远程:HTTP基本认证:在GitLab中下载本地仓库时访问被拒绝。

huangapple go评论113阅读模式
英文:

remote: HTTP Basic: Access denied downloading local repo in gitlab

问题

有很多关于这个主题的讨论,我读了很多但是我无法弄清楚我做错了什么。

Gitlab版本为14.5.2

Gitlab runner版本为14.5.1,并且以shell方式运行

启用了2FA并且我已经创建了我的访问令牌;我正在尝试编译一个使用我gitlab仓库中的库的Golang程序。这是我的yml文件:

variables:
  REPOSITORY: $CI_REGISTRY/acme/test/master

before_script:
  - export PATH=$PATH:/usr/local/go/bin
  - docker login -u $CI_REGISTRY_USER -p $CI_JOB_TOKEN $CI_REGISTRY
  - go env -w GOOS=linux
  - go env -w GOARCH=amd64
  - go env -w GOPRIVATE=gitlab.acme.com

build_image:
  script: 
    - ssh-keyscan -t rsa gitlab.acme.com >> ~/.ssh/known_hosts
    - echo -e "machine gitlab.acme.com\nlogin gitlab-ci-token\npassword ${CI_JOB_TOKEN}" > ~/.netrc
    - git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.acme.com/".insteadOf git://gitlab.acme.com/
    - go mod download
    - go build
    - docker build -f Dockerfile -t $REPOSITORY:latest .
    - docker push $REPOSITORY:latest
    - docker rmi $(docker images $REPOSITORY -a -q)
    - rm $HOME/.netrc

结果是这样的:

go mod download: gitlab.acme.com/datamanent/go-commons@v0.0.0-20211221151250-f0220d428461: invalid version: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /home/gitlab-runner/go/pkg/mod/cache/vcs/c9ecbc2c20382f733e0a04c852c63cb9a78c5166f9ae2d25864a2d7728490ddb: exit status 128:
	remote: HTTP Basic: Access denied
	fatal: Authentication failed for 'https://gitlab.acme.com/test/go-commons.git/'
Cleaning up project directory and file based variables

如果我不使用内部库,编译是正常的,并且推送到gitlab仓库也是可以的。
如果我尝试克隆仓库而不是执行go mod download,像这样:

- git clone git@gitlab.acme.com:test/go-commons.git

当然这不起作用,我得到了这个消息:

cloning into 'go-commons'...
Permission denied, please try again.
Permission denied, please try again.
git@gitlab.acme.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Cleaning up project directory and file based variables

--------------- 更新 ---------------

感谢@VonC,我将git指令更改为:

git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.acme.com/".insteadOf \
                    git@gitlab.acme.com:

不幸的是,这还不够,而且这真的很奇怪,所以我在流水线中添加了cat $HOME/.gitconfig,我想看看指令是否被正确添加。我看到有很多条目,很可能是每次我尝试运行CI时都会添加,我真是个傻瓜,我以为文件每次运行CI时都会消失(但我是在shell中而不是在docker中),所以我删除了它,现在可以工作了。

英文:

There a lot of discussion on this topic, I read a lot but I cannot figure out what I'm doing wrong.

Gitlab version 14.5.2

Gitlab runner version: 14.5.1 and running as shell

2FA is enabled and I have created my access token; I'm trying to compile a Golang program that use a library in my gitlab repo. Here my yml file

variables:
  REPOSITORY: $CI_REGISTRY/acme/test/master

before_script:
  - export PATH=$PATH:/usr/local/go/bin
  - docker login -u $CI_REGISTRY_USER -p $CI_JOB_TOKEN $CI_REGISTRY
  - go env -w GOOS=linux
  - go env -w GOARCH=amd64
  - go env -w GOPRIVATE=gitlab.acme.com

build_image:
  script: 
    - ssh-keyscan -t rsa gitlab.acme.com >> ~/.ssh/known_hosts
    - echo -e "machine gitlab.acme.com\nlogin gitlab-ci-token\npassword ${CI_JOB_TOKEN}" > ~/.netrc
    - git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.acme.com/".insteadOf git://gitlab.acme.com/
    - go mod download
    - go build
    - docker build -f Dockerfile -t $REPOSITORY:latest .
    - docker push $REPOSITORY:latest
    - docker rmi $(docker images $REPOSITORY -a -q)
    - rm $HOME/.netrc

The result is this:

go mod download: gitlab.acme.com/datamanent/go-commons@v0.0.0-20211221151250-f0220d428461: invalid version: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /home/gitlab-runner/go/pkg/mod/cache/vcs/c9ecbc2c20382f733e0a04c852c63cb9a78c5166f9ae2d25864a2d7728490ddb: exit status 128:
	remote: HTTP Basic: Access denied
	fatal: Authentication failed for 'https://gitlab.acme.com/test/go-commons.git/'
Cleaning up project directory and file based variables

If I don't use an internal lib, compile is fine and push in gitlab registry is ok as well.
If I try to clone the repo instead of doing go mod download, doing this:

- git clone git@gitlab.acme.com:test/go-commons.git

Of course it doesn't work I got this message:

cloning into 'go-commons'...
Permission denied, please try again.
Permission denied, please try again.
git@gitlab.acme.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Cleaning up project directory and file based variables

--------------- UPDATE ---------------

Thanks to @VonC I change the git directive to

git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.acme.com/".insteadOf \
                    git@gitlab.acme.com:

unfortunately this was still not enough, and it was really weird, so I add to the pipeline cat $HOME/.gitconfig I wanted to see if it was correctly added the directive. And what I see was that there were a lots of entries, most likely everytime I tried the pipeline, stupid me, I thought the file went away everytime I run the CI (but I'm in shell not in docker), so I delete it and now works.

答案1

得分: 1

在你的测试中,你尝试使用SSH URL git@gitlab.acme.com:... 进行克隆,但没有成功。将其替换为带有凭据的HTTPS URL(包括令牌,以通过双因素认证)是有意义的。

但是在你的 git config 中,你替换了一个Git URL git://gitlab.acme.com/不是一个SSH URL)。

首先尝试显示 $REPOSITORY,以双重检查它是一个SSH URL还是Git URL。
因为如果它是一个SSH URL,你将需要一个类似以下的 InsteadOf 指令:

git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.acme.com/".insteadOf \
                    git@gitlab.acme.com:

OP NiBE 添加了以下内容:

> 我在流水线中添加了 cat $HOME/.gitconfig:我想看看指令是否被正确添加。
>
> 我看到有很多条目,很可能是每次我尝试运行流水线时都会添加一次(我以为每次运行CI时文件都会消失,但我是在shell而不是在docker中)。
>
> 所以我将其删除,现在可以正常工作了。

英文:

In your test, you tried to clone using an SSH URL git@gitlab.acme.com:..., which did not work.
Replacing it be an HTTPS with credentials (including a token, to pass 2FA) would make sense.

But in your git config, you replace a Git URL git://gitlab.acme.com/ (not an SSH URL).

Try and display $REPOSITORY first, to double check if it is an SSH or Git URL.
Because if it is an SSH one, you would need an InsteadOf directive like:

git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.acme.com/".insteadOf \
                    git@gitlab.acme.com:

The OP NiBE adds

> I added to the pipeline cat $HOME/.gitconfig: I wanted to see if it was correctly added the directive.
>
> And what I see was that there were a lots of entries, most likely every time I tried the pipeline (I thought the file went away everytime I run the CI, but I'm in shell not in docker).
>
> So I delete it and now works.

huangapple
  • 本文由 发表于 2021年12月22日 18:50:00
  • 转载请务必保留本文链接:https://go.coder-hub.com/70447859.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定