Bug#849425: diffoscope: test_openssh_pub_key.test_diff fails on jessie after ssh-keygen output format change

2017-02-06 Thread Chris Lamb 
Version: 68

Brett Smith wrote:

> On jessie, test_openssh_pub_key.test_diff fails

I believe this was fixed by Mattia and was released in version 68.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

Bug#849425: diffoscope: test_openssh_pub_key.test_diff fails on jessie after ssh-keygen output format change

2016-12-26 Thread Brett Smith 
Source: diffoscope
Version: git as of 011987f
Severity: minor
Tags: upstream

On jessie, test_openssh_pub_key.test_diff fails like this:

=== FAILURES ===
__ test_diff ___

differences = []

@skip_unless_tools_exist('ssh-keygen')
def test_diff(differences):
expected_diff = open(data('openssh_pub_key_expected_diff')).read()
>   assert differences[0].unified_diff == expected_diff
E   assert '@@ -1 +1 @@\...2.pub (RSA)\n' == '@@ -1 +1 @@\n...Test2 (RSA)\n'
E   @@ -1 +1 @@
E - -1024 0a:57:8d:93:be:8b:5c:47:7a:b6:5c:91:16:87:cd:1e 
/home/brett/repos/diffoscope/tests/data/test_openssh_pub_key1.pub (DSA)
E - +4096 8a:a5:52:0a:3f:af:8d:2d:76:52:72:e1:a8:0a:a2:47 
/home/brett/repos/diffoscope/tests/data/test_openssh_pub_key2.pub (RSA)
E + -1024 SHA256:v/O+0ETvi2H5TGRXky1RhQ1/WFwLlPpxch5E2Mrj6FM Test1 (DSA)
E + +4096 SHA256:9dH1CMkA6DSfPWU7vNwdPKS5/ppN4LMdvHTP60l7aSA Test2 (RSA)

tests/comparators/test_openssh_pub_key.py:47: AssertionError
== 1 failed, 3 passed in 0.14 seconds ==

This happens because, since jessie, ssh-keygen has added the -E option to
specify the fingerprint hash algorithm, and defaulted it to SHA256.  Older
versions used the colon-separated format (md5?).

I was working on a patch for this, but unfortunately the right thing to do
isn't obvious.  Older versions of ssh-keygen, as in jessie, don't support
the -E option at all.  This makes it difficult to ensure diffoscope's
output is consistent regardless of the version of ssh-keygen on the
underlying host.

We could have the comparator try to specify -E md5, and then fall back to
omitting the -E option if that fails, but that seems a little regressive
since md5 is basically deprecated.

We could have the test sniff for the host's ssh-keygen version, and expect a
different diff based on when it started outputting sha256 fingerprints by
default, but that punts on the consistent output issue.

What do the maintainers think?

-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_US.utf8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds