Re: [Monotone-devel] Monotone 0.40 and SSH-Agent: broken?

[Ralf S. Engelschall]

On Mon, Apr 14, 2008, Justin Patrin wrote:

> On Sun, Apr 13, 2008 at 11:21 AM, Justin Patrin <address@hidden> wrote:
> > On Sun, Apr 13, 2008 at 10:43 AM, Justin Patrin <address@hidden> wrote:
> >  > On Sun, Apr 13, 2008 at 6:30 AM, Ralf S. Engelschall
> >  >  <address@hidden> wrote:
> >  >  > On Sun, Apr 13, 2008, Ralf S. Engelschall wrote:
> >  >  >
> >  >  >  > On Sun, Apr 13, 2008, Richard Levitte wrote:
> >  >  >  >
> >  >  >  > > In message <address@hidden> on Sun, 13 Apr 2008 10:11:07 +0200, 
> > "Ralf S. Engelschall" <address@hidden> said:
> >  >  >  > >
> >  >  >  > > rse+monotone-devel> Please apply my posted patch and run the
> >  >  >  > > rse+monotone-devel> "ssh_agent" test. Does it fail or succeed 
> > for you?
> >  >  >  > >
> >  >  >  > > Just did on my Linux laptop, and it fails.
> >  >  >  > >
> >  >  >  > > Ralf, please commit the changed ssh_agent test so it gets out 
> > there.
> >  >  >  > > That's the best way to activate people ;-)
> >  >  >  >
> >  >  >  > I've now committed two more checks which show the problem.
> >  >  >  > Now remains just the task to still fix this nasty new problem... 
> > ;-)
> >  >  >
> >  >  >  I'm currently digging and according to "mtn --debug" outputs it looks
> >  >  >  like Monotone on "commit" doesn't contact the SSH-agent initially at
> >  >  >  all. My first impression was that perhaps the communication protocol
> >  >  >  itself got broken. But this doesn't seem to be the problem. Monotone
> >  >  >  just starts fiddling with the SSH-agent once one has entered the
> >  >  >  pass-phrase (and this way very late). So, for me it looks like in
> >  >  >  Monotone 0.40 we have any change with now prevents the SSH-agent from
> >  >  >  being correctly consulted on "commit" at all...
> >  >  >
> >  >
> >  >  I *thought* I'd taken this into account in the tests but it appears I
> >  >  hadn't. This is why I was so confused. Thanks for catching this. It
> >  >  looks like someone added a call to decrypt_private_key earlier in the
> >  >  chain as make_signature isn't called by the time the password is asked
> >  >  for. :-/ I'm looking around.
> >  >
> >
> >  The offender, at least for the first instance of asking for the
> >  password the first time, is revision
> >  43df0ce4206510d364c401d4dd17db17b9a389b7 which added a cache_user_key
> >  method and added calls to it in cmd_ws_commit.cc in several places.
> >
> >  cache_decrypted_key also seems to be doing this before make_signature
> >  gets called. At this point I'm not sure exactly what these things were
> >  added for or what the best way to deal with ssh-agent signing is now.
> >  I could add a check to see if the key is loaded into ssh-agent in
> >  these 2 functions and skip their normal code-path but I suspect that
> >  this would break any operations that do anything but signing (such as
> >  running a netsync server).
>
> I've just pushed revision 714461473df3cbabf08ecbc6f9bbceeba4463ab8
> which fixes the test you added and passes the entire test suite on my
> machine. However, I don't like all of this extra code I've put into
> cache_decrypted_key just to check if the key is in the ssh-agent.
>
> Likely cache_decrypted_key should be changed to cache via
> ssh-agent....but it would still need to do a check before trying to
> decrypt the key again.

Bingo! Your change fixed the issue also for me.
Many thanks for your efforts and the quick fix.
With this fix Monotone 0.40 works just fine together
with SSH-agent as before.

                                       Ralf S. Engelschall
                                       address@hidden
                                       www.engelschall.com