Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

git-maintenance doesn't work with git-credential-manager & pass #625

Open
1 task done
nedsociety opened this issue Feb 7, 2024 · 4 comments
Open
1 task done

git-maintenance doesn't work with git-credential-manager & pass #625

nedsociety opened this issue Feb 7, 2024 · 4 comments

Comments

@nedsociety
Copy link

nedsociety commented Feb 7, 2024

Setup

  • Which version of microsoft/git are you using? Is it 32-bit or 64-bit?
$ git --version --build-options

git version 2.43.0.vfs.0.0
cpu: x86_64
built from commit: b7a6ed788a205fb2c0013111d277b4c9d6ab35bd
sizeof-long: 8
sizeof-size_t: 8
shell-path: /bin/sh

Are you using Scalar or VFS for Git?

Yes (scalar)

  • Which version of Windows are you running? Vista, 7, 8, 10? Is it 32-bit or 64-bit?

Nope, it's Ubuntu 22.04 jammy.

  • Any other interesting things about your environment that might be related
    to the issue you're seeing?
$ git-credential-manager --version
2.4.1
$ pass --version
============================================
= pass: the standard unix password manager =
=                                          =
=                  v1.7.4                  =
=                                          =
=             Jason A. Donenfeld           =
=               [email protected]            =
=                                          =
=      http://www.passwordstore.org/       =
============================================

Details

$ sudo apt install pass

# Follow https://github.com/git-ecosystem/git-credential-manager/blob/release/docs/install.md#install-2

$ git config --global credential.credentialStore gpg # make gcm use pass as its credstore

# try cloning a private repo

$ pass list

# confirm that the auth data is listed correctly

$ scalar register path/to/private/repo
$ systemctl --user start [email protected] || systemctl --user status [email protected]
  • What did you expect to occur after running these commands?

The command succeeds.

  • What actually happened instead?
@ systemctl --user daemon-reload && systemctl --user start [email protected]; systemctl --user status [email protected]
Job for [email protected] failed because the control process exited with error code.
See "systemctl --user status [email protected]" and "journalctl --user -xeu [email protected]" for details.
× [email protected] - Optimize Git repositories data
     Loaded: loaded (/home/ned/.config/systemd/user/[email protected]; static)
     Active: failed (Result: exit-code) since Wed 2024-02-07 17:32:01 KST; 8ms ago
TriggeredBy: ● [email protected]
    Process: 4051421 ExecStart=/usr/local/lib/git-core/git --exec-path=/usr/local/lib/git-core -c credential.interactive=false -c core.askPass=true for-each-repo --config=maintenance.repo maintenance run >
   Main PID: 4051421 (code=exited, status=1/FAILURE)
        CPU: 31ms

Feb 07 17:32:01 xxx systemd[1292]: Starting Optimize Git repositories data...
Feb 07 17:32:01 xxx git[4051425]: fatal: unable to get password from user
Feb 07 17:32:01 xxx git[4051422]: error: failed to prefetch remotes
Feb 07 17:32:01 xxx git[4051422]: error: task 'prefetch' failed
Feb 07 17:32:01 xxx systemd[1292]: [email protected]: Main process exited, code=exited, status=1/FAILURE
Feb 07 17:32:01 xxx systemd[1292]: [email protected]: Failed with result 'exit-code'.
Feb 07 17:32:01 xxx systemd[1292]: Failed to start Optimize Git repositories data.
  • If the problem was occurring with a specific repository, can you specify
    the repository?

I believe this is repo-agnostic

Additional info

Similar to #604 I've found that the problem resolves when I try to comment out two lines from ~/.config/systemd/user/[email protected]:

# This file was created and is maintained by Git.
# Any edits made in this file might be replaced in the future
# by a Git command.

[Unit]
Description=Optimize Git repositories data

[Service]
Type=oneshot
ExecStart="/usr/local/lib/git-core/git" --exec-path="/usr/local/lib/git-core" -c credential.interactive=false -c core.askPass=true  for-each-repo --config=maintenance.repo maintenance run --schedule=%i
LockPersonality=yes
# MemoryDenyWriteExecute=yes              #  <----------
NoNewPrivileges=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_VSOCK
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
# SystemCallFilter=@system-service               #  <----------
  • The second comment-out enables pass to work. Otherwise changing ExecStart to bash -c 'pass list' shows as if pass has an empty password store. I have no clue what syscalls other than @system-service is needed for pass to work.
  • The first one enables git-credential-manager to run. Otherwise changing ExecStart to bash -c '(echo ...) | git-credential-manager get' segfaults. For this one though I understand why MemoryDenyWriteExecute is needed since gcm is a dotnet application which may use JIT.

I didn't check if the upstream git has the same problem (it probably has), but since git-maintenance is probably mostly used by scalar I felt this issue is to be reported here.

X-post (gcm): git-ecosystem/git-credential-manager#1521

@derrickstolee
Copy link

Since this issue happens when using the systemd scheduler, could you run git maintenance start --scheduler=crontab to check if the problem repeats when using cron? If that works, then it would be a valuable workaround.

@nedsociety
Copy link
Author

nedsociety commented Feb 8, 2024

Since this issue happens when using the systemd scheduler, could you run git maintenance start --scheduler=crontab to check if the problem repeats when using cron? If that works, then it would be a valuable workaround.

I currently don't have access to the machine for a while, may be able to report in 5~6 days. Though in terms of workaround I'm not sure if switching to crond is a better way against just removing those two lines.

@nedsociety
Copy link
Author

nedsociety commented Feb 14, 2024

git maintenance start --scheduler=crontab returned immediately with no output (exitcode was zero). Nothing had been registered to any of /etc/crontab, /etc/cron.*/*.

EDIT: Okay /var/spool/cron/crontabs has the configuration. I'm not sure how to trigger them manually though. I also noted that the systemd timers were gone.

@nedsociety
Copy link
Author

nedsociety commented Feb 15, 2024

Update: the cron scheduler succeeded for both hourly and daily runs 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants