ssh-import-id exits 0 even if some key fetches fail
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ssh-import-id (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
<smoser> 16:51:21> bah.
<smoser> 16:51:26> james-page != jamespage
<smoser> 16:51:39> *now* james-page is allowed in.
<smoser> 16:52:56> kirkland, ^ ssh-import-id silently fails now on such things
<smoser> 16:52:56> $ ssh-import-id jamespage; echo $?
<smoser> 16:52:56> 2014-01-29 11:52:47,045 INFO Authorized [0] SSH keys
<smoser> 16:52:57> 0
<smoser> 16:53:10> (not that i would have aseen it anyway, but still a bug imo)
<kirkland> smoser: gimme a bug #
<kirkland> smoser: I'm committing a fix now
<smoser> i mentioned it here
<smoser> https:/
<kirkland> smoser: http://
<smoser> but you're rpobbably not oging to fix that one
<smoser> hm..
<smoser> is that snippet per user ?
<smoser> because a.) you dont' want to *stop* importing immediately if a user didn't work.
<kirkland> smoser: no, that's the last thing before exit
<smoser> b.) if it was not per user, then len(keys) being zero wont catch
<smoser> that it worked for smoser but failed for jamespage
<kirkland> smoser: http://
<kirkland> smoser: what do you think of that?
<smoser> yeah, so then you woulnd' tnotice the failure
<smoser> that smoser worked but other-user failed.
<smoser> right?
<smoser> you need *less* than what is there. though.
<smoser> let me see.
<kirkland> smoser: would you rather see it done on a per user basis?
<smoser> i would count the keys read per user
<smoser> and if any users were zero, consider that fail.
<kirkland> smoser: http://
<kirkland> smoser: http://
<kirkland> kirkland@
<kirkland> 2014-01-29 17:36:39,343 ERROR No matching keys found
<smoser> but it imports smoser ?
<kirkland> kirkland@
<kirkland> 2014-01-29 17:37:02,660 INFO Authorized key ['2048', 'e3:66:
<kirkland> 2014-01-29 17:37:02,666 INFO Authorized key ['2048', '21:ea:
<kirkland> 2014-01-29 17:37:02,672 INFO Authorized key ['2048', '7b:e2:
<kirkland> 2014-01-29 17:37:13,896 ERROR No matching keys found
<kirkland> smoser: no
<kirkland> smoser: the first one, no
<kirkland> smethia: the second one, yes
<kirkland> smoser: ^
<smoser> i think it should behave like 'make -i'
<smoser> ie, do as much as you can. then exit failure.
<smoser> that gives me the highest chance of debugging if i'm locked out.
<kirkland> smoser: so basically start with errors=0, increment each time we hit an error, and exit non zero if errors>0
<smoser> seems reasonable to me.
<smoser> do you disagree?
<kirkland> smoser: http://
<kirkland> smoser: and http://
<kirkland> smoser: http://
<kirkland> smoser: http://
<smoser> echo $?
<smoser> i guess 'die' is probably right.
<smoser> that looks reasonable to me.
Changed in ssh-import-id (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → In Progress |
This bug was fixed in the package ssh-import-id - 3.20-0ubuntu1
---------------
ssh-import-id (3.20-0ubuntu1) trusty; urgency=low
* bin/ssh-import-id: LP: #1274426
- ensure that we exit zero if any of the id's that we try to import
affect 0 keys (ie, if we fail to do something we were asked to do)
- however, we should continue to try to succeed, as much as possible,
even if one of the earlier accounts failed
-- Dustin Kirkland <email address hidden> Fri, 16 Aug 2013 15:33:27 -0500