search

twpayne / chezmoi

Manage your dotfiles across multiple diverse machines, securely.
https://www.chezmoi.io/
MIT License
12.88k stars 478 forks source link

#2562 leads to unintuitive behavior with git credential helper #2681

Closed shenker closed 1 year ago

shenker commented 1 year ago

Describe the bug

If I'm using git credential helper to authenticate with a private github repo, it's surprising that I can git clone a repo successfully but with the same repo URL chezmoi init fails to authenticate. I believe this is a side-effect of the username-guessing introduced by #2562. This could be dealt with a bugfix (attempt to clone with git before guessing a username, retry with the username-guessing if that fails) or a clarification in the documentation/warning message (“you must explicitly provide the git username if this guess [repouser] is not correct”), but I did find this behavior surprising.

https://github.com/repouser/dotfiles.git is a private repo. We are using the GitHub CLI as a credential helper, so gh auth status outputs:

github.com
  ✓ Logged in to github.com as MyUser (/home/user/.config/gh/hosts.yml)
  ✓ Git operations for github.com configured to use ssh protocol.
  ✓ Token: *******************

and ~/.gitconfig contains:

[credential "https://github.com"]
        helper =
        helper = !gh auth git-credential

Note that the private repo is owned by a different github user than the github user we have authenticated with using gh.

git clone https://github.com/repouser/dotfiles.git successfully clones the repo without asking for a username/password.

Similarly, on chezmoi 2.27.0, chezmoi init https://github.com/repouser/dotfiles.git clones the repo without asking for username/password.

However, on chezmoi 2.29.1, chezmoi init https://github.com/repouser/dotfiles.git outputs:

Cloning into '/home/user/.local/share/chezmoi'...
Password for 'https://repouser@github.com/':

repouser is not the correct user to authenticate with (MyUser is the github user that we've authenticated with via gh), and so this fails.

On chezmoi 2.29.1, chezmoi init https://myuser@github.com/repouser/dotfiles.git does work.

Additional context

git version 2.36.1
gh version 2.21.2 (2023-01-03)

Thanks for a terrific tool!

twpayne commented 1 year ago

Thanks for reporting this.

In the short term you can use the --guess-repo-url=false flag to chezmoi init to disable all of chezmoi's repo URL guessing logic.

twpayne commented 1 year ago

On balance, the username guessing has caused more problems than it has saved in time. I'll remove it.