This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: cygport upload: patch for openssh 6.8p1


> On Sun, 2015-05-24 at 12:32 -0400, Andrew Schulman wrote:
> > Since the latest update to openssh, ssh-keygen's output format for key
> > fingerprints has changed.  The default hash algorithm is now base64-encoded
> > SHA256 instead of MD5, and the hash name precedes its value, like
> > 
> >     SHA256:lvRrjAXmEhzDp5kQqzelsei8s5hXJ+zLaqJ2yiGXmYc
> > 
> > This breaks the current logic for detecting key fingerprints in cygport's
> > lib/pkg_upload.cygpart.  The attached patch fixes the problem.  (You might know
> > a more precise regex for the base64-encoded hash value than I do.  I couldn't
> > find any documentation of it anywhere, and just settled for
> > 
> >     SHA256:.{44}
> 
> There's another problem: this is new to 6.8; any out-of-date Cygwin
> systems, or even current RHEL or Fedora 21 systems, won't have this, nor
> do they support the -E flag which could be used to specify md5.
> 
> Any thoughts on a better regex or on keeping compatibility with other
> systems?

Right, OK.  See the attached revised patch, which uses

  [0-9a-f]{2}(:[0-9a-f]{2}){15}|SHA256:.{44}

to detect the key fingerprint.  The left side is the same as now, for pre-6.8
systems, which use MD5 without a label.  The right side is for version 6.8 and
later, where the default is SHA256 with the label 'SHA256:' prepended.  So this
should cover all cases.

Andrew

Attachment: pkg_upload_key_fingerprint.patch
Description: Binary data


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]