mirror of
https://github.com/golang/go
synced 2024-11-22 21:10:03 -07:00
cmd/go: suppress SSH password prompts when fetching modules or repos
We were already setting GIT_SSH_COMMAND (if unset) to explicitly include 'ControlMaster=no' in order to disable connection pooling. Now we also set 'BatchMode=yes' to suppress password prompts for password-protected keys. While we're here, we also set GCM_INTERACTIVE=never to suppress similar prompts from the Git Credential Manager for Windows. Fixes #44904 Change-Id: Iebb050079ff7dd54d5b944c459ae212e9e6f2579 Reviewed-on: https://go-review.googlesource.com/c/go/+/300157 Trust: Bryan C. Mills <bcmills@google.com> Run-TryBot: Bryan C. Mills <bcmills@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com>
This commit is contained in:
parent
5e4f9b077f
commit
86e42c2fbf
@ -138,6 +138,17 @@ Do not send CLs removing the interior tags from such phrases.
|
||||
module root when invoked within the <code>vendor</code> tree.
|
||||
</p>
|
||||
|
||||
<h4 id="password-prompts">Password prompts</h4>
|
||||
|
||||
<p><!-- golang.org/issue/44904 -->
|
||||
The <code>go</code> command by default now suppresses SSH password prompts and
|
||||
Git Credential Manager prompts when fetching Git repositories using SSH, as it
|
||||
already did previously for other Git password prompts. Users authenticating to
|
||||
private Git repos with password-protected SSH may configure
|
||||
an <code>ssh-agent</code> to enable the <code>go</code> command to use
|
||||
password-protected SSH keys.
|
||||
</p>
|
||||
|
||||
<h2 id="runtime">Runtime</h2>
|
||||
|
||||
<p>
|
||||
|
@ -126,7 +126,7 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) {
|
||||
base.Fatalf("go get: -insecure flag is no longer supported; use GOINSECURE instead")
|
||||
}
|
||||
|
||||
// Disable any prompting for passwords by Git.
|
||||
// Disable any prompting for passwords by Git itself.
|
||||
// Only has an effect for 2.3.0 or later, but avoiding
|
||||
// the prompt in earlier versions is just too hard.
|
||||
// If user has explicitly set GIT_TERMINAL_PROMPT=1, keep
|
||||
@ -136,7 +136,10 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) {
|
||||
os.Setenv("GIT_TERMINAL_PROMPT", "0")
|
||||
}
|
||||
|
||||
// Disable any ssh connection pooling by Git.
|
||||
// Also disable prompting for passwords by the 'ssh' subprocess spawned by
|
||||
// Git, because apparently GIT_TERMINAL_PROMPT isn't sufficient to do that.
|
||||
// Adding '-o BatchMode=yes' should do the trick.
|
||||
//
|
||||
// If a Git subprocess forks a child into the background to cache a new connection,
|
||||
// that child keeps stdout/stderr open. After the Git subprocess exits,
|
||||
// os /exec expects to be able to read from the stdout/stderr pipe
|
||||
@ -150,7 +153,14 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) {
|
||||
// assume they know what they are doing and don't step on it.
|
||||
// But default to turning off ControlMaster.
|
||||
if os.Getenv("GIT_SSH") == "" && os.Getenv("GIT_SSH_COMMAND") == "" {
|
||||
os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no")
|
||||
os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no -o BatchMode=yes")
|
||||
}
|
||||
|
||||
// And one more source of Git prompts: the Git Credential Manager Core for Windows.
|
||||
//
|
||||
// See https://github.com/microsoft/Git-Credential-Manager-Core/blob/master/docs/environment.md#gcm_interactive.
|
||||
if os.Getenv("GCM_INTERACTIVE") == "" {
|
||||
os.Setenv("GCM_INTERACTIVE", "never")
|
||||
}
|
||||
|
||||
// Phase 1. Download/update.
|
||||
|
@ -163,7 +163,11 @@ func Init() {
|
||||
// assume they know what they are doing and don't step on it.
|
||||
// But default to turning off ControlMaster.
|
||||
if os.Getenv("GIT_SSH") == "" && os.Getenv("GIT_SSH_COMMAND") == "" {
|
||||
os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no")
|
||||
os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no -o BatchMode=yes")
|
||||
}
|
||||
|
||||
if os.Getenv("GCM_INTERACTIVE") == "" {
|
||||
os.Setenv("GCM_INTERACTIVE", "never")
|
||||
}
|
||||
|
||||
if modRoot != "" {
|
||||
|
Loading…
Reference in New Issue
Block a user