git-cola didn't handle HTTPS/SSH askpass graphically when it is launched from a terminal #262

Closed
Vdragon opened this Issue Jun 2, 2014 · 6 comments

Comments

Projects
None yet
3 participants
@Vdragon
Contributor

Vdragon commented Jun 2, 2014

It seems that git-cola can't handle HTTPS remote that require user the input username and password before push yet(and probably SSH key with passphrase?)

@davvid

This comment has been minimized.

Show comment
Hide comment
@davvid

davvid Jun 4, 2014

Member

It's supported. We defer to the programs defined in the SSH_ASKPASS and GIT_ASKPASS environment variables.

cola doesn't actually do anything. That's how git works; when it needs a password it checks if these variables are set and runs the program to get the passphrase. gnome ships their own gnome-ssh-askpass program, for example, and git will detect it in the environment.

Can you try getting "git pull" with https auth working using just the GIT_ASKPASS variable? Once you get that working then cola will also work.

Member

davvid commented Jun 4, 2014

It's supported. We defer to the programs defined in the SSH_ASKPASS and GIT_ASKPASS environment variables.

cola doesn't actually do anything. That's how git works; when it needs a password it checks if these variables are set and runs the program to get the passphrase. gnome ships their own gnome-ssh-askpass program, for example, and git will detect it in the environment.

Can you try getting "git pull" with https auth working using just the GIT_ASKPASS variable? Once you get that working then cola will also work.

@davvid davvid closed this Jun 4, 2014

@Vdragon Vdragon changed the title from Support HTTPS authentication to git-cola didn't handle HTTPS/SSH askpass graphically when it is launched from a terminal Oct 7, 2014

@Vdragon

This comment has been minimized.

Show comment
Hide comment
@Vdragon

Vdragon Oct 7, 2014

Contributor

@davvid
I noticed that the issue is when I launch git-cola from terminal(which I used to in the terminal widget of Dolphin file manager), git-cola only asks the pass-phrases in the terminal(even when I put the process in background or disown it directly after launch) which is not what user will expected.

 % git cola
# push/pull/remote operation
Enter passphrase for key '/home/<username>/.ssh/id_rsa': 
% git-cola &
[1] 4392
% # push/pull/remote operation
[1]  + suspended (tty output)  git-cola
% fg
[1]  + continued  git-cola
Enter passphrase for key '/home/<username>/.ssh/id_rsa':

AFAICS setup core.askpass git config or SSH_ASKPASS, GIT_ASKPASS environmental variable to ksshaskpass doesn't change the behavior.

If I launch git-cola from menu instead of terminal everything works normally.

Contributor

Vdragon commented Oct 7, 2014

@davvid
I noticed that the issue is when I launch git-cola from terminal(which I used to in the terminal widget of Dolphin file manager), git-cola only asks the pass-phrases in the terminal(even when I put the process in background or disown it directly after launch) which is not what user will expected.

 % git cola
# push/pull/remote operation
Enter passphrase for key '/home/<username>/.ssh/id_rsa': 
% git-cola &
[1] 4392
% # push/pull/remote operation
[1]  + suspended (tty output)  git-cola
% fg
[1]  + continued  git-cola
Enter passphrase for key '/home/<username>/.ssh/id_rsa':

AFAICS setup core.askpass git config or SSH_ASKPASS, GIT_ASKPASS environmental variable to ksshaskpass doesn't change the behavior.

If I launch git-cola from menu instead of terminal everything works normally.

@Vdragon Vdragon reopened this Oct 8, 2014

@sthalik

This comment has been minimized.

Show comment
Hide comment
@sthalik

sthalik Oct 15, 2014

Contributor

That's as expected with the configuration.

Need persuade the askpass tools that there's no controlling terminal.

Just note that cola can't -just- detach from controlling terminal, since someone may waitpid(2) for it.

% git cola &; disown %git\ cola

Note, redirecting std{in,out} may not work since /dev/std{in,out} stdin still exist.

Contributor

sthalik commented Oct 15, 2014

That's as expected with the configuration.

Need persuade the askpass tools that there's no controlling terminal.

Just note that cola can't -just- detach from controlling terminal, since someone may waitpid(2) for it.

% git cola &; disown %git\ cola

Note, redirecting std{in,out} may not work since /dev/std{in,out} stdin still exist.

@Vdragon

This comment has been minimized.

Show comment
Hide comment
@Vdragon

Vdragon Oct 15, 2014

Contributor

@sthalik
Thanks for the explanation :-)

Contributor

Vdragon commented Oct 15, 2014

@sthalik
Thanks for the explanation :-)

@davvid davvid closed this Apr 25, 2015

davvid added a commit to davvid/git-cola that referenced this issue Apr 26, 2015

push: ensure that SSH_ASKPASS is used
"git push" over ssh will not use SSH_ASKPASS unless we are fully
detached from the terminal.  It is not enough to redirect stdin
and set the SSH_ASKPASS environment variable ~ we need to call
os.setsid() after forking in the child process.

Use subprocess.Popen's preexec_fn to call os.setsid() when
executing git commands.  This ensures that ssh will always use
the {GIT,SSH}_ASKPASS programs, even when git-cola is launched
from the terminal.

The end result is that Git's password prompts will use the
configured askpass program rather than prompting in the
terminal.

Closes #218
Closes #262
Closes #377
Reported-by: V字龍(Vdragon) <Vdragon.Taiwan@gmail.com>
Reported-by: Geoffrey van Wyk <geoffrey@vanwyk.biz>
Helped-by: Daniel Harding <dharding@living180.net>
Helped-by: Pamela Strucker <struckerpamela@gmail.com>
Helped-by: Luke Bakken <luke@bakken.io>
Helped-by: Stanisław Halik <sthalik@misaki.pl>
Helped-by: JiCiT <jason@infinitebubble.com>
Signed-off-by: David Aguilar <davvid@gmail.com>
@davvid

This comment has been minimized.

Show comment
Hide comment
@davvid

davvid Apr 26, 2015

Member

Please see #377 for the solution. cheers

Member

davvid commented Apr 26, 2015

Please see #377 for the solution. cheers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment