Debian Package Tracker
Register | Log in
Subscribe

golang-github-skeema-knownhosts

Go SSH known_hosts wrapper with host key lookup (library)

Choose email to subscribe with

general
  • source: golang-github-skeema-knownhosts (main)
  • version: 1.3.0-1
  • maintainer: Debian Go Packaging Team (DMD)
  • uploaders: Maytham Alsudany [DMD]
  • arch: all
  • std-ver: 4.7.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • testing: 1.3.0-1
  • unstable: 1.3.0-1
versioned links
  • 1.3.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • golang-github-skeema-knownhosts-dev
action needed
A new upstream version is available: 1.3.1 high
A new upstream version 1.3.1 is available, you should consider packaging it.
Created: 2025-02-02 Last update: 2025-05-29 12:01
31 new commits since last upload, is it time to release? normal
vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:
commit 2ee47e4d11b6fd15534cfd996e6f53f3538f97bb
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Nov 9 21:22:56 2024 -0500

    debian/changelog: update

commit 564ef5ab9702ba1e1457deb16684ccd4f97732dc
Merge: e033bfd ef6b4bc
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Nov 9 21:22:39 2024 -0500

    Update upstream source from tag 'upstream/1.3.0'
    
    Update to upstream version '1.3.0'
    with Debian dir d39408204a1b52ef3a0c9d8005ede593fea0e987

commit ef6b4bc19c9175f5e7ce5eff8cccc1f8ccd7451b
Merge: fd19680 9485bde
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Nov 9 21:22:39 2024 -0500

    New upstream version 1.3.0

commit 9485bdec8ed521b32ab0e9310619effa071a99d6
Author: Evan Elias <evan@skeema.net>
Date:   Tue Jul 16 17:20:57 2024 -0400

    docs: add PR template and CONTRIBUTING.md guide; minor README tweaks

commit 8b8ca37f5c06772b6ec58e2f13aca8b16eda0600
Author: Evan Elias <evan@skeema.net>
Date:   Tue Jul 16 16:14:12 2024 -0400

    host matching: handle wildcards with non-standard port (#10)
    
    In OpenSSH, wildcard host pattern entries in a known_hosts file can match
    hosts regardless of their port number. However, x/crypto/ssh/knownhosts does
    not follow this behavior, instead requiring strict port equality; see bug
    https://github.com/golang/go/issues/52056 for background.
    
    This commit implements a workaround in skeema/knownhosts, which is enabled
    when using the NewDB constructor. Conceptually, the workaround works like
    this:
    
    * At constructor time, when re-reading the known_hosts file (originally to
      look for @cert-authority lines), also look for lines that have wildcards
      in the host pattern and no port number specified. Track these lines in a
      new field of the HostKeyDB struct for later use.
    
    * When a host key callback returns no matches (KeyError with empty Want slice)
      and the host had a nonstandard (non-22) port number, try the callback again,
      this time manipulating the host arg to be on port 22.
    
    * If this second call returned nil error, that means the host key now matched
      a known_hosts entry on port 22, so consider the host as known.
    
    * If this second call returned a KeyError with non-empty Want slice, filter
      down the resulting keys to only correspond to lines with known wildcards,
      using the preprocessed information from the first step. This ensures we
      aren't incorrectly returning non-wildcard entries among the Want slice.
    
    The implementation for the latter 3 bullets gets embedded directly in the
    host key callback returned by HostKeyDB.HostKeyCallback, by way of some
    nested callback wrapping. This only happens if the first bullet actually
    found at least one wildcard in the file.

commit 7c797a490676f902bcfa160d09664815d75dfaec
Merge: 5832aa8 53a26cc
Author: Evan Elias <evan@skeema.net>
Date:   Fri Jul 12 17:03:03 2024 -0400

    Merge pull request #9 from skeema/certs-backwards-compat
    
    Backwards-compatible support for @cert-authority, implemented in a new HostKeyDB type, created with constructor NewDB.

commit 53a26ccd67909a2b2a5cfad598c6ba7c860996d2
Author: Evan Elias <evan@skeema.net>
Date:   Tue Jul 9 16:27:21 2024 -0400

    Minor adjustments based on initial PR feedback
    
    * Add new exported method HostKeyCallback.ToDB, to provide a mechanism for
      callers who want to conditionally enable or disable CA support, while still
      using a *HostKeyDB for both cases.
    
    * Clarify many doc string comments.
    
    * Add new exported function WriteKnownHostCA for writing a @cert-authority
      line to a known_hosts file. Previously this logic was in a test helper, but
      it could be useful to others, so let's export it outside of the tests.

commit 69b4a6244d5cd06d0ad414d4cef40edeead3c115
Author: Evan Elias <evan@skeema.net>
Date:   Sun Jul 7 18:46:26 2024 -0400

    certs: reimplement previous commit to maintain backwards compat
    
    The previous commit d314bf36 added support for @cert-authority lines, but
    technically broke backwards compatibility due to changing the return type of
    one exported method. This commit adjusts that previous commit's new logic to
    restore backwards compatibility, and makes additional changes as follows:
    
    * Introduce new exported type HostKeyDB, which handles @cert-authority lines
      correctly and is returned by NewDB; old exported type HostKeyCallback (which
      is returned by New) omits that handling. Git-specific use-cases can likely
      remain with using New, since Git forges typically don't support CAs. Non-Git
      use-cases, such as general-purpose SSH clients, should consider switching to
      NewDB to get the CA logic.
    
    * When NewDB re-reads the known_hosts files to implement the CA support, it
      only re-reads each file a single time (vs potentially multiple times at
      callback execution time in d314bf36), and it reads using buffered IO similar
      to x/crypto/ssh/knownhosts.
    
    * This package's PublicKey struct now exports its Cert boolean field, vs
      keeping it private in d314bf36.
    
    * Refactor the RSA-to-algo expansion logic to simplify its handling in the CA
      situation.
    
    * Add test coverage for all new behaviors and @cert-authority logic.

commit d314bf36fde12e8064efdd5de9779beba65cb644
Author: Javier Alvarez Garcia <ja@daedalean.ai>
Date:   Mon Jun 17 15:20:11 2024 +0200

    Support cert authorities

commit 5832aa8abbe19d2e27ddc7e63528efe787578b75
Author: Evan Elias <evan@skeema.net>
Date:   Wed Jul 3 18:53:05 2024 -0400

    ci: send coverage to Coveralls; upgrade action versions
    
    This commit adjusts the following parts of the GitHub Actions configuration
    for this repo:
    
    * Report test coverage to Coveralls via github.com/mattn/goveralls
    * Bump versions of actions/setup-go and actions/checkout to prevent "Node.js
      16 actions are deprecated" warnings
    * Simplify installation command for golint
    * Include coverage badge in README

commit 7acc57b56da9234643c88b13d31b3bfaabba9b7b
Author: Evan Elias <evan@skeema.net>
Date:   Wed Jul 3 18:46:08 2024 -0400

    go.mod: update golang.org/x dependencies

commit e73fcfc9b72e7558740d3c5bcce12259b3cb7a65
Merge: f2b518c bd8e67e
Author: Evan Elias <evan@skeema.net>
Date:   Tue Mar 12 11:16:52 2024 -0400

    Merge pull request #6 from trzsz/main
    
    HostKeyAlgorithms: add rsa-sha2-256 and rsa-sha2-512 for ssh-rsa

commit bd8e67ecaa664984a8af209daa256b8aab3454a5
Author: Lonny Wong <lonnywong@qq.com>
Date:   Mon Mar 11 19:36:57 2024 +0800

    HostKeyAlgorithms: add rsa-sha2-256 and rsa-sha2-512 for ssh-rsa

commit f2b518cbd77bb75f04d18fc8a19040ed2c02d1cf
Author: Evan Elias <evan@skeema.net>
Date:   Mon Mar 11 15:56:26 2024 -0400

    docs: bump year to 2024

commit 379d675ad94594866afec09140f270766709763d
Author: Evan Elias <evan@skeema.net>
Date:   Mon Mar 11 15:52:08 2024 -0400

    ci: bump GOVERSION and fix golint
    
    GitHub Actions was configured to use Go 1.17, which is quite old. This commit
    bumps it to Go 1.21, which is the older of the two currently-supported Go
    versions.
    
    This commit also adjusts the command-line for installing `golint` to be
    compatible with more recent Go versions.
    
    Keeping go.mod at 1.17 for now though, unless/until we actually need newer Go
    language features. Since github.com/skeema/knownhosts is imported by a lot of
    other Go packages, we don't want to force increases to that listed version
    unnecessarily.

commit 3a35d9f4bebfa398ab3e4ba875aa55fd679a2b63
Author: Evan Elias <evan@skeema.net>
Date:   Mon Sep 18 15:47:09 2023 -0400

    HostKeyAlgorithms: ensure result never contains duplicates
    
    Currently the behavior of HostKeyAlgorithms never contains duplicates, only by
    virtue of golang.org/x/crypto/ssh/knownhosts exposing a maximum of one key per
    algorithm in its KeyError.Want slice.
    
    However, that upstream behavior could theoretically change in the future,
    especially since golang.org/x/crypto is versioned as a pre-v1 module, and the
    one-key-per-type behavior is only documented as a comment (e.g. not part of
    any type or function signature).
    
    This commit makes our HostKeyAlgorithms function more robust / future-proof
    by ensuring that its result does not contain duplicates, regardless of
    upstream behavior.
    
    This means if https://github.com/golang/go/issues/28870 is solved (for example
    by https://github.com/golang/crypto/pull/254), there should not be any harm to
    our behavior here in github.com/skeema/knownhosts.

commit 2442217a08f2072ac0640054256d10f5b6268978
Author: Evan Elias <evan@skeema.net>
Date:   Mon Sep 18 15:30:56 2023 -0400

    tests: memoize the generated test known_hosts file
    
    Previously, several test functions each wrote their own test known_hosts file,
    generating different random keys each time. This is slow and CPU-intensive.
    
    This commit changes the test logic to generate random keys once per overall
    test process, and re-use those test known_hosts contents across multiple test
    functions.

commit 7198c0f5ef3821febcf382f399ed64612f53a457
Author: Evan Elias <evan@skeema.net>
Date:   Mon Sep 18 14:51:06 2023 -0400

    update golang.org/x dependencies

commit 09454b7d568378cd20c6a98d599e09970ce713e6
Merge: 903aab7 4d5bb77
Author: Evan Elias <evan@skeema.net>
Date:   Sat Sep 16 15:22:30 2023 -0400

    Merge pull request #4 from trzsz/main
    
    Omit the IPv6 zone ID if it contains spaces

commit 4d5bb77e50c7ed3adcd02ed189d2fa318459ef10
Author: Lonny Wong <lonnywong@qq.com>
Date:   Sat Sep 16 09:02:30 2023 +0800

    Avoid writing extra spaces in WriteKnownHost #4

commit 903aab75389f39b3c35a4d442ea83fb42edbbf83
Author: Evan Elias <evan@skeema.net>
Date:   Mon Jul 10 16:19:36 2023 -0400

    docs and comments: updates ahead of tagging new release

commit 619ef88d66f2b50de11acafc3d22bfbdad439883
Author: Evan Elias <evan@skeema.net>
Date:   Fri Jul 7 19:47:35 2023 -0400

    tests: fix typo in helper function name
    
    This commit corrects the name of the generatePubKeyEd25519 test helper
    function.

commit 6b50f2ec811e897472aaec602748cb3b139cb565
Merge: 9483adc 1a213af
Author: Evan Elias <evan@skeema.net>
Date:   Fri Jul 7 19:28:20 2023 -0400

    Merge pull request #2 from trzsz/main
    
    Implement workaround in WriteKnownHost for IPv6 addresses. Closes #1

commit 1a213af74db1f35bd56536236f63cecde258b323
Author: Lonny Wong <lonnywong@qq.com>
Date:   Sat Jul 8 00:07:37 2023 +0800

    Fix WriteKnownHost for IPv6 #1

commit 9483adcf622fe880025c89e373689cf4761917c1
Author: Evan Elias <evan@skeema.net>
Date:   Fri May 12 19:06:59 2023 -0400

    update golang.org/x dependencies

commit 5dcbe52347da5119ceb3fc7daf9ef2d904052ec9
Author: Evan Elias <evan@skeema.net>
Date:   Tue Jan 10 18:23:58 2023 -0500

    docs: fix shields.io build status badge in README
    
    The previous shields.io badge URL was no longer correct due to the change
    described in https://github.com/badges/shields/issues/8671.

commit 28683a41589032c59429a000a11a57165fcbbbb2
Author: Evan Elias <evan@skeema.net>
Date:   Sat Jun 18 17:39:38 2022 -0400

    Add several new exported functions and methods
    
    * Add new method HostKeyCallback.HostKeys() for looking up the public keys
      for a given host; result is sorted based on known_hosts filename and line
    
    * HostKeyCallback.HostKeyAlgorithms() now uses HostKeyCallback.HostKeys(),
      so its result now has a well-defined sort order
    
    * New convenience functions IsHostKeyChanged(), IsHostUnknown(), and
      WriteKnownHost(). Ideally this package now provides enough functionality
      that it can cover the use-cases of golang.org/x/crypto/ssh/knownhosts
      (it should be sufficient to import github.com/skeema/knownhosts alone
      without ever needing to also import golang.org/x/crypto/ssh/knownhosts)

commit 02fe81dd235b731bcb12f6c17810c37b94080933
Author: Evan Elias <evan@skeema.net>
Date:   Sat Jun 18 00:12:10 2022 -0400

    docs: fix function name/signature in example_test.go
    
    In order for examples to show up in Go docs, function name must begin with
    Example and have no args or returns.

commit 59661f4ce01a6d6a587fbce3a01f324f9f1b87bb
Author: Evan Elias <evan@skeema.net>
Date:   Fri Jun 17 19:25:56 2022 -0400

    docs: add example_test.go

commit 2f9421f72e4220d59e4dd8e0dbfee43eb078b80f
Author: Evan Elias <evan@skeema.net>
Date:   Fri Jun 17 19:03:51 2022 -0400

    Initial commit
Created: 2024-11-10 Last update: 2025-05-24 12:32
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).
Created: 2025-02-21 Last update: 2025-02-27 13:25
news
[rss feed]
  • [2024-11-12] golang-github-skeema-knownhosts 1.3.0-1 MIGRATED to testing (Debian testing watch)
  • [2024-11-10] Accepted golang-github-skeema-knownhosts 1.3.0-1 (source) into unstable (Reinhard Tartler)
  • [2024-06-15] golang-github-skeema-knownhosts 1.2.2-2 MIGRATED to testing (Debian testing watch)
  • [2024-06-12] Accepted golang-github-skeema-knownhosts 1.2.2-2 (source) into unstable (Maytham Alsudany)
  • [2024-04-08] Accepted golang-github-skeema-knownhosts 1.2.2-1 (source all) into unstable (Debian FTP Masters) (signed by: Simon Josefsson)
bugs [bug history graph]
  • all: 0
links
  • homepage
  • lintian
  • buildd: logs, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.3.0-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing