is there any way to provide username and password for git pull as command line arguments? in svn there was something like:
svn up --no-auth-cache --username $SVN_USER --password $SVN_PASSWORD
Is there any equivalent of this in git? I can't store the credentials on the filesystem.
Basically, I have a script running build for multiple correlated projects. Because the script is on a shared server and is to be run by different users, I can't store the credentials on the server. I don't want to prompt the user, because the script fetches data from multiple SVN/GIT repositories with single username/pass so I want to read the credentials once via the script and then pass them to git pull or svn up commands
If you're using HTTPS, a solution might be in this answer:
The not secure way is to include credentials in the url you're pulling, https://user:password#server.com/path/to/repo. Apparently, your credentials end up as plain text in the .git folder and/or in log files.
The secure way is to configure a "credential helper" in git. Then it will remember the credentials once they're used. It will store the credentials securely on the machine, but if you use the system-wide configuration they will apply to all users. For example, with msysgit on Windows I'd use the wincred helper: git config --system credential.helper wincred. My understanding is that --system turns the credential helper on for all repositories and all users on the system, so you'll have to decide if this is okay for your server. Disclaimer: I've only used --global before.
I haven't seen better options for your situation, but some of the real git gurus might chime in.
Related
I need to get a file from a private GitLab in a script (actually a Yocto recipe, if it matters).
Issuing: https://gitlab2server.com/api/v4/projects/53/packages/generic/paCKAGE/21.08.16/FILE.tar.xz on a browser works fine, but wget <same URL> fails with a "401 Unauthorized".
I can get around the problem with curl --header "PRIVATE_TOKEN: xxxx" ... but that means encoding my private token into a shell script which doesn't seem right.
To access a regular git repo I can use git clone git:... and it works because of the uploaded keys.
Using the equivalent scp gitlab2server.com:/api/v4/... . does not work because "Permission denied (publickey).".
What is the right way to do this?
Ideally I would need to have a ssh (actually scp, of course) access using pre-shared keys to access the files. I would hate to put large binaries into the git repo just to be able to access them.
The only way to authenticate with the GitLab API (including the Package API here) is using a personal access token, or the CI_JOB_TOKEN environment variable if running within GitLab CI/CD. CI_JOB_TOKEN is one of the Predefined Variables available to every CI/CD Pipeline Job and holds a non-admin token.
I run my own Conan server and want to automatically upload packages generated by CI. When I use conan upload it prompts me for a username and password. Is there a way to automate this process?
Yes, therea are a couple of ways to do it:
Using the command conan user myuser -p mypassword you can "log-in" into the remote, so the local cache will store a temporary token to authenticate against the server, and subsequent commands will not require it. Note that this token can expire, check the docs (e.g. for conan_server). Also, if you are managing more remotes, there is a login per remote (add -r=myremote to the above for each one
There are environment variables you can use for this CONAN_LOGIN_USERNAME, CONAN_PASSWORD and with using _REMOTENAME for different remotes. Have a look here in the docs. This is probably the way to go for CI, so the password is not plain text in the CI scripts. Some CI services will allow for encripted variables in the configuration. Furthermore, these variables allow automatically log-in in case of expired tokens, which can happen if they are set to short times, and the builds are very long.
I am new with Amazon codecommit.
Following their instruction, I did some works like below
make a new IAM user with AdministratorAccess
make a new codecommit repository
install awscli and did aws configure
When I right finished those things, I could pull/push from codecommit.
However it became disabled with intellij Idea.
I did something like...
I pull a project from gitlab
git remote rm origin
git remote add origin [code commit url]
git branch --set-upstream-to origin/master
Now I type git [pull / push] origin master, I got this error message.
unable to access 'https://git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/test17/': The requested URL returned error: 403
When I access this url via browser, it requires id/pw. But my IAM user account information is not working.
What should I do? Is there any way to switch gitlab and codecommit in intellij?
Thanks.
IntelliJ does not use awscli. It uses the default system shell.
From the description, it looks like push/pull does not work for the command-line git in the native shell, so the issue is not IntelliJ-related.
Probably git tries to use wrong credentials save in its credential.helper, that is why it fails.
Check git config credential.helper to see if any is configured. If there is one, try disabling it or clear the saved credentials.
From the description it looks like you are trying to connect to a CodeCommit repository in Intellij using https. To do this you need to generate GitCredentials(username/password) for your iam user in the IAM console.
Detailed steps are documented in the aws documentation: http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html
Once you have the username/password you can use those credentials to connect to your CodeCommit repository in Intellij.
Tested on a Mac. Your milage may vary!
I just ran into the same issue. MacOS stores the GIT UID and PW in the Keychain (in your Applications > Utilities Folder). I deleted all references to AWS Code Commit from the keychain, which forced me to reenter the UID & PW. This seems to have solve the problem.
As a side note: I think this happened because I revoked a prior GIT credential on AWS and created a new one. I think that the keychain was entering the old UID/PW which then failed during authentication.
First, you are going to want to create an IAM user with appropriate permissions and then create Git credentials. Then go to IntelliJ IDEA and say you are opening project from VCS with Git credentials, use the AWS git credentials you created and log in. Once you have logged in, you should be able to pull/push to the repo. If you are still having issues and have checked the credentials you are using are active, along with the IAM user those credentials are attached to have the right permissions, I would recommend creating a ticket on AWS support as there may be something wrong with your account that AWS staff will need to fix.
I have my Hudson CI server setup. I have a CVS repo that I can only checkout stuff via ssh. But I see no way to convince Hudson to check out via ssh. I tried all sorts of options when supplying my connection string.
Has anyone done this? I gotta think it has been done.
If I still remember CVS, I thought you have to set CVS_RSH environment variable to ssh. I suspect you need to set this so that your Tomcat process gets this value inherited.
You can check Hudson system information to see exactly what environment variables the JVM is seeing (and passes along to the build.)
I wrote up an article that tackles this you can find it here:
http://www.openscope.net/2011/01/03/configure-ssh-authorized-keys-for-cvs-access/
Essentially you want to set up passphraseless ssh keys for your build user. This will allow authentication to occur without the need to work out some kind of way to key in your password.
<edit> i.e. Essentially the standard .ssh key client & server install/exchange.
http://en.wikipedia.org/wiki/Secure_Shell#Key_management
for the jenkins user account:
install user key (public & private part) in ~/.ssh (generate it fresh or use existing user key)
on cvs server:
install user key (public part) in ~/.ssh
add to authorized_keys
back on jenkins user account:
access cvs from command-line as jenkins user and accept remote host key (to known_hosts)
* note any time remote server changes key/ip you will need to manually access cvs and accept key again *
</edit>
There's another way to do it but you have to manually log from the build machine to your cvs server and keep the ssh session open so hudson/jenkins can piggyback the connection. Seemed kinda pointless to me though since you want your CI server to be as hands off as possible.
I'd like to know how to get Subversion to change the name that my changes appear under.
I'm just starting to use Subversion. I'm currently using it to version control code on an XP laptop where I'm always logged in under my wife's name. I'd like the subversion DB to show the changes under my name.
Later on I'll replicate the DB so it is accessible to the whole house. My wife uses the office computer where she is always logged in under my name. I'll probably set it up so that it automatically checks in modified documents... preferably under her name.
Eventually I'll probably be using it from a linux machine under another username.
Is there some way to modify the user environment to change the user name that Subversion calls you? I'd expect something like setting SVN_USERNAME='Mark' which would override however it usually gets the name.
Update: It looks like the --username flag that Michael referred to does work to change the name reported by "svn stat", even for local file: repositories. In addition, it is sticky so you don't need to specify it for the next command. I even rebooted and it still used the "--username" value from my previous boot.
Most Subversion commands take the --username option to specify the username you want to use to the repository. Subversion remembers the last repository username and password used in each working copy, which means, among other things, that if you use svn checkout --username myuser you never need to specify the username again.
As Kamil Kisiel says, when Subversion is accessing the repository directly off the file system (that is, the repository URL is of form file:///path/to/repo or file://file-server/path/to/repo), it uses your file system permissions to access the repository. And when you connect via SSH tunneling (svn+ssh://server/path/to/repo), SVN uses your FS permissions on the server, as determined by your SSH login. In those cases, svn checkout --username may not work for your repository.
For svn over ssh try:
svn list svn+ssh://[user_name]#server_name/path_to_repo
svn will prompt you for the user_name's password.
You can setup a default username via ~/.subversion/servers:
[groups]
yourgroupname = svn.example.com
[yourgroupname]
username = yourusername
Please be aware that older versions of svn do not support it (e.g. 1.3.1 [sic!]).
"svn co --username=yourUserName --password=yourpassword http://path-to-your-svn"
Worked for me when on another user account. You will be prompted to enter username/password again though. You need to login like the above once and you are all set for the subsequent times(Unless you restart your machine).
If you need to specify a username other than your logged in user for use with svn+ssh just add an entry to your .ssh/config file:
Host example.com
User jdoe
Subversion usually asks me for my "Subversion username" if it fails using my logged in username. So, when I am lazy (usually) I'll just let it ask me for my password and I'll hit enter, and wait for the username prompt and use my Subversion username.
Otherwise, Michael's solution is a good way to specify the username right off.
Most of the answers seem to be for svn+ssh, or don't seem to work for us.
For http access, the easiest way to log out an SVN user from the command line is:
rm ~/.subversion/auth/svn.simple/*
Hat tip: http://www.yolinux.com/TUTORIALS/Subversion.html
Using Subversion with either the Apache module or svnserve. I've been able to perform operations as multiple users using --username.
Each time you invoke a Subversion command as a 'new' user, your $HOME/.subversion/auth/<authentication-method>/ directory will have a new entry cached for that user (assuming you are able to authenticate with the correct password or authentication method for the server you are contacting as that particular user).
I believe if you use the file:// method to access your subversion repository, your changes are always performed under the user which accesses the repository. You need to use a method that supports authentication such as http:// or svn://.
See http://svnbook.red-bean.com/en/1.5/svn-book.html#svn.serverconfig.choosing
If you are using svn+ssh to connect to the repository then the only thing that authenticates you and authorizes you is your ssh credentials. EVERYTHING else is ignored. Your username will be logged in subversion exactly as it is established in your ssh connection. An excellent explanation of this is at jimmyg.org/blog/2007/subversion-over-svnssh-on-debian.html
Go to ~/.subversion/auth/svn.simple/*, and you will see a list of files that contains the information about your svn user account. Just delete all others that you don't need.
After that, when you do anything that regards to SVN operation, such as commit, rm, etc,. You will be prompt again to enter username or passwords.
TortoiseSVN always prompts for username. (unless you tell it not to)
I believe you can set the SVN_USER environment variable to change your SVN username.