Support using ssh as id url

[nbigaouette]

Hi!

I am exploring cargo-crev for code review at my workplace. The reviews we would produce would be geared for our own use case and as such we would like to host the id repos in our internal git hosting.

Right now, the getting started page mentions forking the github template and pointing to it with cargo crev id new --url.

Because we have our own internal git repos, I manually cloned the github repo and pushed it to a new internal repo. I then used this url when creating my new id. Unfortunately, my git url is an ssh url which cargo-crev does not like:

❯ cargo crev id new --url ssh://[email protected]/nbigaouette/crev-proofs.git
URL must start with 'https://'

:(

Exploring a bit I see that I can use cargo crev id new --no-url to create an id not linked to a git repo, which is what I did.

Since I want to publish those reviews, I tried to set the ssh repo as the url but could not make this work:

❯ cargo crev id set-url ssh://...
URL must be https://

Using cargo crev id set-url https://... with the https url provided by the repo's web interface I get the following:

❯ cargo crev id set-url https://[email protected]/nbigaouette/crev-proofs.git
WARN: Could not deduce `ssh` push url. Call:
cargo crev git remote set-url --push origin <url>
manually after the id is generated.
Couldn't clone https://[email protected]/nbigaouette/crev-proofs.git: remote authentication required but no callback set; class=Http (34)

I now see a cargo crev git subcommand! Let's try it:

❯ cargo crev git remote set-url --push origin ssh://[email protected]/nbigaouette/crev-proofs.git
error: The subcommand 'git' wasn't recognized

USAGE:
        cargo crev help <subcommands>...

For more information try --help

🤔 That's definitely a bug in the error message if the git subcommand does not exists anymore...

If I try to set the url with the https url but without my username, I see the following:

❯ cargo crev id set-url https://internal-git.example.com/nbigaouette/crev-proofs.git
WARN: Could not deduce `ssh` push url. Call:
cargo crev git remote set-url --push origin <url>
manually after the id is generated.
Using existing repository `~/Library/Application Support/crev/proofs/internal_git_example__nbigaouette_crev-proofs_g-*********`
Username for 'https://internal-git.example.com': nbigaouette
Password for 'https://[email protected]':
warning: no common commits
remote: Counting objects: 3, done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (3/3), done.
From https://internal-git.example.com/nbigaouette/crev-proofs
 * branch            HEAD       -> FETCH_HEAD
Successfully rebased and updated refs/heads/master.
ERROR: Error: Failed to fetch https://internal-git.example.com/nbigaouette/crev-proofs.git: remote authentication required but no callback set; class=Http (34)

I can peek the git repo under ~/Library/Application Support/crev/proofs/internal_git_example__nbigaouette_crev_**** but I see a different git history from the original crev-proofs.git fork.

So my questions are:

• Can I use an internal (non-public) git repo for hosting my own proofs?
• Can I use ssh as the protocol for communicating with my proofs repo? If so, how should I proceed?
• Did I screw up my initial proofs repo creation (due to the different git history outlined above)?

❯ cargo crev --version
cargo-crev 0.19.0
# Installation:
curl -L "https://github.com/crev-dev/cargo-crev/releases/download/v0.19.0/cargo-crev-v0.19.0-x86_64-apple-darwin.tar.gz" | tar -zxv - --directory ~/.cargo/bin --strip-components=1 cargo-crev-v0.19.0-x86_64-apple-darwin/cargo-crev

Platform used: macOS Catalina 10.15.7.

Thanks a lot!!

[dpc]

Just to give you some quick help:

cargo crev git is now cargo crev repo git, methinks. Must be stale documentation somewhere. I recommend using --help a lot. It works quite neatly and helps discover what is what, since documentation is often lacking/stale. We're putting some extra help regarding relevant features right into --help output (easier to keep up to date than old published doc pages).

Your ID url should be read-only url that other people can use. If it's internal - it should be readable by people that are supposed to consume your proofs. You had a right instinct to use git to just change the url to ssh after the fact.

Completely internal setups are not yet well tested/understood so please excuse the road-bumps. I am little bit in rush RN, so that's all for now. Please remind yourself if no one is going to get back to you in reasonable time.

[nbigaouette]

Thanks for your super quick reply! I'll explore more what is possible, I appreciate the feedback.

Thanks again!

[nbigaouette]

I saw you released 0.19.1 with some error strings adapted. Thanks!

After looking at the code, it seems that cargo-crev will need to be adapted to work with ssh remotes. To connect to a ssh remote, one has to configure the git command with either a key or an agent, for example:

// Prepare callbacks.
let mut callbacks = git2::RemoteCallbacks::new();
callbacks.credentials(|_url, username_from_url, _allowed_types| {
    git2::Cred::ssh_key_from_agent(username_from_url.unwrap())
});

// Prepare fetch options.
let mut fo = git2::FetchOptions::new();
fo.remote_callbacks(callbacks);

// Prepare builder.
let mut builder = git2::build::RepoBuilder::new();
builder.fetch_options(fo);

match builder.clone(git_ssh_url, &proof_dir) {

So git remote operations will need to be changed to support ssh remotes.

For now, I'll see if I can use https.

What I did is:

❯ cargo crev id new --no-url
❯ cargo crev repo fetch url https://github.com/dpc/crev-proofs
❯ cargo crev id trust FYlr8YoYGVvDwHQxqEIs89reKKDy-oWisoO0qXXEfHE
❯ cargo crev repo git remote set-url --push origin https://[email protected]/nbigaouette/crev-proofs.git
current Id has been created without a git URL

Looking at:
https://github.com/crev-dev/cargo-crev/blob/v0.19.1/crev-lib/src/local.rs#L1025-L1031
confirms that cargo-crev is not letting me call the git command if no url has been set...