Improved methods for git authorization #17272
Replies: 4 comments 4 replies
-
See also #17720 (comment) which discusses a similar solution |
Beta Was this translation helpful? Give feedback.
-
while the git credential solutions did not work for me, i could pass the credentials in the env variable like you described. Actually one can do the same for the repository. So when you have a private repository and want to access it from your local repo, you cann pass a PAT infront of the url in the
this saves obviously the credentials in your project, so it cannot have less security then your registry but in my case its a valid solution, as i can access my repo via my company login, but i crosscompile to WSL and loose my access rights, so having them inside the repo fixes this issue. As the build files never leave the company it should be fine |
Beta Was this translation helpful? Give feedback.
-
I'm trying to make a private vcpkg package. It's using Is From Windows Terminal I'm able to use git CLI to push/pull from the private repo just fine. But when vcpkg tries to download it I get 404 error. (I double checked the URL via the browser, and the URL is valid when you are logged in.)
I did try to use Oh wait, I just noticed the log says it's downloading a |
Beta Was this translation helpful? Give feedback.
-
Does anyone know if global, pre-seeded git credentials may conflict concurrent builds? If a pipeline sets (unsets) the extraheader in the global git config like
Does it work? I did some locale tests, they look fine so far. Is there anything I need to keep an eye on? |
Beta Was this translation helpful? Give feedback.
-
In addition to
vcpkg_from_git()
, registries also now directly use the git command line tools to fetch remote resources. Some of these resources may need to be protected from anonymous access, so it's important to be able to provide credentials.Pre-seed git credentials
This method is newly proposed in this discussion, please chime in with feedback if this works for you!
Based on my current understanding, we can pre-seed git credentials via
git credential approve
:Powershell:
Bash:
For systems which need bearer auth, you can use
git config
:Note: you must make these config changes with
--global
The
<uri>
can be filled in with a variety of options, documented in https://git-scm.com/docs/git-config#Documentation/git-config.txt-httplturlgt. For example,https://dev.azure.com/MYORG/
.(Original Source: microsoft/azure-pipelines-agent#1601 (comment)).
Note for Azure DevOps users: You may need to enable access via Job authorization scope https://docs.microsoft.com/en-us/azure/devops/pipelines/process/access-tokens?view=azure-devops&tabs=yaml#job-authorization-scope. You may need to "reference" the repo in your yaml via:
Pass credentials in an environment variable
Using
VCPKG_KEEP_ENV_VARS
orVCPKG_ENV_PASSTHROUGH_UNTRACKED
, we can smuggle credential info via another var likeMY_TOKEN
.Then, this can be used in private ports:
Drawback: This doesn't work for git registries :(
+@donny-dont as the author of #5719
Beta Was this translation helpful? Give feedback.
All reactions