Hi Fabian,
Thank you for your quick response! Commands and output below:
$ ssh -V
OpenSSH_8.1p1, LibreSSL 2.7.3
$ GIT_TRACE=1 git commit -m "Trace keygen commands with GIT_TRACE"
11:13:49.771601 git.c:455 trace: built-in: git commit -m
'Trace keygen commands with GIT_TRACE'
11:13:49.776095 run-command.c:668 trace: run_command: ssh-keygen
-Y sign -n git -f
/var/folders/jj/sfgpggbj5b13gvljxf977zq80000gn/T//.git_signing_key_tmp1FkZ52
/var/folders/jj/sfgpggbj5b13gvljxf977zq80000gn/T//.git_signing_buffer_tmpBweN52
11:13:49.814072 run-command.c:668 trace: run_command: git
maintenance run --auto --no-quiet
11:13:49.819952 git.c:455 trace: built-in: git
maintenance run --auto --no-quiet
[main 633e567] Trace keygen commands with GIT_TRACE
1 file changed, 59 insertions(+)
create mode 100644 git-bugreport-2021-11-19-0311.txt
$ GIT_TRACE=1 git verify-commit HEAD
11:14:40.274423 git.c:455 trace: built-in: git verify-commit HEAD
11:14:40.277417 run-command.c:668 trace: run_command: ssh-keygen
-Y find-principals -f ~/.config/git/allowed_signers -s
/var/folders/jj/sfgpggbj5b13gvljxf977zq80000gn/T//.git_vtag_tmpEI3SAu
11:14:40.284075 run-command.c:668 trace: run_command: ssh-keygen
-Y check-novalidate -n git -s
/var/folders/jj/sfgpggbj5b13gvljxf977zq80000gn/T//.git_vtag_tmpEI3SAu
Good "git" signature with ED25519 key
SHA256:x3FRAl3XR188M9KR3UE+TuG3jkZzPQMjfBo+ddbM0dk
Too few arguments for sign/verify: missing namespace
Best regards,
Thor
On Fri, 19 Nov 2021 at 10:00, Fabian Stelzer <fs@xxxxxxxxxxxx> wrote:
>
> On 19.11.2021 03:46, Thor Andreas Rognan wrote:
> >Thank you for filling out a Git bug report!
> >Please answer the following questions to help us understand your issue.
> >
> >What did you do before the bug happened? (Steps to reproduce your issue)
> >
> >$ ssh-keygen -t ed25519 -C "me@xxxxxxxxxxx"
> >$ mkdir -pv ~/tmp/example && cd ~/tmp/example && git init
> >$ git config commit.gpgsign true
> >$ git config gpg.format ssh
> >$ git config user.signingkey "$(cat ~/.ssh/id_ed25519.pub)"
> >$ mkdir -p ~/.config/git/ && touch ~/.config/git/allowed_signers\
> > && chmod 0600 ~/.config/git/allowed_signers
> >$ cat ~/.ssh/id_ed25519.pub | awk '{print email " " $0}' email=$(git
> >config user.email)\
> > >> ~/.config/git/allowed_signers
> >$ git config gpg.ssh.allowedSignersFile "$HOME/.config/git/allowed_signers"
> >$ git commit --allow-empty -m "Initial commit"
> >$ git verify-commit HEAD
> >
> >What did you expect to happen? (Expected behavior)
> >
> >A verified signature without any error message.
> >
> >What happened instead? (Actual behavior)
> >
> >$ git verify-commit HEAD
> >Good "git" signature with ED25519 key SHA256:...
> >Too few arguments for sign/verify: missing namespace
> >$ git log --show-signature
> >commit 4697b474dd5ec0de14870d5b0eba5f579b852bbd (HEAD -> main)
> >Good "git" signature with ED25519 key SHA256:...
> >Too few arguments for sign/verify: missing namespace^M
> >
> >What's different between what you expected and what actually happened?
> >
> >Ambiguous signature verification message.
> >
> >Anything else you want to add:
> >
> >Please review the rest of the bug report below.
> >You can delete any lines you don't wish to share.
> >
> >
> >[System Info]
> >git version:
> >git version 2.34.0
> >cpu: x86_64
> >no commit associated with this build
> >sizeof-long: 8
> >sizeof-size_t: 8
> >shell-path: /bin/sh
> >uname: Darwin 20.6.0 Darwin Kernel Version 20.6.0: Mon Aug 30 06:12:21
> >PDT 2021; root:xnu-7195.141.6~3/RELEASE_X86_64 x86_64
> >compiler info: clang: 13.0.0 (clang-1300.0.29.3)
> >libc info: no libc information available
> >$SHELL (typically, interactive shell): /usr/local/bin/bash
> >
> >
> >[Enabled Hooks]
>
> Hi Thor,
> thanks for your report. I'm curious why verify complains about a missing
> namespace. This parameter is basically hard coded to every command :/
> What version of openssh are you using (ssh -V)?
> Also, could you run the sign & the verify with a `GIT_TRACE=1`?
> This way we can see what the actual keygen commands are that are
> executed.
>
> Thanks,
> Fabian
