search

NRC-Research / SNAP-issues

This repository was created to provide a public location to record and display the status of "issues" for the SNAP application. The SNAP developers will acknowledge, provide (and maybe request) feedback on the reported issues, and in general use the information to improve SNAP code.
3 stars 0 forks source link

jGit (built-in git client) does not seem to work with the Git Credential Manager, GCM #22

Closed NRCgg closed 2 years ago

NRCgg commented 2 years ago

When a SNAP model repo is cloned from the command line:

git clone https://github.com/NRC-Research/SNAP-Sample-Models.git

git will ask for a user name (unless the username is present in a higher config file) and a password or Personal Access Token, aka: PAT. I enter the PAT and the clone completes fine. The git documentation indicates that the PAT is stored securely using the GCM and NOT in plain text in the config files. When cloned this way the "config" file under the .git directory simply contains:

[core] repositoryformatversion = 0 filemode = false bare = false logallrefupdates = true symlinks = false ignorecase = true [remote "origin"] url = https://github.com/NRC-Research/SNAP-Sample-Models.git fetch = +refs/heads/:refs/remotes/origin/ [branch "main"] remote = origin merge = refs/heads/main

Further interaction with the repo from the command line proceeds fine; git commits, git pushes to origin, etc... all work.

However, when a repo is cloned this way, the SNAP model editor is evidently NOT able to retrieve the needed credential from the GCM, indicates as much and stops.

If, on the other hand, I clone the repo using the SNAP clone menu command with the PAT included:

git clone https://NRCgg:****PAT*****@github.com/NRC-Research/SNAP-Sample-Models.git

SNAP-jGit will succeed in cloning the repo[^1]. However, now the .git/config file looks like this:

[core] symlinks = false repositoryformatversion = 0 filemode = false logallrefupdates = true [remote "origin"] url = https://NRCgg:****PAT*****@github.com/NRC-Research/SNAP-Sample-Models.git fetch = +refs/heads/:refs/remotes/origin/ [branch "main"] remote = origin merge = refs/heads/main

where "****PAT*****" is the ACUTAL user PAT!!

This is not acceptable and needs to be fixed! Plain text passwords nor PATs should never need to be stored in a file.

[^1]: If we don't provide a password or PAT the jGit clone will fail complaining about missing credentials.

NRCgg commented 2 years ago

Testing a pre-release git.plugin update as well as doing the following process to place the proper certificates into the JVM keystore/cacerts has resolved this issue satisfactorily (on windows anyway): image