This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2019-12-07
Channels
- # adventofcode (62)
- # babashka (88)
- # beginners (52)
- # boot (2)
- # bristol-clojurians (1)
- # calva (7)
- # cider (15)
- # circleci (4)
- # clj-kondo (12)
- # cljdoc (5)
- # cljsrn (4)
- # clojure (53)
- # clojure-dev (1)
- # clojure-spec (7)
- # clojure-uk (7)
- # clojurescript (25)
- # core-async (14)
- # duct (1)
- # emacs (10)
- # figwheel-main (3)
- # fulcro (11)
- # garden (14)
- # jobs (1)
- # klipse (2)
- # luminus (1)
- # malli (9)
- # re-frame (6)
- # reagent (13)
- # remote-jobs (1)
- # shadow-cljs (124)
- # sql (1)
- # testing (15)
- # tools-deps (13)
- # uncomplicate (1)
- # vim (1)
but related, I discovered pulling private repositories with gitlibs was not possible with HTTP auth
when using github tokens for automation tooling this can be an issue for finer grained repo access control
I have the following patch if you think this is worth considering: https://github.com/pyr/tools.gitlibs/commit/6b5c18d37450cd86afb70130a126c242f3fad4b9
We don't want any credentials to show up in deps.edn - with this you'd have plaintext passwords in git urls wouldn't you?
we've had a lot of discussion about https auth (https://clojure.atlassian.net/projects/TDEPS/issues/TDEPS-91, https://clojure.atlassian.net/browse/TDEPS-33) and I think the main question to resolve is whether we keep doing jgit or whether we start shelling out to git and I've been trying to get that decision up to the top of my stack (and even briefly did so a couple months ago before I was interrupted).
If we're using git auth, you have a few different choices - I don't think anyone wants to manually type in passwords every time (or any time) and that ruins pretty much any automation workflow, but you can use "store" mode (stored in cleartext file), or "oskeychain" mode on mac, or the "Git Credential Manager for Windows" mode on windows which uses Windows Credential Store, or I think there may be other more generic password oracle options for Git.
If we're using jgit, then it's a matter of where we can read pws from - again you talk to os-dependent things like the keychain, credentials store, etc but we're probably building that ourselves (or maybe something exists, don't know)
But my main constraint is, don't put it in deps.edn.
@alexmiller OK understood. A possible alternative is to go with the NetRCCredentialsProvider. Shelling out to git would solve these issues