search

andir / npins

Nix dependency pinning. Very similar to Niv but has a few features that I personally wanted.
European Union Public License 1.2
188 stars 16 forks source link

Github and logins #100

Open con-f-use opened 3 weeks ago

con-f-use commented 3 weeks ago

Having a difficult time with npins add github .... Why does it prompt me for a github username and password, if the repo I'm trying to add is public? It's especially puzzling because I have git configured to use ssh and because github has discontinued https username+password auth for a long time.

piegamesde commented 3 weeks ago

If you plainly git clone the same repo, does it do the same?

con-f-use commented 3 weeks ago

It does not, no.

$ git clone https://github.com/nix-community/mineflake
Cloning into 'mineflake'...
remote: Enumerating objects: 2026, done.
remote: Counting objects: 100% (747/747), done.
remote: Compressing objects: 100% (405/405), done.
remote: Total 2026 (delta 584), reused 405 (delta 339), pack-reused 1279 (from 1)
Receiving objects: 100% (2026/2026), 835.01 KiB | 3.41 MiB/s, done.
Resolving deltas: 100% (1078/1078), done.

$ nix-shell -p npins
this path will be fetched (2.43 MiB download, 8.30 MiB unpacked):
  /nix/store/2a6cfqlzmx1wxckp533qa077nlp3grbp-npins-0.2.4
copying path '/nix/store/2a6cfqlzmx1wxckp533qa077nlp3grbp-npins-0.2.4' from 'https://cache.nixos.org'...

$ npins init
[INFO ] Welcome to npins!
[INFO ] Creating `npins` directory
[INFO ] Writing default.nix
[INFO ] Writing initial sources.json with nixpkgs entry (need to fetch latest commit first)
[INFO ] Successfully written initial files to 'npins'.
[ble: elapsed 24.293s (CPU 48.3%)] npins init

$ npins add github nix-community mine-flake
[INFO ] Adding 'mine-flake' …
Username for 'https://github.com': ^C
piegamesde commented 2 weeks ago

Oh well. We really need some debug logging, in which it should show which commands npins is executing. Assuming it is failing on the first command, that would likely be some git ls-remote to find out the latest release. Moreover, we really should instruct git to operate in a non-interactive way and to fail instead of prompting.

Some things which would be cool if you tried it out:

piegamesde commented 2 weeks ago

Oh I'm just seeing, you got a typo in the repo name of your npins add command. That at least explains why it is failing. However, I still don't understand why you get a prompt, on my machine it fails correctly instead:

npins add github nix-community mine-flake
[INFO ] Adding 'mine-flake' …
[ERROR] git ls-remote failed. stderr output:
[ERROR] > remote: Repository not found.
[ERROR] > fatal: repository 'https://github.com/nix-community/mine-flake.git/' not found
[ERROR] > 
Error: Failed to fully initialize the pin

Caused by:
    0: Couldn't fetch the release tags
    1: Failed to list tags for https://github.com/nix-community/mine-flake.git
    2: git ls-remote failed with exit code 128
con-f-use commented 2 weeks ago

Oh wow, I'm sorry to have bothered you then. I typoed once and then kept on using the wrong command via bash history. Feel free to close the issue. :facepalm: I think the prompt is git's default behavior because the repo could be private and git can´t distingish. Could that be? In any case, according to the nix shell, I was using npins 0.2.4 from nixpkgs. I can enter credentials, yes.

piegamesde commented 2 weeks ago

Yes, that narrows it down. I have a http token for GitHub in my .git-credentials, so I'm already "logged in" to GitHub and it can show me a 404. If I comment it out (or configure only SSH instead), GitHub wants login to check if the repository may exist. I even get a fancy GUI prompt, with fallback to CLI, though both seem to work.

I'll guess that this is not specific to GitHub and may happen with other forges as well.

Regardless, I'd consider this behavior an error, and the proper thing would be to instruct Git to not use interactive authentication.

piegamesde commented 2 weeks ago

Can you please try again with GIT_TERMINAL_PROMPT=0?

con-f-use commented 2 weeks ago

Sure.

$ nix-shell -p npins
this path will be fetched (2.43 MiB download, 8.30 MiB unpacked):
  /nix/store/2a6cfqlzmx1wxckp533qa077nlp3grbp-npins-0.2.4
copying path '/nix/store/2a6cfqlzmx1wxckp533qa077nlp3grbp-npins-0.2.4' from 'https://cache.nixos.org'...

$ export GIT_TERMINAL_PROMPT=0

$ git clone https://github.com/nix-community/mineflake
Cloning into 'mineflake'...
remote: Enumerating objects: 2026, done.
remote: Counting objects: 100% (756/756), done.
remote: Compressing objects: 100% (423/423), done.
remote: Total 2026 (delta 591), reused 397 (delta 330), pack-reused 1270 (from 1)
Receiving objects: 100% (2026/2026), 833.75 KiB | 212.00 KiB/s, done.
Resolving deltas: 100% (1079/1079), done.

$ npins init
[INFO ] Welcome to npins!
[INFO ] Creating `npins` directory
[INFO ] Writing default.nix
[INFO ] Writing initial sources.json with nixpkgs entry (need to fetch latest commit first)
[INFO ] Successfully written initial files to 'npins'.
[ble: elapsed 31.753s (CPU 38.4%)] npins init

$ npins add github nix-community mine-flake
[INFO ] Adding 'mine-flake' …
[ERROR] git ls-remote failed. stderr output:
[ERROR] > error: unable to read askpass response from '/nix/store/s84sf4hdbf4xkfd8mja0llp943l6ghpn-x11-ssh-askpass-1.2.4.1/libexec/x11-ssh-askpass'
[ERROR] > fatal: could not read Username for 'https://github.com': terminal prompts disabled
[ERROR] > 
Error: Failed to fully initialize the pin

Caused by:
    0: Couldn't fetch the release tags
    1: Failed to list tags for https://github.com/nix-community/mine-flake.git
    2: git ls-remote failed with exit code 128

$  npins add github nix-community mineflake
[INFO ] Adding 'mineflake' …
    repository: https://github.com/nix-community/mineflake.git
    pre_releases: false
    version: v0.2.2
    revision: 40b5af8e870ff6f9ce95df49d64fd5311f2403ab
    hash: 1zw95pp9xrgmiy2iq00vwr4kfpvsnxs5x9w1snx19iqa8dpsf795

Seems to do the trick.