From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 24722 invoked from network); 20 Apr 2021 22:18:55 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 20 Apr 2021 22:18:55 -0000 ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20200801; t=1618957135; b=OFQgjD9WhUZ+6Iva+i0Zg18yp7yBjOHX0G7V+cU+a6J/Dbwd+BO7xZSDMEGXzRKQEFciEOlvlY gUYXHPWrFpZuw1TjARGA4bjb4dc1Nh53X+MmarL51ib/ffoFWCZpILxc55hBGLFQ+G5f09S6WB CcZrap2oXpUEnwebPN7pIUF66uPny4jsNQ4Ltn4jjtSEUzPg4kysSMpn9L633nruN6SrbCfwZR 9/byian9nGKehAfAH7MpbAQLTyJBr1uLv9G12/OmM4T6w4c5CpTr6lDpTsV4kTT2c5Z8u9nYNJ ymUO0r50s/nNsZC7+saGwi8CfzZIbCJBCND30wvVmqBVkw==; ARC-Authentication-Results: i=1; zsh.org; iprev=pass (out4-smtp.messagingengine.com) smtp.remote-ip=66.111.4.28; dkim=pass header.d=daniel.shahaf.name header.s=fm3 header.a=rsa-sha256; dkim=pass header.d=messagingengine.com header.s=fm2 header.a=rsa-sha256; dmarc=none header.from=daniel.shahaf.name; arc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20200801; t=1618957135; bh=wlXO3wm4Me0df7aBPvg5JHsi2cvs5KxWCwvttdIHdWs=; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help: List-Id:Sender:In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:To:From:Date:DKIM-Signature:DKIM-Signature:DKIM-Signature; b=covroyRXI0nrX7LUTtjoleJQFnocqgFsK+F5xfp8u6UHuR91GcxaE/x147oSuWNASF1TJbYHOz DVPhplOKyZrn/Kk5rUnwXZFi0gQhpV+NO+HB7DhitBkVezAgT5BnpC9INCD8x//lSe897eXwD+ gad3AfQDCtP/4Y8oPvgoNA9TChTIdYbbxK8XvUZQQhjIj64LuK5GfWVjc2faLaHpNnO8yLDoIq 9vtL7FBb/W+sJKUyM9e8LxVWcYQ2BC3hb4WRdTHKo3szT+jL/Q28TmiWOWtH2IXjwyql1LKAzw BBylIfI55w5p416DFPr446UsUS6doiL6w6qoCO5cackRCg==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20200801; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:In-Reply-To:Content-Type:MIME-Version :References:Message-ID:Subject:To:From:Date:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=WvudvYqMajGTrCXfpiFwlQKPQG4B4Hqx7S9/ENUaREM=; b=O/L9tZuTMx6jehrP2BquQ5XAyg 4/dmkJi+ho4AbixXUv7tVcbMCQbXXUtlV9hOVCsHxk3MJeRlIBN33zcifWkgdlR0vFmpSId3LTNU0 79Lbyn8O+VDHKUP0OxHi2INZXsZ4ttdNfPeJP6BmAmrpnOpEGUTYcpD9jjY8Wes4DWtZqLjWbm0lG 1ja17O7PsoZUGrUBqCYP5lGHDDiCDPs2FhB910krJVWKpILrtu8sg8SJesKg4+SVOftDioGEeEr/6 w12h8ZhoxBpq1/Kqf7J/U5du31kSbM3944tJNoQKhiPKdPwxEy2ETQ7YfsLOuDXHqtN7+Kl/4Q2b/ zd8ZdSoA==; Received: from authenticated user by zero.zsh.org with local id 1lYyhq-000Ntm-PA; Tue, 20 Apr 2021 22:18:54 +0000 Authentication-Results: zsh.org; iprev=pass (out4-smtp.messagingengine.com) smtp.remote-ip=66.111.4.28; dkim=pass header.d=daniel.shahaf.name header.s=fm3 header.a=rsa-sha256; dkim=pass header.d=messagingengine.com header.s=fm2 header.a=rsa-sha256; dmarc=none header.from=daniel.shahaf.name; arc=none Received: from out4-smtp.messagingengine.com ([66.111.4.28]:38467) by zero.zsh.org with esmtps (TLS1.3:TLS_AES_256_GCM_SHA384:256) id 1lYyha-000NdS-8v; Tue, 20 Apr 2021 22:18:38 +0000 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 660415C0189; Tue, 20 Apr 2021 18:18:37 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Tue, 20 Apr 2021 18:18:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= daniel.shahaf.name; h=date:from:to:subject:message-id:references :mime-version:content-type:in-reply-to; s=fm3; bh=WvudvYqMajGTrC XfpiFwlQKPQG4B4Hqx7S9/ENUaREM=; b=mm2Tg3g10zIK2MpjGq3UmuECsXcRL1 RzvX9JYpTeXR0E9OyzZd0vi0XyE2FK/pdM2tfWvWwy/rbkNPZoERXao1AgqhBJ3s a3s3Du01pSlG71GwZW2T41CDHEomspw13GVScfWGfVW0NXSRduuCcN9x06XPsWFT yr3CcBlP2hQJO1eA8bOqGmbqyQ7rZvilqzK0/PS1PH54j7SrnU2CdrJ8lVWKoUcT eJiZ3JJQZo7qwZv9GBtcc4bZCT8mssC0eGmBQ4041E1NDMmTHWcbkITcBag6ilUe 7SR0JuqkSkE1hEyOzE7ltdb95YjRh2C7bDek+c+dL4CkAMInKCxORhFA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=WvudvY qMajGTrCXfpiFwlQKPQG4B4Hqx7S9/ENUaREM=; b=JJW4rjN+40TRyUTV0SmOwW hZbdcOF5WtRYms/PHeZAK5otxE4BQY8PcezdHZeDbh6TzvvFjanfdnLiCQXciaVU w75AyfM+h6NYOjRCi+8XM/TC9SugmjT7y/ed4+KjzKbeAOLt33Y54nylRqG8lKep 7JUVZu88b2zrKoxmpjNPZ/BpOU8LQnFTnZIEoQ/gqJoTV6xN5AZR1uCmIlHw7Nr8 Kjn8yM2PLQe/it/1B/ebZMMXqTqodj7yff8OJDjY76I5+brY13e9pSKXoC2oQXaM bwBAOcN/TfBlv0bM8oDenyMIUemzuzjDd1Am/D+ELUy3DCqdvfsFnHsp6eeP7DEg == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvddtjedgtdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujggfsehttd dttddtredvnecuhfhrohhmpeffrghnihgvlhcuufhhrghhrghfuceougdrshesuggrnhhi vghlrdhshhgrhhgrfhdrnhgrmhgvqeenucggtffrrghtthgvrhhnpeeuveekfeffueefhe efhfegffefvdeitdehtdegleejledviefhveejfeetgedvkeenucfkphepuddtledrieei rdeifedrvdeftdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpegurdhssegurghnihgvlhdrshhhrghhrghfrdhnrghmvg X-ME-Proxy: Received: from tarpaulin.shahaf.local2 (bzq-109-66-63-230.red.bezeqint.net [109.66.63.230]) by mail.messagingengine.com (Postfix) with ESMTPA id C376024005E for ; Tue, 20 Apr 2021 18:18:36 -0400 (EDT) Received: by tarpaulin.shahaf.local2 (Postfix, from userid 1000) id 4FPykg38nMz22Y; Tue, 20 Apr 2021 22:18:35 +0000 (UTC) Date: Tue, 20 Apr 2021 22:18:35 +0000 From: Daniel Shahaf To: zsh-workers@zsh.org Subject: Re: PATCH: update options in openssh completion Message-ID: <20210420221835.GG1035@tarpaulin.shahaf.local2> References: <44315-1618944873.375018@h9Ic.gXoC.mGzM> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44315-1618944873.375018@h9Ic.gXoC.mGzM> User-Agent: Mutt/1.10.1 (2018-07-13) X-Seq: 48636 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: List-Subscribe: List-Unsubscribe: List-Post: List-Owner: List-Archive: Oliver Kiddle wrote on Tue, Apr 20, 2021 at 20:54:33 +0200: > This update covers changes through openssh 8.6. > > Most changes are in ssh-keygen which has become increasingly convoluted > and the completion for that might need a different approach if it > gets yet worse. It remains that it doesn't handle the options after > the various -Y options and -l after -Q also isn't handled. Lots of > overloading of options doesn't make it easy. Makes me wonder if there's a bug report for OpenSSH here. A "convoluted" syntax with "lots of overloading" of options sounds like a place where bugs are going to happen. Cheers, Daniel > diff --git a/Completion/Unix/Command/_ssh b/Completion/Unix/Command/_ssh > index 642f11bcb..82a2a1827 100644 > --- a/Completion/Unix/Command/_ssh > +++ b/Completion/Unix/Command/_ssh > @@ -4,12 +4,13 @@ > > _ssh () { > local curcontext="$curcontext" state line expl suf arg ret=1 > - local args sigargs common common_transfer algopt tmp p1 file cmn cmds sdesc tdesc > + local args sigargs common common_transfer options algopt tmp p1 file cmn cmds sdesc tdesc > typeset -A opt_args > > common=( > '(-6)-4[force ssh to use IPv4 addresses only]' > '(-4)-6[force ssh to use IPv6 addresses only]' > + '-A[enable forwarding of the authentication agent connection]' > '-C[compress data]' > '-c+[select encryption cipher]:encryption cipher:->ciphers' > '-F+[specify alternate config file]:config file:_files' > @@ -32,7 +33,6 @@ _ssh () { > ssh) > (( $+words[(r)-[^-]#t*] )) && tdesc=' even if there is no controlling tty' > _arguments -C -s \ > - '(-a)-A[enable forwarding of the authentication agent connection]' \ > '(-A)-a[disable forwarding of authentication agent connection]' \ > '-B+[bind to specified interface before attempting to connect]:interface:_net_interfaces' \ > '(-P)-b+[specify interface to transmit on]:bind address:_bind_addresses' \ > @@ -92,14 +92,16 @@ _ssh () { > $algopt \ > '-e+[remove keys provided by the PKCS#11 shared library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \ > '-k[load plain private keys only and skip certificates]' \ > + '-K[load resident keys from a FIDO authenticator]' \ > '-L[list public key parameters of all identities in the agent]'\ > '-l[list all identities]' \ > '-m+[specify minimum remaining signatures before maximum is changed]:number' \ > '-M+[specify maximum number of signatures]:number' \ > + '-S+[use specified library when adding FIDO authenticator-hosted keys]:library:_files' \ > '-s+[add keys provided by the PKCS#11 shared library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \ > '-t+[set maximum lifetime for identity]:maximum lifetime (in seconds or time format):' \ > "-T[test usability of identity files' private keys]:*:public key file:_files -g '*.pub(-.)'" \ > - '-v[verbose mode]' \ > + '*-v[verbose mode]' \ > '-q[be quiet after a successful operation]' \ > '-X[unlock the agent]' \ > '-x[lock the agent with a password]' \ > @@ -125,13 +127,42 @@ _ssh () { > # options can be in any order but use ! to limit those shown for the first argument > (( CURRENT == 2 )) && p1='!' > args=( '!-z:number' ) > + options=( > + application > + 'challenge\:path\:_files' > + device > + no-touch-required > + resident > + user > + verify-required > + 'write-attestation\:path\:_files' > + ) > sdesc='certify keys with CA key' > - (( $+words[(r)-I] )) && args=( '-z[specify serial number]:serial number' ) > + if (( $+words[(r)-[IhUDnV]*] )); then > + args=( '-z[specify serial number]:serial number' ) > + options=( > + clear critical\:name extension\:name force-command\:command\:_cmdstring > + no-agent-forwarding no-port-forwarding no-pty no-user-rc no-x11-forwarding > + permit-agent-forwarding permit-port-forwarding permit-pty permit-user-rc > + permit-x11-forwarding source-address\:source\ address > + ) > + fi > (( $+words[(r)-[ku]] )) && args=( '-z[specify version number]:version number' ) && > sdesc='specify CA public key file' > file=key > (( $+words[(r)-[FHR]] )) && file=known_hosts > - (( $+words[(r)-T] )) && file=input > + if (( $+words[(r)-M*] )); then > + file=input > + args+=( '*:output file:_files' ) > + options=( > + lines:number > + 'start-line\:line number' > + checkpoint\:file:_files > + 'memory\:size (mbytes)' > + 'start\:start point (hex-value)' > + generator\:value > + ) > + fi > (( $+words[(r)-A] )) && file='prefix for host key' > if (( $+words[(r)-[kIQ]] )); then > file=krl > @@ -139,8 +170,9 @@ _ssh () { > fi > if (( arg = $words[(I)-Y*] )); then > [[ $words[arg] = -Y?* ]] || (( arg++ )) > - case $words[arg] in > - check*|verify) > + case ${words[arg]#-Y} in > + ^find-*) sigargs+=( "$p1-n+[specify namespace]:namespace" ) ;| > + check*|find*|verify) > sigargs+=( "$p1-s+[specify signature file]:signature file:-files" ) > ;| > sign) sigargs+=( '*:file:_files' ) ;; > @@ -153,51 +185,55 @@ _ssh () { > ;; > esac > fi > - cmds=( -p -i -e -y -c -l -B -D -F -H -R -r -G -T -s -L -A -k -Q -Y ) # basic commands > - cmn=( -b -P -N -C -l -m -v ) # options common to many basic commands (except -f which is common to most) > - cms=( -E -q -t -g -M -S -a -J -j -K -W -I -h -n -O -V -u -U ) # options specific to one basic command > + cmds=( -p -i -e -y -c -l -B -D -F -H -K -R -r -M -s -L -A -k -Q -Y ) # basic commands > + cmn=( -a -b -P -N -C -l -m -O -v -w -Z ) # options common to many basic commands (except -f which is common to most) > + cms=( -E -q -t -g -M -I -h -n -V -u -U ) # options specific to one basic command > _arguments -s $args \ > - "(${${(@)cmds:#-G}} -P ${${(@)cms:#-[MS]}})-b+[specify number of bits in key]:bits in key" \ > + "${p1}(${${(@)cmds:#-[pcKAO]}} ${${(@)cms:#-[t]}} -O)-a+[specify number of rounds]:rounds" \ > + "(${${(@)cmds:#-M}} -P ${${(@)cms:#-[MS]}})-b+[specify number of bits in key]:bits in key" \ > "$p1(${${(@)cmds:#-[pc]}} -b $cms)-P+[provide old passphrase]:old passphrase" \ > "(${${(@)cmds:#-p}} -v ${${(@)cms:#-[qt]}})-N+[provide new passphrase]:new passphrase" \ > "(${${(@)cmds:#-c}} -v $cms)-C+[provide new comment]:new comment" \ > - "(-D -G -M -S -I -h -n -O -V -A)-f+[$file file]:$file file:_files" \ > + "(-D -I -h -n -V -A)-f+[$file file]:$file file:_files" \ > "$p1(${${(@)cmds:#-[FE]}} ${${(@)cmn:#-v}} ${${(@)cms:#-E}})-l[show fingerprint of key file]" \ > "$p1(${${(@)cmds:#-[iep]}} $cms)-m+[specify conversion format]:format [RFC4716]:(PEM PKCS8 RFC4716)" \ > + "$p1*-O+[specify a key/value option]: : _values 'option' $options" \ > "(${${(@)cmds:#-[lGT]}} ${${(@)cmn:#-[bv]}} -f)*-v[verbose mode]" \ > + "$p1(${${(@)cmds:#-K}} -P ${${(@)cms:#-[qt]}})-w+[specify library used when creating FISO authenticator-hosted keys]:library:_files -g '*.(so|dylib)(|.<->)(-.)'" \ > + "$p1(${${(@)cmds:#-p}} -l ${${(@)cms:#-[qt]}})-Z+[specify encryption cipher to use when writing a private key file]:cipher:compadd - $(_call_program ciphers ssh -Q cipher)" \ > - '(commands)' \ > - "(-b -l -C -v)-p[change passphrase of private key file]" \ > - '(-b -l -P -N -C -v)-i[import key to OpenSSH format]' \ > - '(-b -l -P -N -C -v)-e[export key to SECSH file format]' \ > + "(-b -l -C -O -v -w)-p[change passphrase of private key file]" \ > + "(${${(@)cmn:#-m}})-i[import key to OpenSSH format]" \ > + "(${${(@)cmn:#-m}})-e[export key to SECSH file format]" \ > "($cmn)-y[get public key from private key]" \ > - '(-b -l -N -m -v)-c[change comment in private and public key files]' \ > + "(${${(@)cmn:#-[aCP]}})-c[change comment in private and public key files]" \ > "($cmn)-B[show the bubblebabble digest of key]" \ > "(-)-D+[download key stored in smartcard reader]:reader" \ > "(${${(@)cmn:#-[lv]}})-F+[search for host in known_hosts file]:host:_ssh_hosts" \ > "($cmn)-H[hash names in known_hosts file]" \ > + "(${${(@)cmn:#-[aw]}} -f)-K[download resident keys from a FIDO authenticator]" \ > "($cmn)-R+[remove host from known_hosts file]:host:_ssh_hosts" \ > + "(${${(@)cmn:#-O}})-M+[moduli generation]:action:(( > + generate\:generate\ candidates\ for\ DH-GEX\ moduli > + screen\:screen\ candidates\ for\ DH-GEX\ moduli > + ))" \ > "($cmn)-L[print the contents of a certificate]" \ > - "($cmn -l)-A[generate host keys for all key types]" \ > + "(${${(@)cmn:#-a}})-A[generate host keys for all key types]" \ > "($cmn)-Q[test whether keys have been revoked in a KRL]" \ > + "($cmn)-Y+[signature action]:action:(( > + find-principals\:find\ the\ principal\ associated\ with\ the\ public\ key\ of\ a\ signature > + sign\:sign\ a\ file\ using\ SSH\ key > + verify\:verify\ a\ signature\ generated\ using\ the\ sign\ option > + check-novalidate\:check\ signature\ structure > + ))" \ > - finger \ > "$p1($cmn)$algopt" \ > - create \ > '(-P -l)-q[silence ssh-keygen]' \ > - "(-P -l)-t+[specify the type of the key to create]:key type:(rsa dsa ecdsa ed25519)" \ > + "(-P -l)-t+[specify the type of the key to create]:key type:(rsa dsa ecdsa ed25519 ecdsa-sk ed25519-sk)" \ > - dns \ > "($cmn)-r[print DNS resource record]:hostname:_hosts" \ > "$p1($cmn)-g[use generic DNS format]" \ > - - primes \ > - "(-P -N -C -l -m -f)-G+[generate candidates for DH-GEX moduli]:output file:_files" \ > - "$p1(-P -N -C -l -m -f)-M+[specify amount of memory to use for generating DH-GEX moduli]:memory (MB)" \ > - "$p1(-P -N -C -l -m -f)-S+[specify start point]:start point (hex)" \ > - - screen \ > - "(${${(@)cmn:#-v}})-T+[screen candidates for DH-GEX moduli]:output file:_files" \ > - "${p1}(${${(@)cmn:#-v}})-a+[specify number of rounds]:rounds" \ > - "${p1}(${${(@)cmn:#-v}})-J[exit after screening specified number of lines]" \ > - "${p1}(${${(@)cmn:#-v}})-j+[start screening at the specified line number]:line number" \ > - "${p1}(${${(@)cmn:#-v}})-K+[write the last line processed to file]:file:_files" \ > - "${p1}(${${(@)cmn:#-v}})-W[specify desired generator]:generator" \ > - certify \ > "($cmn)-s[$sdesc]:CA key:_files" \ > "$p1($cmn -f -k -u)-I+[specify key identifier to include in certificate]:key id" \ > @@ -205,21 +241,10 @@ _ssh () { > "$p1($cmn -f -k -u -D)-U[indicate that CA key is held by ssh-agent]" \ > "$p1($cmn -f -k -u -U)-D+[indicate the CA key is stored in a PKCS#11 token]:PKCS11 shared library:_files -g '*.(so|dylib)(|.<->)(-.)'" \ > "$p1($cmn -f -k -u)-n+[specify user/host principal names to include in certificate]:principals" \ > - "$p1($cmn -f -k -u)*-O+[specify a certificate option]: : _values 'option' > - clear critical\:name extension\:name force-command\:command\:_cmdstring > - no-agent-forwarding no-port-forwarding no-pty no-user-rc no-x11-forwarding > - permit-agent-forwarding permit-port-forwarding permit-pty permit-user-rc > - permit-x11-forwarding source-address\:source\ address" \ > "$p1($cmn -f -u)-V+[specify certificate validity interval]:interval" \ > "($cmn -I -h -n -D -O -U -V)-k[generate a KRL file]" \ > "$p1($cmn -I -h -n -D -O -U -V)-u[update a KRL]" \ > - signature \ > - "($cmn)-Y+[signature action]:action:(( > - sign\:sign\ a\ file\ using\ SSH\ key > - verify\:verify\ a\ signature\ generated\ using\ the\ sign\ option > - check-novalidate\:check\ signature\ structure > - ))" \ > - "$p1-n+[specify namespace]:namespace" \ > $sigargs > return > ;; > @@ -244,6 +269,7 @@ _ssh () { > '-b+[specify batch file to read]:batch file:_files' \ > '-D+[connect directly to a local sftp server]:sftp server path' \ > '-f[request that files be flushed immediately after transfer]' \ > + '-N[disable implicit quiet mode set by -b]' \ > '-R+[specify number of outstanding requests]:number of requests [64]' \ > '-s+[specify SSH2 subsystem or path to sftp server on the remote host]:subsystem/path' \ > '1:file:->rfile' '*:file:->file' "$common[@]" "$common_transfer[@]" && ret=0 >