[Bug 269088] devel/gitolite: Unable to add ecdsa-sk or ed25519-sk keys

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 22 Jan 2023 01:45:04 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269088

            Bug ID: 269088
           Summary: devel/gitolite: Unable to add ecdsa-sk or ed25519-sk
                    keys
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: mat@FreeBSD.org
          Reporter: nate1010smith+freebsd@gmail.com
             Flags: maintainer-feedback?(mat@FreeBSD.org)
          Assignee: mat@FreeBSD.org

The FreeBSD port of Gitolite currently does not work with SSH keys of type
ecdsa-sk and ed25519-sk.

The root cause appears to be a regex added by
"patch-src_triggers_post-compile_ssh-authkeys" which is applied to
"src/triggers/post-compile/ssh-authkeys".

The regex contains "^(ecdsa|ssh)-" which excludes the "sk-ecdsa" and
"sk-ssh-ed25519" prefixes. That exclusion causes the space between the options
and the key to be omitted which then causes authentication to fail for those
keys.

A possible solution would be to use "^(sk-)?(ecdsa|ssh)-" but that will still
break when other key types are added. I'm not sure if there's a way to
implement a more robust fix without fully parsing the SSH key file format.

-- 
You are receiving this mail because:
You are the assignee for the bug.