Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use of git-credentials is broken #290

Closed
anoldguy opened this issue Jun 8, 2017 · 3 comments
Closed

Use of git-credentials is broken #290

anoldguy opened this issue Jun 8, 2017 · 3 comments

Comments

@anoldguy
Copy link
Contributor

anoldguy commented Jun 8, 2017

Hi all! Today I attempted to use the git-credentials method, as mentioned here.

Image of Sad Dr. Who

Turns out, there's a couple issues with the code in question.

  for key in ${git_credentials_paths[*]} ; do
    if s3_exists "${BUILDKITE_SECRETS_BUCKET}" "$key" ; then
      if ! envvars=$(s3_download "${BUILDKITE_SECRETS_BUCKET}" "$key") ; then
        echo "~~~ :warning: Failed to download git-credentials from $key"
        exit 1
      fi
      echo "Downloading git-credentials $key"
      mv "$key" .git-credentials
      git config credential.helper "store --file=$PWD/.git-credentials"
    fi
  done
  1. Stuffing the contents of the git-credentials file in to a variable called envvars smells like a bit of copypasta from the envvars section.
  2. We're not writing the contents of that variable to disk anywhere before we try to mv "$key" .git-credentials, so the command fails.
  3. Running git config credential.helper outside of a git repo without --global will fail with fatal: not in a git directory

I wish I had a nice PR with the issues fixed, but I don't. I was able to work thru problems 1 and 2 without difficulty, but problem 3 above leads us to have to use the git config command with --global, which introduces all sorts of pain as many builds may be running at once.

The one thing I did not look into was writing a custom git credentials helper or askpass program.

If you all are aware of this, no worries!

But if not, you might want to pull that section of the README and direct folks to stick with the private keys.
@lox
Copy link
Contributor

lox commented Jun 9, 2017

Ugh, I'm sorry about this @anoldguy. I recently fixed 1 & 2 in https://github.com/buildkite-plugins/s3-secrets-buildkite-plugin, but that doesn't do us much good here yet.

Problem 3 is more complicated. Let me think it over and will figure something out.

@lox lox mentioned this issue Jun 9, 2017
Merged
@lox
Copy link
Contributor

lox commented Jun 9, 2017

@anoldguy I'm working on a fix in buildkite/elastic-ci-stack-s3-secrets-hooks#4.

My current thinking is to generate a temporary gitconfig file so that the credential.helper bit works.

@lox
Copy link
Contributor

lox commented Jun 12, 2017

Fixed in 8e61dbd

@lox lox closed this as completed Jun 12, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lox @anoldguy