certificate>, p1: String?, engine: javax.net.ssl.SSLEngine) {
+                                }
+
                                 override fun getAcceptedIssuers() = null
                             })
                         } else {

rbcs-common/src/main/kotlin/net/woggioni/rbcs/common/RBCS.kt

@@ -19,6 +19,7 @@ import java.security.cert.X509Certificate
 import java.util.EnumSet
 import java.util.ServiceLoader
 import javax.net.ssl.TrustManagerFactory
+import javax.net.ssl.X509ExtendedTrustManager
 import javax.net.ssl.X509TrustManager
 import net.woggioni.jwo.JWO
 import net.woggioni.jwo.Tuple2
@@ -124,7 +125,7 @@ object RBCS {
         return keystore
     }
 
-    fun getTrustManager(trustStore: KeyStore?, certificateRevocationEnabled: Boolean): X509TrustManager {
+    fun getTrustManager(trustStore: KeyStore?, certificateRevocationEnabled: Boolean): X509ExtendedTrustManager {
         return if (trustStore != null) {
             val certificateFactory = CertificateFactory.getInstance("X.509")
             val validator = CertPathValidator.getInstance("PKIX").apply {
@@ -136,7 +137,7 @@ object RBCS {
             val params = PKIXParameters(trustStore).apply {
                 isRevocationEnabled = certificateRevocationEnabled
             }
-            object : X509TrustManager {
+            object : X509ExtendedTrustManager() {
                 override fun checkClientTrusted(chain: Array<out X509Certificate>, authType: String) {
                     val clientCertificateChain = certificateFactory.generateCertPath(chain.toList())
                     try {
@@ -146,10 +147,26 @@ object RBCS {
                     }
                 }
 
+                override fun checkClientTrusted(chain: Array<out X509Certificate>, authType: String, socket: java.net.Socket) {
+                    checkClientTrusted(chain, authType)
+                }
+
+                override fun checkClientTrusted(chain: Array<out X509Certificate>, authType: String, engine: javax.net.ssl.SSLEngine) {
+                    checkClientTrusted(chain, authType)
+                }
+
                 override fun checkServerTrusted(chain: Array<out X509Certificate>, authType: String) {
                     throw NotImplementedError()
                 }
 
+                override fun checkServerTrusted(chain: Array<out X509Certificate>, authType: String, socket: java.net.Socket) {
+                    checkServerTrusted(chain, authType)
+                }
+
+                override fun checkServerTrusted(chain: Array<out X509Certificate>, authType: String, engine: javax.net.ssl.SSLEngine) {
+                    checkServerTrusted(chain, authType)
+                }
+
                 private val acceptedIssuers = trustStore.aliases().asSequence()
                     .filter(trustStore::isCertificateEntry)
                     .map(trustStore::getCertificate)
@@ -161,8 +178,8 @@ object RBCS {
             }
         } else {
             val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
-            trustManagerFactory.trustManagers.asSequence().filter { it is X509TrustManager }
-                .single() as X509TrustManager
+            trustManagerFactory.trustManagers.asSequence().filter { it is X509ExtendedTrustManager }
+                .single() as X509ExtendedTrustManager
         }
     }
 

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/RemoteBuildCacheServer.kt

@@ -188,7 +188,7 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
                 ?: return anonymousUserGroups?.let { AuthenticationResult(null, it) }
             val ldapName = try {
                 LdapName(subjectDn)
-            } catch (e: Exception) {
+            } catch (_: Exception) {
                 log.debug(ctx) {
                     "Invalid subject DN in header $headerName: $subjectDn"
                 }
@@ -354,7 +354,7 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
                     }?.let {
                         pattern.matcher(it.value.toString())
                     }?.takeIf(Matcher::matches)?.group(1)
-                    cfg.users[userName] ?: throw java.lang.RuntimeException("Failed to extract user")
+                    cfg.users[userName] ?: throw RuntimeException("Failed to extract user")
                 }
             }
 
@@ -368,7 +368,7 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
                     }?.let {
                         pattern.matcher(it.value.toString())
                     }?.takeIf(Matcher::matches)?.group(1)
-                    cfg.groups[groupName] ?: throw java.lang.RuntimeException("Failed to extract group")
+                    cfg.groups[groupName] ?: throw RuntimeException("Failed to extract group")
                 }
             }
 

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/configuration/Parser.kt

@@ -344,14 +344,14 @@ object Parser {
                         roles = parseRoles(child)
                     }
                     "group-quota" -> {
-                        userQuota = parseQuota(child)
+                        groupQuota = parseQuota(child)
                     }
                     "user-quota" -> {
-                        groupQuota = parseQuota(child)
+                        userQuota = parseQuota(child)
                     }
                 }
             }
-            groupName to Group(groupName, roles, userQuota, groupQuota)
+            groupName to Group(groupName, roles, groupQuota, userQuota)
         }.toMap()
         val users = knownUsersMap.map { (name, user) ->
             name to User(name, user.password, userGroups[name]?.mapNotNull { groups[it] }?.toSet() ?: emptySet(), user.quota)

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/handler/ProxyProtocolHandler.kt

@@ -23,23 +23,21 @@ class ProxyProtocolHandler(private val trustedProxyIPs : List<Cidr>) : SimpleCha
     ) {
         val sourceAddress = ctx.channel().remoteAddress()
         if (sourceAddress is InetSocketAddress &&
-            trustedProxyIPs.isEmpty() ||
-            trustedProxyIPs.any { it.contains((sourceAddress as InetSocketAddress).address) }.also {
-                if(!it && log.isTraceEnabled) {
+            (trustedProxyIPs.isEmpty() ||
+            trustedProxyIPs.any { it.contains(sourceAddress.address) }.also {
+                if(!it) {
                     log.trace {
                         "Received a proxied connection request from $sourceAddress which is not a trusted proxy address, " +
                                 "the proxy server address will be used instead"
                     }
                 }
-            }) {
+            })) {
             val proxiedClientAddress = InetSocketAddress(
                 InetAddress.ofLiteral(msg.sourceAddress()),
                 msg.sourcePort()
             )
-            if(log.isTraceEnabled) {
-                log.trace {
-                    "Received proxied connection request from $sourceAddress forwarded for $proxiedClientAddress"
-                }
+            log.trace {
+                "Received proxied connection request from $sourceAddress forwarded for $proxiedClientAddress"
             }
             ctx.channel().attr(RemoteBuildCacheServer.clientIp).set(proxiedClientAddress)
         }

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/handler/ServerHandler.kt

@@ -171,7 +171,6 @@ class ServerHandler(private val serverPrefix: Path, private val cacheHandlerSupp
                 ctx.pipeline().addBefore(ExceptionHandler.NAME, null, cacheHandler)
                 key.let(::CacheGetRequest)
                     .let(ctx::fireChannelRead)
-                    ?: ctx.channel().write(CacheValueNotFoundResponse(key))
             } else {
                 cacheRequestInProgress = false
                 log.warn(ctx) {