jj icon indicating copy to clipboard operation
jj copied to clipboard

Published 20 hours ago verified publisher icon martinvonz

jj git clone incompatible with Sourcehut

Open kappa opened this issue 2 years ago • 9 comments

Description

Cloning a git repo from git.sr.ht fails.

Steps to Reproduce the Problem

  1. Create a repo on https://git.sr.ht/.
  2. Try cloning using the git: scheme.
  3. Experience the failure

Expected Behavior

Successful clone just like with Github repositories.

Actual Behavior

$ jj git clone [email protected]:~kappa/uva_tasks Fetching into new repo in "/home/kappa/work/uva_tasks" Error: Fetch failed: Error { code: -16, klass: 23, message: "Failed to retrieve list of SSH authentication methods: Failed getting response" } $

Same repo with raw git: $ git clone [email protected]:~kappa/uva_tasks Cloning into 'uva_tasks'... remote: Enumerating objects: 247, done. remote: Counting objects: 100% (247/247), done. remote: Compressing objects: 100% (158/158), done. remote: Total 247 (delta 57), reused 247 (delta 57), pack-reused 0 Receiving objects: 100% (247/247), 308.39 KiB | 974.00 KiB/s, done. Resolving deltas: 100% (57/57), done. $

Specifications

  • Platform: Linux komod 5.18.0-0.rc7.20220519gitf993aed406ea.56.fc37.x86_64
  • Version: jj 0.2.0

kappa avatar Jun 23 '22 01:06 kappa

Are you able to clone from this GitHub repo with jj git clone [email protected]:martinvonz/jj.git?

By the way, you jj version is pretty old, but I don't know if it works better with a newer version anyway.

martinvonz avatar Jun 23 '22 02:06 martinvonz

Are you able to clone from this GitHub repo with jj git clone [email protected]:martinvonz/jj.git?

And if that fails, it probably means that you're running into the limitations of our very naive support for authentication. We do support ssh-agent, however, and I recommend using that.

martinvonz avatar Jun 23 '22 02:06 martinvonz

jj git clone [email protected]:martinvonz/jj.git succeeds.

I upgraded jj to 0.4.0. Error message changed slightly but clone from Sourcehut still fails.

Error: Fetch failed: Failed to retrieve list of SSH authentication methods: Failed getting response; class=Ssh (23); code=Auth (-16)

kappa avatar Jun 23 '22 05:06 kappa

Do you use ssh-agent? If not, is it an option to use that? This is obviously still a bug that should be fixed, I'm just trying to figure out where it goes and also to find you a workaround.

martinvonz avatar Jun 23 '22 05:06 martinvonz

Good point. I do not usually but I have tried it right now and there's no difference.

kappa avatar Jun 23 '22 05:06 kappa

It had some trouble reproducing the bug but I'm now able to. I guess all the URLs I tried (such as [email protected]:~sircmpwn/sourcehut) were private repos that I wasn't allow to access. I'll see if I can figure out what's going on.

martinvonz avatar Jun 23 '22 06:06 martinvonz

Really sorry I did not mention right away the repo I used in the description was private. Could have saved you some time.

kappa avatar Jun 23 '22 06:06 kappa

Really sorry I did not mention right away the repo I used in the description was private. Could have saved you some time.

No problem, I kind of assumed it was and didn't waste any time testing with it :) The problem was that I incorrectly (it seems) assumed that [email protected]:~sircmpwn/sourcehut (which I found in some Sourcehut documentation) was public.

martinvonz avatar Jun 23 '22 06:06 martinvonz

I'm pretty sure this is libgit2/pygit2#1013. I haven't been able to find a workaround :( Using ed25519 didn't work either (it doesn't even work with GitHub).

martinvonz avatar Jun 23 '22 07:06 martinvonz

It seems like this would be fixed if libgit2 were upgraded, based on looking at https://github.com/libgit2/pygit2/issues/1013; any chance the latest jj is still getting built with an out-of-date libgit2?

bpollack avatar Nov 30 '22 14:11 bpollack

We use version 0.15.0 of the git2 Rust crate with vendored openssl by default. I suppose there's some out-of-date dependency from there. I've looked a bit but I couldn't figure out what needs to be upgraded.

martinvonz avatar Nov 30 '22 16:11 martinvonz

Removing the ssh-rsa host key from ~/.ssh/known_hosts fixed the problem.

% ssh-keygen -R git.sr.ht -f known_hosts
# Host git.sr.ht found: line 87
# Host git.sr.ht found: line 88
# Host git.sr.ht found: line 89

then, re-add the host keys except for the ssh-rsa one. https://man.sr.ht/git.sr.ht/#ssh-host-keys

Appears that libssh2 picks the first key from known_hosts, but ssh-rsa is disabled by the server. Therefore, key negotiation fails.

yuja avatar Mar 17 '23 04:03 yuja

Great find, Yuya! If Sourcehut's server has disabled ssh-rsa, is it a bug in their documentation the they suggest adding that key to the config?

Maybe we can print some hints about these common issues if we detect that an SSH connection fails. I won't get around to that in the near future, but I thought I'd leave this note here so we don't forget.

martinvonz avatar Mar 17 '23 04:03 martinvonz

If Sourcehut's server has disabled ssh-rsa, is it a bug in their documentation the they suggest adding that key to the config?

Yeah, but I think it's also wrong that the client doesn't collect all known host key algorithms.

yuja avatar Mar 17 '23 04:03 yuja

Perhaps, the root cause is the same as the following issue: https://github.com/libgit2/libgit2/issues/6454

yuja avatar Mar 17 '23 06:03 yuja

It works for me from PR #1476 (but not before), so I'll close this. Feel free to reopen if it still doesn't work for you.

martinvonz avatar Apr 04 '23 15:04 martinvonz