"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Omar Polo <op@omarpolo.com>
Subject:
Re: prevent got from creating unsigned tags when the key file is missing
To:
Josh Rickmar <openbsd+lists@zettaport.com>
Cc:
gameoftrees@openbsd.org
Date:
Sun, 03 Jul 2022 10:30:25 +0200

Download raw body.

Thread
Omar Polo <op@omarpolo.com> wrote:
> Josh Rickmar <openbsd+lists@zettaport.com> wrote:
> > If anyone asks, I don't know why ssh-keygen(1) is printing a CRLF for
> > the missing key message to stderr.
> 
> I still have to understand the bigger picture of how tag signing works,
> but I agree on the diff: it's not a bad idea to look at the exit code
> before considering the output.
> 
> This behavior of ssh-keygen of printing error smells like an error
> to me tho, someone has tried to report it or dig further?

hum, apparently this seems on puropose?

from usr.bin/ssh/log.c

    370         } else if (log_on_stderr) {
    371                 snprintf(msgbuf, sizeof msgbuf, "%s%s%.*s\r\n",
    372                     (log_on_stderr > 1) ? progname : "",
    373                     (log_on_stderr > 1) ? ": " : "",
    374                     (int)sizeof msgbuf - 3, fmtbuf);
    375                 (void)write(log_stderr_fd, msgbuf, strlen(msgbuf));

and that seems to have been there for quite a while.  (i tracked it down
to 9a24126 -- or revision 1.16 of log.c -- in 2001)