From: Fabian Stelzer <fs@gigacodes.de>
To: Thor Andreas Rognan <thor.rognan@gmail.com>
Cc: git@vger.kernel.org
Subject: Re: Ambiguous verification response when ssh-based signatures
Date: Fri, 19 Nov 2021 10:00:37 +0100 [thread overview]
Message-ID: <20211119090037.m4zfzovaitfj35l3@fs> (raw)
In-Reply-To: <CAMn8hCcFLR-YyLaawtbtjpVUKd45Z4C6t1kWj+-WBZVNtNgozw@mail.gmail.com>
On 19.11.2021 03:46, Thor Andreas Rognan wrote:
>Thank you for filling out a Git bug report!
>Please answer the following questions to help us understand your issue.
>
>What did you do before the bug happened? (Steps to reproduce your issue)
>
>$ ssh-keygen -t ed25519 -C "me@example.com"
>$ mkdir -pv ~/tmp/example && cd ~/tmp/example && git init
>$ git config commit.gpgsign true
>$ git config gpg.format ssh
>$ git config user.signingkey "$(cat ~/.ssh/id_ed25519.pub)"
>$ mkdir -p ~/.config/git/ && touch ~/.config/git/allowed_signers\
> && chmod 0600 ~/.config/git/allowed_signers
>$ cat ~/.ssh/id_ed25519.pub | awk '{print email " " $0}' email=$(git
>config user.email)\
> >> ~/.config/git/allowed_signers
>$ git config gpg.ssh.allowedSignersFile "$HOME/.config/git/allowed_signers"
>$ git commit --allow-empty -m "Initial commit"
>$ git verify-commit HEAD
>
>What did you expect to happen? (Expected behavior)
>
>A verified signature without any error message.
>
>What happened instead? (Actual behavior)
>
>$ git verify-commit HEAD
>Good "git" signature with ED25519 key SHA256:...
>Too few arguments for sign/verify: missing namespace
>$ git log --show-signature
>commit 4697b474dd5ec0de14870d5b0eba5f579b852bbd (HEAD -> main)
>Good "git" signature with ED25519 key SHA256:...
>Too few arguments for sign/verify: missing namespace^M
>
>What's different between what you expected and what actually happened?
>
>Ambiguous signature verification message.
>
>Anything else you want to add:
>
>Please review the rest of the bug report below.
>You can delete any lines you don't wish to share.
>
>
>[System Info]
>git version:
>git version 2.34.0
>cpu: x86_64
>no commit associated with this build
>sizeof-long: 8
>sizeof-size_t: 8
>shell-path: /bin/sh
>uname: Darwin 20.6.0 Darwin Kernel Version 20.6.0: Mon Aug 30 06:12:21
>PDT 2021; root:xnu-7195.141.6~3/RELEASE_X86_64 x86_64
>compiler info: clang: 13.0.0 (clang-1300.0.29.3)
>libc info: no libc information available
>$SHELL (typically, interactive shell): /usr/local/bin/bash
>
>
>[Enabled Hooks]
Hi Thor,
thanks for your report. I'm curious why verify complains about a missing
namespace. This parameter is basically hard coded to every command :/
What version of openssh are you using (ssh -V)?
Also, could you run the sign & the verify with a `GIT_TRACE=1`?
This way we can see what the actual keygen commands are that are
executed.
Thanks,
Fabian
next prev parent reply other threads:[~2021-11-19 9:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-19 2:46 Ambiguous verification response when ssh-based signatures Thor Andreas Rognan
2021-11-19 9:00 ` Fabian Stelzer [this message]
2021-11-19 10:26 ` Thor Andreas Rognan
2021-11-19 11:07 ` Fabian Stelzer
2021-11-19 18:26 ` Thor Andreas Rognan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211119090037.m4zfzovaitfj35l3@fs \
--to=fs@gigacodes.de \
--cc=git@vger.kernel.org \
--cc=thor.rognan@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).