[SCM-995] Upgrade JGit to 5.13.1 and leverage Apache Mina SSHD instead of JSch

[kwin]

This supports OpenSSH private keys and drops usage of unmaintained JSch

[michael-o]

Please move the env var handling to a separate JIRA issue/PR.

[kwin]

I need it for the IT.

[michael-o]

Since the title of this PR is different to the JIRA issue, I have the following understanding:

• It is hard to split apart to due to inter-PR dependencies
• You need to upgrade JGit for OpenSSH style key format

My proposal w/o ripping this apart:

• Create three issues: (issue a) Upgrade JGit to XXX, (issue b) rework OpenSSH private key handing for gitexe and jgit providers, (issue c) Support alternative SSH private keys with gitexe provider
• Issue a will depend on issue b
• Issue b will do all the hard work with proper description
• SCM-945 will depend on issue b
• Issue c depends on issue b

Thus, all requirements/changes are visible and understood. Then I'd merge this as one PR.

WDYT?

[kwin]

• Create three issues: (issue a) Upgrade JGit to XXX, (issue b) rework OpenSSH private key handing for gitexe and jgit providers, (issue c) Support alternative SSH private keys with gitexe provider

This PR does not "rework OpenSSH private key handing for gitexe" nor does it "Support alternative SSH private keys with gitexe provider". The environment variables are only necessary to test existing functionality in gitexe (namely test authorization with SSH).

[michael-o]

• Create three issues: (issue a) Upgrade JGit to XXX, (issue b) rework OpenSSH private key handing for gitexe and jgit providers, (issue c) Support alternative SSH private keys with gitexe provider

This PR does not "rework OpenSSH private key handing for gitexe" nor does it "Support alternative SSH private keys with gitexe provider". The environment variables are only necessary to test existing functionality in gitexe (namely test authorization with SSH).

Please summarize what is necessary to make this proper.

[kwin]

Maybe split up into
a) update JGit
b) add credentials provider for JGit
c) add IT for SSH authentication during git clone (both git providers)

Then the environment variable would belong to c)

[michael-o]

Maybe split up into a) update JGit b) add credentials provider for JGit c) add IT for SSH authentication during git clone (both git providers)

Then the environment variable would belong to c)

That sounds good, though advertising that gitexe supports alternative SSH private keys would we that bad, no? Especially in consistency with JGit. WDYT?

[kwin]

git executable leverages the ssh executable for authentication and therefore there is no change with regard to supported private keys formats

[michael-o]

git executable leverages the ssh executable for authentication and therefore there is no change with regard to supported private keys formats

That's not what I mean, I mean that you can now supply an expliclt key which wasn't supported by now. Of course, the format and transport won't change.

[kwin]

I mean that you can now supply an expliclt key which wasn't supported by now

This is not part of this PR either. I will provide one for that separately.

[michael-o]

I mean that you can now supply an expliclt key which wasn't supported by now

This is not part of this PR either. I will provide one for that separately.

Sorry, I guess my brain isn't really working today. Please continue I'll try to catch up tomorrow.

[kwin]

I split the features up as proposed in #153 (comment). This is now only a), b) is at https://github.com/apache/maven-scm/pull/154/files. and c) is still outstanding.

[michael-o]

I split the features up as proposed in #153 (comment). This is now only a), b) is at https://github.com/apache/maven-scm/pull/154/files. and c) is still outstanding.

Fantastic, will review today.