Cargo: default username used for git clones over ssh is not generally correct

Yeah I _think_ that this is a dupe, but I'm not 100% sure. Can you try specifying the full URL instead of just gitsrvsim? That .ssh/config alias definitely won't be read by us (or libgit2) I believe

gitsrvsim is not an alias. It's resolvable when you tack on a suffix from /etc/resolv.conf. So using the fully qualified domain name in Cargo.toml didn't change anything

Note that we actually don't shell out to git at all, we use libgit2 as a bundled library which implements all the git operations we need. We specifically try a number of authentication strategies here, and I wonder if perhaps SSH_KEY isn't coming through somehow?

Unfortunately there's not a lot of debug logging around there, so I'm curious:

• Is there a way for me to reproduce this locally?
• Would you be willing to try out some debug builds of Cargo to see if it works?

I would be happy to try out any and all debug builds!

I do believe this can be reproduced (I don't think there is anything unique about this particular machine). Let me try to put together a repo script. I'll get back to you on this.

• Step 0 (optional) : Configure machine for pubkey authentication only. Actually, disabling keyboard-interactive is not required to reproduce this, but it can be useful to show that your ssh agent is working.

I'm sure you know how to do this, but for anyone else following along at home, the steps are documented here https://gist.github.com/eminence/93aab78611b9279d8b35

• Create a project that will be the dependency. Add a trivial thing to it, so that it'll be git-cloneable

achin@bigbox ~/tmp/01 $ cargo init mydep 
achin@bigbox ~/tmp/01 $ cd mydep/
achin@bigbox ~/tmp/01/mydep $ echo "fn foo() -> u8 { 4 }" > src/lib.rs 
achin@bigbox ~/tmp/01/mydep $ git add Cargo.toml src/lib.rs 
achin@bigbox ~/tmp/01/mydep $ git commit -m "initial commit"
[master (root-commit) 77cfe74] initial commit
 2 files changed, 7 insertions(+)
 create mode 100644 Cargo.toml
 create mode 100644 src/lib.rs

• Create a new project that will depend on mydep.

achin@bigbox ~/tmp/01 $ cargo new --bin myapp
achin@bigbox ~/tmp/01 $ cd myapp/
achin@bigbox ~/tmp/01/myapp $ vim Cargo.toml 
achin@bigbox ~/tmp/01/myapp $ cat Cargo.toml 

[package]
name = "myapp"
version = "0.1.0"
authors = ["Andrew Chin <[email protected]>"]

[dependencies]

[dependencies.mydep]
git = "ssh://localhost/storage/home/achin/tmp/01/mydep"

• Now try to build:

achin@bigbox ~/tmp/01/myapp $ cargo build --verbose
    Updating git repository `ssh://localhost/storage/home/achin/tmp/01/mydep`
Unable to update ssh://localhost/storage/home/achin/tmp/01/mydep

Caused by:
  failed to fetch into /storage/home/achin/.multirust/toolchains/nightly/cargo/git/db/mydep-f9f860195307f1db

Caused by:
  failed to authenticate when downloading repository

Caused by:
  [7/-1] Config value 'credential.helper' was not found

• Observe that a plain git-clone is successful:

achin@bigbox ~/tmp/01/myapp $ git clone ssh://localhost/storage/home/achin/tmp/01/mydep
Cloning into 'mydep'...
remote: Counting objects: 5, done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 5 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (5/5), done.
Checking connectivity... done.

Awesome, thanks @eminence! There's two issues at play here:

• The root cause is the username we attempt to connect with via ssh. Without any extra information we fall back to the username of git, but that's probably the wrong username for you (it was for me)
• The error message here is quite bad! I'm working on a PR to fix that.

Ah ha!

Yes, explicitly specifying a username works! However, this is not ideal, since the username that I need to access "localhost" (or "gitsrvsim") is not the username that you need to access "localhost" or ("gitsrvsim"). Perhaps if no username is specified, default to the OS user name (and if that can't be determined, then fallback to git) ?

Hm unfortunately libgit2 provides a kinda wacky interface to interacting with authorizations, but I _think_ we could track something like that, yeah.

I'm now running with this change, but things still are not quite working (but failing in a different way this time!)

lxd@east6sim:/scratch/lxd/00/myapp> cargo build --verbose
    Updating git repository `ssh://localhost/scratch/lxd/00/mydep`
Unable to update ssh://localhost/scratch/lxd/00/mydep

Caused by:
  failed to clone into: /rd/gen/lxd/do_not_delete/multirust/.cargo/git/db/mydep-d4bb305298ecb371

Caused by:
  failed to authenticate when downloading repository

Caused by:
  [23/-1] username does not match previous request

The myapp and mydep crates were set up as described the in comment above.

Using cargo 0.9.0-nightly (582dcb7 2016-02-26)

(Trying to build/clone without an ssh-agent gives the error error authenticating: no auth sock variable which is much better!)

I see the same problem on another system of mine, so I going to re-open this issue.

Edit: turns out I can't re-open the issue! Please let me know if you would like me to open a new issue for this

Hm... weird! I'm not sure how this worked for me locally?

If libgit2 doesn't allow us to change usernames then there may be no recourse here unfortunately.

I don't think anyone else is running into this, so I will take an action item to dig into this to try find the source of this particular error

I finally dug into this. The situation in with_authentication is as follows:

The first time in here we hit the allowed.contains(git2::USERNAME) block. Since the URL within Cargo.toml doesn't contain any username, the username parameter is None so we simply return "git".

Second time in here we hit the UsernameAttempt::Arg arm of username_attempt match. Now the username parameter is Some("git") so we end up returning "git" via the if let Some(name) = name block.

Since ssh authentication with the username of "git" does not work on my system (I have no user account with that name), we'll then fall back into this callback a third time. We quickly pass through the UsernameAttempt::CredHelper match arm before landing in the UsernameAttempt::Local arm, where Some("achin").

And so libgit2 doesn't like this because first we said to use the username "git" and now we've just said use the username "achin"

So that's the scenario. As for the fix, I am going to argue that returning "git" here is not the correct thing to do.

I can envision 3 scenarios:

1. You have explicitly specified a username in the URL. In this case, it appears that allowed doesn't contain git2::USERNAME and so we directly go to the UsernameAttempt::Arg arm which is successful, and we are then done without any additional fuss.
2. You omit the username from the URL, and are relying on your ssh_config file to specify the username. This simply isn't implemented today, and will continue to not work after my proposed change.
3. You omit the username from the URL and are assuming that your OS username will be used. This is my case. Absent any additional information, we should simply assume that the OS username should be used and not try to recover if that fails.

There might actually be a 4th scenario, when you want to use gitcredentials(7) to do username mapping. I've kind of ignored this here because 1) I'm not sure how often this is actually used for ssh, 2) I'm not sure it currently worked in cargo today, and 3) I'm not sure how this works at all with plain-old-git.

In order to fully complete this story I need to continue to figure out how gitcredentials work. I also cannot explain why things seem to work for you in your environment.

That was a very long explaining for something fairly simple, but hopefully it was worth it by making things clear. With all of this in mind, I have some ideas about how to re-write with_authentication to make it simpler, but I'd like to hear your thoughts first.

Hm we probably can't change the fallback to git without getting other scenarios to work because that's the username which works for private github repositories, for example. If libgit2 doesn't support multiple usernames in one authentication attempt, however, perhaps we could just make multiple authentication attempts?

Basically I'd imagine that we have a set of usernames we want to try if one isn't specified, and we can just try a bunch in an expensive loop (the network is expensive anyway).

Regarding private github repos, how common do you think this is? It seems like https will be far more common than ssh (I'm not even sure ssh urls would work, since the standard operating procedure for github+ssh is to use a ssh_config file, which cargo doesn't support). If they have figured out how to get ssh to work, then hard-coding the "git" username into the URL would be a workaround.

I certainly agree that documented and described behavior is the one we want (try a bunch of usernames/credentials until 1 works). I'll continue to look at this.

I've at least in the past used ssh URLs I think, but I'm not sure how widely it's used in general. I found that the method of informing git of my https credentials was way more work than just using an SSH url (as my key was already in my agent).

@alexcrichton @eminence
I also occurred.

but comment-out this lines on ~/.gitconfig, solved the problem.
I'm usually insteadOf url. Maybe this setting popular.
If cargo command does not support for it, I think that there is a need.

I hope this will help.

[http]
    cookiefile = ~/.config/git/.gitcookies
    sslCAInfo = /usr/local/etc/ssl/certs/curl-ca-bundle.crt

# URL shorthands
[url "[email protected]:"]
    insteadOf = "https://github.com/"
    pushInsteadOf = "github:"
    pushInsteadOf = "git://github.com/"

[url "git://github.com/"]
    insteadOf = "github:"

[url "[email protected]:"]
    insteadOf = "gst:"
    pushInsteadOf = "gist:"
    pushInsteadOf = "git://gist.github.com/"

[url "git://gist.github.com/"]
    insteadOf = "gist:"

I too ran into this issue, using the insteadOf configuration for git. I had used this so that I could run go get for private repos.

Ok, I've attempted a fix for this again at https://github.com/rust-lang/cargo/pull/2584, @eminence could you try that out?

@alexcrichton , I'm sorry for taking so long to test this can get back to you, but I have good news! It works! Many thanks for tackling this issue! :tada:

Note that we actually don't shell out to git at all, we use libgit2 as a bundled library which implements all the git operations we need. We specifically try a number of authentication strategies here, and I wonder if perhaps SSH_KEY isn't coming through somehow?

@alexcrichton there is no way that link still is valid years later ... better to have a hash specific