Fabian Stelzer <fs@xxxxxxxxxxxx> writes: > The problem is that the ssh-keygen in the layz_prereq will succeed but > might create a private key with world readable permissions. Only the > remaining tests using this key will then fail with a "your private key > permissions are too restrictive" like error. If we would like to make > sure in the prereq that the keys actually work fine we would need to do > a signing operation with them in it. That sounds like a right thing to do, with or without the setfacl fix. > > Something like the following call would be enough: > echo "test" | ssh-keygen -Y sign -f $GPGSSHKEY_PRIMARY -n "git" > Not sure if we want to go that far though. The setfacl seems fine to me > otherwise.
