mirror of
https://github.com/golang/go
synced 2024-11-26 13:08:08 -07:00
cmd/go: suppress SSH password prompts when fetching modules or repos
We were already setting GIT_SSH_COMMAND (if unset) to explicitly include 'ControlMaster=no' in order to disable connection pooling. Now we also set 'BatchMode=yes' to suppress password prompts for password-protected keys. While we're here, we also set GCM_INTERACTIVE=never to suppress similar prompts from the Git Credential Manager for Windows. Fixes #44904 Change-Id: Iebb050079ff7dd54d5b944c459ae212e9e6f2579 Reviewed-on: https://go-review.googlesource.com/c/go/+/300157 Trust: Bryan C. Mills <bcmills@google.com> Run-TryBot: Bryan C. Mills <bcmills@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com>
This commit is contained in:
parent
5e4f9b077f
commit
86e42c2fbf
@ -138,6 +138,17 @@ Do not send CLs removing the interior tags from such phrases.
|
|||||||
module root when invoked within the <code>vendor</code> tree.
|
module root when invoked within the <code>vendor</code> tree.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
<h4 id="password-prompts">Password prompts</h4>
|
||||||
|
|
||||||
|
<p><!-- golang.org/issue/44904 -->
|
||||||
|
The <code>go</code> command by default now suppresses SSH password prompts and
|
||||||
|
Git Credential Manager prompts when fetching Git repositories using SSH, as it
|
||||||
|
already did previously for other Git password prompts. Users authenticating to
|
||||||
|
private Git repos with password-protected SSH may configure
|
||||||
|
an <code>ssh-agent</code> to enable the <code>go</code> command to use
|
||||||
|
password-protected SSH keys.
|
||||||
|
</p>
|
||||||
|
|
||||||
<h2 id="runtime">Runtime</h2>
|
<h2 id="runtime">Runtime</h2>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
|
@ -126,7 +126,7 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) {
|
|||||||
base.Fatalf("go get: -insecure flag is no longer supported; use GOINSECURE instead")
|
base.Fatalf("go get: -insecure flag is no longer supported; use GOINSECURE instead")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Disable any prompting for passwords by Git.
|
// Disable any prompting for passwords by Git itself.
|
||||||
// Only has an effect for 2.3.0 or later, but avoiding
|
// Only has an effect for 2.3.0 or later, but avoiding
|
||||||
// the prompt in earlier versions is just too hard.
|
// the prompt in earlier versions is just too hard.
|
||||||
// If user has explicitly set GIT_TERMINAL_PROMPT=1, keep
|
// If user has explicitly set GIT_TERMINAL_PROMPT=1, keep
|
||||||
@ -136,7 +136,10 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) {
|
|||||||
os.Setenv("GIT_TERMINAL_PROMPT", "0")
|
os.Setenv("GIT_TERMINAL_PROMPT", "0")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Disable any ssh connection pooling by Git.
|
// Also disable prompting for passwords by the 'ssh' subprocess spawned by
|
||||||
|
// Git, because apparently GIT_TERMINAL_PROMPT isn't sufficient to do that.
|
||||||
|
// Adding '-o BatchMode=yes' should do the trick.
|
||||||
|
//
|
||||||
// If a Git subprocess forks a child into the background to cache a new connection,
|
// If a Git subprocess forks a child into the background to cache a new connection,
|
||||||
// that child keeps stdout/stderr open. After the Git subprocess exits,
|
// that child keeps stdout/stderr open. After the Git subprocess exits,
|
||||||
// os /exec expects to be able to read from the stdout/stderr pipe
|
// os /exec expects to be able to read from the stdout/stderr pipe
|
||||||
@ -150,7 +153,14 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) {
|
|||||||
// assume they know what they are doing and don't step on it.
|
// assume they know what they are doing and don't step on it.
|
||||||
// But default to turning off ControlMaster.
|
// But default to turning off ControlMaster.
|
||||||
if os.Getenv("GIT_SSH") == "" && os.Getenv("GIT_SSH_COMMAND") == "" {
|
if os.Getenv("GIT_SSH") == "" && os.Getenv("GIT_SSH_COMMAND") == "" {
|
||||||
os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no")
|
os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no -o BatchMode=yes")
|
||||||
|
}
|
||||||
|
|
||||||
|
// And one more source of Git prompts: the Git Credential Manager Core for Windows.
|
||||||
|
//
|
||||||
|
// See https://github.com/microsoft/Git-Credential-Manager-Core/blob/master/docs/environment.md#gcm_interactive.
|
||||||
|
if os.Getenv("GCM_INTERACTIVE") == "" {
|
||||||
|
os.Setenv("GCM_INTERACTIVE", "never")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Phase 1. Download/update.
|
// Phase 1. Download/update.
|
||||||
|
@ -163,7 +163,11 @@ func Init() {
|
|||||||
// assume they know what they are doing and don't step on it.
|
// assume they know what they are doing and don't step on it.
|
||||||
// But default to turning off ControlMaster.
|
// But default to turning off ControlMaster.
|
||||||
if os.Getenv("GIT_SSH") == "" && os.Getenv("GIT_SSH_COMMAND") == "" {
|
if os.Getenv("GIT_SSH") == "" && os.Getenv("GIT_SSH_COMMAND") == "" {
|
||||||
os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no")
|
os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no -o BatchMode=yes")
|
||||||
|
}
|
||||||
|
|
||||||
|
if os.Getenv("GCM_INTERACTIVE") == "" {
|
||||||
|
os.Setenv("GCM_INTERACTIVE", "never")
|
||||||
}
|
}
|
||||||
|
|
||||||
if modRoot != "" {
|
if modRoot != "" {
|
||||||
|
Loading…
Reference in New Issue
Block a user