LibGit2 credentials callback overhaul
#16308
Conversation
| if isset(allowed_types, Cuint(Consts.CREDTYPE_SSH_KEY)) | ||
| credid = "ssh://$host" | ||
| # first try ssh-agent if credentials support its usage | ||
| if (isdefined(creds, :use_ssh_agent) ? getfield(creds, :use_ssh_agent) : 0xFF) == 0x00 |
There was a problem hiding this comment.
no need for this to be ternary
|
I added description of libgit2 authentication procedure to |
| - ssh key pair (ssh-agent if specified in `payload`) | ||
| - plain text | ||
|
|
||
| **Note**: Due to the specifics of `libgit2` authentication procedure, when authentication is failed, this functions is called again without any indication whether authentication was successful or not. In order not to stuck in infinite loop by repeatedly using same faulty credentials, use a call counting strategy to counteract this behaviour. |
There was a problem hiding this comment.
wrap docstrings. "when authentication fails"
|
Something in the tests here is repeatably freezing on AppVeyor. |
|
It is |
| @@ -21,12 +21,17 @@ mktempdir() do dir | |||
| finalize(repo) | |||
| end | |||
| #end | |||
| try | |||
| #@testset "with incorrect url" begin | |||
| repo_path = joinpath(dir, "Example2") | |||
| # credential are required because github try authenticate on uknown repo | |||
wildart
changed the title
credentials callback overhaulcredentials callback overhaul
|
I realized that public key isn't necessary in SSH authorization. OpenSSL (as well as MbedTLS) can extract public key from private one, see here. So, I'll designate PR as WIP while I work more on removing public key prompt and related code. |
|
Above proposition went south. Apparently, system's |
|
Any update from libssh2 on reviewing your PR? I tried an early version of it which didn't work, haven't tested your latest commits yet though. |
|
Judging from accepted libssh2 PRs, this could take some time. |
|
If it works we can use a locally patched version for a little while, but I don't want to be indefinitely shipping unreviewed crypto code. |
| - plain text | ||
|
|
||
| **Note**: Due to the specifics of `libgit2` authentication procedure, when authentication fails, | ||
| this functions is called again without any indication whether authentication was successful or not. |
|
lgtm after squashing a bit so that none of the intermediate commits would have the hanging issue |
|
Given #16373 should we hold back on merging this to allow a little bit more debugging? |
|
Yep, I need to look at this. |
- handle https & ssh connections - new credential types added caching of credentials in `update` added cross-platform `getpass` implementation [JuliaLang#8228] added comments and documentation show last saved value for pub/priv key path instead of default key path move `getpass` to `Base` introduced SSH credential type for cached credentials changed PK variable to `SSH_KEY_PATH`, added PbK guessing from PK
|
It's ready to merge. |
|
Shouldn't |
Update of the LibGit2
credentialscallback:getpassversion for Windows [Implementgetpasswd, fix up github two-factor authentication #8228]I added a credentials caching to
Pkg.updatewhich should be helpful when ssh support will arrive, #16041.