Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/go: credentials from .netrc are not applied to URLs containing an explicit port #37130

Closed
dhowden opened this issue Feb 7, 2020 · 3 comments
Closed

cmd/go: credentials from .netrc are not applied to URLs containing an explicit port #37130

dhowden opened this issue Feb 7, 2020 · 3 comments
Labels
FrozenDueToAge GoCommand cmd/go NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Go1.15

Comments

@dhowden
Copy link
Contributor

dhowden commented Feb 7, 2020

What version of Go are you using (go version)?

$ go version
go version go1.13.7 darwin/amd64

Does this issue reproduce with the latest release?

Yes

What did you do?

Run a go mod proxy on a custom port (i.e. https://myproxy.mydomain.com:4433).

Setup .netrc:

machine myproxy.mydomain.com
  login username
  password secret

Note: the .netrc spec defines the machine property as the machine name: https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html.

Set GOPROXY env variable:

export GOPROXY="myproxy.mydomain.com:4433"

What did you expect to see?

Auth credentials passed in proxy requests.

What did you see instead?

No auth credentials passed in proxy requests.

Work around

Note: it is possible to get around this by adding the port to the machine name property in the .netrc file.

machine myproxy.mydomain.com:4433
  login username
  password secret

CC: @bcmills
@gopherbot
Copy link

Change https://golang.org/cl/218418 mentions this issue: cmd/go/internal/auth: fix .netrc lookup for URLs with specified port

@bcmills bcmills added the NeedsFix The path to resolution is known, but the work has not been done. label Feb 7, 2020
@bcmills bcmills added this to the Go1.15 milestone Feb 7, 2020
@bcmills bcmills added the GoCommand cmd/go label Feb 7, 2020
@bcmills bcmills changed the title Matching .netrc machine name fails if URL has specified port cmd/go: credentials from .netrc are not applied to URLs containing an explicit port Feb 7, 2020
@marwan-at-work
Copy link
Contributor

Hi there 👋

Just FYI this is a bit of a breaking change.

Using Go 1.14.4, all machine values must have a PORT associated and the lack of PORT would cause Go to not forward credentials.

But using the latest Go build from master, the behavior is totally reversed.

Therefore, a Proxy maintainer must tell their users to set both a machine with a port and a machine without a port in their .netrc file just to make sure we cover our bases with whatever Go version they have.

CC: @bcmills

@jayconrod
Copy link
Contributor

I think the 1.14 behavior was buggy, and the 1.15 behavior is correct, so let's not change this further.

The netrc spec (such as it is) doesn't say anything about ports. My assumption is that the machine name is supposed to be just a host name without a port.

That seems to be consistent with curl's behavior. Given a netrc file, curl won't match entries with a port as part of a machine name. It will match entries without a port when the destination has a port.

@golang golang locked and limited conversation to collaborators Jul 21, 2021
@rsc rsc unassigned dhowden and bcmills Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge GoCommand cmd/go NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Go1.15
Development

No branches or pull requests
5 participants
@dhowden @jayconrod @bcmills @gopherbot @marwan-at-work