[bug] Login issue from different platforms

[hossamAbdelFattah]

Describe the bug

Hello, I have issue when logging to a remote from 2 different platforms (Linux and window) and the description bellow:

• First I login to the remote from Linux (code-server container) and it's logged successfully (using )
• I set the variable CONAN_HOME with a shared folder between the container and the host machine (Windows machine)
• I send a request to that windows machine to preform a conan command using the windows version of conan tool (conan.exe)
• The problem here that it fails to login the remote even I've already logged in from the container and the .conan2 folder is shared between the host(windows) and the container (linux) and the file conan.db is created
• If I remove the conan.db file it requires login and if I do that from windows it works correctly on windows but not working on the container and vice versa

My notice is: In first time it loges in, it create the conan.db file, and each time after that it gets the user credential from it.

My question is: Is there a way to make the generated conan.db file compatible between the 2 platforms to not mandate me to call conan login command each time before preforming conan action both platforms Or not getting the credentials from that conan.db each time Or any other suggestion

Thanks

How to reproduce it

No response

[memsharded]

Hi @hossamAbdelFattah

Thanks for your report.

As a first thing, please let me share from https://docs.conan.io/2/knowledge/guidelines.html

At the moment the Conan cache is not concurrent. Avoid any kind of concurrency or parallelism, for example different parallel CI jobs should use different caches (with CONAN_HOME env-var). This might change in the future and we will work on providing concurrency in the cache, but until then, use isolated caches for concurrent tasks.

So please be aware that there can be many issues when sharing a cache. You might try to mount a Windows folder into a Linux container, if used strictly sequentially, not concurrently. Still, some other issues might happen, for example if there are packages that in Linux use symlinks, that might be broken using a Windows folder as shared cache.

Otherwise, I think this could be something specific to the server JWT validity. It is very possible that the server is returning different tokens when it detects different IPs, user-agents, or other stuff. In order to investigate this better, it would be necessary to have:

• Exact details about the server, including version.
• Reproducible steps, including the docker images and exact commands to reproduce the behavior.

Do you think that you could provide this? Thanks!

[memsharded]

I have just tried:

• Windows 11 host
• Docker conanio/gcc11 image, using Rancher
• ArtifactoryCE 7.77.5
• Latest Conan 2.4

I haven't managed to make it failed, it works well.

[hossamAbdelFattah]

Hi @memsharded ,

So please be aware that there can be many issues when sharing a cache. You might try to mount a Windows folder into a Linux container, if used strictly sequentially, not concurrently. Still, some other issues might happen, for example if there are packages that in Linux use symlinks, that might be broken using a Windows folder as shared cache.

Yes, I'm trying to overcome this using the variable CONAN_HOME by setting it for each user in his own folder before running any conan command, and I'm still testing this work around till you support it

Otherwise, I think this could be something specific to the server JWT validity. It is very possible that the server is returning different tokens when it detects different IPs, user-agents, or other stuff.

I agree with you as it runs from different IPs and this may be the cause.

Exact details about the server, including version. Reproducible steps, including the docker images and exact commands to reproduce the behavior.

Unfortunately, I can't share these data with you as it's a corporate private data and it's forbidden to share it But could you advice some guides to follow and will test it and give you the feedback ?

Thanks

[hossamAbdelFattah]

Hi @memsharded ,

Windows 11 host Docker conanio/gcc11 image, using Rancher ArtifactoryCE 7.77.5 Latest Conan 2.4

Don't use your local host, use a different windows 10 machine as a server and send a request to it from the image to perform any conan command which requires remote login

[memsharded]

Yes, you might be able to reproduce with free tools, the ones that I mentioned above, like ArtifactoryCE is available in our download page, and the conanio/gcc11 image is in docker-hub. I did something like:

• Run ArtifactoryCE locally in my machine
• Add to my Windows host conan remote add using the public IP of the machine, not localhost
• Run docker

  docker run -it -v C:\Users\memsharded\.conan2:/home/conan/.conan2 conanio/gcc11

• update to latest Conan 2.4.1 inside the container
• conan remote list shows my host remote.
• conan list "*" -r=myart

[hossamAbdelFattah]

Hi @memsharded , I'll check with my mangers if we could have a call to show you the error in real case and will back to once got approval

[hossamAbdelFattah]

Hi @memsharded , Sorry for late response. Unfortunately, the management didn't approve it.

But we did some internal debugging and we found the problem in the file ".conan.db" which generated after logging in to the remotes.

This file when generated from Linux for first time, we can use any command that interacts with the remote but from Linux but we can't do the same from Windows.

And vice versa, if the file generated from Windows for first time, we can use any command that interacts with the remote from Windows but we can't do the same from Linux.

I opened the file and found just the user name and the token are stored in it So my question is: Does the stored token is OS dependent, i.e if it's generated from Linux must be used only in Linux?

[memsharded]

So my question is: Does the stored token is OS dependent, i.e if it's generated from Linux must be used only in Linux?

No, the token is not OS dependent. As described above in https://github.com/conan-io/conan/issues/16466#issuecomment-2162848280, I managed to use the same token from my Windows host and my Linux guest (via docker) without issues.

Is the problem access to the .conan.db itself? if that is the case, it could be a a docker configuration/permissions/sharing between the systems.

[hossamAbdelFattah]

Is the problem access to the .conan.db itself? if that is the case, it could be a a docker configuration/permissions/sharing between the systems.

So how do I test if there is an access problem to the file ? as the error I get is not descriptive at all it doesn't help me And also I checked the permission of the file and there is no problem with that as it rwx for all groups

[memsharded]

I am afraid that I don't know. Maybe being it from the root user could be related, or some mounting permissions from the host. This is why having a reproducible case is important. It is not fully clear why you wouldn't be allowed to do it, it is what you meant with this?

Unfortunately, the management didn't approve it.

It doesn't make much sense, why it would need management approval? It is just a local development test, doesn't need permissions. I managed to try it in lets say 15 minutes or so, so it is not a task that would require long time either.

[hossamAbdelFattah]

or some mounting permissions from the host.

Maybe this, as the shared drive between the host and the container (let's say it's M drive) is not a physical drive on the host machine but it's a Network drive from another machine but mounted on the host And this M drive is the shared between the container and the machine.

Are you able to reproduce that at your side?

[memsharded]

Maybe this, as the shared drive between the host and the container (let's say it's M drive) is not a physical drive on the host machine but it's a Network drive from another machine but mounted on the host And this M drive is the shared between the container and the machine.

I am afraid that I cannot do that setup on my computers and corporate network, sorry.

But it sounds it can be that, as network drive typically have more restrictive permissions.