Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use libgit2 from "unstable" / "sid" #391

Merged
merged 3 commits into from
Jun 22, 2021
Merged

Use libgit2 from "unstable" / "sid" #391

merged 3 commits into from
Jun 22, 2021

Conversation

hiddeco
Copy link
Member

@hiddeco hiddeco commented Jun 22, 2021

We received reports from users no longer being able to clone Git
repositories using libgit2 because of errors during the cloning
attempt: error: Failed to authenticate SSH session: Unable to extract public key from private key.

After an extensive scavenger hunt I was able to pinpoint the issue to
libssh2 being linked against libgcrypt instead of openssl. The
problem with this is that the libgcrypt backend in libssh2 contains
a hand written slimmed down ASN.1 parser to read out keys, while the
OpenSSL backend in libssh2 uses OpenSSL, which supports a lot more
formats (and more specifically, most PKCS* formats).

As Debian's bullseye/testing repository has been frozen, and a
backport has not been made available yet, fetching the dependency from
"unstable" seems to be the best option for now, as this has libssh2
available including OpenSSL.

Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668271
Ref: fluxcd/flux2#1543

@hiddeco hiddeco added area/git Git related issues and pull requests area/ci CI related issues and pull requests labels Jun 22, 2021
@stefanprodan
Copy link
Member

@hiddeco let's close 1543 when this test passes fluxcd/flux2#1553

@hiddeco
Copy link
Member Author

hiddeco commented Jun 22, 2021

@stefanprodan changed the "fixes" to "ref".

Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @hiddeco 🥇

We received reports from users no longer being able to clone Git
repositories using libgit2 because of errors during the cloning
attempt: `error: Failed to authenticate SSH session: Unable to extract
public key from private key.`

After an extensive scavenger hunt I was able to pinpoint the issue to
`libssh2` being linked against `libgcrypt` instead of `openssl`. The
problem with this is that the libgcrypt backend in libssh2 contains
a hand written slimmed down ASN.1 parser to read out keys, while the
OpenSSL backend in libssh2 uses OpenSSL, which supports a lot more
formats (and more specifically, most PKCS* formats).

As Debian's bullseye/testing repository has been frozen, and a
backport has not been made available yet, fetching the dependency from
"unstable" seems to be the best option for now, as this has `libssh2`
available including OpenSSL.

Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668271

Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Hidde Beydals <hello@hidde.co>
@hiddeco hiddeco merged commit 221d099 into main Jun 22, 2021
@hiddeco hiddeco deleted the libgit2-unstable branch June 22, 2021 12:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/ci CI related issues and pull requests area/git Git related issues and pull requests
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants