[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?
From: |
Justin Patrin |
Subject: |
Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken? |
Date: |
Mon, 14 Apr 2008 11:57:57 -0700 |
On Mon, Apr 14, 2008 at 10:47 AM, Justin Patrin <address@hidden> wrote:
>
> On Sun, Apr 13, 2008 at 11:21 AM, Justin Patrin <address@hidden> wrote:
> >
> > On Sun, Apr 13, 2008 at 10:43 AM, Justin Patrin <address@hidden> wrote:
> > > On Sun, Apr 13, 2008 at 6:30 AM, Ralf S. Engelschall
> > > <address@hidden> wrote:
> > > > On Sun, Apr 13, 2008, Ralf S. Engelschall wrote:
> > > >
> > > > > On Sun, Apr 13, 2008, Richard Levitte wrote:
> > > > >
> > > > > > In message <address@hidden> on Sun, 13 Apr 2008 10:11:07 +0200,
> "Ralf S. Engelschall" <address@hidden> said:
> > > > > >
> > > > > > rse+monotone-devel> Please apply my posted patch and run the
> > > > > > rse+monotone-devel> "ssh_agent" test. Does it fail or succeed
> for you?
> > > > > >
> > > > > > Just did on my Linux laptop, and it fails.
> > > > > >
> > > > > > Ralf, please commit the changed ssh_agent test so it gets out
> there.
> > > > > > That's the best way to activate people ;-)
> > > > >
> > > > > I've now committed two more checks which show the problem.
> > > > > Now remains just the task to still fix this nasty new problem...
> ;-)
> > > >
> > > > I'm currently digging and according to "mtn --debug" outputs it
> looks
> > > > like Monotone on "commit" doesn't contact the SSH-agent initially at
> > > > all. My first impression was that perhaps the communication protocol
> > > > itself got broken. But this doesn't seem to be the problem. Monotone
> > > > just starts fiddling with the SSH-agent once one has entered the
> > > > pass-phrase (and this way very late). So, for me it looks like in
> > > > Monotone 0.40 we have any change with now prevents the SSH-agent
> from
> > > > being correctly consulted on "commit" at all...
> > > >
> > >
> > > I *thought* I'd taken this into account in the tests but it appears I
> > > hadn't. This is why I was so confused. Thanks for catching this. It
> > > looks like someone added a call to decrypt_private_key earlier in the
> > > chain as make_signature isn't called by the time the password is asked
> > > for. :-/ I'm looking around.
> > >
> >
> > The offender, at least for the first instance of asking for the
> > password the first time, is revision
> > 43df0ce4206510d364c401d4dd17db17b9a389b7 which added a cache_user_key
> > method and added calls to it in cmd_ws_commit.cc in several places.
> >
> > cache_decrypted_key also seems to be doing this before make_signature
> > gets called. At this point I'm not sure exactly what these things were
> > added for or what the best way to deal with ssh-agent signing is now.
> > I could add a check to see if the key is loaded into ssh-agent in
> > these 2 functions and skip their normal code-path but I suspect that
> > this would break any operations that do anything but signing (such as
> > running a netsync server).
> >
>
> I've just pushed revision 714461473df3cbabf08ecbc6f9bbceeba4463ab8
> which fixes the test you added and passes the entire test suite on my
> machine. However, I don't like all of this extra code I've put into
> cache_decrypted_key just to check if the key is in the ssh-agent.
>
> Likely cache_decrypted_key should be changed to cache via
> ssh-agent....but it would still need to do a check before trying to
> decrypt the key again.
>
I've also pushed 0c0f8b765d6e18d2d20f66cb3539c30c2918e8fe which moves
the "check to see if ssh_agent has a key" logic to a has_key function
in ssh_agent.
--
Justin Patrin
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, (continued)
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Ralf S. Engelschall, 2008/04/12
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Justin Patrin, 2008/04/12
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Justin Patrin, 2008/04/12
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Ralf S. Engelschall, 2008/04/13
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Richard Levitte, 2008/04/13
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Ralf S. Engelschall, 2008/04/13
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Ralf S. Engelschall, 2008/04/13
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Justin Patrin, 2008/04/13
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Justin Patrin, 2008/04/13
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Justin Patrin, 2008/04/14
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?,
Justin Patrin <=
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Ralf S. Engelschall, 2008/04/14
- Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?, Ralf S. Engelschall, 2008/04/13