Nixpkgs: Git commands fail on OS X due to Apple's custom SSH config options

Created on 25 May 2016  路  9Comments  路  Source: NixOS/nixpkgs

Issue description

When using the nixpkgs.git (git-minimal-2.80) package on an OS X machine, git will complain about an invalid option when performing any action that parses the system SSH config:

$ git fetch
/etc/ssh/ssh_config: line 24: Bad configuration option: askpassgui
/etc/ssh/ssh_config: terminating, 1 bad configuration options
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

...that option is Apple-specific for dealing with keychain storage of credentials and the ssh agent (both _AskPassGUI_ and _KeychainIntegration_). I don't know enough about Git's compilation options to figure out if there's a way to ensure those options are either ignored or accepted as valid on OS X hosts. Note that the version of Git installed via Homebrew does not have this issue, but nothing stood out to me with how they compile.

Steps to reproduce

$ nix-env -iA nixpkgs.git
$ cd path/to/git/repository/
$ git fetch

Technical details

  • System: OS X 10.11.4 (15E65)
  • Nix version: nix-env (Nix) 1.11.2
  • Nixpkgs version: "16.09pre83147.df89584"
darwin
Source
picture elasticdog

Most helpful comment

askpassgui isn't there anymore, but usekeychain is, and it has the same issue. Can this issue be reopened?

picture uri-canva on 17 Dec 2019
👍6

All 9 comments

I would guess this isn't git, but openssh (which git is using). brew just uses the system version.

ChrisJefferson picture ChrisJefferson on 26 May 2016

Yes. brew used to apply a big patch to get this to work:
https://gist.githubusercontent.com/kruton/8951373/raw/a05b4a2d50bbac68e97d4747c1a34b53b9a941c4/openssh-6.5p1-apple-keychain.patch.

Nowadays it seems they've just dropped it entirely and build against system openssh.

That seems (to me) to be the only sensible thing to do if you want this to work -- but I have no idea how (or if) you could get nix to use one system library (openssh in this case)

ChrisJefferson picture ChrisJefferson on 26 May 2016

It probably wouldn't be too bad to compile the OSX version of OpenSSH:
http://opensource.apple.com/source/OpenSSH/OpenSSH-195.10.2/

I think we'd prefer to not have to use the builtin system library for purity reasons.

matthewbauer picture matthewbauer on 26 May 2016

Good point...I updated the title to reflect that it's actually SSH that is the problem. Nice find on the old patch. So essentially, the openssh derivation would need some darwin-specific changes?

elasticdog picture elasticdog on 26 May 2016

triage: what鈥檚 the status?

Profpatsch picture Profpatsch on 23 Jun 2018

FWIW askpassgui is definitely not in the default ssh config for latest macOS.

matthewbauer picture matthewbauer on 23 Jun 2018

Yeah, and it's not mentioned in the man page at this point either...I suppose time heals all wounds. I'll close this out. Thanks for the bump @Profpatsch.

elasticdog picture elasticdog on 24 Jun 2018

askpassgui isn't there anymore, but usekeychain is, and it has the same issue. Can this issue be reopened?

uri-canva picture uri-canva on 17 Dec 2019
👍6

Related: https://github.com/NixOS/nixpkgs/issues/36223, https://github.com/NixOS/nixpkgs/issues/62353.

uri-canva picture uri-canva on 7 Aug 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

teto picture teto  路  3Comments
langston-barrett picture langston-barrett  路  3Comments
chris-martin picture chris-martin  路  3Comments
vaibhavsagar picture vaibhavsagar  路  3Comments
grahamc picture grahamc  路  3Comments