Re: Ambiguous verification response when ssh-based signatures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 19.11.2021 03:46, Thor Andreas Rognan wrote:

Thank you for filling out a Git bug report!
Please answer the following questions to help us understand your issue.

What did you do before the bug happened? (Steps to reproduce your issue)

$ ssh-keygen -t ed25519 -C "me@xxxxxxxxxxx"
$ mkdir -pv ~/tmp/example && cd ~/tmp/example && git init
$ git config commit.gpgsign true
$ git config gpg.format ssh
$ git config user.signingkey "$(cat ~/.ssh/id_ed25519.pub)"
$ mkdir -p ~/.config/git/ && touch ~/.config/git/allowed_signers\
&& chmod 0600 ~/.config/git/allowed_signers
$ cat ~/.ssh/id_ed25519.pub | awk '{print email " " $0}' email=$(git
config user.email)\
>> ~/.config/git/allowed_signers
$ git config gpg.ssh.allowedSignersFile "$HOME/.config/git/allowed_signers"
$ git commit --allow-empty -m "Initial commit"
$ git verify-commit HEAD

What did you expect to happen? (Expected behavior)

A verified signature without any error message.

What happened instead? (Actual behavior)

$ git verify-commit HEAD
Good "git" signature with ED25519 key SHA256:...
Too few arguments for sign/verify: missing namespace
$ git log --show-signature
commit 4697b474dd5ec0de14870d5b0eba5f579b852bbd (HEAD -> main)
Good "git" signature with ED25519 key SHA256:...
Too few arguments for sign/verify: missing namespace^M

What's different between what you expected and what actually happened?

Ambiguous signature verification message.

Anything else you want to add:

Please review the rest of the bug report below.
You can delete any lines you don't wish to share.


[System Info]
git version:
git version 2.34.0
cpu: x86_64
no commit associated with this build
sizeof-long: 8
sizeof-size_t: 8
shell-path: /bin/sh
uname: Darwin 20.6.0 Darwin Kernel Version 20.6.0: Mon Aug 30 06:12:21
PDT 2021; root:xnu-7195.141.6~3/RELEASE_X86_64 x86_64
compiler info: clang: 13.0.0 (clang-1300.0.29.3)
libc info: no libc information available
$SHELL (typically, interactive shell): /usr/local/bin/bash


[Enabled Hooks]


Hi Thor,
thanks for your report. I'm curious why verify complains about a missing
namespace. This parameter is basically hard coded to every command :/
What version of openssh are you using (ssh -V)?
Also, could you run the sign & the verify with a `GIT_TRACE=1`?
This way we can see what the actual keygen commands are that are
executed.

Thanks,
Fabian
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux