cargo: Support .ssh/config for specifying keys if ssh-agent fails
Update (2018-10-30)
There’s a workaround below for those interested:
[net]
git-fetch-with-cli = true
Original description
When cloning an SSH repository the only currently supported method of authenticating is picking up a key through ssh-agent. This can fail, however, for example if it’s just not running! Cargo should support parsing .ssh/config and/or otherwise having a reasonable fallback in trying to find public/private keys on the filesystem. Currently libssh2 does not support this, so an external library will be required.
As to the rationale for this issue, apparently when using CircleCI with a deploy key it will add this to ~/.gitconfig:
[url "git@github.com:"]
insteadOf = https://github.com/
Which means that clones of the index will be rewritten to git@github.com (SSH) instead of HTTPS. The ssh-agent apparently also isn’t running, so it relies on ~/.ssh/config to point SSH at the right keys, which Cargo isn’t itself looking at.
About this issue
- Original URL
- State: open
- Created 9 years ago
- Reactions: 52
- Comments: 42 (18 by maintainers)
Commits related to this issue
- Force HTTPS fetching of rust cargo crates As part of the Circle CI functionality, a custom ~/.gitconfig is written that forces git to use SSH URLs, rather than HTTPS URLs, for github.com. That's fine... — committed to freedomofpress/sunder by deleted user 6 years ago
- Pass `--update-head-ok` when fetching via git CLI Discovered in a recent [comment] it looks like not passing this may cause the git CLI to fail in some situations. [comment]: https://github.com/rust... — committed to alexcrichton/cargo by alexcrichton 6 years ago
- Auto merge of #6250 - alexcrichton:more-flags, r=dwijnand Pass `--update-head-ok` when fetching via git CLI Discovered in a recent [comment] it looks like not passing this may cause the git CLI to f... — committed to rust-lang/cargo by bors 6 years ago
- Merge #334 334: [fetch] use cli git for fetching crates.io index r=ordian a=ordian Fixes #333. Cargo has a fair amount of code for git authentication handling ([link](https://github.com/rust-lang/c... — committed to killercup/cargo-edit by bors[bot] 5 years ago
- Merge #334 334: [fetch] use cli git for fetching crates.io index r=ordian a=ordian Fixes #333. Cargo has a fair amount of code for git authentication handling ([link](https://github.com/rust-lang/c... — committed to killercup/cargo-edit by bors[bot] 5 years ago
- Merge #334 334: [fetch] use cli git for fetching crates.io index r=ordian a=ordian Fixes #333. Cargo has a fair amount of code for git authentication handling ([link](https://github.com/rust-lang/c... — committed to killercup/cargo-edit by bors[bot] 5 years ago
- Add workaround for cargo issue on CircleCI. https://github.com/rust-lang/cargo/issues/2078#issuecomment-434388584 — committed to jugglerchris/rlua by jugglerchris 2 years ago
- Workaround for cargo git checkout on CircleCI See: https://github.com/rust-lang/cargo/issues/2078 — committed to carver/trin by carver 2 years ago
- Faster Windows builds in CircleCI We already test the build implicitly when running the test, no need for a separate build that takes 6 minutes. We already run clippy in the Linux environment. It's ... — committed to carver/trin by carver 2 years ago
- Faster Windows builds in CircleCI We already test the build implicitly when running the test, no need for a separate build that takes 6 minutes. We already run clippy in the Linux environment. It's ... — committed to carver/trin by carver 2 years ago
- Faster Windows builds in CircleCI We already test the build implicitly when running the test, no need for a separate build that takes 6 minutes. We already run clippy in the Linux environment. It's ... — committed to carver/trin by carver 2 years ago
- Faster Windows builds in CircleCI We already test the build implicitly when running the test, no need for a separate build that takes 6 minutes. We already run clippy in the Linux environment. It's ... — committed to carver/trin by carver 2 years ago
- https://github.com/rust-lang/cargo/issues/2078 — committed to yurybikuzin/dotfiles by yurybikuzin 2 years ago
As an update for those following this issue, Cargo now supports global
.cargo/configconfiguration that looks like:which will instruct Cargo to fetch git repositories with the
gitCLI rather than with libgit2. Using this will read.ssh/configbecause that’s whatgitdoes.You should be able to set it via an environment variable:
It turns out to be pretty nontrivial to emulate ssh’s behavior. We’d need to write a parser for ~/.ssh/config for example.
I think a more promising route is to support fetches by shelling out to the git binary if it’s available. We’d use git2 for everything else and still support git2-based fetches if git isn’t present, but it seems better to just use git rather than trying to emulate its exact authentication behavior.
Is there a reason this is stalled? The current behaviour (
ssh-agentbeing required) is very frustrating.Please also support custom SSH agents. I use my password manager to handle my SSH keys and as such my SSH config looks like this:
What’s more, I use https to ssh rewriting to support private repos in go projects, and my global git config is:
This setup absolutely doesn’t work with cargo.
Is there any way to do this on the command line?
export CARGO_NET_GIT_FETCH_WITH_CLI=true
You need to install git in the docker container.
Using
sshaccess without thessh-agentrunning seems like a fairly unusual setup to be using intentionally; I ran into this issue because I just forgot to start up the agent on OS X. Perhaps the hint message pointing users tonet_git_fetch_with_clicould also suggest starting upssh-agentas an alternative?@alexcrichton thank you! That works.
@alexcrichton I fetch failed by the following error when using the git client
I just create a new crate dependent on cargo
My rust version is
Is there something wrong with my git config?