Launchpad itself

Merge ~cjwatson/launchpad:ssh-ed25519 into launchpad:master

  1. Git
  2. lp:~cjwatson/launchpad
  3. ssh-ed25519
  4. Merge into master
Proposed by Colin Watson
Status: Merged
Approved by: Colin Watson
Approved revision: 807897b656275897cb36fe27e71ce5c0c76d6151
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~cjwatson/launchpad:ssh-ed25519
Merge into: launchpad:master
Prerequisite: ~cjwatson/launchpad:Twisted-20.3.0+lp5
Diff against target: 128 lines (+35/-9)
5 files modified
lib/lp/registry/interfaces/ssh.py (+9/-2)
lib/lp/registry/stories/person/xx-add-sshkey.txt (+14/-3)
lib/lp/registry/templates/person-editsshkeys.pt (+3/-4)
lib/lp/registry/tests/test_ssh.py (+7/-0)
lib/lp/testing/factory.py (+2/-0)
Reviewer Review Type Date Requested Status
Ioana Lasc (community) Approve
Review via email: mp+415431@code.launchpad.net

Commit message

Support Ed25519 SSH keys

Description of the change

The corresponding Twisted backport must be deployed to all production endpoints before this can land.

To post a comment you must log in.
Revision history for this message
Ioana Lasc (ilasc) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/lib/lp/registry/interfaces/ssh.py b/lib/lp/registry/interfaces/ssh.py
2index a1df715..d9aef9b 100644
3--- a/lib/lp/registry/interfaces/ssh.py
4+++ b/lib/lp/registry/interfaces/ssh.py
5@@ -35,8 +35,8 @@ from lp import _
6 class SSHKeyType(DBEnumeratedType):
7 """SSH key type
8
9- SSH (version 2) can use RSA, DSA, or ECDSA keys for authentication. See
10- OpenSSH's ssh-keygen(1) man page for details.
11+ SSH (version 2) can use RSA, DSA, ECDSA, or Ed25519 keys for
12+ authentication. See OpenSSH's ssh-keygen(1) man page for details.
13 """
14
15 RSA = DBItem(1, """
16@@ -57,6 +57,12 @@ class SSHKeyType(DBEnumeratedType):
17 ECDSA
18 """)
19
20+ ED25519 = DBItem(4, """
21+ ED25519
22+
23+ Ed25519
24+ """)
25+
26
27 SSH_TEXT_TO_KEY_TYPE = {
28 "ssh-rsa": SSHKeyType.RSA,
29@@ -64,6 +70,7 @@ SSH_TEXT_TO_KEY_TYPE = {
30 "ecdsa-sha2-nistp256": SSHKeyType.ECDSA,
31 "ecdsa-sha2-nistp384": SSHKeyType.ECDSA,
32 "ecdsa-sha2-nistp521": SSHKeyType.ECDSA,
33+ "ssh-ed25519": SSHKeyType.ED25519,
34 }
35
36
37diff --git a/lib/lp/registry/stories/person/xx-add-sshkey.txt b/lib/lp/registry/stories/person/xx-add-sshkey.txt
38index 8c1095d..a9ab70c 100644
39--- a/lib/lp/registry/stories/person/xx-add-sshkey.txt
40+++ b/lib/lp/registry/stories/person/xx-add-sshkey.txt
41@@ -57,9 +57,9 @@ his SSH keys. The page allows him to add a key.
42 Change your SSH keys...
43
44 Any key must be of the form "keytype keytext comment", where keytype must be
45-one of ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, ecdsa-sha2-nistp284, or
46-ecdsa-sha2-nistp521. If the key doesn't match the expected format, an error
47-message will be shown.
48+one of ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, ecdsa-sha2-nistp284,
49+ecdsa-sha2-nistp521, or ssh-ed25519. If the key doesn't match the expected
50+format, an error message will be shown.
51
52 >>> sshkey = "ssh-rsa "
53 >>> browser.getControl(name='sshkey').value = sshkey
54@@ -163,6 +163,16 @@ format.
55 ... print(tag.decode_contents())
56 SSH public key added.
57
58+ >>> sshkey = (
59+ ... "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAwHVarhTHSYjZiZcbrf9xM+pAh"
60+ ... "Z/MzqqxTc5Mi+oTX salgado@canario")
61+ >>> browser.getControl(name='sshkey').value = sshkey
62+ >>> browser.getControl('Import Public Key').click()
63+ >>> soup = find_main_content(browser.contents)
64+ >>> for tag in soup('p', 'informational message'):
65+ ... print(tag.decode_contents())
66+ SSH public key added.
67+
68 Launchpad administrators are not allowed to poke at other user's ssh keys.
69
70 >>> login(ANONYMOUS)
71@@ -187,6 +197,7 @@ to edit his keys is on the page.
72 salgado@canario
73 salgado@canario
74 salgado@canario
75+ salgado@canario
76 >>> browser.getLink('Update SSH keys').click()
77 >>> print(browser.title)
78 Change your SSH keys...
79diff --git a/lib/lp/registry/templates/person-editsshkeys.pt b/lib/lp/registry/templates/person-editsshkeys.pt
80index 6893ce7..b3f254d 100644
81--- a/lib/lp/registry/templates/person-editsshkeys.pt
82+++ b/lib/lp/registry/templates/person-editsshkeys.pt
83@@ -47,11 +47,10 @@
84 <label>Public key line</label>
85 <div class="formHelp">
86 Insert the contents of your public key (usually
87- <code>~/.ssh/id_rsa.pub</code>, <code>~/.ssh/id_dsa.pub</code>, or
88- <code>~/.ssh/id_ecdsa.pub</code>).
89+ <code>~/.ssh/id_rsa.pub</code>, <code>~/.ssh/id_dsa.pub</code>,
90+ <code>~/.ssh/id_ecdsa.pub</code>, or
91+ <code>~/.ssh/id_ed25519.pub</code>).
92 Only SSH v2 keys are supported.
93- Ed25519 keys are <a href="https://bugs.launchpad.net/bugs/907675">not
94- yet supported</a>.
95 <a href="https://help.launchpad.net/YourAccount/CreatingAnSSHKeyPair">
96 How do I create a public key?
97 </a>
98diff --git a/lib/lp/registry/tests/test_ssh.py b/lib/lp/registry/tests/test_ssh.py
99index bce2795..c85baad 100644
100--- a/lib/lp/registry/tests/test_ssh.py
101+++ b/lib/lp/registry/tests/test_ssh.py
102@@ -61,6 +61,13 @@ class TestSSHKey(TestCaseWithFactory):
103 expected = "ecdsa-sha2-nistp521 %s %s" % (key.keytext, key.comment)
104 self.assertEqual(expected, key.getFullKeyText())
105
106+ def test_getFullKeyText_for_ed25519_key(self):
107+ person = self.factory.makePerson()
108+ with person_logged_in(person):
109+ key = self.factory.makeSSHKey(person, "ssh-ed25519")
110+ expected = "ssh-ed25519 %s %s" % (key.keytext, key.comment)
111+ self.assertEqual(expected, key.getFullKeyText())
112+
113 def test_getFullKeyText_for_corrupt_key(self):
114 # If the key text is corrupt, the type from the database is used
115 # instead of the one decoded from the text.
116diff --git a/lib/lp/testing/factory.py b/lib/lp/testing/factory.py
117index b098cba..492f57b 100644
118--- a/lib/lp/testing/factory.py
119+++ b/lib/lp/testing/factory.py
120@@ -4430,6 +4430,8 @@ class BareLaunchpadObjectFactory(ObjectFactory):
121 int_to_bytes(curve_data["x"], key_byte_length) +
122 int_to_bytes(curve_data["y"], key_byte_length)),
123 ]
124+ elif key_type == "ssh-ed25519":
125+ parameters = [NS(keydata.Ed25519Data["a"])]
126 if parameters is None:
127 raise AssertionError(
128 "key_type must be a member of SSH_TEXT_TO_KEY_TYPE, not %r" %

Subscribers

People subscribed via source and target branches

to status/vote changes: