Xcode 9 Authentication fails pushing to Git Server - xcode

I have a set up a private remote git server (not GitHub).
I can perform all operations fine from the command line without problem. This server also works fine with IntelliJ.
From within Xcode I can PULL changes. But mysteriously I cannot push changes even though both require authentication. I am using SSH.
I've seen lots of posts about windows authentication, IIS, and other special cases. But I have not seen anything about being able to pull but not push. And I have no idea where Xcode might write any logging. At the user level it just says Authentication failed. I am using SSH (no certs).
Any advice on where to even start looking would be greatly appreciated.

Posting for posterity, but: check your ssh keys if you are using key-based auth. I was having a devil of a time trying to get Xcode to do any git ops, until I changed the ssh setup to use an RSA key. ECDSA doesn't work. Not sure about any other keys, but apple docs on setting up continuous integration with xcode always talk about RSA keys, which was my clue.

Well it seems this has been broken since Xcode 7, two years ago.
THE solution (all caps because this is the ONLY thing that works) is to put the password in the git server URL. So you can have function or security - but not both. Apparently the Xcode parsing of the git config is VERY VERY defective.
git config --edit
Use THIS exact syntax for the git server URL (assuming ssh without certificate)
url = ssh://username:passwd#server/path/to/project.git
Ugly but works.

Related

Authentication error when pushing toTFS git repository via Xcode 8.3

I am able to perform all git operations via git command line (Terminal),But via Xcode causes an authentication error "Enter your credentials for the repository"
Since this work with Xcode 6.4 but not in Xcode8.3. This may happens cause XCode 7 doesn't support Windows Authentication. It seems to be a common problem amongst users because there are many posts about it in google.
To make it all work you should enable Basic Authentication in your IIS TFS website on "tfs" virtual folder.
Be careful though because basic authentication sends your credentials over network as plain text. Highly recommend you use SSL in this case.
The steps to setup SSL are described in details in the
docs.
Here
you can find what is required to configure Basic Authentication.
A couple of caveats:
username should be entered in domain\user format
do not enable Basic Authentication on the default non-SSL site
Source Link
Also suggest you use Git Credential Manager for Mac and Linux to store credentials for Git version control.

Host key verification failed Xcode with Mavericks Server

I'm trying to get a CI setup going and have got Mavericks server downloaded and linked with Xcode all on one machine.
Here's the set up:
Two git repos, hosted on OS X server, named CI and CISubmodule.
CISubmodule added as a submodule to CI
Every time I add bot I get a Host key verification failed error on integration. It's clear from the logs that the server is unable to clone CISubmodule due to an authentication error (I've tried SSH, HTTP, HTTPS) but I don't know why it's failing authentication.
I've set up the server so that logged in users can read and write.
I've tried everything mentioned here.
I'm guessing it's because the server is running as teamsserver and the repo is probably under my username, but I can't figure out how to give it permission to clone. Could it be that the SSH key requires a password? If so, how do I set it up so that it doesn't need a password any more?
Any guidance would be greatly appreciated.
Thanks,
Simon
I had the same case and I am not sure what happend exactly, I think the reason was I had more remote repository accesses and ssh keys pointing git-server side pointing to the same repository.
Deleting the remote repository accesses and cleaning up authorized_keys file helped.
I can confirm the CI server works with submodules, but make sure the .gitmodules file and xccheckout file point to the same repos
you may need to use passphrase-LESS keys for os x server to properly connect to 3rd party hosted git repos. it cannot connect with there is a passphrase needed.
ssh-keygen -p
it worked for us
One thing that helped me was to change my submodule URLs to use HTTPS instead of SSH.
When doing this, make sure that Xcode is actually using the new URLs. Even though I made the changes and pushed them, Xcode was caching the SSH URLs and using them. Remove all your SSH URLS from your server, then also remove them from your client under Preferences->Accounts. Then restart the server and restart Xcode, confirming that the new HTTPS URLs are being used when you create your bot.

Xcode5 bot cannot authenticate to git repo

I've set up a Mavericks box with OS X Server and Xcode 5.01. My source code is on a git repo that I have to access via https with a username and password.
In Xcode (on the same machine), I've cloned the project, built it and run it to check that all is fine. Then I've created a bot, selected the current server and scheme, and hit "integrate now". It fails after 5 seconds. I get:
Cloning into 'https_code_saers_com_myproject'...
fatal: could not read Username for 'https://code.saers.com': Device not configured
I checked that Xcode5 could pull new commits, so it has the username and password, yet by bot does not. Also, the "Device not configured" confuses me.
Any suggestion to how I can explicitly set the Username and Password?
Cheers
Nik
This may just be confusion in terminology, but the bot itself shouldn't be connecting to your repository. OSX Server does that. Before you can create a bot, you should've had to setup your repository in Server. When you do that, you get the opportunity to set username and password for accessing the repository.
It sounds like perhaps you have XCode configured to synch with your repository, but you must separately set up Server to access it as well. See the "XCode" tab in the Server app.
you may be running into the same problem we had- it was passphrase-protected keys. xcode + server + git cannot properly use passphrases on the keys.
thus, you must use a pashphrase-less key with os x server connecting to the git repo.
ssh-keygen -p
hope it helps.
edit: you might need to enable HTTP access to the git repo with this command:
git update-server-info # If planning to serve via HTTP

Git on Windows - How to authenticate with remote repo on Linux

Due to some serious problems with a Git repo on Windows over HTTP, we're moving our Git 'server' to Linux.
Assuming I have already the msysgit for Windows installed and Putty, how will I authenticate the SSH connection when I clone, pull and push?
In case of SSH:
on the server, you'll need to allow authentication with public and private keys, you can google how to do it, for example http://shapeshed.com/setting_up_git_for_multiple_developers/
on the client, just put your private key into .ssh folder in your windows home, for example C:\Users\Name\.ssh, much like on unixes.
You can still use HTTP, it will either (1) always ask for username and password or (2) you can also put username and password into the URL: https://username:password#git.mydomain.com/...
This page has everything covered about using PuTTy for Git public key authentication.
In short:
Generate keypair with puttygen
Put the public key in server
In your local computer, set GIT_SSH environment variable to point to plink.exe
Run putty pageant and load your private key there
I recommend working through this tutorial.
The caveat is that it talks about github, so the story of telling the server about your SSH key is different.
What's also different is how do you intend to manage your developers.
The "problem" is that SSH operates with real remote (server-side, I mean) users, which have to have regular Unix system accounts.
This is okay if you have just a handful of developers. You then just need to add all of them to a special group (say, devel) and make sure you initialize your server-side bare repos using git init --bare --shared=group and make them group-writable and belonging to that group devel (this might also be helped out by creating all the repos under a directory which has its "group sticky bit" set and belongs to that group devel).
To distribute the public part of a developer's key to the server in such a setup you have to literally copy and paste that key part (from the developer's id_rsa.pub file, it's ASCII) to the file /home/developer/.ssh/authorized_keys file. If that file does not exist, create it.
If the key was generated on a machine with OpenSSH client installed, you can transfer the key using the ssh-copy-id program, in one step.
This might become messy, so you might consider implementing a solution which virtualizes Git users (like github does). There are plenty to choose from:
gitolite — supposedly the most popular solution. No frills, is administered using a specialized admin Git repo holding the developers' public keys and a configuration file describing the repos and permissions on them. Plain Perl, installable as a package on most sensible distros.
gitlab — a turn-key all-in-one solution. Written in Ruby, so you might face maintenance nightmares.
gitblit — another all-in-one solution, written in pure Java (note that it does not call out to vanilla Git and uses a pure Java Git layer — JGit).

Tortoise SVN Author in Log File Missing

For some reason, no matter how I go about it, I cannot get TortoiseSVN to add an Author to Log Messages.
Currently we connect to a PC running svnserve, so it's not a file:// Address.
We have tried using svn://Username#svnAddress, svn://svnAddress
Even setting svn:keywords $Author: AuthorName$
I was under the impression that TortoiseSVN would use the windows login name, prior to upgrading from a file based repo, these did show.
Note: We are also connecting to a domain, if this would affect anything.
also, no hook scripts are in play and the svnserve.conf is default.
SVN Server is using SVN Version 1.5.1 (x86), Windows Server 2003.
Clients are using latest version of Tortoise, both x86 and x64.
Any help would be much appreciated.
Ohh and the SVN is used for source code, so it is programming related :) (well semi related anyway)
The svn: protocol, by default, does not do any authentication, and consequently, no identification of the remote user. As TortoiseSVN does not need to authenticate, no user gets logged.
The SVN keywords don't have to do much with this: If you put $Author$ in a file, it will expand to the author of the commit, rather than setting the user. In the keyword syntax, there is no support for colons.
So if you want to authenticate with svnserve, you should first set anon-access to none or read, to force an authentication prompt. You then need to setup a password database; svnserve has only support for CRAM-MD5 builtin. I recommend you try to get this working first, handing out new passwords to all users. Alternatively, you can try to setup SASL, which would then allow for NTLM authentication - provided you can get SASL to work on your system.
Yet alternatively, you can switch to a different protocol. If, by "PC", you mean "Windows", then I guess the ssh-based protocol is ruled out. That leaves http(s); it should be possible to set up Apache on Windows with NTLM authentication, so that the NTLM user appears as the svn author.

Resources