Naming for minimal sub-format of ssh-keygen allowed signers

[castedo]

Of possible interest to some Dulwich users is a sub-format of the ssh-keygen allowed signers file format for SSH signature verification.

Dulwich users can access all the features of the full ssh-keygen allowed signers file format by using code from this example:

#1448 (comment)

But then users need to have ssh-keygen installed. This may or may not be OK depending on the application.

An alternative sub-format restricts the allowed signers file to only have * as the initial field (for "principals") and the only option (in the 2nd field) is namespaces="git". Here is an example of a file in this sub-format:

* namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIQdQut465od3lkVyVW6038PcD/wSGX/2ij3RcQZTAqt
* namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMlKQFTcI28lrqcq8goeL2p1cxdHhm4/reBgjKDp1Ise hello comment
* namespaces="git" ssh-rsa AAAB3NzaC1yc2EAAAADAQABAAABgQCVw5Oex+EwQLGSJGaSO1kpMgaIW44AZxzRszgP6WwsF3GFSUJqoKwUnS7/clg9SXi+dXO2UwLs2eSBVXtN6YPzGhinV+bg+6k34NuvJQ1a3pDFEE7xJw3y0aY9J1k+kDELtlMevRMl7TKOnRLqRXuoCCYJof38ycQ4PLa/mHmJOu4MYCOs0zaktu1CRrzki/mh3hnzOP175h58Rg9Gj/PWm9QIoumktXvkXitV3aEH7smhMvQ90/NIIC2MM46SxErWifR2A7A7Tz7oG3mST1q3TL7fTQ7sPrkQp64G+P/46J8FcSNXxuaYI8u7w+WQ/UkVO7XqXmyNLZ72orQ2U+OuXvQXHOUeUXklNChgoAh+jU8Pp7vFTneCDP53AcpuZZRdsqk9k6tuoKSAz6mwE6aB657GArck4lioIFpP9hLPomyY6FCjXnb9WwT2qK33zOp6lgAt3hs1w4LyMinoi0szRtt+HfppM6iweIa7nKPC9RXGFuzlt7KlnyOmqKJoqeU= [email protected]

The general philosophy of this sub-format is that it is "just a list of public keys for git" without the extra complexities of the full ssh-keygen allowed signers file format.

I currently have code that parses this sub-format at:

https://gitlab.com/perm.pub/sshsiglib/-/blob/efdfeebb91b1d359358c9250ba3c6819216f41b5/sshsig/allowed_signers.py#L144

I am also planning to formally define this sub-format in a future edition of the Document Succession Git Layout specification:

https://perm.pub/VGajCjaNP1Ugz58Khn1JWOEdMZ8/1/

because this sub-format is the file format of the signed_succession/allowed_signers files of commits in DSGL. The hidos package only needs to parse this sub-format.

Some ways to refer to this sub-format are:

• the DSGL (Document Succession Git Layout) allowed signers file sub-format
• the Hidos allowed signers file sub-format
• the just-for-git allowed signers sub-format

@jelmer you have any thoughts on how to best refer to this minimal sub-format in communication and documentation?

I'm mainly trying to optimize for interoperability and minimizing developer/user confusion on what works with what.

[jelmer]

I'd honestly just refer to it as allowed-committers file format, and then add a note in the parser that it's not complete. I don't know that a separate term is useful since the hope is that the parser eventually becomes fully featured.

[castedo]

The point is that this parser:

https://gitlab.com/perm.pub/sshsiglib/-/blob/main/sshsig/allowed_signers.py

is complete. It's complete implementation of the Hidos DSGL just-a-list-for-git file sub-format.

I have no plans to implement a real parser for the ssh-keygen allowed signers file format.

My recommendation is that if somebody wants a parser of the ssh-keygen allowed signers file format they should call out to a ssh-keygen subprocess and not attempt to do it in pure Python. But if somebody wants to try, they are free to try.

[castedo]

For anybody with ideas of pure-Python parsing of the full ssh-keygen allowed signers file format, make sure to check out the feature list and wild examples in #1431. It is probably worth asking why one is trying to support which features. A simple "just-a-list-for-git" sub-format may suffice for a given application's needs.