From: Thor Andreas Rognan <thor.rognan@gmail.com>
To: Fabian Stelzer <fs@gigacodes.de>
Cc: git@vger.kernel.org
Subject: Re: Ambiguous verification response when ssh-based signatures
Date: Fri, 19 Nov 2021 11:26:44 +0100 [thread overview]
Message-ID: <CAMn8hCf1ypU4Bwt8bDgai86QFTdORPyaHiE7W+=tx_rKbchz4w@mail.gmail.com> (raw)
In-Reply-To: <20211119090037.m4zfzovaitfj35l3@fs>
Hi Fabian,
Thank you for your quick response! Commands and output below:
$ ssh -V
OpenSSH_8.1p1, LibreSSL 2.7.3
$ GIT_TRACE=1 git commit -m "Trace keygen commands with GIT_TRACE"
11:13:49.771601 git.c:455 trace: built-in: git commit -m
'Trace keygen commands with GIT_TRACE'
11:13:49.776095 run-command.c:668 trace: run_command: ssh-keygen
-Y sign -n git -f
/var/folders/jj/sfgpggbj5b13gvljxf977zq80000gn/T//.git_signing_key_tmp1FkZ52
/var/folders/jj/sfgpggbj5b13gvljxf977zq80000gn/T//.git_signing_buffer_tmpBweN52
11:13:49.814072 run-command.c:668 trace: run_command: git
maintenance run --auto --no-quiet
11:13:49.819952 git.c:455 trace: built-in: git
maintenance run --auto --no-quiet
[main 633e567] Trace keygen commands with GIT_TRACE
1 file changed, 59 insertions(+)
create mode 100644 git-bugreport-2021-11-19-0311.txt
$ GIT_TRACE=1 git verify-commit HEAD
11:14:40.274423 git.c:455 trace: built-in: git verify-commit HEAD
11:14:40.277417 run-command.c:668 trace: run_command: ssh-keygen
-Y find-principals -f ~/.config/git/allowed_signers -s
/var/folders/jj/sfgpggbj5b13gvljxf977zq80000gn/T//.git_vtag_tmpEI3SAu
11:14:40.284075 run-command.c:668 trace: run_command: ssh-keygen
-Y check-novalidate -n git -s
/var/folders/jj/sfgpggbj5b13gvljxf977zq80000gn/T//.git_vtag_tmpEI3SAu
Good "git" signature with ED25519 key
SHA256:x3FRAl3XR188M9KR3UE+TuG3jkZzPQMjfBo+ddbM0dk
Too few arguments for sign/verify: missing namespace
Best regards,
Thor
On Fri, 19 Nov 2021 at 10:00, Fabian Stelzer <fs@gigacodes.de> wrote:
>
> On 19.11.2021 03:46, Thor Andreas Rognan wrote:
> >Thank you for filling out a Git bug report!
> >Please answer the following questions to help us understand your issue.
> >
> >What did you do before the bug happened? (Steps to reproduce your issue)
> >
> >$ ssh-keygen -t ed25519 -C "me@example.com"
> >$ mkdir -pv ~/tmp/example && cd ~/tmp/example && git init
> >$ git config commit.gpgsign true
> >$ git config gpg.format ssh
> >$ git config user.signingkey "$(cat ~/.ssh/id_ed25519.pub)"
> >$ mkdir -p ~/.config/git/ && touch ~/.config/git/allowed_signers\
> > && chmod 0600 ~/.config/git/allowed_signers
> >$ cat ~/.ssh/id_ed25519.pub | awk '{print email " " $0}' email=$(git
> >config user.email)\
> > >> ~/.config/git/allowed_signers
> >$ git config gpg.ssh.allowedSignersFile "$HOME/.config/git/allowed_signers"
> >$ git commit --allow-empty -m "Initial commit"
> >$ git verify-commit HEAD
> >
> >What did you expect to happen? (Expected behavior)
> >
> >A verified signature without any error message.
> >
> >What happened instead? (Actual behavior)
> >
> >$ git verify-commit HEAD
> >Good "git" signature with ED25519 key SHA256:...
> >Too few arguments for sign/verify: missing namespace
> >$ git log --show-signature
> >commit 4697b474dd5ec0de14870d5b0eba5f579b852bbd (HEAD -> main)
> >Good "git" signature with ED25519 key SHA256:...
> >Too few arguments for sign/verify: missing namespace^M
> >
> >What's different between what you expected and what actually happened?
> >
> >Ambiguous signature verification message.
> >
> >Anything else you want to add:
> >
> >Please review the rest of the bug report below.
> >You can delete any lines you don't wish to share.
> >
> >
> >[System Info]
> >git version:
> >git version 2.34.0
> >cpu: x86_64
> >no commit associated with this build
> >sizeof-long: 8
> >sizeof-size_t: 8
> >shell-path: /bin/sh
> >uname: Darwin 20.6.0 Darwin Kernel Version 20.6.0: Mon Aug 30 06:12:21
> >PDT 2021; root:xnu-7195.141.6~3/RELEASE_X86_64 x86_64
> >compiler info: clang: 13.0.0 (clang-1300.0.29.3)
> >libc info: no libc information available
> >$SHELL (typically, interactive shell): /usr/local/bin/bash
> >
> >
> >[Enabled Hooks]
>
> Hi Thor,
> thanks for your report. I'm curious why verify complains about a missing
> namespace. This parameter is basically hard coded to every command :/
> What version of openssh are you using (ssh -V)?
> Also, could you run the sign & the verify with a `GIT_TRACE=1`?
> This way we can see what the actual keygen commands are that are
> executed.
>
> Thanks,
> Fabian
next prev parent reply other threads:[~2021-11-19 10:27 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-19 2:46 Ambiguous verification response when ssh-based signatures Thor Andreas Rognan
2021-11-19 9:00 ` Fabian Stelzer
2021-11-19 10:26 ` Thor Andreas Rognan [this message]
2021-11-19 11:07 ` Fabian Stelzer
2021-11-19 18:26 ` Thor Andreas Rognan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMn8hCf1ypU4Bwt8bDgai86QFTdORPyaHiE7W+=tx_rKbchz4w@mail.gmail.com' \
--to=thor.rognan@gmail.com \
--cc=fs@gigacodes.de \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).