New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lfs 2.3.x seems to prefer askpass to credential helper #2634
Comments
It was implemented this way deliberately due to a different interpretation of the docs Lines 44 to 54 in 28925b7
So how about this:
|
Here's a fix: #2637 And here are some builds, based on this commit, if you want to try it out: git-lfs-darwin-amd64-2.3.1.tar.gz (let me know if you want a build for another platform, or instructions on building it yourself) |
@technoweenie I took a look at what git does: credential_fill() will first go through all the helpers until it either finds a username/password or a helper tells it to quit (not sure when one would do this, it seems up to whoever wrote the helper). If a helper tells it to quit, it will If none of the helpers worked, it will call gredential_getpass() which will call credential_ask_one() which will call git_prompt() which will try askpass. So the behavior should be:
|
@technoweenie thanks! I can test it out tonight. @dakotahawkins's explanation lines up with what I was seeing while testing. It'd be nice if it were that explicit in the docs 😄. |
@dakotahawkins Thanks for finding the source. Is that the source for |
@technoweenie I don't know how much of |
@technoweenie the Mac build works great for me. Defining the |
Looks like the actual At any rate, seems like 2.3.2 is a go 👍 |
Nice! I'm happy for this change. We use SourceTree which always sets git_askpass, and were getting hammered by AskPass prompts even though we prefer using git credential helper. I'm looking forward to trying this out! |
@technoweenie With git-lfs 2.3.4 this appears to be still be a problem. My credential helper is configured in
And |
I can't replicate it: $ rm -rf .git/lfs/objects && SSH_ASKPASS="echo fail" GIT_TRACE=1 git lfs fetch --all
09:02:12.441099 git.c:560 trace: exec: 'git-lfs' 'fetch' '--all'
09:02:12.441671 run-command.c:626 trace: run_command: 'git-lfs' 'fetch' '--all'
09:02:12.450307 trace git-lfs: run_command: 'git' version
09:02:12.462428 trace git-lfs: run_command: 'git' config -l
Scanning for all objects ever referenced...
09:02:12.468463 trace git-lfs: run_command: git rev-list --objects --all --
09:02:12.474807 trace git-lfs: run_command: git cat-file --batch
✔ 8 objects found
Fetching objects...
09:02:12.519268 trace git-lfs: run_command: 'git' -c filter.lfs.smudge= -c filter.lfs.clean= -c filter.lfs.process= -c filter.lfs.required=false rev-parse HEAD --symbolic-full-name HEAD
09:02:12.525192 trace git-lfs: run_command: 'git' config branch.foo.remote
09:02:12.537911 trace git-lfs: tq: running as batched queue, batch size of 100
09:02:12.537958 trace git-lfs: fetch bin/again.bin [9252a75c942da16f7b52cab752797dea4fca18474db9d7eff102842a459b25b3]
09:02:12.538072 trace git-lfs: tq: sending batch of size 8
09:02:12.538368 trace git-lfs: api: batch 8 files
09:02:12.578619 trace git-lfs: HTTP: POST https://github.com/github/git-lfs-test.git/info/lfs/objects/batch
09:02:12.879606 trace git-lfs: HTTP: 401
09:02:12.879808 trace git-lfs: HTTP: {"message":"Requires authentication","documentation_url":"https://github.com/contact"}
09:02:12.879949 trace git-lfs: setting repository access to basic
09:02:12.879972 trace git-lfs: run_command: 'git' config --replace-all lfs.https://github.com/github/git-lfs-test.git/info/lfs.access basic
09:02:12.894348 trace git-lfs: api: http response indicates "basic" authentication. Resubmitting...
09:02:12.894427 trace git-lfs: creds: git credential fill ("https", "github.com", "github/git-lfs-test")
09:02:12.934722 trace git-lfs: Filled credentials for https://github.com/github/git-lfs-test
09:02:12.934805 trace git-lfs: HTTP: POST https://github.com/github/git-lfs-test.git/info/lfs/objects/batch
09:02:13.050648 trace git-lfs: HTTP: 200 If I disable $ SSH_ASKPASS="echo fail" GIT_TRACE=1 git -c credential.helper= lfs fetch --all
10:40:09.571423 git.c:560 trace: exec: 'git-lfs' 'fetch' '--all'
10:40:09.571940 run-command.c:626 trace: run_command: 'git-lfs' 'fetch' '--all'
10:40:09.581376 trace git-lfs: run_command: 'git' version
10:40:09.593710 trace git-lfs: run_command: 'git' config -l
Scanning for all objects ever referenced...
10:40:09.600089 trace git-lfs: run_command: git rev-list --objects --all --
10:40:09.605327 trace git-lfs: run_command: git cat-file --batch
✔ 8 objects found
Fetching objects...
10:40:09.613721 trace git-lfs: run_command: 'git' -c filter.lfs.smudge= -c filter.lfs.clean= -c filter.lfs.process= -c filter.lfs.required=false rev-parse HEAD --symbolic-full-name HEAD
10:40:09.619701 trace git-lfs: run_command: 'git' config branch.foo.remote
10:40:09.631703 trace git-lfs: tq: running as batched queue, batch size of 100
10:40:09.631728 trace git-lfs: fetch bin/again.bin [9252a75c942da16f7b52cab752797dea4fca18474db9d7eff102842a459b25b3]
10:40:09.631739 trace git-lfs: fetch bin/b.bin [0263829989b6fd954f72baaf2fc64bc2e2f01d692d4de72986ea808f6e99813f]
10:40:09.631773 trace git-lfs: fetch bin/hi.bin [98ea6e4f216f2fb4b69fff9b3a44842c38686ca685f3f55dc48c5d3fb1107be4]
10:40:09.631825 trace git-lfs: fetch gif/atom-undo.gif [b9f86fab477109565871ced361ba69f2425a91fbe6057fa7a9629a8d536d7c71]
10:40:09.631860 trace git-lfs: fetch gif/droidtocat.gif [d1c8fab51418ef587fcf5dd8e73c60b9700704e2f8f5292ea12ec27c285b23a3]
10:40:09.631871 trace git-lfs: fetch jpg/kabuki-tattoo-left.JPG [e1732d149d262963996ca77a47a5d3c51c85c6e97187afad370a8bef2828b6b7]
10:40:09.631880 trace git-lfs: fetch png/render.png [55d51edb307ed7bf4a1bbca3867d132a07f76828d57f37e0f31f712c02ceafe0]
10:40:09.631887 trace git-lfs: fetch render.png [124733b36d098353ad16bb11646643709e87c4746e0d97913a9826829e0477a3]
10:40:09.631959 trace git-lfs: tq: sending batch of size 8
10:40:09.632236 trace git-lfs: api: batch 8 files
10:40:09.632367 trace git-lfs: creds: filling with GIT_ASKPASS: echo fail Username for "https://github.com/github/git-lfs-test"
10:40:09.632388 trace git-lfs: api error: Git credentials for https://github.com/github/git-lfs-test not found:
exec: "echo fail": executable file not found in $PATH
Git LFS: (0 of 8 files) 0 B / 879.12 KB
batch response: Git credentials for https://github.com/github/git-lfs-test not found:
exec: "echo fail": executable file not found in $PATH
error: failed to fetch some objects from 'https://github.com/github/git-lfs-test.git/info/lfs' This is also confirmed in these integration tests. |
Are you using a domain specific credential helper? I suspect that causes
the failure in LFS while it works fine with Git itself.
…On Tue, Oct 24, 2017, 18:41 risk danger olson ***@***.***> wrote:
I can't replicate it:
$ rm -rf .git/lfs/objects && SSH_ASKPASS="echo fail" GIT_TRACE=1 git lfs fetch --all
09:02:12.441099 git.c:560 trace: exec: 'git-lfs' 'fetch' '--all'
09:02:12.441671 run-command.c:626 trace: run_command: 'git-lfs' 'fetch' '--all'
09:02:12.450307 trace git-lfs: run_command: 'git' version
09:02:12.462428 trace git-lfs: run_command: 'git' config -l
Scanning for all objects ever referenced...
09:02:12.468463 trace git-lfs: run_command: git rev-list --objects --all --
09:02:12.474807 trace git-lfs: run_command: git cat-file --batch
✔ 8 objects found
Fetching objects...
09:02:12.519268 trace git-lfs: run_command: 'git' -c filter.lfs.smudge= -c filter.lfs.clean= -c filter.lfs.process= -c filter.lfs.required=false rev-parse HEAD --symbolic-full-name HEAD
09:02:12.525192 trace git-lfs: run_command: 'git' config branch.foo.remote
09:02:12.537911 trace git-lfs: tq: running as batched queue, batch size of 100
09:02:12.537958 trace git-lfs: fetch bin/again.bin [9252a75c942da16f7b52cab752797dea4fca18474db9d7eff102842a459b25b3]
09:02:12.538072 trace git-lfs: tq: sending batch of size 8
09:02:12.538368 trace git-lfs: api: batch 8 files
09:02:12.578619 trace git-lfs: HTTP: POST https://github.com/github/git-lfs-test.git/info/lfs/objects/batch
09:02:12.879606 trace git-lfs: HTTP: 401
09:02:12.879808 trace git-lfs: HTTP: {"message":"Requires authentication","documentation_url":"https://github.com/contact"}
09:02:12.879949 trace git-lfs: setting repository access to basic
09:02:12.879972 trace git-lfs: run_command: 'git' config --replace-all lfs.https://github.com/github/git-lfs-test.git/info/lfs.access basic
09:02:12.894348 trace git-lfs: api: http response indicates "basic" authentication. Resubmitting...
09:02:12.894427 trace git-lfs: creds: git credential fill ("https", "github.com", "github/git-lfs-test")
09:02:12.934722 trace git-lfs: Filled credentials for https://github.com/github/git-lfs-test
09:02:12.934805 trace git-lfs: HTTP: POST https://github.com/github/git-lfs-test.git/info/lfs/objects/batch
09:02:13.050648 trace git-lfs: HTTP: 200
If I disable credential.helper, it fails as expected:
$ SSH_ASKPASS="echo fail" GIT_TRACE=1 git -c credential.helper= lfs fetch --all
10:40:09.571423 git.c:560 trace: exec: 'git-lfs' 'fetch' '--all'
10:40:09.571940 run-command.c:626 trace: run_command: 'git-lfs' 'fetch' '--all'
10:40:09.581376 trace git-lfs: run_command: 'git' version
10:40:09.593710 trace git-lfs: run_command: 'git' config -l
Scanning for all objects ever referenced...
10:40:09.600089 trace git-lfs: run_command: git rev-list --objects --all --
10:40:09.605327 trace git-lfs: run_command: git cat-file --batch
✔ 8 objects found
Fetching objects...
10:40:09.613721 trace git-lfs: run_command: 'git' -c filter.lfs.smudge= -c filter.lfs.clean= -c filter.lfs.process= -c filter.lfs.required=false rev-parse HEAD --symbolic-full-name HEAD
10:40:09.619701 trace git-lfs: run_command: 'git' config branch.foo.remote
10:40:09.631703 trace git-lfs: tq: running as batched queue, batch size of 100
10:40:09.631728 trace git-lfs: fetch bin/again.bin [9252a75c942da16f7b52cab752797dea4fca18474db9d7eff102842a459b25b3]
10:40:09.631739 trace git-lfs: fetch bin/b.bin [0263829989b6fd954f72baaf2fc64bc2e2f01d692d4de72986ea808f6e99813f]
10:40:09.631773 trace git-lfs: fetch bin/hi.bin [98ea6e4f216f2fb4b69fff9b3a44842c38686ca685f3f55dc48c5d3fb1107be4]
10:40:09.631825 trace git-lfs: fetch gif/atom-undo.gif [b9f86fab477109565871ced361ba69f2425a91fbe6057fa7a9629a8d536d7c71]
10:40:09.631860 trace git-lfs: fetch gif/droidtocat.gif [d1c8fab51418ef587fcf5dd8e73c60b9700704e2f8f5292ea12ec27c285b23a3]
10:40:09.631871 trace git-lfs: fetch jpg/kabuki-tattoo-left.JPG [e1732d149d262963996ca77a47a5d3c51c85c6e97187afad370a8bef2828b6b7]
10:40:09.631880 trace git-lfs: fetch png/render.png [55d51edb307ed7bf4a1bbca3867d132a07f76828d57f37e0f31f712c02ceafe0]
10:40:09.631887 trace git-lfs: fetch render.png [124733b36d098353ad16bb11646643709e87c4746e0d97913a9826829e0477a3]
10:40:09.631959 trace git-lfs: tq: sending batch of size 8
10:40:09.632236 trace git-lfs: api: batch 8 files
10:40:09.632367 trace git-lfs: creds: filling with GIT_ASKPASS: echo fail Username for "https://github.com/github/git-lfs-test"
10:40:09.632388 trace git-lfs: api error: Git credentials for https://github.com/github/git-lfs-test not found:
exec: "echo fail": executable file not found in $PATH
Git LFS: (0 of 8 files) 0 B / 879.12 KB
batch response: Git credentials for https://github.com/github/git-lfs-test not found:
exec: "echo fail": executable file not found in $PATH
error: failed to fetch some objects from 'https://github.com/github/git-lfs-test.git/info/lfs'
This is also confirmed in these integration tests
<https://github.com/git-lfs/git-lfs/pull/2637/files#diff-44fcb9984369e27a5e471eaf8f240b71>
.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#2634 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AA7nG1yyWvC2ktMwo5iCrOSxflI0XBDkks5svhNEgaJpZM4Ppcpr>
.
|
Doh, good call. Opened an issue here: #2686 |
Hey all, I made some more fixes to the credential helper in #2695, and uploaded some builds for windows, linux, and mac. I'd appreciate if anyone could try it to confirm the fixes.
EDIT: clarified second point to make more sense. |
@technoweenie Tested & confirmed that it resolves the issue I've reported |
The mac version from #2695 works as expected for me (didn't try anything new, but no regressions!). I'm a little confused about the 2nd part, though; what exactly is the order that things happen? My understanding is it'll go (simplified):
Disabling my credential helper did result in a prompt, but I didn't see a warning? |
@zvinless Well, it is confusing because I left out some key words :) The symptom you described in #2634 is that users had an invalid askpass set, causing LFS operations to fail. We determined that your interpretation of the docs was correct, and that LFS was using the wrong order. Now, I think the correct order is:
#2695 doesn't change the order or anything, but it does recover gracefully from an askpass failure. If someone misconfigures askpass, but still doesn't have a credential helper defined, LFS will prompt you at most once per LFS command. |
Ok, gotcha. Looks good then! 👍 |
@technoweenie, yep, the Windows version works for my scenario, too. Even though SourceTree sets the git_askpass environment variable before launching git, git-lfs now gives preference to our credential helper settings, so we no longer get hammered with the SourceTree askpass prompt. Thanks! |
When pushing/pulling lfs files with both a credential helper (
osxkeychain
) and a GIT_ASKPASS environment variable set, it seems like lfs tries to use the askpass program. From what I understand this is incongruent with git (though I am honestly not very familiar with how git deals with credentials).Steps:
git config --global credential.helper osxkeychain
to set global credential helperGIT_ASKPASS
environment variable in ~/.bash_profile to an empty shell script so that it will failgit push
Git credentials for [repo].git not found: fork/exec [path/to/askpass/program]: exec format error
(indicating that the askpass program is getting used; don't worry that it fails)I first noticed this because Visual Studio Code's git integration sets the GIT_ASKPASS environment variable and provides its own askpass program, which started getting used instead of my keychain credentials exclusively since updating to git lfs 2.3.0.
env:
The text was updated successfully, but these errors were encountered: