Carthage: Authentication methods to access private binary repository.
Hi,
I've been looking forward for binary-origin functionality, and I just tested it and is working nicely!
I'm developing private commercial library and releasing it as Zip file.
And I'm planning to release the library with carthage using binary origin.
Because the library is a commercial and private, I want to place a json file with basic authentication or other authentication methods.
Like using .netrc, creating new .env(or something) file and write credentials to passing http header like "Authorization:
So I just thinking of Cartfile format, but I think there is no room to specify the headers.
binary "https://raw.githubusercontent.com/XXXX/ios/master/frameworks/1.0.1/Carthage/XXXX.framework.zip"
To clarify, I want to add headers before downloading file.
https://github.com/Carthage/Carthage/blob/master/Source/CarthageKit/Project.swift#L338
func downloadBinaryFrameworkDefinition(url: URL) -> SignalProducer<BinaryProject, CarthageError> {
return SignalProducer.attempt {
return .success(self.cachedBinaryProjects)
}
.flatMap(.merge) { binaryProjectsByURL -> SignalProducer<BinaryProject, CarthageError> in
if let binaryProject = binaryProjectsByURL[url] {
return SignalProducer(value: binaryProject)
} else {
self._projectEventsObserver.send(value: .downloadingBinaryFrameworkDefinition(.binary(url), url))
var request = URLRequest(url:url);
request.addValue("token 84be5f5f6a...snip...", forHTTPHeaderField: "Authorization"); // <--- I want to add header before downloading
return URLSession.shared.reactive.data(with: request)
.mapError { return CarthageError.readFailed(url, $0 as NSError) }
.attemptMap { (data, urlResponse) in
return BinaryProject.from(jsonData: data, url: url).mapError { error in
return CarthageError.invalidBinaryJSON(url, error)
}
}
.on(value: { binaryProject in
self.cachedBinaryProjects[url] = binaryProject
})
}
}
.startOnQueue(self.cachedBinaryProjectsQueue)
}
Since CocoaPods using curl, .netrc is make effect.
https://github.com/CocoaPods/CocoaPods/issues/5055
Is there any plan to add such functionality?
kent013
All 15 comments
No plans currently. We'd need to figure out how this would work.
mdiep
on 23 Feb 2017
Thank you for your reply.
I think there are several options
- Use curl command if it is exists
- like this repository
- https://github.com/PerfectlySoft/Perfect-CURL/blob/master/Sources/cURL.swift
- Embed curl library code
- like this repository
- https://github.com/nrj/objective-curl
- Write netrc parser and use .netrc file
- there is no existing netrc parser for obj-c / swift
- Create new credential file to store.
- to specify server authentication credentials.
- like .carthage_credentials file
- Write authentication credential in Cartfile
kent013
on 27 Feb 2017
+1 I've just got my binaries uploading to artifactory but now realised there's no way to specify credentials. I assume credentials given in the URL will be used so if I can dynamically generate the JSON I'll be ok but that's not ideal.
johnmckerrell
on 6 Mar 2017
+1. We would like this feature available as well. We are hitting a Gitlab server ; we thus need to add a header "PRIVATE-TOKEN: <THE_TOKEN>". A ~/.netrc or a ~/.carthage file within the home directory may be a an acceptable solution. This something that Gradle allows, by specifying it within the ~/.gradle/gradle.properties.
spelle
on 30 Aug 2017
We are struggling the same issue for a Gitlab repository.
We'd like to propose the solution based on #605.
What do you think about this idea?
We can help with the implementation as well, cheers!
mollyIV
on 20 Feb 2018
@mollyIV not very much familiar with this exact scenario, but _I think_ there might be an alternate solution by combining git-credential-netrc, $XDG_CONFIG_HOME/git/config, and XDG_CONFIG_HOME='/Users/Shared/XDG_CONFIG_HOME' carthage …
jdhealy
on 20 Feb 2018
This is about binary frameworks so git-credential-netrc will not be a help.
ikesyo
on 21 Feb 2018
As I've understood, there is no embedded solution within Carthage to support such feature. What would be the best approach to manage dependencies (upload/download) using Jfrog Artifactory?
Artifactory supports Cocoapods out of the box using cocoapod-art and a specific Cocoapod repository but nothing for Carthage.
martiwi
on 23 May 2018
We may be able to use https://github.com/ggruen/SwiftNetrc.
ikesyo
on 25 Jul 2018
I also support kent013's suggestion to use .netrc file like the Cocoapods uses it, so the user won't need to care about creds if Cocoapods and Carthage has same links to binaries. Or, as alternative, binary command should accept additional arguments for creds.
eugenebiryukov
on 14 Aug 2018
I am also interested in this functionality. Did anything change?
Macarse
on 8 Apr 2019
Hey guys 👋 Decided to give it a try and opened a draft pull request https://github.com/Carthage/Carthage/pull/2774
Started from writing .netrc parser. Feel free to left the comments and track the progress 🦁 🙇 🙇
mollyIV
on 28 Apr 2019
+1
tedgonzalez
on 3 Aug 2019
+1 I've just got my binaries uploading to artifactory but now realised there's no way to specify credentials. I assume credentials given in the URL will be used so if I can dynamically generate the JSON I'll be ok but that's not ideal.
Did you ever figure out a solution for using Carthage to pull in built binaries on Artifactory (where authentication is required)?
JUSTINMKAUFMAN
on 19 Sep 2019
Strong likelihood we will drop support for Carthage. Most clients use Cocoa Pods anyway.
johnmckerrell
on 19 Sep 2019
Related issues
willhains
·
3Comments
shift00
·
3Comments
hamchapman
·
3Comments
Ogerets
·
3Comments
billypchan
·
3Comments
Most helpful comment
+1 I've just got my binaries uploading to artifactory but now realised there's no way to specify credentials. I assume credentials given in the URL will be used so if I can dynamically generate the JSON I'll be ok but that's not ideal.