我可以在 OS X Yosemite 上覆盖 git-credential-osxkeychain 吗?
Can I override git-credential-osxkeychain on OS X Yosemite?
我正在尝试将 AWS CodeCommit 用于我的存储库。对于那些不知道的人,CC 需要一个特定的 git 凭据帮助程序来生成 HTTPS 请求的密码,因为它是加密的并且是基于时间的。这正常工作。
但是,我确实遇到了一个更严重的问题:git 似乎自动将我的时间敏感凭据缓存在钥匙串中,这意味着大约 15 分钟后,我只会收到 403 错误推送或正在获取。
我尝试关注 the instructions here,但我没有在任何地方配置 osxkeychain。据我所知,它已硬编码到 Apple git.
git 中的一对痕迹显示了问题:
初始提取
MikeBook-Pro:sensei-cli mike$ GIT_TRACE=1 git fetch
13:43:19.583664 git.c:348 trace: built-in: git 'fetch'
13:43:19.584764 run-command.c:347 trace: run_command: 'git-remote-https' 'origin' 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sensei-cli'
13:43:20.024288 run-command.c:347 trace: run_command: 'git credential-osxkeychain get'
13:43:20.025203 run-command.c:195 trace: exec: '/bin/sh' '-c' 'git credential-osxkeychain get' 'git credential-osxkeychain get'
13:43:20.029429 git.c:557 trace: exec: 'git-credential-osxkeychain' 'get'
# This last command returns nothing, as nothing is in Keychain.
13:43:20.029928 run-command.c:347 trace: run_command: 'git-credential-osxkeychain' 'get'
13:43:21.016738 run-command.c:347 trace: run_command: 'aws --profile default codecommit credential-helper $@ get'
# This returns the correct generated credentials
13:43:21.018020 run-command.c:195 trace: exec: '/bin/sh' '-c' 'aws --profile default codecommit credential-helper $@ get' 'aws --profile default codecommit credential-helper $@ get'
13:43:21.985711 run-command.c:347 trace: run_command: 'git credential-osxkeychain store'
# This stores the credentials in Keychain
13:43:21.986731 run-command.c:195 trace: exec: '/bin/sh' '-c' 'git credential-osxkeychain store' 'git credential-osxkeychain store'
13:43:21.991811 git.c:557 trace: exec: 'git-credential-osxkeychain' 'store'
13:43:21.992266 run-command.c:347 trace: run_command: 'git-credential-osxkeychain' 'store'13:43:22.017201 run-command.c:347 trace: run_command: 'aws --profile default codecommit credential-helper $@ store'
13:43:22.017897 run-command.c:195 trace: exec: '/bin/sh' '-c' 'aws --profile default codecommit credential-helper $@ store' 'aws --profile default codecommit credential-helper $@ store'
13:43:22.302123 run-command.c:347 trace: run_command: 'rev-list' '--objects' '--stdin' '--not' '--all' '--quiet'
...
后续获取
MikeBook-Pro:sensei-cli mike$ GIT_TRACE=1 git fetch
13:53:51.224971 git.c:348 trace: built-in: git 'fetch'
13:53:51.231140 run-command.c:347 trace: run_command: 'git-remote-https' 'origin' 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sensei-cli'
13:53:53.855917 run-command.c:347 trace: run_command: 'git credential-osxkeychain get'
13:53:53.859291 run-command.c:195 trace: exec: '/bin/sh' '-c' 'git credential-osxkeychain get' 'git credential-osxkeychain get'
13:53:53.876895 git.c:557 trace: exec: 'git-credential-osxkeychain' 'get'
# This DOES return credentials, so it doesn't try any helpers
13:53:53.877419 run-command.c:347 trace: run_command: 'git-credential-osxkeychain' 'get'
fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sensei-cli/': The requested URL returned error: 403
git --version 和 git config -l 输出
MikeBook-Pro:sensei-cli mike$ git --version
git version 2.4.9 (Apple Git-60)
MikeBook-Pro:sensei-cli mike$ git config -l
user.name=Mike Caron
user.email=myemail@domain.com
credential.helper=!aws --profile default codecommit credential-helper $@
credential.usehttppath=true
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
core.ignorecase=true
core.precomposeunicode=true
remote.origin.url=https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sensei-cli
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
branch.master.remote=origin
branch.master.merge=refs/heads/master
是的,在他们的 Apple-Git 实现中硬编码使用 osxkeychain。 source code 引用雷达错误 12266645。
我相信许多后续的雷达错误都是由这个非常错误的决定造成的。我建议你也开一个!
我遇到了同样的问题,我发现的唯一解决方法是在终端中像这样继续删除钥匙串密码条目:
security delete-internet-password -l "git-codecommit.us-east-1.amazonaws.com"
我每五分钟将其添加到 cron 作业中 运行。
绝对不是最优雅的解决方案,但可以帮助我建立联系。希望这能有所帮助。
我刚刚破解了它:
git config --global credential.helper '!security delete-internet-password -l "git-codecommit.us-east-1.amazonaws.com"; aws codecommit credential-helper $@'
希望对您有所帮助,
这类似于 Pablo's 答案,但我使用 git credential-osxkeychain erase 实用程序,它从 stdin 获取输入,所以有点长。因此 .gitconfig 中的凭据帮助程序行最终如下所示:
[credential]
helper = !printf 'host=%s\nprotocol=https\n\n' 'git-codecommit.us-east-2.amazonaws.com' | git credential-osxkeychain erase && aws codecommit credential-helper $@
基本思想是,它会在钥匙串中创建钥匙后立即将其擦除。
我正在尝试将 AWS CodeCommit 用于我的存储库。对于那些不知道的人,CC 需要一个特定的 git 凭据帮助程序来生成 HTTPS 请求的密码,因为它是加密的并且是基于时间的。这正常工作。
但是,我确实遇到了一个更严重的问题:git 似乎自动将我的时间敏感凭据缓存在钥匙串中,这意味着大约 15 分钟后,我只会收到 403 错误推送或正在获取。
我尝试关注 the instructions here,但我没有在任何地方配置 osxkeychain。据我所知,它已硬编码到 Apple git.
git 中的一对痕迹显示了问题:
初始提取
MikeBook-Pro:sensei-cli mike$ GIT_TRACE=1 git fetch 13:43:19.583664 git.c:348 trace: built-in: git 'fetch' 13:43:19.584764 run-command.c:347 trace: run_command: 'git-remote-https' 'origin' 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sensei-cli' 13:43:20.024288 run-command.c:347 trace: run_command: 'git credential-osxkeychain get' 13:43:20.025203 run-command.c:195 trace: exec: '/bin/sh' '-c' 'git credential-osxkeychain get' 'git credential-osxkeychain get' 13:43:20.029429 git.c:557 trace: exec: 'git-credential-osxkeychain' 'get' # This last command returns nothing, as nothing is in Keychain. 13:43:20.029928 run-command.c:347 trace: run_command: 'git-credential-osxkeychain' 'get' 13:43:21.016738 run-command.c:347 trace: run_command: 'aws --profile default codecommit credential-helper $@ get' # This returns the correct generated credentials 13:43:21.018020 run-command.c:195 trace: exec: '/bin/sh' '-c' 'aws --profile default codecommit credential-helper $@ get' 'aws --profile default codecommit credential-helper $@ get' 13:43:21.985711 run-command.c:347 trace: run_command: 'git credential-osxkeychain store' # This stores the credentials in Keychain 13:43:21.986731 run-command.c:195 trace: exec: '/bin/sh' '-c' 'git credential-osxkeychain store' 'git credential-osxkeychain store' 13:43:21.991811 git.c:557 trace: exec: 'git-credential-osxkeychain' 'store' 13:43:21.992266 run-command.c:347 trace: run_command: 'git-credential-osxkeychain' 'store'13:43:22.017201 run-command.c:347 trace: run_command: 'aws --profile default codecommit credential-helper $@ store' 13:43:22.017897 run-command.c:195 trace: exec: '/bin/sh' '-c' 'aws --profile default codecommit credential-helper $@ store' 'aws --profile default codecommit credential-helper $@ store' 13:43:22.302123 run-command.c:347 trace: run_command: 'rev-list' '--objects' '--stdin' '--not' '--all' '--quiet' ...
后续获取
MikeBook-Pro:sensei-cli mike$ GIT_TRACE=1 git fetch 13:53:51.224971 git.c:348 trace: built-in: git 'fetch' 13:53:51.231140 run-command.c:347 trace: run_command: 'git-remote-https' 'origin' 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sensei-cli' 13:53:53.855917 run-command.c:347 trace: run_command: 'git credential-osxkeychain get' 13:53:53.859291 run-command.c:195 trace: exec: '/bin/sh' '-c' 'git credential-osxkeychain get' 'git credential-osxkeychain get' 13:53:53.876895 git.c:557 trace: exec: 'git-credential-osxkeychain' 'get' # This DOES return credentials, so it doesn't try any helpers 13:53:53.877419 run-command.c:347 trace: run_command: 'git-credential-osxkeychain' 'get' fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sensei-cli/': The requested URL returned error: 403
git --version 和 git config -l 输出
MikeBook-Pro:sensei-cli mike$ git --version git version 2.4.9 (Apple Git-60)
MikeBook-Pro:sensei-cli mike$ git config -l user.name=Mike Caron user.email=myemail@domain.com credential.helper=!aws --profile default codecommit credential-helper $@ credential.usehttppath=true core.repositoryformatversion=0 core.filemode=true core.bare=false core.logallrefupdates=true core.ignorecase=true core.precomposeunicode=true remote.origin.url=https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sensei-cli remote.origin.fetch=+refs/heads/*:refs/remotes/origin/* branch.master.remote=origin branch.master.merge=refs/heads/master
是的,在他们的 Apple-Git 实现中硬编码使用 osxkeychain。 source code 引用雷达错误 12266645。
我相信许多后续的雷达错误都是由这个非常错误的决定造成的。我建议你也开一个!
我遇到了同样的问题,我发现的唯一解决方法是在终端中像这样继续删除钥匙串密码条目:
security delete-internet-password -l "git-codecommit.us-east-1.amazonaws.com"
我每五分钟将其添加到 cron 作业中 运行。
绝对不是最优雅的解决方案,但可以帮助我建立联系。希望这能有所帮助。
我刚刚破解了它:
git config --global credential.helper '!security delete-internet-password -l "git-codecommit.us-east-1.amazonaws.com"; aws codecommit credential-helper $@'
希望对您有所帮助,
这类似于 Pablo's 答案,但我使用 git credential-osxkeychain erase 实用程序,它从 stdin 获取输入,所以有点长。因此 .gitconfig 中的凭据帮助程序行最终如下所示:
[credential]
helper = !printf 'host=%s\nprotocol=https\n\n' 'git-codecommit.us-east-2.amazonaws.com' | git credential-osxkeychain erase && aws codecommit credential-helper $@
基本思想是,它会在钥匙串中创建钥匙后立即将其擦除。