unable to get go package from private github repository - bash

Had this working perfectly before I had my computer refreshed, now I now am unable to pull packages from my orgs private github repository. At this time I only need an ssh private key to clone the repository, i am not aware of any 2fA requirement. I have spent hours already trying to resolve this, from what i read this is what I think should work, omitting sensitive variable values.
Error i was getting was unknown versions, but I changed some stuff and now i am getting "ssh: Could not resolve hostname".
#!/bin/bash
export GOPATH="$HOME/go"
export GOBIN="$HOME/go/bin"
export GOPRIVATE="github.com/${GITHUB_ORG}"
go env -w GO111MODULE="on"
go env -w GOPRIVATE="github.com/${GITHUB_ORG}"
git config --global url."git#github.com:".insteadOf "https://github.com/"
pushd ~/.ssh
eval $(ssh-agent);
ssh-add "${GITHUB_PRIVATE_KEY_PATH}"
popd
go get package "github.com/${GITHUB_ORG}/${GITHUB_REPO}/${GO_PACKAGE}"

The command you posted is missing the url.ssh in the git config.
You can try by changing git to use ssh instead of https so that you can fetch private go repositories using go get.
Suggestion -
git config --global url.ssh://git#github.com/.insteadOf https://github.com/

Related

How does golang import github private library dependencies [duplicate]

I'm searching for the way to get $ go get work with private repository, after many google try.
The first try:
$ go get -v gitlab.com/secmask/awserver-go
Fetching https://gitlab.com/secmask/awserver-go?go-get=1
https fetch failed.
Fetching http://gitlab.com/secmask/awserver-go?go-get=1
Parsing meta tags from http://gitlab.com/secmask/awserver-go?go-get=1 (status code 200)
import "gitlab.com/secmask/awserver-go": parse http://gitlab.com/secmask/awserver-go?go-get=1: no go-import meta tags
package gitlab.com/secmask/awserver-go: unrecognized import path "gitlab.com/secmask/awserver-go
Yep, it did not see the meta tags because I could not know how to provide login information.
The second try:
Follow https://gist.github.com/shurcooL/6927554. Add config to .gitconfig.
[url "ssh://git#gitlab.com/"]
insteadOf = https://gitlab.com/
$ go get -v gitlab.com/secmask/awserver-go --> not work
$ go get -v gitlab.com/secmask/awserver-go.git --> work but I got src/gitlab.com/secmask/awserer-go.git
Yes it work but with .git extension with my project name, I can rename it to original but do it everytime $ go get is not so good, is there an otherway?
You have one thing to configure. The example is based on GitHub but this shouldn't change the process:
$ git config --global url.git#github.com:.insteadOf https://github.com/
$ cat ~/.gitconfig
[url "git#github.com:"]
insteadOf = https://github.com/
$ go get github.com/private/repo
For Go modules to work (with Go 1.11 or newer), you'll also need to set the GOPRIVATE variable, to avoid using the public servers to fetch the code:
export GOPRIVATE=github.com/private/repo
The proper way is to manually put the repository in the right place. Once the repository is there, you can use go get -u to update the package and go install to install it. A package named
github.com/secmask/awserver-go
goes into
$GOPATH/src/github.com/secmask/awserver-go
The commands you type are:
cd $GOPATH/src/github.com/secmask
git clone git#github.com:secmask/awserver-go.git
I had a problem with go get using private repository on gitlab from our company.
I lost a few minutes trying to find a solution. And I did find this one:
You need to get a private token at:
https://gitlab.mycompany.com/profile/account
Configure you git to add extra header with your private token:
$ git config --global http.extraheader "PRIVATE-TOKEN: YOUR_PRIVATE_TOKEN"
Configure your git to convert requests from http to ssh:
$ git config --global url."git#gitlab.mycompany.com:".insteadOf "https://gitlab.mycompany.com/"
Finally you can use your go get normally:
$ go get gitlab.com/company/private_repo
For people using private GitLabs, here's a snippet that may help: https://gist.github.com/MicahParks/1ba2b19c39d1e5fccc3e892837b10e21
Also pasted below:
Problem
The go command line tool needs to be able to fetch dependencies from your private GitLab, but authenticaiton is required.
This assumes your private GitLab is hosted at privategitlab.company.com.
Environment variables
The following environment variables are recommended:
export GO111MODULE=on
export GOPRIVATE=privategitlab.company.com # this is comma delimited if using multiple private repos
The above lines might fit best in your shell startup, like a ~/.bashrc.
Explanation
GO111MODULE=on tells Golang command line tools you are using modules. I have not tested this with projects not using
Golang modules on a private GitLab.
GOPRIVATE=privategitlab.company.com tells Golang command line tools to not use public internet resources for the hostnames
listed (like the public module proxy).
Get a personal access token from your private GitLab
To future proof these instructions, please follow this guide from the GitLab docs.
I know that the read_api scope is required for Golang command line tools to work, and I may suspect read_repository as
well, but have not confirmed this.
Set up the ~/.netrc
In order for the Golang command line tools to authenticate to GitLab, a ~/.netrc file is best to use.
To create the file if it does not exist, run the following commands:
touch ~/.netrc
chmod 600 ~/.netrc
Now edit the contents of the file to match the following:
machine privategitlab.company.com login USERNAME_HERE password TOKEN_HERE
Where USERNAME_HERE is replaced with your GitLab username and TOKEN_HERE is replaced with the access token aquired in the
previous section.
Common mistakes
Do not set up a global git configuration with something along the lines of this:
git config --global url."git#privategitlab.company.com:".insteadOf "https://privategitlab.company.com"
I beleive at the time of writing this, the SSH git is not fully supported by Golang command line tools and this may cause
conflicts with the ~/.netrc.
Bonus: SSH config file
For regular use of the git tool, not the Golang command line tools, it's convient to have a ~/.ssh/config file set up.
In order to do this, run the following commands:
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/config
chmod 600 ~/.ssh/config
Please note the permissions on the files and directory above are essentail for SSH to work in it's default configuration on
most Linux systems.
Then, edit the ~/.ssh/config file to match the following:
Host privategitlab.company.com
Hostname privategitlab.company.com
User USERNAME_HERE
IdentityFile ~/.ssh/id_rsa
Please note the spacing in the above file matters and will invalidate the file if it is incorrect.
Where USERNAME_HERE is your GitLab username and ~/.ssh/id_rsa is the path to your SSH private key in your file system.
You've already uploaded its public key to GitLab. Here are some instructions.
All of the above did not work for me. Cloning the repo was working correctly but I was still getting an unrecognized import error.
As it stands for Go v1.13, I found in the doc that we should use the GOPRIVATE env variable like so:
$ GOPRIVATE=github.com/ORGANISATION_OR_USER_NAME go get -u github.com/ORGANISATION_OR_USER_NAME/REPO_NAME
Generate a github oauth token here and export your github token as an environment variable:
export GITHUB_TOKEN=123
Set git config to use the basic auth url:
git config --global url."https://$GITHUB_TOKEN:x-oauth-basic#github.com/".insteadOf "https://github.com/"
Now you can go get your private repo.
If you've already got git using SSH, this answer by Ammar Bandukwala is a simple workaround:
$ go get uses git internally. The following one liners will make git and consequently $ go get clone your package via SSH.
Github:
$ git config --global url."git#github.com:".insteadOf "https://github.com/"
BitBucket:
$ git config --global url."git#bitbucket.org:".insteadOf "https://bitbucket.org/"
I came across .netrc and found it relevant to this.
Create a file ~/.netrc with the following content:
machine github.com
login <github username>
password <github password or Personal access tokens >
Done!
Additionally, for latest GO versions, you might need to add this to the environment variables GOPRIVATE=github.com
(I've added it to my .zshrc)
netrc also makes my development environment setup better as my personal github access for HTTPS is been configured now to be used across the machine (just like my SSH configuration).
Generate GitHub personal access tokens: https://github.com/settings/tokens
See this answer for its use with Git on Windows specifically
Ref: netrc man page
If you want to stick with the SSH authentication, then mask the request to use ssh forcefully
git config --global url."git#github.com:".insteadOf "https://github.com/"
More methods for setting up git access: https://gist.github.com/technoweenie/1072829#gistcomment-2979908
That looks like the GitLab issue 5769.
In GitLab, since the repositories always end in .git, I must specify .git at the end of the repository name to make it work, for example:
import "example.org/myuser/mygorepo.git"
And:
$ go get example.org/myuser/mygorepo.git
Looks like GitHub solves this by appending ".git".
It is supposed to be resolved in “Added support for Go's repository retrieval. #5958”, provided the right meta tags are in place.
Although there is still an issue for Go itself: “cmd/go: go get cannot discover meta tag in HTML5 documents”.
After trying multiple solutions my problem still persisted. The final solution after setting up the ~/.netrc and SSH config file, was to add the following line to my ~/.bash_profile
export GOPRIVATE="github.com/[organization]"
I have created a user specific ssh-config, so my user automatically logs in with the correct credentials and key.
First I needed to generate an key-pair
ssh-keygen -t rsa -b 4096 -C "my#email.here"
and saved it to e.g ~/.ssh/id_my_domain. Note that this is also the keypair (private and public) I've connected to my Github account, so mine is stored in~/.ssh/id_github_com.
I have then created (or altered) a file called ~/.ssh/config with an entry:
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_github_com
On another server, the "ssh-url" is admin#domain.com:username/private-repo.git and the entry for this server would have been:
Host domain.com
HostName domain.com
User admin
IdentityFile ~/.ssh/id_domain_com
Just to clarify that you need ensure that the User, Host and HostName is set correctly.
Now I can just browse into the go path and then go get <package>, e.g go get main where the file main/main.go includes the package (from last example above) domain.com:username/private-repo.git.
For me, the solutions offered by others still gave the following error during go get
git#gl.nimi24.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
What this solution required
As stated by others:
git config --global url."git#github.com:".insteadOf "https://github.com/"
Removing the passphrase from my ./ssh/id_rsa key which was used for authenticating the connection to the repository. This can be done by entering an empty password when prompted as a response to:
ssh-keygen -p
Why this works
This is not a pretty workaround as it is always better to have a passphrase on your private key, but it was causing issues somewhere inside OpenSSH.
go get uses internally git, which uses openssh to open the connection. OpenSSH takes the certs necessary for authentication from .ssh/id_rsa. When executing git commands from the command line an agent can take care of opening the id_rsa file for you so that you do not have to specify the passphrase every time, but when executed in the belly of go get, this did not work somewhy in my case. OpenSSH wants to prompt you then for a password but since it is not possible due to how it was called, it prints to its debug log:
read_passphrase: can't open /dev/tty: No such device or address
And just fails. If you remove the passphrase from the key file, OpenSSH will get to your key without that prompt and it works
This might be caused by Go fetching modules concurrently and opening multiple SSH connections to Github at the same time (as described in this article). This is somewhat supported by the fact that OpenSSH debug log showed the initial connection to the repository succeed, but later tried it again for some reason and this time opted to ask for a passphrase.
However the solution of using SSH connection multiplexing as put forward in the mentioned article did not work for me. For the record, the author suggested adding the collowing conf to the ssh config file for the affected host:
ControlMaster auto
ControlPersist 3600
ControlPath ~/.ssh/%r#%h:%p
But as stated, for me it did not work, maybe I did it wrong
After setting up GOPRIVATE and git config ...
People may still meeting problems like this when fetching private source:
https fetch: Get "https://private/user/repo?go-get=1": EOF
They can't use private repo without .git extension.
The reason is the go tool has no idea about the VCS protocol of this repo, git or svn or any other, unlike github.com or golang.org them are hardcoded into go's source.
Then the go tool will do a https query before fetching your private repo:
https://private/user/repo?go-get=1
If your private repo has no support for https request, please use replace to tell it directly :
require private/user/repo v1.0.0
...
replace private/user/repo => private.server/user/repo.git v1.0.0
https://golang.org/cmd/go/#hdr-Remote_import_paths
Make sure you remove your previous gitconfigs, I had the same issue.
Previously I executed gitconfig whose token was expired, when you execute the command next time with new token make sure to delete previous one.
first I tried
[url "ssh://git#github.com/"]
insteadOf = https://github.com/
but it didn't worked for my local.
I tried
ssh -t git#github.com
and it shows my ssh is fine.
finally, I fix the problem to tell the go get to consider all as private and use ssh instead of HTTPS.
adding export GOPRIVATE=*
For standalone/final repos, an as a quick fix, why don't just to name the module within the go.mod as a package using your company's domain ... ?
module go.yourcompany.tld/the_repo
go.yourcompany.tld don't even have to exist as a valid (sub)domain...
Also, in the same go.mod you can use replacement block/lines to use private repos previously cloned the same way (within a respective folder cloned also in $GOPATH/src/go.yourcompany.tld) (why do we have to depend too much in GitHub?)
Edit
Needless to say that a private repo usually shall be a private repo, typically a standard git repo, right? With that, why not just to git clone and then go get within the cloned folder?
It's Hard Code In Go Get. Not The Git Reason. So Modify Go Source.
Reason:
repoRootForImportDynamic Will Request: https://....go-get
// RepoRootForImportPath analyzes importPath to determine the
// version control system, and code repository to use.
func RepoRootForImportPath(importPath string, mod ModuleMode, security web.SecurityMode) (*RepoRoot, error) {
rr, err := repoRootFromVCSPaths(importPath, security, vcsPaths)
if err == errUnknownSite {
rr, err = repoRootForImportDynamic(importPath, mod, security)
if err != nil {
err = importErrorf(importPath, "unrecognized import path %q: %v", importPath, err)
}
}
if err != nil {
rr1, err1 := repoRootFromVCSPaths(importPath, security, vcsPathsAfterDynamic)
if err1 == nil {
rr = rr1
err = nil
}
}
So add gitlab domain to vcsPaths will ok.
Download go source code:
vi ./src/cmd/go/internal/vcs/vcs.go
Look for code below:
var vcsPaths = []*vcsPath{
// GitHub
{
pathPrefix: "github.com",
regexp: lazyregexp.New(`^(?P<root>github\.com/[A-Za-z0-9_.\-]+/[A-Za-z0-9_.\-]+)(/[A-Za-z0-9_.\-]+)*$`),
vcs: "git",
repo: "https://{root}",
check: noVCSSuffix,
},
add Code As Follow,XXXX Is Your Domain:
// GitLab
{
pathPrefix: "gitlab.xxxx.com",
regexp: lazyregexp.New(`^(?P<root>gitlab.xxxx\.com/[A-Za-z0-9_.\-]+/[A-Za-z0-9_.\-]+)(/[A-Za-z0-9_.\-]+)*$`),
vcs: "git",
repo: "https://{root}",
check: noVCSSuffix,
},
compile and replace go.

Get a private repository from AWS codecommit using HTTPS GRC

I'm trying to import a module located in AWS codecommit. To clone the repository I'm using HTTPS GRC (Git Remote Codecommit) method, which uses Google Suite credentials to access AWS console.
The command I use to clone the repository is:
git clone codecommit::us-west-2://my-module
The remote module's go.mod file contains this:
module git-codecommit.us-west-2.amazonaws.com/my-module.git
I tried to achieve my goal configuring Git like this:
git config --global url."codecommit::us-west-2://".insteadOf "https://git-codecommit.us-west-2.amazonaws.com/"
Setted GOPRIVATE:
go env -w GOPRIVATE=git-codecommit.us-west-2.amazonaws.com/my-module.git
And then getting the repository:
go get -x git-codecommit.us-west-2.amazonaws.com/my-module.git
but I get this output (and the execution gets stuck):
cd.
git ls-remote https://git-codecommit.us-west-2.amazonaws.com/my-module
I would like to mention that when I execute the git ls-remote https://git-codecommit.us-west-2.amazonaws.com/my-module command manually I get the information of the branches and tags without problems.
I checked this topic but in that case SSH protocol is used instead of HTTP GRC. Maybe the only way to import a module from a private repository is via SSH?
Finally found the solution:
Set Git credential helper:
git config --global credential.helper '!aws codecommit credential-helper $#'
git config --global credential.UseHttpPath true
Set GOPRIVATE env var:
go env -w GOPRIVATE=git-codecommit.us-west-2.amazonaws.com
In MacOS, disable keychain for Git:
Comment helper = osxkeychain in the file containing that value (run git config -l --show-origin | grep credential to find the target file)
Run go get:
go get git-codecommit.us-west-2.amazonaws.com/v1/repos/my-module.git

Build Go project in Jenkins with dependencies in private BitBucket repository using SSH keys

I'm trying to set up automated build for Go projects. We have some internal dependencies however available on our private BitBucket. Credentials are needed however to have go access these. I'm able to read the main repo using option Git and SSH but I'm able to download the dependencies from BitBucket.
I already tried with:
git config --global url."git#bitbucket.org:".insteadOf "https://bitbucket.org/"
export 'GOPRIVATE=bitbucket.org/*'
however this doesn't seem work, since the output:
+ go version
22:33:27 go version go1.16.4 darwin/arm64
+ go test
22:33:29 go: missing Mercurial command. See https://golang.org/s/gogetcmd
22:33:30 go: bitbucket.org/repositorie_url: reading https://api.bitbucket.org/2.0/repositorie_url/dependency_repo 403 Forbidden
22:33:30 server response: Access denied. You must have write or admin access.
How could I make sure go get or go install gets access to our private repository in a secure way?
NOTE: go test sems to ignore git configuration and it's trying to reach dependencies from https, in addition I have some Mercurial errors.
Go private dependencies are a bit complicated to resolve. Try downloading the dependencies before you do go test or anything else. There are 2 solutions I can present, try and let me know which one worked for you:
1. Using ssh key
When you have a ssh key that has access to the private repos, try this
(Assuming the ssh is stored and retrived as env var with name BITBUCKET_SSH_KEY) :
mkdir -p ~/.ssh
echo "$BITBUCKET_SSH_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keygen -F bitbucket.org || ssh-keyscan bitbucket.org >>~/.ssh/known_hosts
git config --global url."git#bitbucket.org:".insteadOf "https://bitbucket.org/"
go env -w GOPRIVATE=bitbucket.org
go mod download
2. Using .netrc
You can generate a login token from bitbucket. With this token, have two env vars BITBUCKET_LOGIN and BITBUCKET_TOKEN and then try following:
go env -w GOPRIVATE=bitbucket.org
echo "machine bitbucket.org login ${BITBUCKET_LOGIN} password ${BITBUCKET_TOKEN}" > ~/.netrc
go mod download
Hello I finally found the error and the issue was:
the $PATH of the enviroment!
Seams that the computer has a different path of the default path of jenkins.
If you want to use a certain enviroment of your local computer you should add a new variable $PATH in the enviroment, print $PATH in the local cmd and compare the $PATH on jenkinsfile
the solution in jenkinsfile:
pipeline {
agent {
label 'macmini'
}
environment {
PATH = "$HOME/go/bin:" +
"/usr/local/bin:/Library/Apple/usr/bin" +
"$PATH"...
}
}
console:
echo $PATH
# overrite $PATH enviroment
$PATH = "$HOME/go/bin:" +
"$HOME/go/bin:" +
"/usr/local/bin:/Library/Apple/usr/bin" +
"$PATH"...

Unable to go get from private Gitlab repository [duplicate]

This question already has answers here:
What's the proper way to "go get" a private repository?
(17 answers)
Closed 2 years ago.
I want to use go get to get a package located in a private GitLab repository. My go version is go1.15.4 darwin/amd64. And the current directory has a go.mod file.
When I run go get -v git.xxx.com/path-to/package#v0.0.3, It shows
get "git.xxx.com/path-to/package": found meta tag get.metaImport{Prefix:"git.xxx.com/path-to/package", VCS:"git", RepoRoot:"https://git.xxx.com/path-to/package.git"} at //git.xxx.com/path-to/package?go-get=1
get "git.xxx.com/path-to": found meta tag get.metaImport{Prefix:"git.xxx.com/path-to", VCS:"git", RepoRoot:"https://git.xxx.com/path-to.git"} at //git.xxx.com/path-to?go-get=1
Enter passphrase for key '~/.ssh/id_rsa':
And after I input my password it hangs for hours without showing anything.
I also tried-
$ sudo go get git.xxx.com/path-to/package#v0.0.3
go get git.xxx.com/path-to/package#v0.0.3: git.xxx.com/path-to/package#v0.0.3: invalid version: unknown revision v0.0.3
But the repository indeed has a tag v0.0.3. And If I try without version-
$ sudo go get git.xxx.com/path-to/package
go get git.xxx.com/path-to/package: module git.xxx.com/path-to/package: git ls-remote -q origin in ~/go/pkg/mod/cache/vcs/bcb4baa8ab83c8bb452456922f12d22e1981b76bd2649d163d0c53c6: exit status 128:
gitlab#git.xxx.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
But I can clone this repository. So I have access rights and have this in ~/.gitconfig file
[url "ssh://gitlab#git.xxx.com:2222/"]
insteadOf = https://git.xxx.com/
Note that, everything was okay in my system (I could use go get) until I ran this command go clean -cache -modcache -i -r following this blog.
I am wondering why the port in the git config?, maybe is not the root cause but you can try
[url "git#gitlab.com:"]
insteadOf = https://gitlab.com/
Let's assume that you already set .git config sshd_config correctly.
You can try
cd $HOME # out of gopath
env GO111MODULE=off go get git.xxx.com/path-to/package
you can try use GOPRIVATe evn variable
https://golang.org/cmd/go/#hdr-Module_configuration_for_non_public_modules

Go Mod Private Repo

So I have a private repo that my main.go imports. I'm getting this error when I do a go build:
cannot find module for path
Do I need to do anything special for a private repo? I have been googling and can't find any good information. It works fine with dep.
Do this
git config --global --add url."git#your-repo.com:".insteadOf "https://your-repo.com/"
export GOPRIVATE='your-repo.com'
Make sure your git clone via ssh works.
(Answer duplicated from this SO Question)
I wrote up a solution for this on Medium: Go Modules with Private Git Repositories.
The way we handle it is basically the same as the answer from Alex Pliutau, and the blog goes into some more detail with examples for how to set up your git config with tokens from GitHub/GitLab/BitBucket. It also goes into a working Dockerfile example for using modules with private repos.
The relevant bit for GitLab:
git config --global \
url."https://oauth2:${personal_access_token}#privategitlab.com".insteadOf \
"https://privategitlab.com"
#or
git config --global \
url."https://${user}:${personal_access_token}#privategitlab.com".insteadOf \
"https://privategitlab.com"
I hope it's helpful.
You should use a SSH Key to fetch your repository, check if your SSH key is in system keychain too:
ssh-add -K ~/.ssh/id_rsa
Given that such a private repo is often in active development, I personally simply clone it to the "proper" location in my $GOPATH and use the source management (e.g. git) as you would any other project. Adding the SSH key as in Rodrigo's answer is great, but if you are actively developing the private repo anyway, the extra step to clone it to the right directory isn't by any means a difficult step vs being able to go get it.
So, for example, for a private repo hosted on Github, I would cd to $GOHOME/src/github.com/git-username-for-repo then git clone the-repo

Resources