Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to fetch custom advisory database: authentication failed #419

Closed
danielhaap83 opened this issue May 5, 2022 · 4 comments
Closed

Failed to fetch custom advisory database: authentication failed #419

danielhaap83 opened this issue May 5, 2022 · 4 comments
Labels
bug Something isn't working

Comments

@danielhaap83
Copy link
Contributor

danielhaap83 commented May 5, 2022
edited
Loading

Describe the bug
cargo deny fetch fails with errors configuring my custom advisory-db using https and gits credential.helper = store.

A simple git clone https://github.com/xxx/advisory-db is working fine.

To Reproduce
Steps to reproduce the behavior:

  1. configure a private repository (https auth) of your choice in deny.toml advisories.db-urls
  2. set git credential helper to store git config --global credential.helper store
  3. clone the configured repository via git to create the store git clone https://github.com/xxx/private-repo
  • enter username and password. I used my private access token as password
  1. call cargo deny to fetch the configured repository cargo deny fetch
  2. See error
cargo deny --log-level debug fetch
2022-05-05 09:23:16 [INFO] using config from /home/**/deny.toml
2022-05-05 09:23:16 [INFO] fetching crates.io index...
2022-05-05 09:23:16 [DEBUG] Fetching advisory database from 'https://github.com/danielhaap83/private-repo.git'
2022-05-05 09:23:18 [INFO] fetched crates.io index
2022-05-05 09:23:18 [ERROR] failed to fetch database: failed to fetch advisory database: git operation failed: failed to authenticate when downloading repository
attempted to find username/password via git's `credential.helper` support, but failed

This is just example to reproduce. Of course it is not functional to use any repository as advisory-db.

Expected behavior
cargo-deny is fetching the private repository

Device:

  • Ubuntu 20.04.4 LTS
  • git version 2.25.1
  • cargo-deny 0.11.0
@danielhaap83 danielhaap83 added the bug Something isn't working label May 5, 2022
@Jake-Shadle
Copy link
Member

Thanks for reporting. I won't have any time to look at this in the near future, but if you are motivated you can change the code here to (probably) instead directly use git2 to fetch similar to what cargo does, but that's presumably what rustsec already does, so maybe there is some bug in the rustsec code regarding credential helpers that can be fixed.

@danielhaap83
Copy link
Contributor Author

danielhaap83 commented May 6, 2022
edited
Loading

I will investigate if the issue is in rustsec already. Nevertheless a cargo like option net.git-fetch-with-cli may help here as well. I will check that.

@danielhaap83 danielhaap83 mentioned this issue May 6, 2022
Merged
@danielhaap83
Copy link
Contributor Author

Issue is already in rustsec. I have created an Issue there as well. Nevertheless I think it is good to have this option using the cli instead of the library.

@Jake-Shadle
Copy link
Member

Resoved by #420

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Jake-Shadle @danielhaap83