SSH Key Signatures: Feedback

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello, and thanks for your work to support signing git commits/tags with SSH keys!

I tries this feature with git version 2.34.0-rc2. Here's some feedback from my first use:

- To find out how this feature is used, I used "man git commit" and searched for "ssh". However, no result showed up. Maybe the manpage could be expanded to include a mention of other signing methods in the documentation for the "-S" command? For example, something like this:

    2,4c2,5
    <            GPG-sign commits. The keyid argument is optional and defaults to the
    <            committer identity; if specified, it must be stuck to the option without a
    <            space.  --no-gpg-sign is useful to countermand both commit.gpgSign
    ---
    >            Sign commits with GPG or another method like SSH (see `gpg.format` config).
    >            The keyid argument is optional and defaults to the committer identity; if
    >            specified, it must be stuck to the option without a space.
    >            --no-gpg-sign is useful to countermand both commit.gpgSign

- When I tried to sign a commit with my SSH key, I got this error message:

    $ git commit -S -m "Release v${VERSION}"
    error: Load key "/tmp/.git_signing_key_tmpvhKT9L": invalid format?
    
    fatal: failed to write commit object

This message was very confusing to me, because the SSH key format in "user.signingkey" was correct. In the end it turns out that I had loaded a few SSH keys into the key agent, but not this one. Could this situation be detected, to show a message like "No private key available for signing key X"?

- If `gpg.ssh.allowedSignersFile` is not set, `git log --show-signature` will show a "No signature" error message next to the commit. However, this isn't true, there is a signature but it cannot be verified. Maybe the error message should be updated to reflect this?

- If `gpg.ssh.allowedSignersFile` is set to an empty file, the error message in `git log --show-signature` includes "sig_find_principals: sshsig_find_principal: unexpected internal error^M". First of all, the message seems to include a stray "^M", and it could be updated to show the same output as when the file contains signers, but none of them matches ("No principal matched").

That's it from me, I hope this feedback can be useful!
Danilo
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux