[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?
|
From: |
Ralf S. Engelschall |
|
Subject: |
Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken? |
|
Date: |
Sun, 13 Apr 2008 10:04:45 +0200 |
|
User-agent: |
Mutt/1.5.17 OpenPKG/CURRENT (2007-11-01) |
On Sat, Apr 12, 2008, Justin Patrin wrote:
> On Sat, Apr 12, 2008 at 12:54 AM, Ralf S. Engelschall
> <address@hidden> wrote:
> >
> > On Sat, Apr 12, 2008, Ralf S. Engelschall wrote:
> >
> > > On Fri, Apr 11, 2008, Justin Patrin wrote:
> > >
> > > > On Fri, Apr 11, 2008 at 2:02 PM, Ralf S. Engelschall
> > > > <address@hidden> wrote:
> > > > > On Fri, Apr 11, 2008, Ralf S. Engelschall wrote:
> > > > >
> > > > > > After upgrading to Monotone 0.40 and migrating my databases to
> > the new
> > > > > > schema with "mtn db migrate" I'm faced with the problem that on
> > "mtn
> > > > > > commit" I'm now asked for the pass-phrase of my address@hidden
> > key,
> > > > > > although it is loaded just fine in the SSH-Agent and could be
> > fetched
> > > > > > just fine by all Monotone <= 0.39 during the last months. It
> > seems to be
> > > > > > that the code which uses the SSH-Agent got broken in Monotone
> > 0.40 with
> > > > > > the recent changes. Any clues?
> > > > [...]
> > > >
> > > > Can you try running a "make check" and see if the ssh-agent tests
> > > > fail? I'm not seeing any failures on my machines.
> > >
> > > This is the really strange thing, the test suite works just fine:
> > >
> > > | [...]
> > > | 413 ssh_agent ok
> > > | [...]
> > >
> > > Seems like I've to digg deeper to find out why 0.40 now dislikes my key
> > > in the SSH-Agent. My current situation now is:
> > >
> > > | $ mtn ci -m "upgrade to RPM 5.1b2"
> > > | mtn: beginning commit on branch 'OpenPKG.framework.src'
> > > | enter passphrase for key ID address@hidden:
> > > | mtn: committed revision 7b7299dbfcd62ad95ebc5ce38ac4fdef4268ae27
> > > | address@hidden:/u/rse/prj/openpkg-2008/src/openpkg/src
> > > | $ ssh-add -l
> > > | 1024 94:bb:05:92:32:ef:11:65:ec:aa:d5:2e:97:82:53:c7 Ralf S.
> > Engelschall <address@hidden> (RSA1)
> > > | 2048 27:cc:cb:66:10:31:09:03:9e:0d:de:31:fd:6b:c0:7f Ralf S.
> > Engelschall (DSA) (DSA)
> > > | 2048 d8:68:a2:f8:90:13:10:2f:f2:2e:64:f5:8e:1d:6d:b3 Ralf S.
> > Engelschall (RSA) (RSA)
> > > | 1024 89:46:ab:e9:ae:eb:7b:8a:43:0c:2b:eb:95:f2:58:24 address@hidden
> > (RSA)
> > >
> > > The last key in my SSH-Agent is the RSA key for Monotone which worked
> > > just fine during the last months. But as you can see from my commit
> > > step before, Monotone no longer seems to contact my SSH-Agent (which
> > > here is based on PAgent from PuTTY). I don't know why. Exactly the
> > > same PAgent process is what I used with Monotone 0.39 just yesterday
> > > before I upgraded to Monotone 0.40, the I've definetely no change on the
> > > SSH-Agent side.
> > >
> > > Strange, I'll try to find out what is going on here...
> >
> > Ok, could it be that the "ssh_agent" test suite is broken? I mean it
> > seems to me that it just tries to load a pass-phrase protected key
> > into the agent, but I do not see where it actually tries to perform a
> > _commit_ operation with this key. When I add...
> >
> > Index: tests/ssh_agent/__driver__.lua
> > --- tests/ssh_agent/__driver__.lua
> > 95cd8c83271295eacfdafa032182f9ee07ae1913
> > +++ tests/ssh_agent/__driver__.lua
> > d8c108b85e3c9720e8c5d1cd91e4e1754c2e104d
> > @@ -290,3 +290,8 @@ end
> > if not ok then
> > err("identity was not added to ssh-agent")
> > end
> > +
> > +-- * (ok) mtn ci with -k and with ssh-agent running with both montone
> > keys ex/imported key with passphrase
> > +addfile("some_file21", "test")
> > +check(mtn("ci", "--key", "address@hidden", "--message", "commit msg"), 0,
> > false, false)
> > +
> >
> > To the end of the test suite and run "./run_lua_tests ssh_agent" it
> > actually FAILS in this last commit command. Perhaps the previous commits
> > in this test suite just succeed because Monotone is actually using the
> > keys on the filesystem instead the copy in the agent? At least, why does
> > this additional commit not succeeed?
>
> The ssh_sgent test does plenty of commits with various options but it
> may not run on Windows. I didn't realize that you were running on
> Windows, it uses a different set of code to connect to Pageant. I'll
> have to see if I can get a build working in windows (although I
> wouldn't hold my breath).
No, no, I'm _not_ running Monotone under Windows. I'm just sitting in
front of a Windows _desktop_, but Monotone is running on the Unix server
side, of course. I just use the PuTTY Pageant as the SSH-Agent as I sit
in front of a Windows desktop and connect via plink+xterm to the Unix
server. Everything else is running under Unix (in my case FreeBSD 6).
> Try removing your key from the agent and re-running your mtn ci, then
> run a new mtn ci. The first should ask yo for your password and
> automatically add the key to the agent and the second shouldn't
> require a password.
The auto-loading of the key works, but not the signing with it during
commit (the first three shown keys are my regular SSH keys, the MTN RSA
key I've manually removed from Pageant manually before):
| $ ssh-add -l
| 1024 94:bb:05:92:32:ef:11:65:ec:aa:d5:2e:97:82:53:c7 Ralf S. Engelschall
<address@hidden> (RSA1)
| 2048 27:cc:cb:66:10:31:09:03:9e:0d:de:31:fd:6b:c0:7f Ralf S. Engelschall
(DSA) (DSA)
| 2048 d8:68:a2:f8:90:13:10:2f:f2:2e:64:f5:8e:1d:6d:b3 Ralf S. Engelschall
(RSA) (RSA)
| $ cd /tmp
| $ mtn --version
| monotone 0.40 (base revision: 5ccc279f9dea0444b47f03dd5291ecc985fcb7f6)
| $ mtn --db=test.db db init
| $ mkdir test
| $ cd test
| $ mtn --db=/tmp/test.db setup -b test
| $ echo "foo" >foo.txt
| $ mtn add foo.txt
| mtn: adding foo.txt to workspace manifest
| $ mtn ci -m "test commit 1"
| mtn: beginning commit on branch 'test'
| enter passphrase for key ID address@hidden:
^^^^^^^^^^^^^^^^
I initially get asked for the key: EXPECTED!
| mtn: committed revision 6b5a5ad68d2bda38351cf64e1556b11e202df08b
| $ ssh-add -l
| 1024 94:bb:05:92:32:ef:11:65:ec:aa:d5:2e:97:82:53:c7 Ralf S. Engelschall
<address@hidden> (RSA1)
| 2048 27:cc:cb:66:10:31:09:03:9e:0d:de:31:fd:6b:c0:7f Ralf S. Engelschall
(DSA) (DSA)
| 2048 d8:68:a2:f8:90:13:10:2f:f2:2e:64:f5:8e:1d:6d:b3 Ralf S. Engelschall
(RSA) (RSA)
| 1024 89:46:ab:e9:ae:eb:7b:8a:43:0c:2b:eb:95:f2:58:24 address@hidden (RSA)
^^^^^^^^^
The key was auto-loaded!
| $ echo "bar" >foo.txt
| $ mtn ci -m "test commit 2"
| mtn: beginning commit on branch 'test'
| enter passphrase for key ID address@hidden:
^^^^^^^^^^^^^^^^
I again get asked for the key: _NOT_ EXPECTED!
| mtn: committed revision d5d9b468cbc4930089486dd9d963c2abd72edace
| $ ssh-add -l
| 1024 94:bb:05:92:32:ef:11:65:ec:aa:d5:2e:97:82:53:c7 Ralf S. Engelschall
<address@hidden> (RSA1)
| 2048 27:cc:cb:66:10:31:09:03:9e:0d:de:31:fd:6b:c0:7f Ralf S. Engelschall
(DSA) (DSA)
| 2048 d8:68:a2:f8:90:13:10:2f:f2:2e:64:f5:8e:1d:6d:b3 Ralf S. Engelschall
(RSA) (RSA)
| 1024 89:46:ab:e9:ae:eb:7b:8a:43:0c:2b:eb:95:f2:58:24 address@hidden (RSA)
^^^^
Although the key is still loaded!
So, everything seems to work fine _EXCEPT_ the signing via SSH-Agent!
AND NOW IT COMES: IT IS _NOT_ RELATED TO PuTTY PageAgent, IT ALSO
HAPPENS WITH OpenSSH's ssh-agent (this is directly in the _same_ shell
session, and after the above commands, and now with a local SSH-Agent):
| $ cd /tmp
| $ rm -rf test*
| $ eval `ssh-agent`
| Agent pid 71408
| $ ssh-add -l
| The agent has no identities.
| $ mtn --db=test.db db init
| $ mkdir test
| $ mtn --db=/tmp/test.db setup -b test
| $ echo "foo" >foo.txt
| $ mtn add foo.txt
| mtn: adding foo.txt to workspace manifest
| $ mtn ci -m "test commit 1"
| mtn: beginning commit on branch 'test'
| enter passphrase for key ID address@hidden:
| mtn: committed revision 6b5a5ad68d2bda38351cf64e1556b11e202df08b
| $ ssh-add -l
| 1024 89:46:ab:e9:ae:eb:7b:8a:43:0c:2b:eb:95:f2:58:24 address@hidden (RSA)
| $ echo "bar" >foo.txt
| $ mtn ci -m "test commit 2"
| mtn: beginning commit on branch 'test'
| enter passphrase for key ID address@hidden:
^^^^^^^^^^^^^
SAME ERROR!
| mtn: committed revision d5d9b468cbc4930089486dd9d963c2abd72edace
| $ ssh-add -l
| 1024 89:46:ab:e9:ae:eb:7b:8a:43:0c:2b:eb:95:f2:58:24 address@hidden (RSA)
So, the problem seems to be _NOT_ Pageant (Windows) or ssh-agent(1)
(Unix) related. To me it seems more that starting with Monotone 0.40 the
signing via SSH-Agents is broken for me -- and I've still no clue why...
Ralf S. Engelschall
address@hidden
www.engelschall.com
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, (continued)
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Justin Patrin, 2008/04/12
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Ralf S. Engelschall, 2008/04/13
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Richard Levitte, 2008/04/13
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Ralf S. Engelschall, 2008/04/13
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Ralf S. Engelschall, 2008/04/13
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Justin Patrin, 2008/04/13
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Justin Patrin, 2008/04/13
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Justin Patrin, 2008/04/14
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Justin Patrin, 2008/04/14
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Ralf S. Engelschall, 2008/04/14
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?,
Ralf S. Engelschall <=