Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/go: allow empty login in auth by netrc #65260

Open
Nikolo opened this issue Jan 24, 2024 · 3 comments · May be fixed by #65261
Open

cmd/go: allow empty login in auth by netrc #65260

Nikolo opened this issue Jan 24, 2024 · 3 comments · May be fixed by #65261
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Backlog

Comments

@Nikolo
Copy link

Nikolo commented Jan 24, 2024

Go version

go1.21.5

Output of go env in your module/workspace:

GO111MODULE='on'
GOARCH='amd64'
GOBIN=''
GOCACHE='/Users/user/Library/Caches/go-build'
GOENV='/Users/user/Library/Application Support/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='darwin'
GOINSECURE=''
GOMODCACHE='/Users/user/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='darwin'
GOPATH='/Users/user/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/darwin_amd64'
GOVCS=''
GOVERSION='go1.21.5'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='clang'
CXX='clang++'
CGO_ENABLED='1'
GOMOD='/dev/null'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/vq/9n1pv8293l11cjymd29rgw580000gn/T/go-build1346028295=/tmp/go-build -gno-record-gcc-switches -fno-common'

What did you do?

> cat ~/.netrc
machine gitlab.tst
        password mysupergitlabtoken
> go get -v gitlab.tst/repos-group/group/clients/rest-api

What did you see happen?

get "gitlab.tst/repos-group/group/clients/rest-api": found meta tag vcs.metaImport{Prefix:"gitlab.tst/repos-group/group", VCS:"git", RepoRoot:"https://gitlab.tst/repos-group/group.git"} at //gitlab.tst/repos-group/group/clients/rest-api?go-get=1
get "gitlab.tst/repos-group/group/clients/rest-api": verifying non-authoritative meta tag
get "gitlab.tst/repos-group/group": found meta tag vcs.metaImport{Prefix:"gitlab.tst/repos-group/group", VCS:"git", RepoRoot:"https://gitlab.tst/repos-group/group.git"} at //gitlab.tst/repos-group/group?go-get=1
get "gitlab.tst/repos-group/group/clients": found meta tag vcs.metaImport{Prefix:"gitlab.tst/repos-group/group", VCS:"git", RepoRoot:"https://gitlab.tst/repos-group/group.git"} at //gitlab.tst/repos-group/group/clients?go-get=1
get "gitlab.tst/repos-group/group/clients": verifying non-authoritative meta tag
go: module gitlab.tst/repos-group/group/clients/rest-api: git ls-remote -q origin in /Users/user/go/pkg/mod/cache/vcs/225e4231081a94e6d2e9c56371c08d80c434ed56436907dc63786a54910fa3bc: exit status 128:
        remote: 
        remote: ========================================================================
        remote: 
        remote: The project you were looking for could not be found or you don't have permission to view it.
        remote: 
        remote: ========================================================================
        remote: 
        fatal: Could not read from remote repository.

        Please make sure you have the correct access rights
        and the repository exists.

What did you expect to see?

get "gitlab.tst/repos-group/group/clients": found meta tag vcs.metaImport{Prefix:"gitlab.tst/repos-group/group", VCS:"git", RepoRoot:"https://gitlab.tst/repos-group/group.git"} at //gitlab.tst/repos-group/group/clients?go-get=1
get "gitlab.tst/repos-group/group/clients": verifying non-authoritative meta tag
get "gitlab.tst/repos-group/group": found meta tag vcs.metaImport{Prefix:"gitlab.tst/repos-group/group", VCS:"git", RepoRoot:"https://gitlab.tst/repos-group/group.git"} at //gitlab.tst/repos-group/group?go-get=1
get "gitlab.tst/repos-group/group/clients/rest-api": found meta tag vcs.metaImport{Prefix:"gitlab.tst/repos-group/group/clients/rest-api", VCS:"git", RepoRoot:"https://gitlab.tst/repos-group/group/clients/rest-api.git"} at //gitlab.tst/repos-group/group/clients/rest-api?go-get=1
go: warning: github.com/armon/go-metrics@v0.3.11: retracted by module author: Introduced undocumented breaking change to metrics sink interface
go: to switch to the latest unretracted version, run:
        go get github.com/armon/go-metrics@latest

Why?

> curl -n "https://gitlab.tst/repos-group/group/clients/rest-api?go-get=1"
<html><head><meta name="go-import" content="gitlab.tst/repos-group/group/clients/rest-api git https://gitlab.tst/repos-group/group/clients/rest-api.git"><meta name="go-source" content="gitlab.tst/repos-group/group/clients/rest-api https://gitlab.tst/repos-group/group/clients/rest-api https://gitlab.tst/repos-group/group/clients/rest-api/-/tree/develop{/dir} https://gitlab.tst/repos-group/group/clients/rest-api/-/blob/develop{/dir}/{file}#L{line}"></head><body>go get https://gitlab.tst/repos-group/group/clients/rest-api</body></html>%

curl use empty login if login not specified in .netrc and it's work normally because gitlab uses only password from authorization token.

Proff:

# curl -n -v "https://git.tst/repos-group/group/clients/rest-api?go-get=1"
...
> GET /repos-group/group/clients/rest-api?go-get=1 HTTP/1.1
> Host: git.tst
> Authorization: Basic Om15c3VwZXJnaXRsYWJ0b2tlbg==
> User-Agent: curl/8.4.0
> Accept: */*
...
@bcmills
Copy link
Contributor

bcmills commented Jan 24, 2024

Note that the net/http package itself doesn't have any built-in support for .netrc files; cmd/go uses its own parser based on the documentation found at https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html.

Per that documentation (emphasis mine):

‘login name’
Identify a user on the remote machine. If this token is present, the auto-login process will initiate a login using the specified name.

That seems to imply that if the login token is not present, the auto-login process should not initiate a login.

See also:

which seems to suggest that GitHub takes the opposite approach, encoding the token as the login rather than the password.

Nikolo added a commit to Nikolo/go that referenced this issue Jan 24, 2024
@Nikolo
net/http: allow empty login in .netrc
de3cc16 
curl successfuly parse netrc file without login field.
Where to need? For example gitlab uses only password from authorization header while `go get`

Fixes golang#65260
@Nikolo Nikolo linked a pull request Jan 24, 2024 that will close this issue
Open
@gopherbot
Copy link

Change https://go.dev/cl/557956 mentions this issue: net/http: allow empty login in .netrc

@cherrymui cherrymui changed the title net/http: allow empty login in auth by netrc cmd/go: allow empty login in auth by netrc Jan 24, 2024
@cherrymui cherrymui added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Jan 24, 2024
@cherrymui cherrymui added this to the Backlog milestone Jan 24, 2024
Nikolo added a commit to Nikolo/go that referenced this issue Jan 29, 2024
@Nikolo
Fix test for golang#65260
2264a7b
@Nikolo
Copy link
Author

Nikolo commented Mar 19, 2024

Per that documentation (emphasis mine):

‘login name’
Identify a user on the remote machine. If this token is present, the auto-login process will initiate a login using the specified name.

That seems to imply that if the login token is not present, the auto-login process should not initiate a login.

Maybe if the login token is not present, the auto-login process should initiate without a login name?

For example, curl successfully parses the netrc file without a login field.
Where is it needed?
For example, GitLab uses only the password field from the authorization header.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Backlog
Development

Successfully merging a pull request may close this issue.

net/http: allow empty login in .netrc Nikolo/go
4 participants
@Nikolo @bcmills @gopherbot @cherrymui