Source: diffoscope Version: git as of 011987f Severity: minor Tags: upstream
On jessie, test_openssh_pub_key.test_diff fails like this: =================================== FAILURES =================================== __________________________________ test_diff ___________________________________ differences = [<Difference ssh-keygen -l -f {} -- ssh-keygen -l -f {} []>] @skip_unless_tools_exist('ssh-keygen') def test_diff(differences): expected_diff = open(data('openssh_pub_key_expected_diff')).read() > assert differences[0].unified_diff == expected_diff E assert '@@ -1 +1 @@\...2.pub (RSA)\n' == '@@ -1 +1 @@\n...Test2 (RSA)\n' E @@ -1 +1 @@ E - -1024 0a:57:8d:93:be:8b:5c:47:7a:b6:5c:91:16:87:cd:1e /home/brett/repos/diffoscope/tests/data/test_openssh_pub_key1.pub (DSA) E - +4096 8a:a5:52:0a:3f:af:8d:2d:76:52:72:e1:a8:0a:a2:47 /home/brett/repos/diffoscope/tests/data/test_openssh_pub_key2.pub (RSA) E + -1024 SHA256:v/O+0ETvi2H5TGRXky1RhQ1/WFwLlPpxch5E2Mrj6FM Test1 (DSA) E + +4096 SHA256:9dH1CMkA6DSfPWU7vNwdPKS5/ppN4LMdvHTP60l7aSA Test2 (RSA) tests/comparators/test_openssh_pub_key.py:47: AssertionError ====================== 1 failed, 3 passed in 0.14 seconds ====================== This happens because, since jessie, ssh-keygen has added the -E option to specify the fingerprint hash algorithm, and defaulted it to SHA256. Older versions used the colon-separated format (md5?). I was working on a patch for this, but unfortunately the right thing to do isn't obvious. Older versions of ssh-keygen, as in jessie, don't support the -E option at all. This makes it difficult to ensure diffoscope's output is consistent regardless of the version of ssh-keygen on the underlying host. We could have the comparator try to specify -E md5, and then fall back to omitting the -E option if that fails, but that seems a little regressive since md5 is basically deprecated. We could have the test sniff for the host's ssh-keygen version, and expect a different diff based on when it started outputting sha256 fingerprints by default, but that punts on the consistent output issue. What do the maintainers think? -- System Information: Debian Release: 8.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_US.utf8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)