I am working in a Docker container with git --version 2.20.1, the base image is Debian 10. I would like to clone a git repository through HTTPS using GIT_ASKPASS or even better the configuration property core.askpass. Here is what I tried:
GIT_ASKPASS=$(mktemp) && chmod a+rx $GIT_ASKPASS && export GIT_ASKPASS
cat > $GIT_ASKPASS <<< '#!/bin/bash
exec printf "$JENKINS_CREDENTIALS_USR\n$JENKINS_CREDENTIALS_PSW\n"
'
Originally I was running it in Jenkins, but I saw that I am able to reproduce the same issue in a simple docker container. $JENKINS_CREDENTIALS_USR and $JENKINS_CREDENTIALS_PSW are defined like this:
JENKINS_CREDENTIALS_USR=myuser
JENKINS_CREDENTIALS_PSW=mypass
export JENKINS_CREDENTIALS_USR
export JENKINS_CREDENTIALS_PSW
I have not any global configuration property set. ~/.git-credentials does not exist. The error is:
fatal: Authentication failed for 'https://myserver.com/git/project.git/'
It works by specifying the username in the HTTPS url, like this
git clone https://jenkins@myserver.com/git/project.git .
and printing the password only in the script pointed by GIT_ASKPASS, so I am wondering why it does not work without the username in the url. The documentation clearly says that
If the
GIT_ASKPASSenvironment variable is set, the program specified by the variable is invoked. A suitable prompt is provided to the program on the command line, and the user's input is read from its standard output.
Because when I try to clone, I am asked for both username and password, what is wrong with the original GIT_ASKPASS script?
I found the solution here. All credits go to @AlexeyPelykh, I just adapted his script.
When trying to git clone, our shell script is called once for each prompted line, basically:
$GIT_ASKPASS "Username for ..."
$GIT_ASKPASS "Password for ..."
The problem in my original script is that it returns both the username and password independently from what I am asked for. That is also the reason why in the second case (with the username specified in the URL), it works, in fact I just need the password and it returns only that.
This is how I changed my original script to make it work with GIT_ASKPASS:
GIT_ASKPASS=$(mktemp) && chmod a+rx $GIT_ASKPASS && export GIT_ASKPASS
cat > $GIT_ASKPASS <<< '#!/bin/bash
case "$1" in
Username*) exec echo "$JENKINS_CREDENTIALS_USR" ;;
Password*) exec echo "$JENKINS_CREDENTIALS_PSW" ;;
esac
'
In case you want to use the configuration variable core.askPass, replace the first two line with these ones:
git_askPass_script=$(mktemp) && chmod a+rx $git_askPass_script
cat > $git_askPass_script <<< '#!/bin/bash
And set the configuration variable with:
git config --global core.askPass "$git_askPass_script"
Or even better
git -c core.askPass="$git_askPass_script" clone ...