copier icon indicating copy to clipboard operation
copier copied to clipboard
verified publisher icon copier-org

Can't access gitlab template project with ssh using a yubikey i.e. _SK

Open DuncanMcRae opened this issue 5 months ago • 1 comments

Describe the problem

If I use a SSH key not tied to a yubikey it works. If I use the SSH key that is tied to a Yubikey it doesn't work - even though the key works for push/pull/clone.

Template

NA

To Reproduce

copier copy gitlab:...git ./destination --trust

Also, ssh config:

Host gitlab Hostname gitlab.com User git Port 22 IdentitiesOnly yes IdentityFile ~/.ssh/id_ed25519_sk

Logs

Traceback (most recent call last):
  File "/home/user/.local/share/../bin/copier", line 10, in <module>
    sys.exit(CopierApp.run())
             ~~~~~~~~~~~~~^^
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/plumbum/cli/application.py", line 640, in run
    inst, retcode = subapp.run(argv, exit=False)
                    ~~~~~~~~~~^^^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/plumbum/cli/application.py", line 635, in run
    retcode = inst.main(*tailargs)
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/copier/_cli.py", line 284, in main
    return _handle_exceptions(inner)
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/copier/_cli.py", line 71, in _handle_exceptions
    method()
    ~~~~~~^^
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/copier/_cli.py", line 275, in inner
    with self._worker(
         ~~~~~~~~~~~~^
        template_src,
        ^^^^^^^^^^^^^
    ...<3 lines>...
        overwrite=self.force or self.overwrite,
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    ) as worker:
    ^
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/copier/_main.py", line 272, in __exit__
    raise value
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/copier/_cli.py", line 282, in inner
    worker.run_copy()
    ~~~~~~~~~~~~~~~^^
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/copier/_main.py", line 96, in _wrapper
    return func(*args, **kwargs)
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/copier/_main.py", line 1036, in run_copy
    self._print_message(self.template.message_before_copy)
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/uv/python/cpython-3.13.7-linux-x86_64-gnu/lib/python3.13/functools.py", line 1026, in __get__
    val = self.func(instance)
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/copier/_template.py", line 364, in message_before_copy
    return self.config_data.get("message_before_copy", "")
           ^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/uv/python/cpython-3.13.7-linux-x86_64-gnu/lib/python3.13/functools.py", line 1026, in __get__
    val = self.func(instance)
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/copier/_template.py", line 304, in config_data
    result = filter_config(self._raw_config)[0]
                           ^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/uv/python/cpython-3.13.7-linux-x86_64-gnu/lib/python3.13/functools.py", line 1026, in __get__
    val = self.func(instance)
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/copier/_template.py", line 261, in _raw_config
    for p in self.local_abspath.glob("copier.*")
             ^^^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/uv/python/cpython-3.13.7-linux-x86_64-gnu/lib/python3.13/functools.py", line 1026, in __get__
    val = self.func(instance)
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/copier/_template.py", line 567, in local_abspath
    result = Path(clone(self.url_expanded, self.ref))
                  ~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/copier/_vcs.py", line 190, in clone
    _clone()
    ~~~~~~^^
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/plumbum/commands/base.py", line 115, in __call__
    return self.run(args, **kwargs)[1]
           ~~~~~~~~^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/plumbum/commands/base.py", line 254, in run
    return p.run()
           ~~~~~^^
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/plumbum/commands/base.py", line 217, in runner
    return run_proc(p, retcode, timeout)
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/plumbum/commands/processes.py", line 330, in run_proc
    return _check_process(proc, retcode, timeout, stdout, stderr)
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/plumbum/commands/processes.py", line 19, in _check_process
    proc.verify(retcode, timeout, stdout, stderr)
    ~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/uv/tools/copier/lib/python3.13/site-packages/plumbum/machines/base.py", line 29, in verify
    raise ProcessExecutionError(
        getattr(self, "argv", None), self.returncode, stdout, stderr
    )
plumbum.commands.processes.ProcessExecutionError: Unexpected exit code: 128
Command line: | /usr/bin/git clone --no-checkout gitlab:{company}/de/templates/python-package-template-uv.git /tmp/copier._vcs.clone.oiuy_g8w --filter=blob:none
Stderr:       | Cloning into '/tmp/copier._vcs.clone.oiuy_g8w'...
              | notify_start: exec(/usr/lib/ssh/ssh-askpass): No such file or directory
              | notify_start: exec(/usr/lib/ssh/ssh-askpass): No such file or directory
              | sign_and_send_pubkey: signing failed for ED25519-SK "/home/user/.ssh/id_ed25519_sk": invalid format
              | [email protected]: Permission denied (publickey).
              | fatal: Could not read from remote repository.
              |
              | Please make sure you have the correct access rights
              | and the repository exists.

Expected behavior

I was expecting it to ask me to touch my key, then proceed as intended.

Screenshots/screencasts/logs

No response

Operating system

Linux

Operating system distribution and version

Arch

Copier version

copier 9.10.2

Python version

3.13.7

Installation method

local build

Additional context

uv tools install copier.

Tried uvx copier copy ... same problem

DuncanMcRae avatar Oct 03 '25 02:10 DuncanMcRae

I suspect that your SSH key is passphrase-protected (Using YubiKey? I have never used YubiKey.) but the prompting for it fails. This might be related to the SSH_ASKPASS variable:

If ssh needs a passphrase, it will read the passphrase from the current terminal if it was run from a terminal. If ssh does not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program specified by SSH_ASKPASS and open an X11 window to read the passphrase. This is particularly useful when calling ssh from a .xsession or related script. (Note that on some machines it may be necessary to redirect the input from /dev/null to make this work.)

Does this problem also occur for an SSH key that has a passphrase without YubiKey protection?

sisp avatar Oct 03 '25 15:10 sisp