Package: openssh-client
Version: 1:9.9p1-3
Severity: minor
Tags: patch
* What led up to the situation?
Checking for defects with a new version
test-[g|n]roff -mandoc -t -K utf8 -rF0 -rHY=0 -rCHECKSTYLE=10 -ww -z < "man
page"
[Use "groff -e ' $' <file>" to find trailing spaces.]
["test-groff" is a script in the repository for "groff"; is not shipped]
(local copy and "troff" slightly changed by me).
[The fate of "test-nroff" was decided in groff bug #55941.]
* What was the outcome of this action?
troff:<stdin>:143: warning: trailing space in the line
* What outcome did you expect instead?
No output (no warnings).
-.-
General remarks and further material, if a diff-file exist, are in the
attachments.
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.6-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1),
LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages openssh-client depends on:
ii adduser 3.137
ii libc6 2.40-4
ii libedit2 3.1-20240808-1
ii libfido2-1 1.15.0-1+b1
ii libgssapi-krb5-2 1.21.3-3
ii libselinux1 3.7-3+b1
ii libssl3t64 3.3.2-2
ii passwd 1:4.16.0-7
ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1
Versions of packages openssh-client recommends:
ii xauth 1:1.1.2-1.1
Versions of packages openssh-client suggests:
pn keychain <none>
pn libpam-ssh <none>
pn monkeysphere <none>
pn ssh-askpass <none>
-- no debconf information
Input file is ssh-copy-id.1
Any program (person), that produces man pages, should check the output
for defects by using (both groff and nroff)
[gn]roff -mandoc -t -ww -b -z -K utf8 <man page>
The same goes for man pages that are used as an input.
For a style guide use
mandoc -T lint
-.-
So any 'generator' should check its products with the above mentioned
'groff', 'mandoc', and additionally with 'nroff ...'.
This is just a simple quality control measure.
The 'generator' may have to be corrected to get a better man page,
the source file may, and any additional file may.
Common defects:
Input text line longer than 80 bytes.
Not removing trailing spaces (in in- and output).
The reason for these trailing spaces should be found and eliminated.
Not beginning each input sentence on a new line.
Lines should thus be shorter.
See man-pages(7), item 'semantic newline'.
-.-
The difference between the formatted output of the original and patched file
can be seen with:
nroff -mandoc <file1> > <out1>
nroff -mandoc <file2> > <out2>
diff -u <out1> <out2>
and for groff, using
"printf '%s\n%s\n' '.kern 0' '.ss 12 0' | groff -mandoc -Z - "
instead of 'nroff -mandoc'
Add the option '-t', if the file contains a table.
Read the output of 'diff -u' with 'less -R' or similar.
-.-.
If 'man' (man-db) is used to check the manual for warnings,
the following must be set:
The option "-warnings=w"
The environmental variable:
export MAN_KEEP_STDERR=yes (or any non-empty value)
or
(produce only warnings):
export MANROFFOPT="-ww -b -z"
export MAN_KEEP_STDERR=yes (or any non-empty value)
-.-.
Output from "mandoc -T lint ssh-copy-id.1": (shortened list)
1 referenced manual not found
1 whitespace at end of input line
-.-.
Output from "test-groff -mandoc -t -ww -z ssh-copy-id.1": (shortened list)
1 trailing space in the line
-.-.
Remove space characters (whitespace) at the end of lines.
Use "git apply ... --whitespace=fix" to fix extra space issues, or use
global configuration "core.whitespace".
Number of lines affected is
1
-.-.
Change '-' (\-) to '\(en' (en-dash) for a (numeric) range.
GNU gnulib has recently (2023-06-18) updated its
"build_aux/update-copyright" to recognize "\(en" in man pages.
ssh-copy-id.1:2:Copyright (c) 1999-2024 Philip Hands <p...@hands.com>
-.-.
Change a HYPHEN-MINUS (code 0x2D) to a minus(-dash) (\-),
if it
is in front of a name for an option,
is a symbol for standard input,
is a single character used to indicate an option,
or is in the NAME section (man-pages(7)).
N.B. - (0x2D), processed as a UTF-8 file, is changed to a hyphen
(0x2010, groff \[u2010] or \[hy]) in the output.
125:It sets the shell's -x flag, so that you can see the commands being run.
176:.D1 user@newclient$ ssh -A old.client
177:.D1 user@oldl$ ssh-add -c
186:.D1 user@newclient$ ssh-copy-id -i someserver
-.-.
Put a parenthetical sentence, phrase on a separate line,
if not part of a code.
See man-pages(7), item "semantic newline".
Not considered in a patch, too many lines.
ssh-copy-id.1:53:It assembles a list of one or more fingerprints (as described
below)
ssh-copy-id.1:111:These options are simply passed through untouched (with their
argument)
-.-.
Put a subordinate sentence (after a comma) on a new line.
51:so password authentication should be enabled, unless you've done some
55:to see if any of them are already installed (of course, if you are not using
58:It then assembles a list of those that failed to log in and, using
63:(creating the file, and directory, if necessary).
81:If the filename is omitted, the
86:comment one prefers and/or extra options applied, by ensuring that the
91:Of course, this can result in more than one copy of the key being installed
102:file will be downloaded, modified locally and uploaded with sftp.
114:or other options, respectively.
125:It sets the shell's -x flag, so that you can see the commands being run.
134:provides any output, and if so those keys are used.
140:rather than the comment contained in that file, which is a bit of a shame.
141:Otherwise, if
155:to use, just use
162:hosts, and you then create a new key, on a new client machine, say,
168:Load the new key first, without the
170:option, then load one or more old keys into the agent, possibly by
171:ssh-ing to the client machine that has that old key, using the
182:now, if the new key is installed on the server, you'll be allowed in
183:unprompted, whereas if you only have the old key(s) enabled, you'll be
184:asked for confirmation, which is your cue to log back out and run
193:file, rather than just the filename that was loaded into your agent.
194:It also ensures that only the id you intended is installed, rather than
197:Of course, you can specify another id, or use the contents of the
204:option, you might consider using this whenever using agent forwarding
205:to avoid your key being hijacked, but it is much better to instead use
219:option, rather than
-.-.
Output from "test-groff -mandoc -t -K utf8 -rF0 -rHY=0 -rCHECKSTYLE=10 -ww -z
":
troff:<stdin>:143: warning: trailing space in the line
--- ssh-copy-id.1 2025-01-12 01:03:03.548573710 +0000
+++ ssh-copy-id.1.new 2025-01-12 01:19:17.219425607 +0000
@@ -1,5 +1,5 @@
.ig \" -*- nroff -*-
-Copyright (c) 1999-2024 Philip Hands <p...@hands.com>
+Copyright (c) 1999\(en2024 Philip Hands <p...@hands.com>
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
@@ -50,7 +50,8 @@ is a script that uses
to log into a remote machine (presumably using a login password,
so password authentication should be enabled, unless you've done some
clever use of multiple identities).
-It assembles a list of one or more fingerprints (as described below)
+It assembles a list of one or more fingerprints
+(as described below)
and tries to log in with each key,
to see if any of them are already installed (of course, if you are not using
.Xr ssh-agent 1
@@ -108,7 +109,8 @@ the path on the target system where the
.It Fl p Ar port
Specifies the port to connect to on the remote host.
.It Fl F Ar ssh_config , Fl o Ar ssh_option
-These options are simply passed through untouched (with their argument)
+These options are simply passed through untouched
+(with their argument)
to ssh/sftp,
allowing one to set an alternative config file,
or other options, respectively.
@@ -122,7 +124,7 @@ configuration file:
This option is for debugging the
.Nm
script itself.
-It sets the shell's -x flag, so that you can see the commands being run.
+It sets the shell's \-x flag, so that you can see the commands being run.
.It Fl h , Fl ?
Print Usage summary
.El
@@ -140,7 +142,7 @@ when the key was loaded into your
rather than the comment contained in that file, which is a bit of a shame.
Otherwise, if
.Xr ssh-add 1
-provides no keys contents of the
+provides no keys contents of the
.Ic default_ID_file
will be used.
.Pp
@@ -173,8 +175,8 @@ ssh-ing to the client machine that has t
option to allow agent forwarding:
.Pp
.D1 user@newclient$ ssh-add
-.D1 user@newclient$ ssh -A old.client
-.D1 user@oldl$ ssh-add -c
+.D1 user@newclient$ ssh \-A old.client
+.D1 user@oldl$ ssh-add \-c
.D1 No ... prompt for pass-phrase ...
.D1 user@old$ logoff
.D1 user@newclient$ ssh someserver
@@ -183,7 +185,7 @@ now, if the new key is installed on the
unprompted, whereas if you only have the old key(s) enabled, you'll be
asked for confirmation, which is your cue to log back out and run
.Pp
-.D1 user@newclient$ ssh-copy-id -i someserver
+.D1 user@newclient$ ssh-copy-id \-i someserver
.Pp
The reason you might want to specify the
.Fl i
