On Sat, Oct 19, 2019 at 03:10:40PM +0000, Lucas wrote: > Hello tech@, > > Find a patch fixing some details in ssh-keygen.1 regarding the new -Y > flag for signing and verifying signatures. > > Precisely: > - Include a missing 'returning a zero exit status' in `-Y verify` > paragraph. > - Don't include `option` in `.Fl I` in ALLOWED SIGNERS section. > > -Lucas >
fixed, thanks. jmc > Index: ssh-keygen.1 > =================================================================== > RCS file: /home/cvsroot/src/usr.bin/ssh/ssh-keygen.1,v > retrieving revision 1.171 > diff -u -p -u -p -r1.171 ssh-keygen.1 > --- ssh-keygen.1 3 Oct 2019 17:07:50 -0000 1.171 > +++ ssh-keygen.1 19 Oct 2019 14:18:45 -0000 > @@ -716,6 +716,7 @@ flag. > The revocation file may be a KRL or a one-per-line list of public keys. > Successful verification by an authorized signer is signalled by > .Nm > +returning a zero exit status. > .It Fl Y Cm check-novalidate > Checks that a signature generated using > .Nm > @@ -987,8 +988,8 @@ The principals field is a pattern-list ( > consisting of one or more comma-separated USER@DOMAIN identity patterns > that are accepted for signing. > When verifying, the identity presented via the > -.Fl I option > -must match a principals pattern in order for the corresponding key to be > +.Fl I > +option must match a principals pattern in order for the corresponding key to > be > considered acceptable for verification. > .Pp > The options (if present) consist of comma-separated option specifications. >
