Bug 18433 - Missing AskPass prevents SSH cloning
Summary: Missing AskPass prevents SSH cloning
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: advisory
Keywords: Junior_job, validated_update
Depends on:
Blocks:
 
Reported: 2016-05-10 19:34 CEST by John Schneiderman
Modified: 2016-07-08 21:51 CEST (History)
3 users (show)

See Also:
Source RPM: tortoisehg-3.2.1-1.mga5
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description John Schneiderman 2016-05-10 19:34:41 CEST 
Description of problem:
When trying to clone with an ssh key that has a password, the application doesn't ask for you to enter in your password.

How reproducible:
Install each time.

Steps to Reproduce:
1. Install tortise Hg
2. Have an SSH key which requires a password
3. Attempt to clone using your SSH key.

This can be fixed by requiring  openssh-askpass-qt4 in the SPEC.
Comment 1 Rémi Verschelde 2016-05-10 20:30:52 CEST 
Assigning to package maintainer.

Keywords: (none) => Junior_job
Assignee: bugsquad => anaselli

Comment 2 Angelo Naselli 2016-05-10 21:05:27 CEST 
@Remi which is the state of askpass in cauldron? to understand if can be done there also
Comment 3 Angelo Naselli 2016-05-10 21:07:42 CEST 
@john if you install openssh-askpass-qt4 (assuming you are working on qt/kde desktops) does it really work? I mean have you tested? I don't have any mercury
project to test it atm.
thanks
Comment 4 John Schneiderman 2016-05-14 09:49:23 CEST 
I can confirm that adding this package brought the askpass up. I had the KDE-askpass already installed and it wasn't brought up. Only once I installed the Qt version did it work.
Angelo Naselli 2016-05-14 11:41:17 CEST

CC: (none) => matteo.pasotti

Comment 5 Matteo Pasotti 2016-05-15 11:10:50 CEST 
Hi John,
there's an updated package for tortoisehg (tortoisehg-3.2.1-1.1.mga5) inside core/updates_testing waiting for validation.

Can you verify it?

I tested it locally and it seems to provide a solution for this issue.

Status: NEW => ASSIGNED
Assignee: anaselli => matteo.pasotti

Comment 6 Matteo Pasotti 2016-05-17 23:04:05 CEST 
A patched package for Mageia 5 is waiting for validation.

You can test it by trying to clone a mercurial repository asking for the password of a ssh key.

Suggested advisory:
========================

Updated tortoisehg package fixes the reported bug: John Schneiderman discovered this bug demonstrating that cloning a hgrepo ssh-key protected is not allowed if the openssh-askpass-qt4 package is missing.

========================

Updated packages in core/updates_testing:
========================
tortoisehg-3.2.1-1.1.mga5

Source RPMs: 
tortoisehg-3.2.1-1.1.mga5.src.rpm

Status: ASSIGNED => NEW
Assignee: matteo.pasotti => qa-bugs

Comment 7 John Schneiderman 2016-05-20 20:55:57 CEST 
Confirmed that it works on core/updates_testing.
Comment 8 Thomas Backlund 2016-06-09 21:19:38 CEST 
Are you sure adding the openssh-askpass-*qt4* is a good fix ???


Wont it force qt stack on gtk-only installs ?

CC: (none) => tmb
Whiteboard: (none) => feedback

Comment 9 Matteo Pasotti 2016-06-10 23:14:21 CEST 
Hi Thomas,
tortoisehg already relies on python-qt4.

If you think there's a better solution can you provide some info. pls?
Comment 10 Thomas Backlund 2016-06-12 17:28:46 CEST 
Ah, ok, then you already pull in qt stack so this does not add any additional deps...

dropping feedback marker

Whiteboard: feedback => (none)

Comment 11 claire robinson 2016-07-08 17:17:15 CEST 
Validating on testing in comment 7

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

claire robinson 2016-07-08 17:48:28 CEST

Whiteboard: (none) => advisory

Comment 12 Mageia Robot 2016-07-08 21:51:34 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGAA-2016-0099.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.