Hello tech@, Find a patch fixing some details in ssh-keygen.1 regarding the new -Y flag for signing and verifying signatures.
Precisely: - Include a missing 'returning a zero exit status' in `-Y verify` paragraph. - Don't include `option` in `.Fl I` in ALLOWED SIGNERS section. -Lucas Index: ssh-keygen.1 =================================================================== RCS file: /home/cvsroot/src/usr.bin/ssh/ssh-keygen.1,v retrieving revision 1.171 diff -u -p -u -p -r1.171 ssh-keygen.1 --- ssh-keygen.1 3 Oct 2019 17:07:50 -0000 1.171 +++ ssh-keygen.1 19 Oct 2019 14:18:45 -0000 @@ -716,6 +716,7 @@ flag. The revocation file may be a KRL or a one-per-line list of public keys. Successful verification by an authorized signer is signalled by .Nm +returning a zero exit status. .It Fl Y Cm check-novalidate Checks that a signature generated using .Nm @@ -987,8 +988,8 @@ The principals field is a pattern-list ( consisting of one or more comma-separated USER@DOMAIN identity patterns that are accepted for signing. When verifying, the identity presented via the -.Fl I option -must match a principals pattern in order for the corresponding key to be +.Fl I +option must match a principals pattern in order for the corresponding key to be considered acceptable for verification. .Pp The options (if present) consist of comma-separated option specifications.
