Closed mattpen closed 3 years ago
I heard about this change but mostly deal with Github enterprise so I haven't had to fix issues related to it yet. I would try renaming the /home/phet-admin/.git-credentials file as a first step and seeing if it will let you add new credentials after that is gone
@markmorlino - we use the credential helper cache instead of the credential store, so /home/phet-admin/.git-credentials doesn't exist.
[phet-admin@bayes ~]$ pwd
/home/phet-admin
[phet-admin@bayes ~]$ ls -l .git-credential*
-rw-------. 1 phet-admin phet 43 Mar 5 2019 .git-credentials
.git-credential-cache:
total 0
srwxrwxr-x. 1 phet-admin phet 0 Aug 13 15:17 socket
@markmorlino - bayes is working fine, the problem is on phet-server.
phet-admin@phet-server:~$ ls -l .git*
-rw-rw-r--. 1 phet-admin phet 41 Aug 13 16:44 .gitconfig
@markmorlino - I tried using the credential store, but still no luck:
phet-admin@phet-server:/data/share/phet/phet-repos/studio$ git config --global credential.helper store
phet-admin@phet-server:/data/share/phet/phet-repos/studio$ git pull
remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.
remote: Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information.
fatal: unable to access 'https://github.com/phetsims/studio.git/': The requested URL returned error: 403
phet-admin@phet-server:/data/share/phet/phet-repos/studio$ cd -
/home/phet-admin
phet-admin@phet-server:~$ ls -l .git*
-rw-rw-r--. 1 phet-admin phet 29 Aug 13 17:28 .gitconfig
phet-admin@phet-server:~$
I'm at a loss to explain what is going on with this
I strace'ed it (strace -f -e trace=open git pull
), saw:
[pid 23794] open("/home/phet-admin/.netrc", O_RDONLY) = 8
This included a developer's username/password. I removed the file, and it's now prompting for a username.
Presumably this should be sufficient to get the token approach working now?
Thanks for helping here, @jonathanolson. Sounds promising!
I used the "website-meteor" PAT from the credentials spreadsheet in a git pull as phet-admin and it worked succesfully. Subsequent git pull's in other private repos worked as expected and did not prompt for credentials. It looks like this is solved --- thanks @jonathanolson!!!
I also reenabled rosetta and tested a translation of chains successfully.
The git credentials for phet-admin are stuck in storage and aren't clearable by normal means. The credentials that are stored are using a basic password, so all git operations in private repos are failing. This is causing all production, rc, and translation builds to fail.
I've used the normal method (i.e.
git credential-cache exit
) to clear the credentials for my user (mape5853
) on phet-server succesfully, and I've used this method to clear the credentials for phet-admin on bayes successfully, but phet-admin on phet-server is stubbornly refusing to prompt for a new username/password.Things I've tried include:
git credential-cache exit
git config --global --unset credential.helper
(and with--system
,--local
, etc)git config --global credential.helper 'cache --timeout 1'
(credential cache timeout should be 1 second)git config --global credential.helper ''
(there should be no credential helper ... git should prompt every operation!)I've tried updating git from 1.8 to 2.9 and get the same results. I've tried cloning repos in different directories (such as ~/ and /tmp) but no luck.
Error message:
@jonathanolson or @markmorlino - can you think of anything else to try here? I'm grasping at straws. I'm considering a power cycle, but I really hope that isn't needed!