# # # patch "keys.cc" # from [99c3a2cb6cec24efbac80d94917dad1d321687dd] # to [c1e1f1749ea9a946e5f950cb65bcd6059d40436d] # # patch "tests/ssh_agent/__driver__.lua" # from [ae65ea618c56e651096ed787bb431680be6256b1] # to [5e6e4d41efc7d477e12699ca6449b0a8eef2ece1] # ============================================================ --- keys.cc 99c3a2cb6cec24efbac80d94917dad1d321687dd +++ keys.cc c1e1f1749ea9a946e5f950cb65bcd6059d40436d @@ -449,7 +449,9 @@ make_signature(app_state & app, else { priv_key = get_private_key(app.lua, id, priv); - if (app.agent.connected()) { + if (app.agent.connected() + && app.opts.ssh_sign != "only" + && app.opts.ssh_sign != "no") { L(FL("keys.cc: make_signature: adding private key (%s) to ssh-agent") % id()); app.agent.add_identity(*priv_key, id()); } ============================================================ --- tests/ssh_agent/__driver__.lua ae65ea618c56e651096ed787bb431680be6256b1 +++ tests/ssh_agent/__driver__.lua 5e6e4d41efc7d477e12699ca6449b0a8eef2ece1 @@ -1,5 +1,3 @@ -include("/common/netsync.lua") - -- with no monotone keys: -- * (E) export monotone key check(mtn("ssh_agent_export"), 1, false, false) @@ -49,36 +47,95 @@ end end end +-- * (ok) mtn ssh_agent_add adds key to agent +check(mtn("ssh_agent_add"), 0, false, false) +check({"ssh-add", "-l"}, 0, true, false) +ok = false +for line in io.lines("stdout") do + for k in string.gmatch(line, "address@hidden") do + ok = true + end +end +if not ok then + err("identity was not added to ssh-agent") +end + -- * (ok) mtn ci with ssh-agent running with no keys +check({"ssh-add", "-D"}, 0, false, false) addfile("some_file2", "test") check(mtn("ci", "--message", "commit msg"), 0, false, false) -skip_if(not existsonpath("ssh-add")) +-- key should be auto-added in ssh-agent +check({"ssh-add", "-l"}, 0, true, false) +for line in io.lines("stdout") do + for k in string.gmatch(line, "no identities") do + err("no identity in ssh-agent when there should be one") + end +end -- * (N) mtn ci with no ssh key with --ssh-sign -addfile("some_file3", "test") +check({"ssh-add", "-D"}, 0, false, false) addfile("some_file3", "test") check(mtn("ci", "--message", "commit msg", "--ssh-sign"), 1, false, false) -- * (N) mtn ci with no ssh key with --ssh-sign=blah +check({"ssh-add", "-D"}, 0, false, false) addfile("some_file3", "test") check(mtn("ci", "--message", "commit msg", "--ssh-sign=blah"), 1, false, false) -- * (N) mtn ci with no ssh key with --ssh-sign=only +check({"ssh-add", "-D"}, 0, false, false) addfile("some_file3_b", "test") -check(mtn("ci", "--ssh-sign=only", "--message", "commit msg"), 1, false, false) +check(mtn("ci", "--debug", "--ssh-sign=only", "--message", "commit msg"), 1, false, false) +-- key should not be in ssh-agent with --ssh-sign=only +check({"ssh-add", "-l"}, 1, false, false) +--for line in io.lines("stdout") do +-- if not string.gmatch(line, "no identities") then +-- err("identity in ssh-agent when there should be none") +-- end +--end + -- * (ok) mtn ci with no ssh key with --ssh-sign=yes +check({"ssh-add", "-D"}, 0, false, false) addfile("some_file4", "test") check(mtn("ci", "--ssh-sign=yes", "--message", "commit msg"), 0, false, false) +-- key should be auto-added in ssh-agent with --ssh-sign=yes +check({"ssh-add", "-l"}, 0, true, false) +for line in io.lines("stdout") do + for k in string.gmatch(line, "no identities") do + err("no identity in ssh-agent when there should be one") + end +end + -- * (ok) mtn ci with no ssh key with --ssh-sign=no +check({"ssh-add", "-D"}, 0, false, false) addfile("some_file5", "test") check(mtn("ci", "--ssh-sign=no", "--message", "commit msg"), 0, false, false) +-- key should not be in ssh-agent with --ssh-sign=no +check({"ssh-add", "-l"}, 0, true, false) +for line in io.lines("stdout") do + if not string.gmatch(line, "no identities") then + err("identity in ssh-agent when there should be none") + end +end + -- * (ok) mtn ci with no ssh key with --ssh-sign=check +check({"ssh-add", "-D"}, 0, false, false) addfile("some_file6", "test") check(mtn("ci", "--ssh-sign=check", "--message", "commit msg"), 0, false, false) +-- key should not be auto-added in ssh-agent with --ssh-sign=check +check({"ssh-add", "-l"}, 0, true, false) +for line in io.lines("stdout") do + for k in string.gmatch(line, "no identities") do + err("no identity in ssh-agent when there should be one") + end +end + +skip_if(not existsonpath("ssh-add")) + -- * (ok) mtn ci with ssh-agent running with non-monotone rsa key check(get("id_rsa")) check({"chmod", "600", "id_rsa"}, 0, false, false) @@ -103,6 +160,11 @@ check(mtn("ci", "--message", "commit msg addfile("some_file9", "test") check(mtn("ci", "--message", "commit msg"), 0, false, false) +-- * (ok) export key with password +check(mtn("ssh_agent_export", "id_monotone_pass"), 0, false, false, "\npass\npass\n") +skip_if(not existsonpath("chmod")) +check({"chmod", "600", "id_monotone_pass"}, 0, false, false) + -- * (ok) add password-less exported key with ssh-add check({"ssh-add", "-D"}, 0, false, false) check({"ssh-add", "id_monotone"}, 0, false, false) @@ -138,22 +200,45 @@ check(raw_mtn("--rcfile", test.root .. " "--keydir", test.root .. "/keys", "ssh_agent_export"), 1, false, false) +-- * (N) try to add monotone key without -k +remove("_MTN/options") +check(raw_mtn("--rcfile", test.root .. "/test_hooks.lua", -- "--nostd", + "--db=" .. test.root .. "/test.db", + "--keydir", test.root .. "/keys", + "ssh_agent_add"), 1, false, false) + -- * (ok) export monotone key with -k check(mtn("ssh_agent_export", "--key", "address@hidden", "id_monotone2"), 0, false, false) skip_if(not existsonpath("chmod")) check({"chmod", "600", "id_monotone2"}, 0, false, false) +-- * (ok) mtn ssh_agent_add with -k adds key to agent +check({"ssh-add", "-D"}, 0, false, false) +check(mtn("ssh_agent_add", "--key", "address@hidden"), 0, false, false) +check({"ssh-add", "-l"}, 0, true, false) +ok = false +for line in io.lines("stdout") do + for k in string.gmatch(line, "address@hidden") do + ok = true + end +end +if not ok then + err("identity was not added to ssh-agent") +end + -- * (ok) mtn ci with -k and with ssh-agent running with no keys check({"ssh-add", "-D"}, 0, false, false) addfile("some_file15", "test") check(mtn("ci", "--key", "address@hidden", "--message", "commit msg"), 0, false, false) -- * (ok) mtn ci with -k and with ssh-agent running with one non-monotone rsa key +check({"ssh-add", "-D"}, 0, false, false) check({"ssh-add", "id_rsa"}, 0, false, false) addfile("some_file16", "test") check(mtn("ci", "--key", "address@hidden", "--message", "commit msg"), 0, false, false) -- * (ok) mtn ci with -k and with ssh-agent running with same monotone key ex/imported key +check({"ssh-add", "-D"}, 0, false, false) check({"ssh-add", "id_monotone"}, 0, false, false) addfile("some_file17", "test") check(mtn("ci", "--ssh-sign", "only", "--key", "address@hidden", "--message", "commit msg"), 0, false, false) @@ -164,8 +249,29 @@ check(mtn("ci", "--key", "address@hidden check(mtn("ci", "--key", "address@hidden", "--message", "commit msg"), 0, false, false) -- * (ok) mtn ci with -k and with ssh-agent running with both montone keys ex/imported key +check({"ssh-add", "-D"}, 0, false, false) +check({"ssh-add", "id_monotone"}, 0, false, false) check({"ssh-add", "id_monotone2"}, 0, false, false) addfile("some_file19", "test") check(mtn("ci", "--key", "address@hidden", "--message", "commit msg"), 0, false, false) addfile("some_file20", "test") check(mtn("ci", "--key", "address@hidden", "--message", "commit msg"), 0, false, false) + +-- * (ok) create passworded key and export it +check({"ssh-add", "-D"}, 0, false, false) +check(mtn("genkey", "address@hidden"), 0, false, false, "pass\npass\n") +check(mtn("ssh_agent_export", "--key", "address@hidden"), 0, false, false, "pass\npass2\npass2\n") + +-- * (ok) add passworded key +check({"ssh-add", "-D"}, 0, false, false) +check(mtn("ssh_agent_add", "--key", "address@hidden"), 0, false, false, "pass\n") +check({"ssh-add", "-l"}, 0, true, false) +ok = false +for line in io.lines("stdout") do + for k in string.gmatch(line, "address@hidden") do + ok = true + end +end +if not ok then + err("identity was not added to ssh-agent") +end