microsoft / Git-Credential-Manager-for-Mac-and-Linux

Git Credential Manager for Mac and Linux stores credentials for Git version control securely. Provides secure logon for Visual Studio Team Services (visualstudio.com).
Other
406 stars 240 forks source link

Secure storage unavailable on Ubuntu 18.04? #115

Open jazzdelightsme opened 5 years ago

jazzdelightsme commented 5 years ago

Repro steps:

  1. Install Ubuntu 18.04.1 LTS (I used "quick create" in Windows Hyper-V Manager).
  2. apt install linuxbrew-wrapper
  3. brew install git-credential-manager (I chose to go the "sudo" route)
  4. Hey, no java here? Huh. apt install default-jre
  5. /home/linuxbrew/.linuxbrew/Cellar/git-credential-manager/2.0.4/bin/git-credential-manager install
  6. Write some code, git push to an AzDO server.

Expected result: I expected to get prompted for my AzDO credentials.

Actual result: Fatal: java.lang.RuntimeException encountered. Details: Secure credential storage is not available on this operating system. You may opt-in to store credentials in an unencrypted file under your user home directory by running 'git config --global credential.canFallBackToInsecureStore true'. fatal: credential helper '!/usr/lib/jvm/java-11-openjdk-amd64/bin/java -Ddebug=false -Djava.net.useSystemProxies=true -jar /home/linuxbrew/.linuxbrew/Cellar/git-credential-manager/2.0.4/libexec/git-credential-manager-2.0.4.jar' told us to quit

The docs seem to indicate that gnome-keyring should be used. But I have that (gnome-keyring: 3.28.0.2).

What am I missing to get secure credential storage?

tometchy commented 5 years ago

It's the same problem which I had on my Linux Mint 19 Tara and reported in issue #108 more than two months ago. Because there is still no answer, I have described alternative solution on my blog - installing credential helper which is based on libsecret. That's really simple and does the job, so I recommend trying it - softwaredeveloper.blog/git-credential-storage-libsecret :)

borgmanJeremy commented 5 years ago

I'd like to post feedback that this issue is also causing problems for me. I am having issues using lib-secret behind a proxy as well.

jazzdelightsme commented 5 years ago

Thank you @tometchy. But I'm guessing that libsecret solution does not handle the 2FA stuff required by AzDO, right?

@leantk , @novak : what can I do to troubleshoot why GCMML is not finding gnome-keyring?

tometchy commented 5 years ago

I haven't try with Azure 2FA but as far as I know libsecret is not meant for such purpose. I came here because I used to use Git Credential Manager for Windows (just for secure credentials storage) and after switching to Linux I was looking for similar solution. Libsecret is enough in my case.

novak commented 5 years ago

I have also been able to reproduce this issue. I'm going to investigate a bit more and report back here.

marcoboffi commented 5 years ago

I have also been able to reproduce this issue. I'm going to investigate a bit more and report back here.

@novak do you have news about your topic? Do you find anything? Regards

tarikguney commented 5 years ago

Any luck here? I have been trying to run this on Windows Subsystem for Linux but no luck!

davidobrien1985 commented 5 years ago

I am also having issues with GCM on my Ubuntu 18.04 when using multiple Azure DevOps orgs. It just won't store my PAT. It never prompted me with a browser but went straight to

git push origin                      
Password for 'https://<orgName>@dev.azure.com/': 

I enter my PAT and it pushes. I work on a different repo in a different org and push and auth fails (it tries to use the PAT from the first org). I provide the correct PAT and then it works, but I now can't push to the first org.

git config --global credential.helper
!/home/linuxbrew/.linuxbrew/Cellar/openjdk/1.8.0-181/jre/bin/java -Ddebug=false -Djava.net.useSystemProxies=true -jar /home/linuxbrew/.linuxbrew/Cellar/git-credential-manager/2.0.4/libexec/git-credential-manager-2.0.4.jar
tango4567 commented 5 years ago

I followed this documentation steps for installing Linux Git Credential Manager. I'm also facing the same problem. I'm using the latest version of Ubuntu 19.04 "Disco Dingo"

Even I'm inputting the correct password still it's showing Permission denied, please try again.

git@ssh.dev.azure.com's password: 
Permission denied, please try again.

So I tried cloning on Windows system then there everything is working properly. Why Ubuntu is having issues? This is so weird behavior. :'(

kirill-d-lappo commented 5 years ago

@tango4567

So I tried cloning on Windows system then there everything is working properly. Why Ubuntu is having issues?

Windows version also has some issues, it's not ideal at all =)

kirill-d-lappo commented 5 years ago

@jazzdelightsme could you update your debug config to true in ~/.gitconfig file

[credential]
        helper = !java -Ddebug=true -Djava.net.useSystemProxies=false //...

so devs there could see error messages? Because the issue may be connected with this one: https://github.com/microsoft/Git-Credential-Manager-for-Mac-and-Linux/issues/122

PS I'm not a dev, I am just passing by =)

akonyer commented 5 years ago

I'm having the exact same issue as above and figured I'd post my logs here in case it helps anyone.

Configuration::loadGitConfiguration Configuration::ParseGitConfig credential.helper = !/usr/lib/jvm/java-8-openjdk/jre/bin/java -Ddebug=true -Djava.net.useSystemProxies=true -jar /home/linuxbrew/.linuxbrew/Cellar/git-credential-manager/2.0.4/libexec/git-credential-manager-2.0.4.jar Program::loadOperationArguments Configuration::tryGetEntry Configuration::tryGetEntry Configuration::tryGetEntry Configuration::tryGetEntry Configuration::tryGetEntry Configuration::tryGetEntry Program::EnableTraceLogging Program::get targetUri = https://dev.azure.com/ Program::ComponentFactory::createSecureStore gnome-keyring library loaded, creating a password SCHEMA Try access gnome-keyring with dummy data to make sure it's accessible... Getting a persistent token store that must be secure Getting a persistent credential store that must be secure Program::createAuthentication detecting authority type BaseVsoAuthentication::getAuthentication BaseVsoAuthentication::detectAuthority failed detection authority is basic BasicAuthentication::getCredentials SecretStore::getTargetName Secret::uriToName target name = git:https://dev.azure.com SecretStore::readCredentials SecretCache::readCredentials SecretCache::_getTargetName Secret::uriToName target name = git:https://dev.azure.com BaseSecureStore::readCredentials Getting Credential for git:https://dev.azure.com Could not retrieve secret from storage. Return code: 9 description: No matching results

djee-ms commented 4 years ago

Ping @novak what about your investigation from March 2019? Is anyone maintaining this repository? Can someone please look at this issue? There is no point writing and promoting a credential manager app if what it does is essentially store your password in a plain text file; this is in fact even worse as it gives users a false sense of security.

akonyer commented 4 years ago

I should have mentioned this long ago when I resolved this problem.

I found the solution on this thread: https://developercommunity.visualstudio.com/content/problem/344874/git-credential-manager-with-devazurecom.html

The gist of the issue is that the URL to clone from Azure Dev Ops is wrong. You need to modify the URL to look like this when cloning the repository:

https://{account}.visualstudio.com/{project}/_git/{repo}

This is what it looks like in ADO and it does not work: https://{acount}@dev.azure.com/{account}/{project}/_git/{repo}

djee-ms commented 4 years ago

Thanks @akonyer but the issue is about "Secure storage unavailable on Ubuntu 18.04?" and we're not using ADO in this case, so that won't help. The problem persist: GCM complains that secure storage is not available on Linux.

akonyer commented 4 years ago

Ahh, I am sorry. I think I found this thread because I was having the exact same issue as @tango4567 and I was able to resolve it by using the method I posted above.

djee-ms commented 4 years ago

No worry @akonyer, but just to keep things clear for devs that even though there might be additional complications like the one you mentioned, the core of the issue is unrelated to ADO. Of course as @jazzdelightsme pointed since some workarounds posted do not work with ADO's 2FA that makes this bug even more annoying for those use cases.

Nashluffy commented 4 years ago

Yeah.. this is next to useless with the suggested workaround

git config --global credential.canFallBackToInsecureStore true

and if I weren't on a personal laptop and this weren't managing my personal GitHub account, I 100% would not use this.

tseifried commented 4 years ago

I have the same issue and following the breadcrumbs I think the real issue is that the package libgnome-keyring0 is not available anymore, since it has been deprecated for a while already. There is actually a issue in the library that causes this issue (also hosted by MS).

https://github.com/microsoft/vsts-authentication-library-for-java/issues/27