From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
To: Jeff King <peff@peff.net>
Cc: "brian m. carlson" <sandals@crustytoothpaste.net>,
Jonathan Nieder <jrnieder@gmail.com>,
Ilya Tretyakov <it@it3xl.ru>,
"brian m. carlson" <bk2204@github.com>,
git@vger.kernel.org
Subject: Re: Credential helpers are no longer invoked in case of having sub-folder parts in a repository URL. Since 2.26.1 version
Date: Wed, 22 Apr 2020 21:20:22 +0200 (CEST) [thread overview]
Message-ID: <nycvar.QRO.7.76.6.2004222117400.18039@tvgsbejvaqbjf.bet> (raw)
In-Reply-To: <20200422040644.GC3559880@coredump.intra.peff.net>
Hi,
On Wed, 22 Apr 2020, Jeff King wrote:
> On Wed, Apr 22, 2020 at 02:20:20AM +0000, brian m. carlson wrote:
>
> > > Thanks. Here's another (though I haven't tried bisecting yet):
> > >
> > > echo url='https://github.com/git/git' |
> > > GIT_TERMINAL_PROMPT=0 \
> > > git -c credential.helper= \
> > > -c credential.github.com.helper='!echo username=foo; echo password=bar;:' \
> > > credential fill
> >
> > gitcredentials(7) says the following:
> >
> > Git considers each credential to have a context defined by a URL.
> > This context is used to look up context-specific configuration, and is
> > passed to any helpers, which may use it as an index into secure
> > storage.
> >
> > I'm not sure a hostname qualifies as a URL in this case. So while my
> > patch did break this, I don't believe it's ever been documented to
> > actually work and was an artifact of our implementation (along with
> > "credential./git/git.helper" and "credential.https://.helper"). I've
> > also never seen this syntax used in the wild, but maybe I'm not looking
> > in the right places.
>
> I'm pretty sure it was an intended use case, though it is a natural
> outcome of the credential_match() strategy of "unspecified things match
> anything". I'd suspect that anybody relying on it is doing so
> unintentionally, and just forgot to put the protocol field in. Though I
> suppose doing so would let you cover http/https in a single block.
>
> At any rate, even in versions _without_ your patch, that became a hard
> error in this week's release. In v2.24.3, for example:
>
> $ echo url=https://anyhost.example.com |
> git -c credential.example.com.username=foo credential fill
> warning: url has no scheme: example.com
> fatal: credential url cannot be parsed: example.com
>
> because we're relying there on credential_from_url() to parse the config
> credentials, too. After your patch, we use the http-config machinery,
> which simply doesn't match.
This affects also pre-v2.26.* versions. One fallout is that some GitHub
Desktop users reported that they cannot fetch anymore:
https://github.com/desktop/desktop/issues/9597
I _think_ I have a good fix for this, and am only waiting for the PR
builds at https://github.com/gitgitgadget/git/pull/615 to finish before I
will submit that patch series for review.
Ideally, I will integrate these patches into some MinGit backports
tonight, still, so that GitHub Desktop can roll out another release to
avoid many more reports. Therefore, I hope for quick reviews ;-)
Ciao,
Dscho
>
> > I don't think we can shoehorn it into urlmatch, since that would break
> > compatibility with the `http.*` config options, so I think we'd have to
> > revert the entire feature if we want to preserve it. I think I'd prefer
> > to leave things as it is since it seems uncommon and there are easy
> > alternatives, but if folks prefer, I can send a patch to revert the
> > urlmatch feature.
>
> I agree that we should leave it. Aside from the dual http/https thing
> (which _hopefully_ is rare these days as https become more of a
> standard), I don't think it has a legitimate use case. And I think we
> should be pushing users to be a bit more careful with their url config.
>
> -Peff
>
>
next prev parent reply other threads:[~2020-04-22 19:21 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-21 22:31 Credential helpers are no longer invoked in case of having sub-folder parts in a repository URL. Since 2.26.1 version Ilya Tretyakov
2020-04-21 22:58 ` Jeff King
2020-04-22 1:09 ` brian m. carlson
2020-04-22 1:28 ` Jonathan Nieder
2020-04-22 1:36 ` Jeff King
2020-04-22 2:20 ` brian m. carlson
2020-04-22 4:06 ` Jeff King
2020-04-22 19:20 ` Johannes Schindelin [this message]
2020-04-22 1:23 ` [PATCH] credential: fix matching URLs with multiple levels in path brian m. carlson
2020-04-22 4:16 ` Jeff King
2020-04-22 18:45 ` brian m. carlson
2020-04-22 19:51 ` [PATCH v2] " brian m. carlson
2020-04-22 20:04 ` Jeff King
2020-04-24 4:50 ` Carlo Marcelo Arenas Belón
2020-04-24 20:20 ` Junio C Hamano
2020-04-25 21:32 ` [PATCH v3] redential: " brian m. carlson
2020-04-26 1:51 ` Eric Sunshine
2020-04-26 17:26 ` [PATCH v4] credential: " brian m. carlson
2020-04-27 1:18 ` [PATCH v5] " brian m. carlson
2020-04-27 18:44 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=nycvar.QRO.7.76.6.2004222117400.18039@tvgsbejvaqbjf.bet \
--to=johannes.schindelin@gmx.de \
--cc=bk2204@github.com \
--cc=git@vger.kernel.org \
--cc=it@it3xl.ru \
--cc=jrnieder@gmail.com \
--cc=peff@peff.net \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).