Make LibGit2 retry when SSH passphrase is wrong

According to the LibGit2 authentication guide (https://libgit2.github.com/docs/guides/authentication/) the callback is suppose to be retried if the server doesn't accept the credentials. In the case where we use SSH and the passphrase is invalid LibGit2 would just give a generic: GitError(Code:ERROR, Class:SSH, Failed to authenticate SSH session: Callback returned error)
JuliaLang · Sep 22, 2017 · 3f3da52 · 3f3da52
1 parent e55b9a6
commit 3f3da52
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 1 deletion.
diff --git a/deps/libgit2.mk b/deps/libgit2.mk
@@ -85,6 +85,11 @@ $(LIBGIT2_SRC_PATH)/libgit2-mbedtls-fixup.patch-applied: $(LIBGIT2_SRC_PATH)/sou
 		patch -p1 -f < $(SRCDIR)/patches/libgit2-mbedtls-fixup.patch
 	echo 1 > $@
 
+$(LIBGIT2_SRC_PATH)/libgit2-ssh-loop.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-mbedtls-fixup.patch-applied
+	cd $(LIBGIT2_SRC_PATH) && \
+		patch -p1 -f < $(SRCDIR)/patches/libgit2-ssh-loop.patch
+	echo 1 > $@
+
 $(build_datarootdir)/julia/cert.pem: $(CERTFILE)
 	mkdir -p $(build_datarootdir)/julia
 	cp -f $(CERTFILE) $@
@@ -94,7 +99,8 @@ $(BUILDDIR)/$(LIBGIT2_SRC_DIR)/build-configured: \
 	$(LIBGIT2_SRC_PATH)/libgit2-ssh.patch-applied \
 	$(LIBGIT2_SRC_PATH)/libgit2-agent-nonfatal.patch-applied \
 	$(LIBGIT2_SRC_PATH)/libgit2-mbedtls-verify.patch-applied \
-	$(LIBGIT2_SRC_PATH)/libgit2-mbedtls-fixup.patch-applied
+	$(LIBGIT2_SRC_PATH)/libgit2-mbedtls-fixup.patch-applied \
+	$(LIBGIT2_SRC_PATH)/libgit2-ssh-loop.patch-applied \
 
 ifneq ($(CERTFILE),)
 $(BUILDDIR)/$(LIBGIT2_SRC_DIR)/build-configured: $(build_datarootdir)/julia/cert.pem

diff --git a/deps/patches/libgit2-ssh-loop.patch b/deps/patches/libgit2-ssh-loop.patch
@@ -0,0 +1,24 @@
+commit eac62497aec204568a494743f829d922787d69c5
+Author: Curtis Vogt <curtis.vogt@gmail.com>
+Date:   Thu Sep 21 15:51:52 2017 -0500
+
+    Ask for credentials again when passphrase is wrong
+
+    When trying to decode the private key it looks like LibSSH2 returns a
+    LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED when the passphrase is incorrect.
+
+diff --git a/src/transports/ssh.c b/src/transports/ssh.c
+index 172ef413c..ec3b0b6ff 100644
+--- a/src/transports/ssh.c
++++ b/src/transports/ssh.c
+@@ -420,8 +420,8 @@ static int _git_ssh_authenticate_session(
+ 		}
+ 	} while (LIBSSH2_ERROR_EAGAIN == rc || LIBSSH2_ERROR_TIMEOUT == rc);
+
+-        if (rc == LIBSSH2_ERROR_PASSWORD_EXPIRED || rc == LIBSSH2_ERROR_AUTHENTICATION_FAILED)
+-                return GIT_EAUTH;
++	if (rc == LIBSSH2_ERROR_PASSWORD_EXPIRED || rc == LIBSSH2_ERROR_AUTHENTICATION_FAILED || rc == LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED)
++		return GIT_EAUTH;
+
+ 	if (rc != LIBSSH2_ERROR_NONE) {
+ 		if (!giterr_last())