New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal: cmd/go: private repos on hard-coded hosting providers require special configuration #26134
Comments
What What happens if you attempt to Are you using the credential helper? |
I don't know, I just updated it before running it... how can I know the commit?
The simple
I don't think so, I exchanged the keys with github so my remote is like
|
The error text shows the command being run. It is one of the few git commands that doesn't actually care about having a git repo to run, so you can just try it in any directory you want:
Does it work? |
Possible duplicate of #26145 but the error message from git is different (no mention of terminal prompts disabled). |
Ok, so
but
Maybe I am able to reach the repository only via ssh? |
If you can make the https form work then vgo (and old go get) will be happy. The two possible ways to do that are:
where APIKEY is an API key obtained from the GitHub API page with access to private repos. |
Retitling this to "cmd/go: github private repos require special configuration". |
The first option, adding
to |
Hi Guys, I don't know if this is the correct issue to comment on so please forgive me if it's not correct, I ended up here because of an Issue I am having with Gitlab. We have a project structure where we use subgroups for project organisation by client/project/repo. So our package import paths are 3 levels deep rather than the standard 2 you see on Github. This is fine except for an issue with
Gitlab recently did implement support for a HTTP header to override this behaviour over here: https://gitlab.com/gitlab-org/gitlab-ce/issues/42817 so we can send a We could update our import paths to include a I guess what we need is a way for |
To add to the list of options in this space (#26134 (comment)), we should also add use of a keychain/keyring as a third option (which is independent of remote VCS). Instructions vary quite widely between platforms, unsurprisingly:
I've switched back from using the ssh solution on Linux to using Gnome keyring (even though I don't use Gnome) to great effect... not least because it can be used to unify all credentials. @FiloSottile are there are any security implications that I'm unaware of with respect to the use of keychain/keyrings for this sort of thing? |
With Go tip (f2131f6) I can use private repos without modules (with the
That final git fetch fails, but that hash exists in the private repo:
And it's on the remote (it's
|
Is it possible to add a flag that causes go to clone over ssh (or any other potential future protocol)? A flag would be easy to use in CI where necessary and is more easily explained than editing a .gitconfig or .netrc. |
Issue #31376 was duplicated here, but is not using one of the hard-coded hosting sites. The matching HTTPS server provides no tags, and documented methods to make 'go get' skip VCS detection step do not seem to be working. |
@stub42, my apologies. We do have a special case for |
Thank you for this issue, I was debugging the access to my private github repos for a week..
|
@rsc I have a huntch that capturing private repo information in the go.mod file might help. This information and auth details can get used directly or passed to Athens. Maybe instead of insteadOf
we could write something like module my/package
replace github.com/MYORGANIZATION => ssh://git@github.com/MYORGANIZATION/someprivatepackage v1.1.1
require github.com/MYORGANIZATION/someprivatepackage v1.1.1 or module my/package
require github.com/MYORGANIZATION/someprivatepackage v1.1.1 at git@github.com:MYORGANIZATION/someprivatepackage |
I'd also like to see a solution to this where the private repo information can be stored in the repository. This is currently holding me back from using Go modules for projects that depend on private repositories because it's not seamless enough (requires modifying $HOME/.gitconfig locally). |
@marksamman any ideas on how authentication should be done? Is putting a public key in the go.mod file a security issue? eg module my/package
require github.com/MYORGANIZATION/someprivatepackage v1.1.1 at git@github.com:MYORGANIZATION/someprivatepackage using ssh-rsa AAAAB3NzaC1yc2EAAAADAQA...2JN millergarym@development_machine_and_ci |
@millergarym if you mean a private key, yes. |
I am not suggesting including authentication credentials in the repository, just a way of pulling over SSH instead of HTTPS and leaving the rest for Git to handle. EDIT: I've learned that my problem can be solved with the go-import meta tag, so this is no longer a blocker for me to use Go modules with private repositories. |
No, only public keys |
Can meta tags point to private repos? If so please provide an example. |
Meta tags require serving public document referencing the private branch or repo, which is data leakage and not acceptable at some sites. The Launchpad web site returns a 404 for private branches, unless you are both logged in and have been granted read access. A tool can't tell if the repo exists unless it has a valid oauth token or speaks SSH. My current workaround is to embed my private branches as git subtrees, as 'replace' in go.mod already allows me to reference a relative local path:
I think allowing 'replace' to specify full URLs would be a workable solution, or a new command, ideally without the v0.0.0 version pin. Say, theoretically:
(Interestingly, you should be able to use the existing replace to force use of a fork without changing imports, perhaps even a fork of parts of the standard library) |
DO NOT MISSING THE LAST '/' CHAR! |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
yes (coming from #25590)
What operating system and processor architecture are you using (
go env
)?What did you do?
I ran
where:
What did you expect to see?
The package code in MY_REPO or the go module downloaded
What did you see instead?
The text was updated successfully, but these errors were encountered: