git@vger.kernel.org list mirror (unofficial, one of many)
 help / color / mirror / code / Atom feed
* [PATCH] ssh signing: better error message when key not in agent
@ 2023-01-18  8:17 Adam Szkoda via GitGitGadget
  2023-01-18 11:10 ` Phillip Wood
  2023-01-24 15:26 ` [PATCH v2] " Adam Szkoda via GitGitGadget
  0 siblings, 2 replies; 17+ messages in thread
From: Adam Szkoda via GitGitGadget @ 2023-01-18  8:17 UTC (permalink / raw)
  To: git; +Cc: Adam Szkoda, Adam Szkoda

From: Adam Szkoda <adaszko@gmail.com>

When signing a commit with a SSH key, with the private key missing from
ssh-agent, a confusing error message is produced:

    error: Load key
    "/var/folders/t5/cscwwl_n3n1_8_5j_00x_3t40000gn/T//.git_signing_key_tmpkArSj7":
    invalid format? fatal: failed to write commit object

The temporary file .git_signing_key_tmpkArSj7 created by git contains a
valid *public* key.  The error message comes from `ssh-keygen -Y sign' and
is caused by a fallback mechanism in ssh-keygen whereby it tries to
interpret .git_signing_key_tmpkArSj7 as a *private* key if it can't find in
the agent [1].  A fix is scheduled to be released in OpenSSH 9.1. All that
needs to be done is to pass an additional backward-compatible option -U to
'ssh-keygen -Y sign' call.  With '-U', ssh-keygen always interprets the file
as public key and expects to find the private key in the agent.

As a result, when the private key is missing from the agent, a more accurate
error message gets produced:

    error: Couldn't find key in agent

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=3429

Signed-off-by: Adam Szkoda <adaszko@gmail.com>
---
    ssh signing: better error message when key not in agent
    
    When signing a commit with a SSH key, with the private key missing from
    ssh-agent, a confusing error message is produced:
    
    error: Load key "/var/folders/t5/cscwwl_n3n1_8_5j_00x_3t40000gn/T//.git_signing_key_tmpkArSj7": invalid format?
    fatal: failed to write commit object
    
    
    The temporary file .git_signing_key_tmpkArSj7 created by git contains a
    valid public key. The error message comes from `ssh-keygen -Y sign' and
    is caused by a fallback mechanism in ssh-keygen whereby it tries to
    interpret .git_signing_key_tmpkArSj7 as a private key if it can't find
    in the agent [1]. A fix is scheduled to be released in OpenSSH 9.1. All
    that needs to be done is to pass an additional backward-compatible
    option -U to 'ssh-keygen -Y sign' call. With '-U', ssh-keygen always
    interprets the file as public key and expects to find the private key in
    the agent.
    
    As a result, when the private key is missing from the agent, a more
    accurate error message gets produced:
    
    error: Couldn't find key in agent
    
    
    [1] https://bugzilla.mindrot.org/show_bug.cgi?id=3429

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-1270%2Fradicle-dev%2Fmaint-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1270/radicle-dev/maint-v1
Pull-Request: https://github.com/git/git/pull/1270

 gpg-interface.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gpg-interface.c b/gpg-interface.c
index 280f1fa1a58..4a5913ae942 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -1022,6 +1022,7 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
 	strvec_pushl(&signer.args, use_format->program,
 		     "-Y", "sign",
 		     "-n", "git",
+		     "-U",
 		     "-f", ssh_signing_key_file,
 		     buffer_file->filename.buf,
 		     NULL);

base-commit: e54793a95afeea1e10de1e5ad7eab914e7416250
-- 
gitgitgadget

^ permalink raw reply related	[flat|nested] 17+ messages in thread

* Re: [PATCH] ssh signing: better error message when key not in agent
  2023-01-18  8:17 [PATCH] ssh signing: better error message when key not in agent Adam Szkoda via GitGitGadget
@ 2023-01-18 11:10 ` Phillip Wood
  2023-01-18 14:34   ` Phillip Wood
  2023-01-24 15:26 ` [PATCH v2] " Adam Szkoda via GitGitGadget
  1 sibling, 1 reply; 17+ messages in thread
From: Phillip Wood @ 2023-01-18 11:10 UTC (permalink / raw)
  To: Adam Szkoda via GitGitGadget, git; +Cc: Adam Szkoda

Hi Adam

On 18/01/2023 08:17, Adam Szkoda via GitGitGadget wrote:
> From: Adam Szkoda <adaszko@gmail.com>
> 
> When signing a commit with a SSH key, with the private key missing from
> ssh-agent, a confusing error message is produced:
> 
>      error: Load key
>      "/var/folders/t5/cscwwl_n3n1_8_5j_00x_3t40000gn/T//.git_signing_key_tmpkArSj7":
>      invalid format? fatal: failed to write commit object
> 
> The temporary file .git_signing_key_tmpkArSj7 created by git contains a
> valid *public* key.  The error message comes from `ssh-keygen -Y sign' and
> is caused by a fallback mechanism in ssh-keygen whereby it tries to
> interpret .git_signing_key_tmpkArSj7 as a *private* key if it can't find in
> the agent [1].  A fix is scheduled to be released in OpenSSH 9.1. All that
> needs to be done is to pass an additional backward-compatible option -U to
> 'ssh-keygen -Y sign' call.  With '-U', ssh-keygen always interprets the file
> as public key and expects to find the private key in the agent.

The documentation for user.signingKey says

  If gpg.format is set to ssh this can contain the path to either your 
private ssh key or the public key when ssh-agent is used.

If I've understood correctly passing -U will prevent users from setting 
this to a private key.

Best Wishes

Phillip

> As a result, when the private key is missing from the agent, a more accurate
> error message gets produced:
> 
>      error: Couldn't find key in agent
> 
> [1] https://bugzilla.mindrot.org/show_bug.cgi?id=3429
> 
> Signed-off-by: Adam Szkoda <adaszko@gmail.com>
> ---
>      ssh signing: better error message when key not in agent
>      
>      When signing a commit with a SSH key, with the private key missing from
>      ssh-agent, a confusing error message is produced:
>      
>      error: Load key "/var/folders/t5/cscwwl_n3n1_8_5j_00x_3t40000gn/T//.git_signing_key_tmpkArSj7": invalid format?
>      fatal: failed to write commit object
>      
>      
>      The temporary file .git_signing_key_tmpkArSj7 created by git contains a
>      valid public key. The error message comes from `ssh-keygen -Y sign' and
>      is caused by a fallback mechanism in ssh-keygen whereby it tries to
>      interpret .git_signing_key_tmpkArSj7 as a private key if it can't find
>      in the agent [1]. A fix is scheduled to be released in OpenSSH 9.1. All
>      that needs to be done is to pass an additional backward-compatible
>      option -U to 'ssh-keygen -Y sign' call. With '-U', ssh-keygen always
>      interprets the file as public key and expects to find the private key in
>      the agent.
>      
>      As a result, when the private key is missing from the agent, a more
>      accurate error message gets produced:
>      
>      error: Couldn't find key in agent
>      
>      
>      [1] https://bugzilla.mindrot.org/show_bug.cgi?id=3429
> 
> Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-1270%2Fradicle-dev%2Fmaint-v1
> Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1270/radicle-dev/maint-v1
> Pull-Request: https://github.com/git/git/pull/1270
> 
>   gpg-interface.c | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/gpg-interface.c b/gpg-interface.c
> index 280f1fa1a58..4a5913ae942 100644
> --- a/gpg-interface.c
> +++ b/gpg-interface.c
> @@ -1022,6 +1022,7 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
>   	strvec_pushl(&signer.args, use_format->program,
>   		     "-Y", "sign",
>   		     "-n", "git",
> +		     "-U",
>   		     "-f", ssh_signing_key_file,
>   		     buffer_file->filename.buf,
>   		     NULL);
> 
> base-commit: e54793a95afeea1e10de1e5ad7eab914e7416250

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH] ssh signing: better error message when key not in agent
  2023-01-18 11:10 ` Phillip Wood
@ 2023-01-18 14:34   ` Phillip Wood
  2023-01-18 15:28     ` Adam Szkoda
  0 siblings, 1 reply; 17+ messages in thread
From: Phillip Wood @ 2023-01-18 14:34 UTC (permalink / raw)
  To: Adam Szkoda via GitGitGadget, git; +Cc: Adam Szkoda

On 18/01/2023 11:10, Phillip Wood wrote:
>> the agent [1].  A fix is scheduled to be released in OpenSSH 9.1. All 
>> that
>> needs to be done is to pass an additional backward-compatible option 
>> -U to
>> 'ssh-keygen -Y sign' call.  With '-U', ssh-keygen always interprets 
>> the file
>> as public key and expects to find the private key in the agent.
> 
> The documentation for user.signingKey says
> 
>   If gpg.format is set to ssh this can contain the path to either your 
> private ssh key or the public key when ssh-agent is used.
> 
> If I've understood correctly passing -U will prevent users from setting 
> this to a private key.

If there is an easy way to tell if the user has given us a public key 
then we could pass "-U" in that case.

Best Wishes

Phillip

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH] ssh signing: better error message when key not in agent
  2023-01-18 14:34   ` Phillip Wood
@ 2023-01-18 15:28     ` Adam Szkoda
  2023-01-18 16:29       ` Phillip Wood
  0 siblings, 1 reply; 17+ messages in thread
From: Adam Szkoda @ 2023-01-18 15:28 UTC (permalink / raw)
  To: phillip.wood; +Cc: Adam Szkoda via GitGitGadget, git

Hi Phillip,

Good point!  My first thought is to try doing a stat() syscall on the
path from 'user.signingKey' to see if it exists and if not, treat it
as a public key (and pass the -U option).  If that sounds reasonable,
I can update the patch.

Best
— Adam


On Wed, Jan 18, 2023 at 3:34 PM Phillip Wood <phillip.wood123@gmail.com> wrote:
>
> On 18/01/2023 11:10, Phillip Wood wrote:
> >> the agent [1].  A fix is scheduled to be released in OpenSSH 9.1. All
> >> that
> >> needs to be done is to pass an additional backward-compatible option
> >> -U to
> >> 'ssh-keygen -Y sign' call.  With '-U', ssh-keygen always interprets
> >> the file
> >> as public key and expects to find the private key in the agent.
> >
> > The documentation for user.signingKey says
> >
> >   If gpg.format is set to ssh this can contain the path to either your
> > private ssh key or the public key when ssh-agent is used.
> >
> > If I've understood correctly passing -U will prevent users from setting
> > this to a private key.
>
> If there is an easy way to tell if the user has given us a public key
> then we could pass "-U" in that case.
>
> Best Wishes
>
> Phillip

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH] ssh signing: better error message when key not in agent
  2023-01-18 15:28     ` Adam Szkoda
@ 2023-01-18 16:29       ` Phillip Wood
  2023-01-20  9:03         ` Fabian Stelzer
  0 siblings, 1 reply; 17+ messages in thread
From: Phillip Wood @ 2023-01-18 16:29 UTC (permalink / raw)
  To: Adam Szkoda; +Cc: Adam Szkoda via GitGitGadget, git, Fabian Stelzer

Hi Adam

I've cc'd Fabian who knows more about the ssh signing code that I do.

On 18/01/2023 15:28, Adam Szkoda wrote:
> Hi Phillip,
> 
> Good point!  My first thought is to try doing a stat() syscall on the
> path from 'user.signingKey' to see if it exists and if not, treat it
> as a public key (and pass the -U option).  If that sounds reasonable,
> I can update the patch.

My reading of the documentation is that user.signingKey may point to a 
public or private key so I'm not sure how stat()ing would help. Looking 
at the code in sign_buffer_ssh() we have a function is_literal_ssh_key() 
that checks if the config value is a public key. When the user passes 
the path to a key we could read the file check use is_literal_ssh_key() 
to check if it is a public key (or possibly just check if the file 
begins with "ssh-"). Fabian - does that sound reasonable?

Best Wishes

Phillip

> Best
> — Adam
> 
> 
> On Wed, Jan 18, 2023 at 3:34 PM Phillip Wood <phillip.wood123@gmail.com> wrote:
>>
>> On 18/01/2023 11:10, Phillip Wood wrote:
>>>> the agent [1].  A fix is scheduled to be released in OpenSSH 9.1. All
>>>> that
>>>> needs to be done is to pass an additional backward-compatible option
>>>> -U to
>>>> 'ssh-keygen -Y sign' call.  With '-U', ssh-keygen always interprets
>>>> the file
>>>> as public key and expects to find the private key in the agent.
>>>
>>> The documentation for user.signingKey says
>>>
>>>    If gpg.format is set to ssh this can contain the path to either your
>>> private ssh key or the public key when ssh-agent is used.
>>>
>>> If I've understood correctly passing -U will prevent users from setting
>>> this to a private key.
>>
>> If there is an easy way to tell if the user has given us a public key
>> then we could pass "-U" in that case.
>>
>> Best Wishes
>>
>> Phillip

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH] ssh signing: better error message when key not in agent
  2023-01-18 16:29       ` Phillip Wood
@ 2023-01-20  9:03         ` Fabian Stelzer
  2023-01-23  9:33           ` Phillip Wood
  0 siblings, 1 reply; 17+ messages in thread
From: Fabian Stelzer @ 2023-01-20  9:03 UTC (permalink / raw)
  To: phillip.wood; +Cc: Adam Szkoda, Adam Szkoda via GitGitGadget, git

On 18.01.2023 16:29, Phillip Wood wrote:
>Hi Adam
>
>I've cc'd Fabian who knows more about the ssh signing code that I do.
>
>On 18/01/2023 15:28, Adam Szkoda wrote:
>>Hi Phillip,
>>
>>Good point!  My first thought is to try doing a stat() syscall on the
>>path from 'user.signingKey' to see if it exists and if not, treat it
>>as a public key (and pass the -U option).  If that sounds reasonable,
>>I can update the patch.
>
>My reading of the documentation is that user.signingKey may point to a 
>public or private key so I'm not sure how stat()ing would help. 
>Looking at the code in sign_buffer_ssh() we have a function 
>is_literal_ssh_key() that checks if the config value is a public key. 
>When the user passes the path to a key we could read the file check 
>use is_literal_ssh_key() to check if it is a public key (or possibly 
>just check if the file begins with "ssh-"). Fabian - does that sound 
>reasonable?

Hi,
I have encountered the mentioned problem before as well and tried to fix it 
but did not find a good / reasonable way to do so. Git just passes the 
user.signingKey to ssh-keygen which states:
`The key used for signing is specified using the -f option and may refer to 
either a private key, or a public key with the private half available via 
ssh-agent(1)`

I don't think it's a good idea for git to parse the key and try to determine 
if it's public or private. The fix should probably be in openssh (different 
error message) but when looking into it last time i remember that the logic 
for using the key is quite deeply embedded into the ssh code and not easily 
adjusted for the signing use case. At the moment I don't have the time to 
look into it but the openssh code for signing is quite readable so feel free 
to give it a try. Maybe you find a good way.

Best regards,
Fabian

>
>Best Wishes
>
>Phillip
>
>>Best
>>— Adam
>>
>>
>>On Wed, Jan 18, 2023 at 3:34 PM Phillip Wood <phillip.wood123@gmail.com> wrote:
>>>
>>>On 18/01/2023 11:10, Phillip Wood wrote:
>>>>>the agent [1].  A fix is scheduled to be released in OpenSSH 9.1. All
>>>>>that
>>>>>needs to be done is to pass an additional backward-compatible option
>>>>>-U to
>>>>>'ssh-keygen -Y sign' call.  With '-U', ssh-keygen always interprets
>>>>>the file
>>>>>as public key and expects to find the private key in the agent.
>>>>
>>>>The documentation for user.signingKey says
>>>>
>>>>   If gpg.format is set to ssh this can contain the path to either your
>>>>private ssh key or the public key when ssh-agent is used.
>>>>
>>>>If I've understood correctly passing -U will prevent users from setting
>>>>this to a private key.
>>>
>>>If there is an easy way to tell if the user has given us a public key
>>>then we could pass "-U" in that case.
>>>
>>>Best Wishes
>>>
>>>Phillip

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH] ssh signing: better error message when key not in agent
  2023-01-20  9:03         ` Fabian Stelzer
@ 2023-01-23  9:33           ` Phillip Wood
  2023-01-23 10:02             ` Fabian Stelzer
  0 siblings, 1 reply; 17+ messages in thread
From: Phillip Wood @ 2023-01-23  9:33 UTC (permalink / raw)
  To: Fabian Stelzer; +Cc: Adam Szkoda, Adam Szkoda via GitGitGadget, git

On 20/01/2023 09:03, Fabian Stelzer wrote:
> On 18.01.2023 16:29, Phillip Wood wrote:
>> Hi Adam
>>
>> I've cc'd Fabian who knows more about the ssh signing code that I do.
>>
>> On 18/01/2023 15:28, Adam Szkoda wrote:
>>> Hi Phillip,
>>>
>>> Good point!  My first thought is to try doing a stat() syscall on the
>>> path from 'user.signingKey' to see if it exists and if not, treat it
>>> as a public key (and pass the -U option).  If that sounds reasonable,
>>> I can update the patch.
>>
>> My reading of the documentation is that user.signingKey may point to a 
>> public or private key so I'm not sure how stat()ing would help. 
>> Looking at the code in sign_buffer_ssh() we have a function 
>> is_literal_ssh_key() that checks if the config value is a public key. 
>> When the user passes the path to a key we could read the file check 
>> use is_literal_ssh_key() to check if it is a public key (or possibly 
>> just check if the file begins with "ssh-"). Fabian - does that sound 
>> reasonable?
> 
> Hi,
> I have encountered the mentioned problem before as well and tried to fix 
> it but did not find a good / reasonable way to do so. Git just passes 
> the user.signingKey to ssh-keygen which states:
> `The key used for signing is specified using the -f option and may refer 
> to either a private key, or a public key with the private half available 
> via ssh-agent(1)`
> 
> I don't think it's a good idea for git to parse the key and try to 
> determine if it's public or private. The fix should probably be in 
> openssh (different error message) but when looking into it last time i 
> remember that the logic for using the key is quite deeply embedded into 
> the ssh code and not easily adjusted for the signing use case. At the 
> moment I don't have the time to look into it but the openssh code for 
> signing is quite readable so feel free to give it a try. Maybe you find 
> a good way.

Thanks Fabian, perhaps the easiest way forward is for us to only pass 
"-U" when we have a literal key in user.signingKey as we know it must a 
be public key in that case.

Best Wishes

Phillip

> Best regards,
> Fabian
> 
>>
>> Best Wishes
>>
>> Phillip
>>
>>> Best
>>> — Adam
>>>
>>>
>>> On Wed, Jan 18, 2023 at 3:34 PM Phillip Wood 
>>> <phillip.wood123@gmail.com> wrote:
>>>>
>>>> On 18/01/2023 11:10, Phillip Wood wrote:
>>>>>> the agent [1].  A fix is scheduled to be released in OpenSSH 9.1. All
>>>>>> that
>>>>>> needs to be done is to pass an additional backward-compatible option
>>>>>> -U to
>>>>>> 'ssh-keygen -Y sign' call.  With '-U', ssh-keygen always interprets
>>>>>> the file
>>>>>> as public key and expects to find the private key in the agent.
>>>>>
>>>>> The documentation for user.signingKey says
>>>>>
>>>>>   If gpg.format is set to ssh this can contain the path to either your
>>>>> private ssh key or the public key when ssh-agent is used.
>>>>>
>>>>> If I've understood correctly passing -U will prevent users from 
>>>>> setting
>>>>> this to a private key.
>>>>
>>>> If there is an easy way to tell if the user has given us a public key
>>>> then we could pass "-U" in that case.
>>>>
>>>> Best Wishes
>>>>
>>>> Phillip

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH] ssh signing: better error message when key not in agent
  2023-01-23  9:33           ` Phillip Wood
@ 2023-01-23 10:02             ` Fabian Stelzer
  2023-01-23 16:17               ` Adam Szkoda
  0 siblings, 1 reply; 17+ messages in thread
From: Fabian Stelzer @ 2023-01-23 10:02 UTC (permalink / raw)
  To: phillip.wood; +Cc: Adam Szkoda, Adam Szkoda via GitGitGadget, git

On 23.01.2023 09:33, Phillip Wood wrote:
>On 20/01/2023 09:03, Fabian Stelzer wrote:
>>On 18.01.2023 16:29, Phillip Wood wrote:
>>>Hi Adam
>>>
>>>I've cc'd Fabian who knows more about the ssh signing code that I do.
>>>
>>>On 18/01/2023 15:28, Adam Szkoda wrote:
>>>>Hi Phillip,
>>>>
>>>>Good point!  My first thought is to try doing a stat() syscall on the
>>>>path from 'user.signingKey' to see if it exists and if not, treat it
>>>>as a public key (and pass the -U option).  If that sounds reasonable,
>>>>I can update the patch.
>>>
>>>My reading of the documentation is that user.signingKey may point 
>>>to a public or private key so I'm not sure how stat()ing would 
>>>help. Looking at the code in sign_buffer_ssh() we have a function 
>>>is_literal_ssh_key() that checks if the config value is a public 
>>>key. When the user passes the path to a key we could read the file 
>>>check use is_literal_ssh_key() to check if it is a public key (or 
>>>possibly just check if the file begins with "ssh-"). Fabian - does 
>>>that sound reasonable?
>>
>>Hi,
>>I have encountered the mentioned problem before as well and tried to 
>>fix it but did not find a good / reasonable way to do so. Git just 
>>passes the user.signingKey to ssh-keygen which states:
>>`The key used for signing is specified using the -f option and may 
>>refer to either a private key, or a public key with the private half 
>>available via ssh-agent(1)`
>>
>>I don't think it's a good idea for git to parse the key and try to 
>>determine if it's public or private. The fix should probably be in 
>>openssh (different error message) but when looking into it last time 
>>i remember that the logic for using the key is quite deeply embedded 
>>into the ssh code and not easily adjusted for the signing use case. 
>>At the moment I don't have the time to look into it but the openssh 
>>code for signing is quite readable so feel free to give it a try. 
>>Maybe you find a good way.
>
>Thanks Fabian, perhaps the easiest way forward is for us to only pass 
>"-U" when we have a literal key in user.signingKey as we know it must 
>a be public key in that case.

Yes, i think that's a good idea as long as the `-U` flag is ignored in older 
ssh versions and shouldn't be too hard to implement. And it should work just 
as well when using `defaultKeyCommand`.

Best,
Fabian

>
>Best Wishes
>
>Phillip
>
>>Best regards,
>>Fabian
>>
>>>
>>>Best Wishes
>>>
>>>Phillip
>>>
>>>>Best
>>>>— Adam
>>>>
>>>>
>>>>On Wed, Jan 18, 2023 at 3:34 PM Phillip Wood 
>>>><phillip.wood123@gmail.com> wrote:
>>>>>
>>>>>On 18/01/2023 11:10, Phillip Wood wrote:
>>>>>>>the agent [1].  A fix is scheduled to be released in OpenSSH 9.1. All
>>>>>>>that
>>>>>>>needs to be done is to pass an additional backward-compatible option
>>>>>>>-U to
>>>>>>>'ssh-keygen -Y sign' call.  With '-U', ssh-keygen always interprets
>>>>>>>the file
>>>>>>>as public key and expects to find the private key in the agent.
>>>>>>
>>>>>>The documentation for user.signingKey says
>>>>>>
>>>>>>  If gpg.format is set to ssh this can contain the path to either your
>>>>>>private ssh key or the public key when ssh-agent is used.
>>>>>>
>>>>>>If I've understood correctly passing -U will prevent users 
>>>>>>from setting
>>>>>>this to a private key.
>>>>>
>>>>>If there is an easy way to tell if the user has given us a public key
>>>>>then we could pass "-U" in that case.
>>>>>
>>>>>Best Wishes
>>>>>
>>>>>Phillip

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH] ssh signing: better error message when key not in agent
  2023-01-23 10:02             ` Fabian Stelzer
@ 2023-01-23 16:17               ` Adam Szkoda
  0 siblings, 0 replies; 17+ messages in thread
From: Adam Szkoda @ 2023-01-23 16:17 UTC (permalink / raw)
  To: Fabian Stelzer; +Cc: phillip.wood, Adam Szkoda via GitGitGadget, git

Hi!  I've pushed a patch that adds `-U` conditional on is_literal_ssh_key().

According to the OpenSSH issue ([1]), that option is backward compatible:

> It should be safe to use -U even for older versions. It won't require the agent (as openssh-9.1 will) but it won't cause an error.

[1]: https://bugzilla.mindrot.org/show_bug.cgi?id=3429

Cheers
— Adam


On Mon, Jan 23, 2023 at 11:02 AM Fabian Stelzer <fs@gigacodes.de> wrote:
>
> On 23.01.2023 09:33, Phillip Wood wrote:
> >On 20/01/2023 09:03, Fabian Stelzer wrote:
> >>On 18.01.2023 16:29, Phillip Wood wrote:
> >>>Hi Adam
> >>>
> >>>I've cc'd Fabian who knows more about the ssh signing code that I do.
> >>>
> >>>On 18/01/2023 15:28, Adam Szkoda wrote:
> >>>>Hi Phillip,
> >>>>
> >>>>Good point!  My first thought is to try doing a stat() syscall on the
> >>>>path from 'user.signingKey' to see if it exists and if not, treat it
> >>>>as a public key (and pass the -U option).  If that sounds reasonable,
> >>>>I can update the patch.
> >>>
> >>>My reading of the documentation is that user.signingKey may point
> >>>to a public or private key so I'm not sure how stat()ing would
> >>>help. Looking at the code in sign_buffer_ssh() we have a function
> >>>is_literal_ssh_key() that checks if the config value is a public
> >>>key. When the user passes the path to a key we could read the file
> >>>check use is_literal_ssh_key() to check if it is a public key (or
> >>>possibly just check if the file begins with "ssh-"). Fabian - does
> >>>that sound reasonable?
> >>
> >>Hi,
> >>I have encountered the mentioned problem before as well and tried to
> >>fix it but did not find a good / reasonable way to do so. Git just
> >>passes the user.signingKey to ssh-keygen which states:
> >>`The key used for signing is specified using the -f option and may
> >>refer to either a private key, or a public key with the private half
> >>available via ssh-agent(1)`
> >>
> >>I don't think it's a good idea for git to parse the key and try to
> >>determine if it's public or private. The fix should probably be in
> >>openssh (different error message) but when looking into it last time
> >>i remember that the logic for using the key is quite deeply embedded
> >>into the ssh code and not easily adjusted for the signing use case.
> >>At the moment I don't have the time to look into it but the openssh
> >>code for signing is quite readable so feel free to give it a try.
> >>Maybe you find a good way.
> >
> >Thanks Fabian, perhaps the easiest way forward is for us to only pass
> >"-U" when we have a literal key in user.signingKey as we know it must
> >a be public key in that case.
>
> Yes, i think that's a good idea as long as the `-U` flag is ignored in older
> ssh versions and shouldn't be too hard to implement. And it should work just
> as well when using `defaultKeyCommand`.
>
> Best,
> Fabian
>
> >
> >Best Wishes
> >
> >Phillip
> >
> >>Best regards,
> >>Fabian
> >>
> >>>
> >>>Best Wishes
> >>>
> >>>Phillip
> >>>
> >>>>Best
> >>>>— Adam
> >>>>
> >>>>
> >>>>On Wed, Jan 18, 2023 at 3:34 PM Phillip Wood
> >>>><phillip.wood123@gmail.com> wrote:
> >>>>>
> >>>>>On 18/01/2023 11:10, Phillip Wood wrote:
> >>>>>>>the agent [1].  A fix is scheduled to be released in OpenSSH 9.1. All
> >>>>>>>that
> >>>>>>>needs to be done is to pass an additional backward-compatible option
> >>>>>>>-U to
> >>>>>>>'ssh-keygen -Y sign' call.  With '-U', ssh-keygen always interprets
> >>>>>>>the file
> >>>>>>>as public key and expects to find the private key in the agent.
> >>>>>>
> >>>>>>The documentation for user.signingKey says
> >>>>>>
> >>>>>>  If gpg.format is set to ssh this can contain the path to either your
> >>>>>>private ssh key or the public key when ssh-agent is used.
> >>>>>>
> >>>>>>If I've understood correctly passing -U will prevent users
> >>>>>>from setting
> >>>>>>this to a private key.
> >>>>>
> >>>>>If there is an easy way to tell if the user has given us a public key
> >>>>>then we could pass "-U" in that case.
> >>>>>
> >>>>>Best Wishes
> >>>>>
> >>>>>Phillip

^ permalink raw reply	[flat|nested] 17+ messages in thread

* [PATCH v2] ssh signing: better error message when key not in agent
  2023-01-18  8:17 [PATCH] ssh signing: better error message when key not in agent Adam Szkoda via GitGitGadget
  2023-01-18 11:10 ` Phillip Wood
@ 2023-01-24 15:26 ` Adam Szkoda via GitGitGadget
  2023-01-24 17:52   ` Junio C Hamano
  2023-01-25 12:40   ` [PATCH v3] " Adam Szkoda via GitGitGadget
  1 sibling, 2 replies; 17+ messages in thread
From: Adam Szkoda via GitGitGadget @ 2023-01-24 15:26 UTC (permalink / raw)
  To: git; +Cc: Phillip Wood, Adam Szkoda, Fabian Stelzer, Adam Szkoda, Adam Szkoda

From: Adam Szkoda <adaszko@gmail.com>

When signing a commit with a SSH key, with the private key missing from
ssh-agent, a confusing error message is produced:

    error: Load key
    "/var/folders/t5/cscwwl_n3n1_8_5j_00x_3t40000gn/T//.git_signing_key_tmpkArSj7":
    invalid format? fatal: failed to write commit object

The temporary file .git_signing_key_tmpkArSj7 created by git contains a
valid *public* key.  The error message comes from `ssh-keygen -Y sign' and
is caused by a fallback mechanism in ssh-keygen whereby it tries to
interpret .git_signing_key_tmpkArSj7 as a *private* key if it can't find in
the agent [1].  A fix is scheduled to be released in OpenSSH 9.1. All that
needs to be done is to pass an additional backward-compatible option -U to
'ssh-keygen -Y sign' call.  With '-U', ssh-keygen always interprets the file
as public key and expects to find the private key in the agent.

As a result, when the private key is missing from the agent, a more accurate
error message gets produced:

    error: Couldn't find key in agent

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=3429

Signed-off-by: Adam Szkoda <adaszko@gmail.com>
---
    ssh signing: better error message when key not in agent
    
    When signing a commit with a SSH key, with the private key missing from
    ssh-agent, a confusing error message is produced:
    
    error: Load key "/var/folders/t5/cscwwl_n3n1_8_5j_00x_3t40000gn/T//.git_signing_key_tmpkArSj7": invalid format?
    fatal: failed to write commit object
    
    
    The temporary file .git_signing_key_tmpkArSj7 created by git contains a
    valid public key. The error message comes from `ssh-keygen -Y sign' and
    is caused by a fallback mechanism in ssh-keygen whereby it tries to
    interpret .git_signing_key_tmpkArSj7 as a private key if it can't find
    in the agent [1]. A fix is scheduled to be released in OpenSSH 9.1. All
    that needs to be done is to pass an additional backward-compatible
    option -U to 'ssh-keygen -Y sign' call. With '-U', ssh-keygen always
    interprets the file as public key and expects to find the private key in
    the agent.
    
    As a result, when the private key is missing from the agent, a more
    accurate error message gets produced:
    
    error: Couldn't find key in agent
    
    
    [1] https://bugzilla.mindrot.org/show_bug.cgi?id=3429

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-1270%2Fradicle-dev%2Fmaint-v2
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1270/radicle-dev/maint-v2
Pull-Request: https://github.com/git/git/pull/1270

Range-diff vs v1:

 1:  0ce06076242 < -:  ----------- ssh signing: better error message when key not in agent
 -:  ----------- > 1:  03dfca79387 ssh signing: better error message when key not in agent


 gpg-interface.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/gpg-interface.c b/gpg-interface.c
index f877a1ea564..33899a450eb 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -998,6 +998,7 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
 	char *ssh_signing_key_file = NULL;
 	struct strbuf ssh_signature_filename = STRBUF_INIT;
 	const char *literal_key = NULL;
+	int literal_ssh_key = 0;
 
 	if (!signing_key || signing_key[0] == '\0')
 		return error(
@@ -1005,6 +1006,7 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
 
 	if (is_literal_ssh_key(signing_key, &literal_key)) {
 		/* A literal ssh key */
+		literal_ssh_key = 1;
 		key_file = mks_tempfile_t(".git_signing_key_tmpXXXXXX");
 		if (!key_file)
 			return error_errno(
@@ -1036,11 +1038,14 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
 	}
 
 	strvec_pushl(&signer.args, use_format->program,
-		     "-Y", "sign",
-		     "-n", "git",
-		     "-f", ssh_signing_key_file,
-		     buffer_file->filename.buf,
-		     NULL);
+			"-Y", "sign",
+			"-n", "git",
+			"-f", ssh_signing_key_file,
+			NULL);
+	if (literal_ssh_key) {
+		strvec_push(&signer.args, "-U");
+	}
+	strvec_push(&signer.args, buffer_file->filename.buf);
 
 	sigchain_push(SIGPIPE, SIG_IGN);
 	ret = pipe_command(&signer, NULL, 0, NULL, 0, &signer_stderr, 0);

base-commit: 844ede312b4e988881b6e27e352f469d8ab80b2a
-- 
gitgitgadget

^ permalink raw reply related	[flat|nested] 17+ messages in thread

* Re: [PATCH v2] ssh signing: better error message when key not in agent
  2023-01-24 15:26 ` [PATCH v2] " Adam Szkoda via GitGitGadget
@ 2023-01-24 17:52   ` Junio C Hamano
  2023-01-25 12:46     ` Adam Szkoda
  2023-01-25 12:40   ` [PATCH v3] " Adam Szkoda via GitGitGadget
  1 sibling, 1 reply; 17+ messages in thread
From: Junio C Hamano @ 2023-01-24 17:52 UTC (permalink / raw)
  To: Adam Szkoda via GitGitGadget
  Cc: git, Phillip Wood, Adam Szkoda, Fabian Stelzer

"Adam Szkoda via GitGitGadget" <gitgitgadget@gmail.com> writes:

> From: Adam Szkoda <adaszko@gmail.com>
>
> When signing a commit with a SSH key, with the private key missing from
> ssh-agent, a confusing error message is produced:
>
>     error: Load key
>     "/var/folders/t5/cscwwl_n3n1_8_5j_00x_3t40000gn/T//.git_signing_key_tmpkArSj7":
>     invalid format? fatal: failed to write commit object
>
> The temporary file .git_signing_key_tmpkArSj7 created by git contains a
> valid *public* key.  The error message comes from `ssh-keygen -Y sign' and
> is caused by a fallback mechanism in ssh-keygen whereby it tries to
> interpret .git_signing_key_tmpkArSj7 as a *private* key if it can't find in
> the agent [1].  A fix is scheduled to be released in OpenSSH 9.1. All that
> needs to be done is to pass an additional backward-compatible option -U to
> 'ssh-keygen -Y sign' call.  With '-U', ssh-keygen always interprets the file
> as public key and expects to find the private key in the agent.
>
> As a result, when the private key is missing from the agent, a more accurate
> error message gets produced:
>
>     error: Couldn't find key in agent
>
> [1] https://bugzilla.mindrot.org/show_bug.cgi?id=3429
>
> Signed-off-by: Adam Szkoda <adaszko@gmail.com>
> ---

Well explained.

> Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1270/radicle-dev/maint-v2
> Pull-Request: https://github.com/git/git/pull/1270
>
> Range-diff vs v1:
>
>  1:  0ce06076242 < -:  ----------- ssh signing: better error message when key not in agent
>  -:  ----------- > 1:  03dfca79387 ssh signing: better error message when key not in agent

This is a fairly useless range-diff.

Even when a range-diff shows the differences in the patches,
mechanically generated range-diff can only show _what_ changed.  It
is helpful to explain the changes in your own words to highlight
_why_ such changes are done, and this place after the "---" line
and the diffstat we see below is the place to do so.

Does GitGitGadget allow its users to describe the differences since
the previous iteration yourself?

>  gpg-interface.c | 15 ++++++++++-----
>  1 file changed, 10 insertions(+), 5 deletions(-)
>
> diff --git a/gpg-interface.c b/gpg-interface.c
> index f877a1ea564..33899a450eb 100644
> --- a/gpg-interface.c
> +++ b/gpg-interface.c
> @@ -998,6 +998,7 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
>  	char *ssh_signing_key_file = NULL;
>  	struct strbuf ssh_signature_filename = STRBUF_INIT;
>  	const char *literal_key = NULL;
> +	int literal_ssh_key = 0;
>  
>  	if (!signing_key || signing_key[0] == '\0')
>  		return error(
> @@ -1005,6 +1006,7 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
>  
>  	if (is_literal_ssh_key(signing_key, &literal_key)) {
>  		/* A literal ssh key */
> +		literal_ssh_key = 1;
>  		key_file = mks_tempfile_t(".git_signing_key_tmpXXXXXX");
>  		if (!key_file)
>  			return error_errno(
> @@ -1036,11 +1038,14 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
>  	}
>  
>  	strvec_pushl(&signer.args, use_format->program,
> -		     "-Y", "sign",
> -		     "-n", "git",
> -		     "-f", ssh_signing_key_file,
> -		     buffer_file->filename.buf,
> -		     NULL);
> +			"-Y", "sign",
> +			"-n", "git",
> +			"-f", ssh_signing_key_file,
> +			NULL);

Please avoid making a pointless indentation change like this.  We do
not pass filename yet with this pushl(), because ...

> +	if (literal_ssh_key) {
> +		strvec_push(&signer.args, "-U");
> +	}

... when we give a literal key, we want to insert "-U" in front, and then

> +	strvec_push(&signer.args, buffer_file->filename.buf);

... the filename.  Which makes sense.

The insertion of "-U" is a single statement as the body of a if()
statement.  We do not want {} around it, by the way.

Other than that, nicely done.  Thanks.

>  	sigchain_push(SIGPIPE, SIG_IGN);
>  	ret = pipe_command(&signer, NULL, 0, NULL, 0, &signer_stderr, 0);
>
> base-commit: 844ede312b4e988881b6e27e352f469d8ab80b2a

^ permalink raw reply	[flat|nested] 17+ messages in thread

* [PATCH v3] ssh signing: better error message when key not in agent
  2023-01-24 15:26 ` [PATCH v2] " Adam Szkoda via GitGitGadget
  2023-01-24 17:52   ` Junio C Hamano
@ 2023-01-25 12:40   ` Adam Szkoda via GitGitGadget
  1 sibling, 0 replies; 17+ messages in thread
From: Adam Szkoda via GitGitGadget @ 2023-01-25 12:40 UTC (permalink / raw)
  To: git; +Cc: Phillip Wood, Adam Szkoda, Fabian Stelzer, Adam Szkoda, Adam Szkoda

From: Adam Szkoda <adaszko@gmail.com>

When signing a commit with a SSH key, with the private key missing from
ssh-agent, a confusing error message is produced:

    error: Load key
    "/var/folders/t5/cscwwl_n3n1_8_5j_00x_3t40000gn/T//.git_signing_key_tmpkArSj7":
    invalid format? fatal: failed to write commit object

The temporary file .git_signing_key_tmpkArSj7 created by git contains a
valid *public* key.  The error message comes from `ssh-keygen -Y sign' and
is caused by a fallback mechanism in ssh-keygen whereby it tries to
interpret .git_signing_key_tmpkArSj7 as a *private* key if it can't find in
the agent [1].  A fix is scheduled to be released in OpenSSH 9.1. All that
needs to be done is to pass an additional backward-compatible option -U to
'ssh-keygen -Y sign' call.  With '-U', ssh-keygen always interprets the file
as public key and expects to find the private key in the agent.

As a result, when the private key is missing from the agent, a more accurate
error message gets produced:

    error: Couldn't find key in agent

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=3429

Signed-off-by: Adam Szkoda <adaszko@gmail.com>
---
    ssh signing: better error message when key not in agent
    
    When signing a commit with a SSH key, with the private key missing from
    ssh-agent, a confusing error message is produced:
    
    error: Load key "/var/folders/t5/cscwwl_n3n1_8_5j_00x_3t40000gn/T//.git_signing_key_tmpkArSj7": invalid format?
    fatal: failed to write commit object
    
    
    The temporary file .git_signing_key_tmpkArSj7 created by git contains a
    valid public key. The error message comes from `ssh-keygen -Y sign' and
    is caused by a fallback mechanism in ssh-keygen whereby it tries to
    interpret .git_signing_key_tmpkArSj7 as a private key if it can't find
    in the agent [1]. A fix is scheduled to be released in OpenSSH 9.1. All
    that needs to be done is to pass an additional backward-compatible
    option -U to 'ssh-keygen -Y sign' call. With '-U', ssh-keygen always
    interprets the file as public key and expects to find the private key in
    the agent.
    
    As a result, when the private key is missing from the agent, a more
    accurate error message gets produced:
    
    error: Couldn't find key in agent
    
    
    [1] https://bugzilla.mindrot.org/show_bug.cgi?id=3429

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-1270%2Fradicle-dev%2Fmaint-v3
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1270/radicle-dev/maint-v3
Pull-Request: https://github.com/git/git/pull/1270

Range-diff vs v2:

 1:  03dfca79387 ! 1:  dc7acff3b95 ssh signing: better error message when key not in agent
     @@ gpg-interface.c: static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf
       		if (!key_file)
       			return error_errno(
      @@ gpg-interface.c: static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
     - 	}
     - 
     - 	strvec_pushl(&signer.args, use_format->program,
     --		     "-Y", "sign",
     --		     "-n", "git",
     --		     "-f", ssh_signing_key_file,
     + 		     "-Y", "sign",
     + 		     "-n", "git",
     + 		     "-f", ssh_signing_key_file,
      -		     buffer_file->filename.buf,
     --		     NULL);
     -+			"-Y", "sign",
     -+			"-n", "git",
     -+			"-f", ssh_signing_key_file,
     -+			NULL);
     -+	if (literal_ssh_key) {
     + 		     NULL);
     ++	if (literal_ssh_key)
      +		strvec_push(&signer.args, "-U");
     -+	}
      +	strvec_push(&signer.args, buffer_file->filename.buf);
       
       	sigchain_push(SIGPIPE, SIG_IGN);


 gpg-interface.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/gpg-interface.c b/gpg-interface.c
index f877a1ea564..687236430bf 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -998,6 +998,7 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
 	char *ssh_signing_key_file = NULL;
 	struct strbuf ssh_signature_filename = STRBUF_INIT;
 	const char *literal_key = NULL;
+	int literal_ssh_key = 0;
 
 	if (!signing_key || signing_key[0] == '\0')
 		return error(
@@ -1005,6 +1006,7 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
 
 	if (is_literal_ssh_key(signing_key, &literal_key)) {
 		/* A literal ssh key */
+		literal_ssh_key = 1;
 		key_file = mks_tempfile_t(".git_signing_key_tmpXXXXXX");
 		if (!key_file)
 			return error_errno(
@@ -1039,8 +1041,10 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
 		     "-Y", "sign",
 		     "-n", "git",
 		     "-f", ssh_signing_key_file,
-		     buffer_file->filename.buf,
 		     NULL);
+	if (literal_ssh_key)
+		strvec_push(&signer.args, "-U");
+	strvec_push(&signer.args, buffer_file->filename.buf);
 
 	sigchain_push(SIGPIPE, SIG_IGN);
 	ret = pipe_command(&signer, NULL, 0, NULL, 0, &signer_stderr, 0);

base-commit: 844ede312b4e988881b6e27e352f469d8ab80b2a
-- 
gitgitgadget

^ permalink raw reply related	[flat|nested] 17+ messages in thread

* Re: [PATCH v2] ssh signing: better error message when key not in agent
  2023-01-24 17:52   ` Junio C Hamano
@ 2023-01-25 12:46     ` Adam Szkoda
  2023-01-25 17:04       ` Junio C Hamano
                         ` (2 more replies)
  0 siblings, 3 replies; 17+ messages in thread
From: Adam Szkoda @ 2023-01-25 12:46 UTC (permalink / raw)
  To: Junio C Hamano
  Cc: Adam Szkoda via GitGitGadget, git, Phillip Wood, Fabian Stelzer

On Tue, Jan 24, 2023 at 6:52 PM Junio C Hamano <gitster@pobox.com> wrote:
> > Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1270/radicle-dev/maint-v2
> > Pull-Request: https://github.com/git/git/pull/1270
> >
> > Range-diff vs v1:
> >
> >  1:  0ce06076242 < -:  ----------- ssh signing: better error message when key not in agent
> >  -:  ----------- > 1:  03dfca79387 ssh signing: better error message when key not in agent
>
> This is a fairly useless range-diff.
>
> Even when a range-diff shows the differences in the patches,
> mechanically generated range-diff can only show _what_ changed.  It
> is helpful to explain the changes in your own words to highlight
> _why_ such changes are done, and this place after the "---" line
> and the diffstat we see below is the place to do so.
>
> Does GitGitGadget allow its users to describe the differences since
> the previous iteration yourself?

No, I don't think it does.   It got generated automatically without
giving me an opportunity to edit.

> >  gpg-interface.c | 15 ++++++++++-----
> >  1 file changed, 10 insertions(+), 5 deletions(-)
> >
> > diff --git a/gpg-interface.c b/gpg-interface.c
> > index f877a1ea564..33899a450eb 100644
> > --- a/gpg-interface.c
> > +++ b/gpg-interface.c
> > @@ -998,6 +998,7 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
> >       char *ssh_signing_key_file = NULL;
> >       struct strbuf ssh_signature_filename = STRBUF_INIT;
> >       const char *literal_key = NULL;
> > +     int literal_ssh_key = 0;
> >
> >       if (!signing_key || signing_key[0] == '\0')
> >               return error(
> > @@ -1005,6 +1006,7 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
> >
> >       if (is_literal_ssh_key(signing_key, &literal_key)) {
> >               /* A literal ssh key */
> > +             literal_ssh_key = 1;
> >               key_file = mks_tempfile_t(".git_signing_key_tmpXXXXXX");
> >               if (!key_file)
> >                       return error_errno(
> > @@ -1036,11 +1038,14 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
> >       }
> >
> >       strvec_pushl(&signer.args, use_format->program,
> > -                  "-Y", "sign",
> > -                  "-n", "git",
> > -                  "-f", ssh_signing_key_file,
> > -                  buffer_file->filename.buf,
> > -                  NULL);
> > +                     "-Y", "sign",
> > +                     "-n", "git",
> > +                     "-f", ssh_signing_key_file,
> > +                     NULL);
>
> Please avoid making a pointless indentation change like this.

Yep, removed.  It was largely accidental.

> We do
> not pass filename yet with this pushl(), because ...
>
> > +     if (literal_ssh_key) {
> > +             strvec_push(&signer.args, "-U");
> > +     }
>
> ... when we give a literal key, we want to insert "-U" in front, and then
>
> > +     strvec_push(&signer.args, buffer_file->filename.buf);
>
> ... the filename.  Which makes sense.

I'm not sure what you mean in this paragraph.   If there's something
more that needs to be done, I'd appreciate it if you could rephrase
it.

> The insertion of "-U" is a single statement as the body of a if()
> statement.  We do not want {} around it, by the way.

Removed the superfluous {}.

Thanks

— Adam

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v2] ssh signing: better error message when key not in agent
  2023-01-25 12:46     ` Adam Szkoda
@ 2023-01-25 17:04       ` Junio C Hamano
  2023-01-25 17:17       ` Junio C Hamano
  2023-01-25 21:42       ` Eric Sunshine
  2 siblings, 0 replies; 17+ messages in thread
From: Junio C Hamano @ 2023-01-25 17:04 UTC (permalink / raw)
  To: Adam Szkoda
  Cc: Adam Szkoda via GitGitGadget, git, Phillip Wood, Fabian Stelzer

Adam Szkoda <adaszko@gmail.com> writes:

> On Tue, Jan 24, 2023 at 6:52 PM Junio C Hamano <gitster@pobox.com> wrote:
>> > Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1270/radicle-dev/maint-v2
>> > Pull-Request: https://github.com/git/git/pull/1270
>> >
>> > Range-diff vs v1:
>> >
>> >  1:  0ce06076242 < -:  ----------- ssh signing: better error message when key not in agent
>> >  -:  ----------- > 1:  03dfca79387 ssh signing: better error message when key not in agent
>>
>> This is a fairly useless range-diff.
>>
>> Even when a range-diff shows the differences in the patches,
>> mechanically generated range-diff can only show _what_ changed.  It
>> is helpful to explain the changes in your own words to highlight
>> _why_ such changes are done, and this place after the "---" line
>> and the diffstat we see below is the place to do so.
>>
>> Does GitGitGadget allow its users to describe the differences since
>> the previous iteration yourself?
>
> No, I don't think it does.   It got generated automatically without
> giving me an opportunity to edit.

Hmph.  

The text after "---" and before "Fetch-it-via:" does look like
something a human wrote.  The part often is byte-for-byte identical
duplicate of the proposed log message, but I think I have seen
patches via GitGitGadget that have different text there, and was
hoping perhaps the authors can use it to describe commentary for the
range-diff.

> Yep, removed.  It was largely accidental.
> ...
> Removed the superfluous {}.
>
> Thanks

Thanks.  Looking good.  Will queue and merge down to 'next'.


^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v2] ssh signing: better error message when key not in agent
  2023-01-25 12:46     ` Adam Szkoda
  2023-01-25 17:04       ` Junio C Hamano
@ 2023-01-25 17:17       ` Junio C Hamano
  2023-01-25 21:42       ` Eric Sunshine
  2 siblings, 0 replies; 17+ messages in thread
From: Junio C Hamano @ 2023-01-25 17:17 UTC (permalink / raw)
  To: Adam Szkoda
  Cc: Adam Szkoda via GitGitGadget, git, Phillip Wood, Fabian Stelzer

Adam Szkoda <adaszko@gmail.com> writes:

>> We do
>> not pass filename yet with this pushl(), because ...
>>
>> > +     if (literal_ssh_key) {
>> > +             strvec_push(&signer.args, "-U");
>> > +     }
>>
>> ... when we give a literal key, we want to insert "-U" in front, and then
>>
>> > +     strvec_push(&signer.args, buffer_file->filename.buf);
>>
>> ... the filename.  Which makes sense.
>
> I'm not sure what you mean in this paragraph.   If there's something
> more that needs to be done, I'd appreciate it if you could rephrase
> it.

"Which makes sense." is the key conclusion.  Instead of saying "This
part of the patch looks good" without explaining why I say so (it
could be that I am saying so without really reading or understanding
the changes or thinking the ramifications of the change through),
the earlier parts that lead to the conclusion is a way to give
weight to the conclusion.

In other words, it is meant to show that the reviewer did read the
patch well enough to understand the reasoning behind it.

Thanks.

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v2] ssh signing: better error message when key not in agent
  2023-01-25 12:46     ` Adam Szkoda
  2023-01-25 17:04       ` Junio C Hamano
  2023-01-25 17:17       ` Junio C Hamano
@ 2023-01-25 21:42       ` Eric Sunshine
  2023-01-25 22:22         ` Junio C Hamano
  2 siblings, 1 reply; 17+ messages in thread
From: Eric Sunshine @ 2023-01-25 21:42 UTC (permalink / raw)
  To: Adam Szkoda
  Cc: Junio C Hamano, Adam Szkoda via GitGitGadget, git, Phillip Wood,
	Fabian Stelzer

On Wed, Jan 25, 2023 at 8:05 AM Adam Szkoda <adaszko@gmail.com> wrote:
> On Tue, Jan 24, 2023 at 6:52 PM Junio C Hamano <gitster@pobox.com> wrote:
> > > Range-diff vs v1:
> > >
> > >  1:  0ce06076242 < -:  ----------- ssh signing: better error message when key not in agent
> > >  -:  ----------- > 1:  03dfca79387 ssh signing: better error message when key not in agent
> >
> > This is a fairly useless range-diff.
> >
> > Even when a range-diff shows the differences in the patches,
> > mechanically generated range-diff can only show _what_ changed.  It
> > is helpful to explain the changes in your own words to highlight
> > _why_ such changes are done, and this place after the "---" line
> > and the diffstat we see below is the place to do so.
> >
> > Does GitGitGadget allow its users to describe the differences since
> > the previous iteration yourself?
>
> No, I don't think it does.   It got generated automatically without
> giving me an opportunity to edit.

Yes, the user can describe the differences since the previous
iteration by editing the pull-request's description. Specifically,
when ready to send a new iteration:

(1) force push the new iteration to the same branch on GitHub

(2) edit the pull-request description; this is the very first
"comment" on the pull-request page; press the "..." button on that
comment and choose the "Edit" menu item; revise the text to describe
the changes since the previous revision, then press the "Update
comment" button to save

(3) post a "/submit" comment to the pull-request to tell GitGitGadget
to send the new revision to the Git mailing list

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v2] ssh signing: better error message when key not in agent
  2023-01-25 21:42       ` Eric Sunshine
@ 2023-01-25 22:22         ` Junio C Hamano
  0 siblings, 0 replies; 17+ messages in thread
From: Junio C Hamano @ 2023-01-25 22:22 UTC (permalink / raw)
  To: Eric Sunshine
  Cc: Adam Szkoda, Adam Szkoda via GitGitGadget, git, Phillip Wood,
	Fabian Stelzer

Eric Sunshine <sunshine@sunshineco.com> writes:

> On Wed, Jan 25, 2023 at 8:05 AM Adam Szkoda <adaszko@gmail.com> wrote:
>> On Tue, Jan 24, 2023 at 6:52 PM Junio C Hamano <gitster@pobox.com> wrote:
>> > > Range-diff vs v1:
>> > >
>> > >  1:  0ce06076242 < -:  ----------- ssh signing: better error message when key not in agent
>> > >  -:  ----------- > 1:  03dfca79387 ssh signing: better error message when key not in agent
>> >
>> > This is a fairly useless range-diff.
>> >
>> > Even when a range-diff shows the differences in the patches,
>> > mechanically generated range-diff can only show _what_ changed.  It
>> > is helpful to explain the changes in your own words to highlight
>> > _why_ such changes are done, and this place after the "---" line
>> > and the diffstat we see below is the place to do so.
>> >
>> > Does GitGitGadget allow its users to describe the differences since
>> > the previous iteration yourself?
>>
>> No, I don't think it does.   It got generated automatically without
>> giving me an opportunity to edit.
>
> Yes, the user can describe the differences since the previous
> iteration by editing the pull-request's description. Specifically,
> when ready to send a new iteration:
>
> (1) force push the new iteration to the same branch on GitHub
>
> (2) edit the pull-request description; this is the very first
> "comment" on the pull-request page; press the "..." button on that
> comment and choose the "Edit" menu item; revise the text to describe
> the changes since the previous revision, then press the "Update
> comment" button to save
>
> (3) post a "/submit" comment to the pull-request to tell GitGitGadget
> to send the new revision to the Git mailing list

Thanks.  I thought the above would make a good addition to our
documentation set.  Documentation/MyFirstContribution.txt does have
this to say:

    Once you have your branch again in the shape you want following all review
    comments, you can submit again:

    ----
    $ git push -f remotename psuh
    ----

    Next, go look at your pull request against GitGitGadget; you should see the CI
    has been kicked off again. Now while the CI is running is a good time for you
    to modify your description at the top of the pull request thread; it will be
    used again as the cover letter. You should use this space to describe what
    has changed since your previous version, so that your reviewers have some idea
    of what they're looking at. When the CI is done running, you can comment once
    more with `/submit` - GitGitGadget will automatically add a v2 mark to your
    changes.

before it talks about doing the "/submit" again.  Expanding the
above into a bulletted list form like you did might make it easier
to follow through, perhaps?  I dunno.



^ permalink raw reply	[flat|nested] 17+ messages in thread

end of thread, other threads:[~2023-01-25 22:23 UTC | newest]

Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-18  8:17 [PATCH] ssh signing: better error message when key not in agent Adam Szkoda via GitGitGadget
2023-01-18 11:10 ` Phillip Wood
2023-01-18 14:34   ` Phillip Wood
2023-01-18 15:28     ` Adam Szkoda
2023-01-18 16:29       ` Phillip Wood
2023-01-20  9:03         ` Fabian Stelzer
2023-01-23  9:33           ` Phillip Wood
2023-01-23 10:02             ` Fabian Stelzer
2023-01-23 16:17               ` Adam Szkoda
2023-01-24 15:26 ` [PATCH v2] " Adam Szkoda via GitGitGadget
2023-01-24 17:52   ` Junio C Hamano
2023-01-25 12:46     ` Adam Szkoda
2023-01-25 17:04       ` Junio C Hamano
2023-01-25 17:17       ` Junio C Hamano
2023-01-25 21:42       ` Eric Sunshine
2023-01-25 22:22         ` Junio C Hamano
2023-01-25 12:40   ` [PATCH v3] " Adam Szkoda via GitGitGadget

Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).