Welcome! Please see the About page for a little more info on how this works.

+1 vote
in tools.deps by

Problem
Git defines two remote modes with authentication: ssh and https. Through tools.gitlibs we support ssh auth via a connection to an ssh-agent. git+https authentication is not currently supported, though common in the wild.

Workarounds
Use git over ssh, for now.

Background info
The mainline git implementation supports a mechanism named (link: http://man7.org/linux/man-pages/man1/git-credential.1.html text: "credential helpers") through which it demands authentication from an oracle. These helper oracles are executables invoked with a map of authentication demand (arriving via stdin) and they return authentication information (over stdout):

protocol=https host=example.com path=foo.git

This extension mechanism allows integrations with 1Password, LastPass, and Hashicorp Vault. By default {{git config --get 'credential.helper'}} returns {{osxkeychain}} on macOS and {{cache}} on Linux. {{git}} resolves credential helpers either by absolute path + args or like so:

bq. Authors of credential helpers should make an effort to assist their users by naming their program "git-credential-$NAME", and putting it in the $PATH or $GIT_EXEC_PATH during installation

git also supports configuring defaults for usernames or credential helpers by looking up URLs in its config.

JGit, used by tools.gitlibs, supports the idea of a (link: http://download.eclipse.org/jgit/site/4.10.0.201712302008-r/apidocs/org/eclipse/jgit/transport/CredentialsProvider.html text: CredentialProvider) with several concrete implementations (AwtCredentialsProvider, ChainingCredentialsProvider, ConsoleCredentialsProvider, NetRCCredentialsProvider, UsernamePasswordCredentialsProvider) but none that work the same way as mainline git.

Github currently prefers https over ssh for git access (though that has historically flip-flopped).

Non-starters
- Putting credentials in deps.edn

2 Answers

0 votes
by

Comment made by: gshayban

I've attached an approach to git HTTPS authentication that uses the git credential helper extension point to grab auth. The patch is to tools.gitlibs and is runnable on macOS. (You can call procure on an https repo that requires auth.)

0 votes
by
Reference: https://clojure.atlassian.net/browse/TDEPS-33 (reported by gshayban)
...