-
-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migration from https git with basic authentication failed #18166
Comments
Well, it could be that cgit(I don't have a really good understanding of how it works) doesn't support the HTTP basic auth. You could check this by doing a simplified version of this command: |
Runing git clone in shell with embedded password doesn't work. It won't even call GIT_ASKPASS or system defined credential.helper.
If I remove password from URL it works correctly, etc. ask for password via defined GIT_ASKPASS or credential.helper. Both GTK popup and console prompt are working correctly.
Embedding password in URL could be deprecated but I could not find any reference. Git internally use curl so it naturally accepts password in ~/.netrc but this is not option for gitea. Google say that people did have problems HTTP basic authentication, most of problems are resolved using GIT_ASKPASS and credential.helper but this is for console use. After further investigation: Here is sequence:
As it seams, there is bug in git. In step 3 git should respond with required header. I'll make new issue for git. But as there are many broken git implementation we should implement credential.helper approach as it handle everything. Even with git bugfix, a lot of time will pass before it comes to life... |
Wow, thanks for the extensive comment. Yeah that indeed seems like a case that GIT should be handling, I think we should just revert now to use the credential.helper workaround. |
Yeap. We should patch other files which interface external repository. Namely, services/mirror/mirror_pull.go and services/mirror/mirror_push.go. But I'am not sure where is remote password stored. I found it in repository origin URL and that could be problem because password should be removed from URL and passed only via credential.helper while running pull/push. So workaround should look like:
Another solution would be:
|
- Resolves go-gitea#18166 - Allow user to choose(in certain conditions) to use -c helper.credentials in order to workaround bug with git.
This is still an issue when for example importing from Team Foundation Server. Passing credentials on the command line is not working, and can only be done using the Credentials Helper. I see that a #18172 has been created, but it has been closed again. This would really help us out. |
Gitea Version
1.15.9
Git Version
2.33.1
Operating System
Fedora 35
How are you running Gitea?
Running using systemd service "/etc/systemd/system/gitea.service"
Database
PostgreSQL
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Description
Hi,
I have been trying to migrate some repository from CGIT based http service with basic authentication enabled which always results with:
Log reveals command used:
It also fails If I use command directly:
As it seams, git is not using URL embedded password. I have no clue if this should work with http basic authentication nor if it is only broke/deprecated in newer git versions.
I have create patch d389b8a8fb196f37a222ffdbac3d6d7ff509eb78 which resolves my problem.
Patch extracts password from URL and use "credential.helper" git config to provide password for git command.
This approach should work for other migrations. It works with github private repos but didn't tested with all migration providers.
Any thoughts? Should this be implement in other places?
Screenshots
No response
The text was updated successfully, but these errors were encountered: