Re: [PATCH v2 0/6] ssh signing: verify key lifetime

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03.11.2021 19:27, Adam Dinwoodie wrote:
On Wed, 27 Oct 2021 at 09:06, Fabian Stelzer <fs@xxxxxxxxxxxx> wrote:
This series adds key lifetime validity checks by parsing commit/tag
dates from the paylod and passing them to the ssh-keygen operations.

changes since v1:
 - struct signature_check is now used to input payload data into
   check_function
 - payload metadata parsing is completely internal to check_signature.
   the caller only need to set the payload type in the sigc struct
 - small nits and readability fixes
 - removed payload_signer parameter. since we now use the struct we can extend
   this later.

As part of testing v2.34-rc0 on Cygwin, I've found this patch series
is breaking t4202, t5534, and t6200.

Specifically, bisecting points to f265f2d630 (ssh signing: tests for
logs, tags & push certs, 2021-09-10) as breaking t4202 and t5534,
while responsibility for t6200 seems to be 9d12546de9 (ssh signing:
fmt-merge-msg tests & config parse, 2021-10-12).

I've not yet done any investigation into the specifics of these
failures, but I wanted to report them early so other folks could get
on with investigating as appropriate.

What exactly are you testing? This patch series is not patch of the rc
and will not be in v2.34. I even have a small reroll of this for after
the release.
I assume the breaking tests are the new ones added in these commits.
What openssh version are you using? (ssh -V)
Either the feature detecion for the lifetime checks is not
working in cygwin or maybe you have the broken openssh 8.7 version.



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux