[PATCH] ssh-add: support parser-friendly operation

Corey Hickey bugfood-ml at fatooh.org
Sat Jan 11 04:27:07 AEDT 2025 

On 2025-01-10 01:35, Jochen Bern wrote:
> On 10.01.25 00:33, Corey Hickey wrote:
>> I took the approach of preserving current behavior by default, but
>> another approach would be to:
>> * print "The agent has no identities." to stderr instead of stdout
>> * exit with a status of 0 instead of 1
> 
> Please don't. If you want to ever get people to load their privkeys into
> the agent *with a limited lifetime*, having a trivial, *universal* way
> to check whether they have expired by now is an asset.
> 
>> workplace$ egrep ' ssh(|add)=' .bashrc
>> alias sshadd='( echo -n "`tput dim`" ; ssh-add -c -t 1800 ; echo -n "`tput sgr0`" )'
>> alias ssh='ssh-add -l >/dev/null || sshadd ; ssh'

With my patch v2, that would need to be:

 > alias ssh='ssh-add -l | grep -q . || sshadd ; ssh'

...though the message "The agent has no identities." would be printed to 
stderr, for better or for worse. Perhaps that should require a higher 
log_level (via -v).


I can definitely see that there can be potential harm in changing 
default behavior, if people are relying on the current behavior. That's 
why my first patch did not change the default.

That said, I do think the current behavior is not optimal. In a general 
sense, when listing something, an empty list is a valid outcome. If the 
listing tool returns an error status after _successfully_ determining 
that the list is empty, then the caller cannot easily know whether the 
tool succeeded or was unable to determine the list.

For some precedence:

$ mkdir x ; ls x ; echo "ls: $?" ; find x -mindepth 1 ; echo "find: $?"
ls: 0
find: 0
$ awk '/foo/' /etc/passwd ; echo "awk: $?"
awk: 0
$ sed -n '/foo/p' /etc/passwd ; echo "sed: $?"
sed: 0


Of course, I can't say that all tools work this way. Here are a couple 
that do not:

$ ps -u games ; echo "ps: $?" ; grep foo /etc/passwd ; echo "grep: $?"
     PID TTY          TIME CMD
ps: 1
grep: 1

...but I do find it easier to work with listing-tools that consider an 
empty list to not be an error.


I can adjust and refine whichever approach the maintainers think is best.

Thanks,
Corey

More information about the openssh-unix-dev mailing list