On 2025-01-10 09:57, Jim Knoble wrote:
On Jan 9, 2025, at 19:14, Corey Hickey <bugfood-ml@xxxxxxxxxx> wrote:
To address this, modify ssh-add to:
* [...]
* exit with a status of 0 instead of 1
When Damien wrote:
Adding a new exit status for the
no-keys-in-agent case would be
acceptable too I think.
I interpreted that as "make ssh-add exit with status 2 or 3 or 99, for example, as opposed to 1".
That is differentiate between:
- There is an agent, and it has keys, and ssh-add listed them (exit status 0).
- There is no agent, or there is a problem communicating with the agent (exit status 1).
- There is an agent, but it has no keys (exit status 2, for example).
This mirrors the functionality of `diff`, for example, which exits 0, 1, or 2 for different states (no differences, differences found, or some error).
In that case, the stderr message wouldn't strictly be needed, as the exit status would communicate the reason for no keys to be listed; however, it could be useful to humans. The error message can be suppressed in shell scripts using:
ssh-add 2>/dev/null
Or, for both stderr and stdout:
ssh-add >/dev/null 2>&1
(Note, I haven't looked at the OpenSSH code; there may already be more exit statuses that have additional meanings, so 2 may not be the right choice here).
Ah, hmm. Yes, I get your meaning.
There seem to be several options here and I would like to ask for some
consensus or a decision from Damien. I can make a patch for whatever
seems best.
Here are the options as I understand them.
Option 0: do nothing.
Pros:
* Doesn't alter behavior for people relying on current behavior.
Cons:
* Doesn't work as well for scripting.
Option 1: add a new command-line option (e.g. -p) to support
parser-friendly behavior (original PATCH).
Pros:
* Doesn't alter default behavior.
* Allows user to choose.
Cons:
* Adds a new command-line option.
Option 2: when no keys, exit with status 0 (PATCH v2).
Pros:
* Changes behavior to be work more easily with scripts.
* Doesn't need a new command-line option.
Cons:
* Changes behavior; would break some people's existing usage.
Option 3: when no keys, exit with status 3.
Pros:
* Doesn't alter behavior for people expecting a non-zero status.
* Does allow scripts to detect when there are no keys.
Cons:
* For shell scripting, needs 'set -e' (temporarily) disabled (right?) in
order to capture exit status.
Separately, there are options for how to handle the message "The agent
has no identities."
Option A: leave in stdout.
Pros:
* Doesn't alter behavior.
* Informs interactive users.
Cons:
* Puts non-key information in a key listing.
Option B: move to stderr.
Pros:
* More scriptable; key listing is only keys.
* Informs interactive users.
Cons:
* Will show up for people doing 'ssh-add -l >/dev/null'.
Option C: move to stderr, require '-v'.
Pros:
* More scriptable; key listing is only keys.
* Avoids printing a message that isn't really an error.
Cons:
* Doesn't inform interactive users unless they use '-v'.
Thanks,
Corey
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
