• [macOS] keychain的跳坑之旅!git拉取的权限问题


    故事背景,svn与git各有长处,不过git大势所趋吧,那就搞搞。git的服务端,是基于phabricator搭建的,关于它的资料自行google就好了。其实之前运维已经搭好了phabricator了,也给过我叫做test的账号去试过了,只不过还有些问题没处理好,拖了一段时间后,我着手来弄一下。
    1. 建diffusion
    详细就不多说,diffusion名字叫swallowframework,很简单,也有教程。
    第一次,没有分权限,所有人都可以visit, push
    ```
    git clone http://phabricator.eelly.test/diffusion/SWALLOWFRAMEWORK/swallowframework.git eelly_swallow
    ```
    代码可以正常拉取,没问题

    第二次,将用户按项目分了组,只有php项目的人才能visit, push,将我自己加入到php项目里面去
    ```
    git clone http://phabricator.eelly.test/diffusion/SWALLOWFRAMEWORK/swallowframework.git eelly_swallow
    ```
    报错了!
    ```
    fatal: unable to access 'http://phabricator.eelly.test/diffusion/SWALLOWFRAMEWORK/swallowframework.git/': The requested URL returned error: 403
    ```
    一看这提示就是权限问题。当然是google啦,找来找去,phabricator上面的设置都是正常的。
    又叫了在php项目的同事去拉代码。卧槽,他们是正常的,而且拉取的时候,会提示让他输入账号,密码,而我的拉取过程,根本就没有提示我去输入账号密码!
    只能通过输出拉取的调试信息来看看问题在哪里了,使用的是GIT_CURL_VERBOSE=1
    ```
    GIT_CURL_VERBOSE=1 git clone http://phabricator.eelly.test/diffusion/SWALLOWFRAMEWORK/swallowframework.git eelly_swallow
    ```
    输出的详细信息如下
    ```
    Cloning into 'eelly_swallow'...
    * Couldn't find host phabricator.eelly.test in the .netrc file; using defaults
    * Trying 172.18.107.96...
    * TCP_NODELAY set
    * Connected to phabricator.eelly.test (172.18.107.96) port 80 (#0)
    > GET /diffusion/SWALLOWFRAMEWORK/swallowframework.git/info/refs?service=git-upload-pack HTTP/1.1
    Host: phabricator.eelly.test
    User-Agent: git/2.10.1 (Apple Git-78)
    Accept: */*
    Accept-Encoding: gzip
    Pragma: no-cache

    < HTTP/1.1 401 You must log in to access repositories.
    < Server: nginx
    < Date: Thu, 09 Mar 2017 13:59:26 GMT
    < Content-Type: text/html; charset=utf-8
    < Transfer-Encoding: chunked
    < Connection: keep-alive
    < WWW-Authenticate: Basic realm="Phabricator Repositories"
    <
    * Curl_http_done: called premature == 0
    * Connection #0 to host phabricator.eelly.test left intact
    * Couldn't find host phabricator.eelly.test in the .netrc file; using defaults
    * Found bundle for host phabricator.eelly.test: 0x7ff01250c7c0 [can pipeline]
    * Hostname phabricator.eelly.test was found in DNS cache
    * Trying 172.18.107.96...
    * TCP_NODELAY set
    * Connected to phabricator.eelly.test (172.18.107.96) port 80 (#1)
    > GET /diffusion/SWALLOWFRAMEWORK/swallowframework.git/info/refs?service=git-upload-pack HTTP/1.1
    Host: phabricator.eelly.test
    User-Agent: git/2.10.1 (Apple Git-78)
    Accept: */*
    Accept-Encoding: gzip
    Pragma: no-cache

    < HTTP/1.1 401 You must log in to access repositories.
    < Server: nginx
    < Date: Thu, 09 Mar 2017 13:59:26 GMT
    < Content-Type: text/html; charset=utf-8
    < Transfer-Encoding: chunked
    < Connection: keep-alive
    < WWW-Authenticate: Basic realm="Phabricator Repositories"
    <
    * Ignoring the response-body
    * Curl_http_done: called premature == 0
    * Connection #1 to host phabricator.eelly.test left intact
    * Issue another request to this URL: 'http://phabricator.eelly.test/diffusion/SWALLOWFRAMEWORK/swallowframework.git/info/refs?service=git-upload-pack'
    * Couldn't find host phabricator.eelly.test in the .netrc file; using defaults
    * Found bundle for host phabricator.eelly.test: 0x7ff01250c7c0 [can pipeline]
    * Re-using existing connection! (#1) with host phabricator.eelly.test
    * Connected to phabricator.eelly.test (172.18.107.96) port 80 (#1)
    * Server auth using Basic with user 'test'
    > GET /diffusion/SWALLOWFRAMEWORK/swallowframework.git/info/refs?service=git-upload-pack HTTP/1.1
    Host: phabricator.eelly.test
    Authorization: Basic dGVzdDp0MTIzNDU2Nzg=
    User-Agent: git/2.10.1 (Apple Git-78)
    Accept: */*
    Accept-Encoding: gzip
    Pragma: no-cache

    < HTTP/1.1 403 You do not have permission to access this repository.
    < Server: nginx
    < Date: Thu, 09 Mar 2017 13:59:26 GMT
    < Content-Type: text/html; charset=utf-8
    < Transfer-Encoding: chunked
    < Connection: keep-alive
    < Vary: Accept-Encoding
    < Content-Encoding: gzip
    <
    * Curl_http_done: called premature == 0
    * Connection #1 to host phabricator.eelly.test left intact
    fatal: unable to access 'http://phabricator.eelly.test/diffusion/SWALLOWFRAMEWORK/swallowframework.git/': The requested URL returned error: 403
    ```
    这里涉及的几次握手的过程就不详细解释了,大家用心看一下还是可以明白的。
    重点关注这几行代码
    ```
    * Ignoring the response-body
    * Curl_http_done: called premature == 0
    * Connection #1 to host phabricator.eelly.test left intact
    * Issue another request to this URL: 'http://phabricator.eelly.test/diffusion/SWALLOWFRAMEWORK/swallowframework.git/info/refs?service=git-upload-pack'
    * Couldn't find host phabricator.eelly.test in the .netrc file; using defaults
    * Found bundle for host phabricator.eelly.test: 0x7ff01250c7c0 [can pipeline]
    * Re-using existing connection! (#1) with host phabricator.eelly.test
    * Connected to phabricator.eelly.test (172.18.107.96) port 80 (#1)
    * Server auth using Basic with user 'test'
    > GET /diffusion/SWALLOWFRAMEWORK/swallowframework.git/info/refs?service=git-upload-pack HTTP/1.1
    Host: phabricator.eelly.test
    Authorization: Basic dGVzdDp0MTIzNDU2Nzg=
    User-Agent: git/2.10.1 (Apple Git-78)
    Accept: */*
    Accept-Encoding: gzip
    Pragma: no-cache
    ```
    这里的意思是,Ignoring the response-body,忽略响应的内容,Server auth using Basic with user 'test',直接用test这个账号去尝试登录。我在其它同事debug这个clone的过程,是没有这些步骤的,他们是,去到 WWW-Authenticate: Basic realm="Phabricator Repositories" 这一步的时候,就会显示输入账号密码的过程,怎么回事呢?为什么一直都是用test这个账号去尝试登录呢?
    过程是很复杂的,反正也花了两个小时去找解决方案,也尝试了不同方法。最后在这里找到了头绪,http://git.vger.kernel.narkive.com/iW0NHyKd/git-https-transport-and-wrong-password
    这文章里面关键点在于这些对话
    ```
    1. Using a credential helper that supports secure long-term storage
    (osxkeychain, wincred, etc).

    2. Specifying the username to the credential subsystem explicitly, by
    putting something like:

    [credential "https://yourhost/"]
    username = yourusername

    in your git config.
    ```
    意思是说,在你的git config里面,直接针对某个远程地址,设置账号,于是我改了一下自己的git配置
    ```
    vim ~/.gitconfig
    ```
    在后面加入
    ```
    [credential "http://phabricator.eelly.test"]
    username = xxxxxxx
    ```
    再次进行拉取
    ```
    GIT_CURL_VERBOSE=1 git clone http://phabricator.eelly.test/diffusion/SWALLOWFRAMEWORK/swallowframework.git eelly_swallow
    ```
    这次就正常了,提示我输入密码,搞掂!从以上文章,大概联想了一下,应该是macOS的keychain保存了一些账号导致在clone的时候,默认使用了test这个账号去进行登录的,于是再看了下keychain里面的东西。真是无语了,果然是这样子


    干脆一做二不休,直接将keychain对应的账号密码,由test改为我自己的账号密码,完成!

    have fun with macOS & git!

  • 相关阅读:
    傻帽
    csc编译c#文件
    真空
    继承,多态及抽象性
    HASH算法
    正则表达式
    js向数组和map添加元素
    详解TypeScript项目中的tsconfig.json配置
    TS:元素隐式具有 “any“ 类型,因为类型为 “any“ 的表达式不能用于索引类型
    yarn基本命令
  • 原文地址:https://www.cnblogs.com/davidhhuan/p/6528995.html
Copyright © 2020-2023  润新知