puppeth: handle encrypted ssh keys (closes #15442)#15443
Conversation
|
LGTM, but I think it may be better to update the entire upstream file instead of copying individual methods. |
|
Thank for this! Martin is right btw, these methods weren't deleted compared to the upstream crypto library, rather they didn't exist when we last updated the dependency (they were added this June golang/crypto@fea6c2c#diff-aab72d98d6b840106cb1ffed0390f951). The "proper" way to pull in these changes is to update the dependency with the current upstream version. You can do that by installing Note, do the second command from the go-ethereum repo root. |
There was a problem hiding this comment.
You don't need the string case here, Error() already returns a string.
Also this is a very brittle way to check for the error as it could change at any moment, however I do notice that the crypto package does not have an expose error constant for this. I'd suggest leaving this check as you implemented for now, but opening a PR against the upstream repo to make the error a constant.
There was a problem hiding this comment.
So in general, no empty lines padding the beginning or end of blocks?
There was a problem hiding this comment.
no echo -> won't be echoed to keep it consistent with all other password read instances.
There was a problem hiding this comment.
Also Puppeth's "labels" generally take the form of questions, not statements, so I'd rather formulate this as:
fmt.Printf("What's the decryption password for the SSH key? (won't be echoed)\n> ")
There was a problem hiding this comment.
Perhaps instead of Bad SSH key, output Failed to decrypt SSH key here, since it better highlights the issue.
karalabe
left a comment
karalabe
left a comment
There was a problem hiding this comment.
Minor nitpicks and please update the entire crypto dep, not just a single file manually :)
|
Thank you for the feedback! Proposal: decrypting ssh keys is a common enough situation that we can use it as the default next-action rather than specifically making that silly, fragile Running Is it best practice for me to squash my commits or leave that up to you? |
holiman
left a comment
holiman
left a comment
There was a problem hiding this comment.
LGTM; Peter can make the call regarding squashing
There was a problem hiding this comment.
Yup, I agree with the decryption fallback in case of any error! Regarding squashing, we usually try to keep 1 commit per significant change, so either you squash it, or we can on merge, doesn't matter, so you can leave it as is.
Regarding the crypto package update however, only partially updating a dependent repo seems weird to me because we end up with different commits on different paths. I'd really rather have the entire reporisoty bumped to the latest version; and if that entails more deps, so be it.
|
Awesome, A recent commit removed the |
karalabe
left a comment
karalabe
left a comment
There was a problem hiding this comment.
Pushed a tiny fix for the unconvert linter. Otherwise LGTM! Thanks for the PR!
3 participants
It looks like the ssh functionality of puppeth depends on a local version of
golang.org/x/crypto/sshwhich has a couple methods removed compared to the original. I'm not sure why they were removed but I copy/pasted two of the missing methods back in:ParsePrivateKeyWithPassphraseParseRawPrivateKeyWithPassphraseThen, I added a check into the dial function defined in puppeth/ssh.go:80 to detect encrypted keys. If any are spotted, we'll ask for the password and then call the methods above to decrypt & parse them.
Now, puppeth is just a tiny bit smarter. Booyea!