On 04.11.2021 16:31, Adam Dinwoodie wrote:
On Wednesday 03 November 2021 at 08:45 pm +0100, Fabian Stelzer wrote:
On 03.11.2021 19:27, Adam Dinwoodie wrote:
> On Wed, 27 Oct 2021 at 09:06, Fabian Stelzer <fs@xxxxxxxxxxxx> wrote:
> > This series adds key lifetime validity checks by parsing commit/tag
> > dates from the paylod and passing them to the ssh-keygen operations.
> >
> > changes since v1:
> > - struct signature_check is now used to input payload data into
> > check_function
> > - payload metadata parsing is completely internal to check_signature.
> > the caller only need to set the payload type in the sigc struct
> > - small nits and readability fixes
> > - removed payload_signer parameter. since we now use the struct we can extend
> > this later.
> >
> As part of testing v2.34-rc0 on Cygwin, I've found this patch series
> is breaking t4202, t5534, and t6200.
>
> Specifically, bisecting points to f265f2d630 (ssh signing: tests for
> logs, tags & push certs, 2021-09-10) as breaking t4202 and t5534,
> while responsibility for t6200 seems to be 9d12546de9 (ssh signing:
> fmt-merge-msg tests & config parse, 2021-10-12).
Ok, i should have read this closer / checked the commit. The commit you are
referring to is not part of 'this' patch series, but an earlier one which was
indeed merged and part of the rc.
For t4202-log.sh, the failing tests are "72 - setup sshkey signed
branch" and "75 - log ssh key fingerprint".
For t5534-push-signed.sh, the failing tests are "8 - ssh signed push
sends push certificate" and "12 - fail without key and heed
user.signingkey ssh".
For t6200-fmt-merge-msg.sh, the failing tests are "3 - created ssh
signed commit and tag", "7 - message for merging local tag signed by
good ssh key" and "8 - message for merging local tag signed by unknown
ssh key".
Could you send the full output of these tests directly to me?
Best would be sth like the full output of
"GIT_TRACE=1 sh t4202-log.sh -vx"
and maybe for one test with the trash directory in a zip file (just run
the test with -vix, it will stop at the first failure and leave the test
files in place)
I don't have much experience on windows (especially not cygwin) but
maybe i can spot the problem.
What openssh version are you using? (ssh -V)
OpenSSH_8.8p1, OpenSSL 1.1.1l 24 Aug 2021
That should be recent enough for this to work.