On 29.07.21 23:01, Randall S. Becker wrote:
On July 29, 2021 4:46 PM, Junio wrote:
Fabian Stelzer <fs@xxxxxxxxxxxx> writes:
On 29.07.21 01:04, Jonathan Tan wrote:
Also, is this output documented to be stable even across locales?
Not really :/ (it currently is not locale specific)
We probably want to defeat l10n of the message by spawning it in the C locale regardless.
The documentation states to only check the commands exit code. Do we
trust the exit code enough to rely on it for verification?
Is the exit code sufficient to learn who signed it? Without knowing that, we cannot see if the principal is in or not in our
keychain, no?
Have we not had issues in the past depending on exit code? I'm not sure this can be made entirely portable.
To find the principal (who signed it) we don't have to parse the output.
Since verification is first a call to look up the principals matching
the signatures public key from the allowedSignersFile and then trying
verification with each one we already know which one matched (usually
there is only one. I think multiples is only possible with an SSH CA).
Of course this even more relies on the exit code of ssh-keygen.
Not sure which is more portable and reliable. Parsing the textual output
or the exit code. At the moment my patch does both.
If so then i can move the main result and only parse the text for the
signer/fingerprint info thats used in log formats. This way only the
logs would break in case the output changes.
I added the output check since the gpg code did so as well:
ret |= !strstr(gpg_stdout.buf, "\n[GNUPG:] GOODSIG ");
Does ssh-keygen have a mode similar to gpg's --status-fd feature where its output is geared more towards being stable and marchine
parseable than being human friendly, by the way?
I do not think this can be done in a platform independent way. Not every platform that has ssh-keygen conforms to the OpenSSH UI or
output - a particular annoyance I get daily.
