gix fails to read credential store in ~/.git-credentials

[jalil-salame]

Current behavior 😯

gix fetch fails on a repository using a Token for authentication. The token is stored in ~/.git-credentials:

~/.git-credentials

https://git:[[TOKEN]]@sharelatex.tum.de

The config is not minimal

gix config

# From 'C:/Program Files/Git/etc/gitconfig' (GitInstallation)
[diff "astextplain"]
        textconv = astextplain

[filter "lfs"]
        clean = git-lfs clean -- %f
        smudge = git-lfs smudge -- %f
        process = git-lfs filter-process
        required = true

[http]
        sslBackend = openssl
        sslCAInfo = C:/Program Files/Git/mingw64/etc/ssl/certs/ca-bundle.crt

[core]
        autocrlf = true
        fscache = true
        symlinks = false

[pull]
        rebase = false

[credential]
        helper = manager
[credential "https://dev.azure.com"]
        useHttpPath = true

[init]
        defaultBranch = master

# From 'D:\Users\[[REDACTED]]\.gitconfig' (User)
[http]
        proxy = [[REDACTED]]
        sslVerify = false

[https]
        proxy = [[REDACTED]]

[delta]
        navigate = true
        light = false
        line-numbers = true
        zero-style = dim syntax

[core]
        pager = delta
        autocrlf = false

[interactive]
        diffFilter = delta --color-only

[merge]
        conflictstyle = diff3

[diff]
        colorMoved = default

[credential]
        helper = store
[credential "https://sharelatex.tum.de"]
        provider = generic

# From '.\.git\config' (Local)
[core]
        repositoryformatversion = 0
        filemode = false
        bare = false
        logallrefupdates = true
        symlinks = false
        ignorecase = true

[remote "origin"]
        url = https://git@sharelatex.tum.de/git/[[REDACTED]]
        fetch = +refs/heads/*:refs/remotes/origin/*

[branch "master"]
        remote = origin
        merge = refs/heads/master

# From 'memory' (EnvOverride)
[gitoxide "https"]
        proxy = [[REDACTED]] # from HTTPS_PROXY
        proxy = [[REDACTED]] # from https_proxy
[gitoxide "http"]
        noProxy = [[REDACTED]] # from NO_PROXY
        noProxy = [[REDACTED]] # from no_proxy
        proxy = [[REDACTED]] # from http_proxy

I am behind a corporate proxy using a windows computer. So I have to be kinda careful about what logs I post :c.

I am using gitoxide-max-pure-v0.31.1-x86_64-pc-windows-msvc from the GitHub releases.

gix --trace fetch

$ gix --trace fetch
 12:04:48 tracing TRACE    📍 [trace]: checkout waiting for idle connection: ("https", sharelatex.tum.de)
 12:04:48 tracing TRACE    📍 [trace]: Http::connect; scheme=Some("http"), host=Some("[[REDACTED]]"), port=Some(Port(8080))
 12:04:48 tracing TRACE    📍 [trace]: handle passed back
 12:04:48 tracing DEBUG    🐛 [debug]: querying: [[REDACTED]] A
 12:04:48 tracing DEBUG    🐛 [debug]: sending request: [Query { name: Name("[[REDACTED]]"), query_type: A, query_class: IN }]
 12:04:48 tracing DEBUG    🐛 [debug]: reconnecting: NameServerConfig { socket_addr: [[REDACTED]], protocol: Udp, tls_dns_name: None, trust_nx_responses: false, bind_addr: None }
 12:04:48 tracing DEBUG    🐛 [debug]: enqueueing message:QUERY:[Query { name: Name("[[REDACTED]]"), query_type: A, query_class: IN }]
 12:04:48 tracing DEBUG    🐛 [debug]: reconnecting: NameServerConfig { socket_addr: [[REDACTED]], protocol: Udp, tls_dns_name: None, trust_nx_responses: false, bind_addr: None }
 12:04:48 tracing DEBUG    🐛 [debug]: enqueueing message:QUERY:[Query { name: Name("[[REDACTED]]"), query_type: A, query_class: IN }]
 12:04:48 tracing DEBUG    🐛 [debug]: final message: ; header 12763:QUERY:RD:NoError:QUERY:0/0/0
 12:04:48 tracing ; query
 12:04:48 tracing ;; [[REDACTED]] IN A
 12:04:48 tracing
 12:04:48 tracing DEBUG    🐛 [debug]: final message: ; header 9177:QUERY:RD:NoError:QUERY:0/0/0
 12:04:48 tracing ; query
 12:04:48 tracing ;; [[REDACTED]] IN A
 12:04:48 tracing
 12:04:48 tracing DEBUG    🐛 [debug]: created socket successfully
 12:04:48 tracing DEBUG    🐛 [debug]: created socket successfully
 12:04:48 tracing TRACE    📍 [trace]: reading CNAME
 12:04:48 tracing TRACE    📍 [trace]: reading A
 12:04:48 tracing TRACE    📍 [trace]: reading NS
 12:04:48 tracing TRACE    📍 [trace]: reading NS
 12:04:48 tracing TRACE    📍 [trace]: reading A
 12:04:48 tracing TRACE    📍 [trace]: reading A
 12:04:48 tracing DEBUG    🐛 [debug]: received message id: 12763
 12:04:48 tracing DEBUG    🐛 [debug]: Response:; header 12763:RESPONSE:RD,AA,RA:NoError:QUERY:2/2/2
 12:04:48 tracing ; query
 12:04:48 tracing ;; [[REDACTED]] IN A
 12:04:48 tracing ; answers 2
 12:04:48 tracing [[REDACTED]] 600 IN CNAME [[REDACTED]]
 12:04:48 tracing [[REDACTED]] 12 IN A [[REDACTED]]
 12:04:48 tracing ; nameservers 2
 12:04:48 tracing [[REDACTED]] 600 IN NS [[REDACTED]]
 12:04:48 tracing [[REDACTED]] 600 IN NS [[REDACTED]]
 12:04:48 tracing ; additionals 2
 12:04:48 tracing [[REDACTED]] 600 IN A [[REDACTED]]
 12:04:48 tracing [[REDACTED]] 600 IN A [[REDACTED]]
 12:04:48 tracing
 12:04:48 tracing DEBUG    🐛 [debug]: Response:; header 12763:RESPONSE:RD,AA,RA:NoError:QUERY:2/2/2
 12:04:48 tracing ; query
 12:04:48 tracing ;; [[REDACTED]] IN A
 12:04:48 tracing ; answers 2
 12:04:48 tracing [[REDACTED]] 600 IN CNAME [[REDACTED]]
 12:04:48 tracing [[REDACTED]] 12 IN A [[REDACTED]]
 12:04:48 tracing ; nameservers 2
 12:04:48 tracing [[REDACTED]] 600 IN NS [[REDACTED]]
 12:04:48 tracing [[REDACTED]] 600 IN NS [[REDACTED]]
 12:04:48 tracing ; additionals 2
 12:04:48 tracing [[REDACTED]] 600 IN A [[REDACTED]]
 12:04:48 tracing [[REDACTED]] 600 IN A [[REDACTED]]
 12:04:48 tracing
 12:04:48 tracing DEBUG    🐛 [debug]: connecting to [[REDACTED]]
 12:04:48 tracing DEBUG    🐛 [debug]: connected to [[REDACTED]]
 12:04:49 tracing TRACE    📍 [trace]: client handshake Http1
 12:04:49 tracing TRACE    📍 [trace]: handshake complete, spawning background dispatcher task
 12:04:49 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Busy }
 12:04:49 tracing TRACE    📍 [trace]: checkout dropped for ("https", sharelatex.tum.de)
 12:04:49 tracing TRACE    encode_headers [ 26.1µs | 100.00% ]
 12:04:49 tracing TRACE    ┕━ 📍 [trace]: Client::encode method=GET, body=None
 12:04:49 tracing DEBUG    🐛 [debug]: flushed 204 bytes
 12:04:49 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: KeepAlive, keep_alive: Busy }
 12:04:49 tracing TRACE    📍 [trace]: Conn::read_head
 12:04:49 tracing TRACE    📍 [trace]: received 332 bytes
 12:04:49 tracing TRACE    parse_headers [ 42.0µs | 100.00% ]
 12:04:49 tracing TRACE    ┝━ 📍 [trace]: Response.parse | bytes: 332
 12:04:49 tracing TRACE    ┕━ 📍 [trace]: Response.parse Complete(171)
 12:04:49 tracing DEBUG    🐛 [debug]: parsed 5 headers
 12:04:49 tracing DEBUG    🐛 [debug]: incoming body is content-length (161 bytes)
 12:04:49 tracing TRACE    📍 [trace]: decode; state=Length(161)
 12:04:49 tracing DEBUG    🐛 [debug]: incoming body completed
 12:04:49 tracing TRACE    📍 [trace]: maybe_notify; read_from_io blocked
 12:04:49 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 12:04:49 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 12:04:49 tracing TRACE    📍 [trace]: put; add idle connection for ("https", sharelatex.tum.de)
 12:04:49 tracing DEBUG    🐛 [debug]: pooling idle connection for ("https", sharelatex.tum.de)
 12:04:49 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 12:04:49 tracing INFO     run [ 289ms | 53.69% / 100.00% ]
 12:04:49 tracing INFO     ┕━ ThreadSafeRepository::discover() [ 134ms | 1.16% / 46.31% ]
 12:04:49 tracing INFO        ┕━ open_from_paths() [ 131ms | 21.68% / 45.15% ]
 12:04:49 tracing INFO           ┝━ gix_path::git::install_config_path() [ 67.2ms | 23.22% ]
 12:04:49 tracing INFO           ┕━ gix_odb::Store::at() [ 714µs | 0.25% ]
Error: Failed to obtain credentials

Caused by:
    0: An IO error occurred while communicating to the credentials helper
    1: program not found

Expected behavior 🤔

gix fetch should use the credentials in ~/.git-credentials and successfully establish the connection.

Git behavior

git fetch just works.

Steps to reproduce 🕹

I will try to reproduce it in the public Overleaf instance instead of my University's but this are the steps:

1. Create an Overleaf project (on my uni's instance(?))
2. Enable git integration
3. Use the token to clone the project.
4. Store the token using git credentials store (in ~/.git-credentials)
5. Try to fetch with gix (no updates to the repo required) (maybe you need to be behind an http proxy(?))

As far as I can tell this only happens on windows(?), but I didn't use the git credentials store within linux. I will try that ASAP, but I'm filing the issue while I'm still behind the proxy.

Performed tests (Results in the comments)

• Windows GIT_TRACE=1 git fetch
• Test on Windows with main
• Test on Windows with v0.30.0
• Test on Windows without ~/.git-credentials
• Test on Windows w/o proxy
• Test on Windows with public Overleaf instance
• Test on Windows with private GitHub Repo
• Linux GIT_TRACE=1 git fetch
• Test on Linux with main
• Test on Linux with v0.31.1

[Byron]

Thanks for reporting!

I'd definitely appreciate if you could try if it truly works with a public overleaf instance, and if it's related to Windows as you think it might be.

In general, gix will ask git to get the installation path to be sure all configuration is loaded. Then it's able to use all credential helpers that git can use, which should allow it to pick up previously stored credentials with the respective credential helper.

Please also run GIT_TRACE=1 git fetch to see which helpers git is invoking. You should be able to see which helpers are invoked with gix --trace fetch as well, but if not that's something that should definitely be added.

It will be interesting to see if the involvement of a proxy matters here, but I think not.

What could also be an issue is the usage of per-URL credential helper configuration, even though this simple case should work.

With your help, I am sure we will figure this out though - thanks in advance.

[NobodyXu]

On my laptop GIT_TRACE=1 git fetch gives me:

20:36:24.232005 git.c:463               trace: built-in: git fetch
20:36:24.233960 run-command.c:659       trace: run_command: GIT_DIR=.git git remote-https origin https://g
ithub.com/cargo-bins/cargo-binstall
20:36:24.239116 git.c:749               trace: exec: git-remote-https origin https://github.com/cargo-bins
/cargo-binstall
20:36:24.239587 run-command.c:659       trace: run_command: git-remote-https origin https://github.com/car
go-bins/cargo-binstall
20:36:24.914164 run-command.c:659       trace: run_command: git rev-list --objects --stdin --not --exclude
-hidden=fetch --all --quiet --alternate-refs
20:36:24.945646 run-command.c:1524      run_processes_parallel: preparing to run up to 1 tasks
20:36:24.945674 run-command.c:1551      run_processes_parallel: done
20:36:24.945685 run-command.c:659       trace: run_command: git maintenance run --auto --no-quiet
20:36:24.953244 git.c:463               trace: built-in: git maintenance run --auto --no-quiet

[Byron]

Thanks! Can you help me to see how this relates to the issue here? Accessing a public GitHub repository won't trigger authentication, and even if it would it's probably different from an overleaf instance with a token (and comparably complex configuration).

[NobodyXu]

Ohh I was just trying to help to see if I can provide any information regarding the helper.
I totally forgot that git fetch on public repo would not need authentication.

I ran GIT_TRACE=1 git push and it does show the helper program on MacOS:

20:42:02.717474 git.c:463               trace: built-in: git push
20:42:02.718437 run-command.c:659       trace: run_command: GIT_DIR=.git git remote-https origin https://github.com/cargo-bins/cargo-binstall
20:42:02.723517 git.c:749               trace: exec: git-remote-https origin https://github.com/cargo-bins/cargo-binstall
20:42:02.723953 run-command.c:659       trace: run_command: git-remote-https origin https://github.com/cargo-bins/cargo-binstall
20:42:03.019785 run-command.c:659       trace: run_command: 'git credential-osxkeychain get'
20:42:03.046466 git.c:749               trace: exec: git-credential-osxkeychain get
20:42:03.047794 run-command.c:659       trace: run_command: git-credential-osxkeychain get
20:42:03.447197 run-command.c:659       trace: run_command: 'git credential-osxkeychain store'
20:42:03.472040 git.c:749               trace: exec: git-credential-osxkeychain store
20:42:03.473730 run-command.c:659       trace: run_command: git-credential-osxkeychain store
20:42:03.507627 run-command.c:659       trace: run_command: 'git credential-store store'
20:42:03.518610 git.c:463               trace: built-in: git credential-store store
Everything up-to-date

I'm using the MacOS keychain, so it also uses MacOS specific helper program.

[jalil-salame]

Please also run GIT_TRACE=1 git fetch to see which helpers git is invoking. You should be able to see which helpers are invoked with gix --trace fetch as well, but if not that's something that should definitely be added.

I did run gix --trace fetch on the offending repo, you should be able to see the log if you expand the spoiler.

I forgot how to ask git to provide the trace, I will do that soon (by Monday)

[Byron]

Thanks, I saw, and realised that indeed it won't print git credential invocations anyway. This has been addressed in bc44497 though so you probably want to re-run with a locally compiled version of the latest main as well as obtain the baseline with GIT_TRACE=1 git fetch.

In any case, it will be most helpful if this can be made reproducible on something that's publicly accessible. Also it will be interesting to see if this issue is platform dependent for some reason.

[jalil-salame]

On Linux using gix v0.30.0 from nixpkgs. Version 0.31.1 should be available soon in nixos-unstable, it is already merged on nixpkgs.

gix fetch on Linux properly works when it asks for the token.

It also works properly when you use the credentials store (~/.git-credentials):

$ gix --trace fetch
 11:13:59 tracing INFO     run [ 393ms | 99.42% / 100.00% ]
 11:13:59 tracing INFO     ┝━ ThreadSafeRepository::discover() [ 1.92ms | 0.04% / 0.49% ]
 11:13:59 tracing INFO     │  ┕━ open_from_paths() [ 1.78ms | 0.08% / 0.45% ]
 11:13:59 tracing INFO     │     ┝━ gix_path::git::install_config_path() [ 1.41ms | 0.36% ]
 11:13:59 tracing INFO     │     ┕━ gix_odb::Store::at() [ 53.5µs | 0.01% ]
 11:13:59 tracing INFO     ┕━ fetch::Prepare::receive() [ 354µs | 0.01% / 0.09% ]
 11:13:59 tracing INFO        ┕━ negotiate [ 324µs | 0.01% / 0.08% ]
 11:13:59 tracing DEBUG          ┝━ mark_complete_and_common_ref [ 132µs | 0.03% ] mappings: 1
 11:13:59 tracing DEBUG          ┕━ update_refs() [ 150µs | 0.01% / 0.04% ] mappings: 1
 11:13:59 tracing DEBUG             ┕━ apply [ 108µs | 0.03% ] edits: 1
+refs/heads/*:refs/remotes/origin/*
        c06d7715706f3dc6a3cef8237a62f57246772ebd refs/heads/master -> refs/remotes/origin/master [up-to-date]
server sent 2 tips, 1 were filtered due to 1 refspec(s).
no negotiation was necessary

My guess is either the proxy or the windows stuff is messing this up, next try will be windows without the proxy. It could also be from the mismatched versions.

gix --trace fetch does not show what it searches specifically (which paths/binaries it calls), could you point me where to instrument it.

Next Steps

• Test on Windows without ~/.git-credentials
• Test on Windows with v0.30.0
• Test on Windows with main
• Test on Windows w/o proxy
• Test on Windows with public Overleaf instance
• Test on Linux with v0.31.1
• Test on Windows with private GitHub Repo

feel free to add more steps

It feels like I'm becoming an expert at hitting all the authentication edgecases c:

[jalil-salame]

Thanks, I saw, and realised that indeed it won't print git credential invocations anyway. This has been addressed in bc44497 though so you probably want to re-run with a locally compiled version of the latest main as well as obtain the baseline with GIT_TRACE=1 git fetch.

In any case, it will be most helpful if this can be made reproducible on something that's publicly accessible. Also it will be interesting to see if this issue is platform dependent for some reason.

Wow you are fast c:

I have some chores to do so I'll start testing in an hour or two. As always, happy to work with you!

[Byron]

feel free to add more steps

I am sure you have your reason, but I'd recommend building your own from the latest main which now informs about any program invocation it performs - these logs should be far more useful especially in comparison to baseline gi. On windows, builds are easiest with cargo build --release --no-default-features --features max-pure.

It feels like I'm becoming an expert at hitting all the authentication edgecases c:

It's strange to say, but I do appreciate it 😅. It's a major plus for gix (crate and binary) to work out of the box just like git does - imagine those using git2, they essentially have to implement all this themselves and it's just impossible. gix also isn't 100% compatible just yet as credential configuration can be very complex, but thanks to you it will definitely get there faster 🙏.

[jalil-salame]

* [x]  Test on Linux with `v0.31.1`

No issues, it is either windows or the proxy.

I am sure you have your reason, but I'd recommend building your own from the latest main

I don't know how good my rust toolchain is on Windows. I was fighting with chocolatey for a few hours to get linker.exe installed. I wanted to exhaust the other options first c:

[jalil-salame]

Successful fetch with gix main on Linux (max-pure).

gix --trace fetch

$ gix --trace fetch
 14:10:15 tracing TRACE    📍 [trace]: checkout waiting for idle connection: ("https", sharelatex.tum.de)
 14:10:15 tracing TRACE    📍 [trace]: Http::connect; scheme=Some("https"), host=Some("sharelatex.tum.de"), port=None
 14:10:15 tracing DEBUG    🐛 [debug]: resolving host="sharelatex.tum.de"
 14:10:15 tracing DEBUG    🐛 [debug]: connecting to 131.159.108.1:443
 14:10:15 tracing DEBUG    🐛 [debug]: connected to 131.159.108.1:443
 14:10:15 tracing TRACE    📍 [trace]: client handshake Http1
 14:10:15 tracing TRACE    📍 [trace]: handshake complete, spawning background dispatcher task
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Busy }
 14:10:15 tracing TRACE    📍 [trace]: checkout dropped for ("https", sharelatex.tum.de)
 14:10:15 tracing TRACE    encode_headers [ 6.99µs | 100.00% ]
 14:10:15 tracing TRACE    ┕━ 📍 [trace]: Client::encode method=GET, body=None
 14:10:15 tracing DEBUG    🐛 [debug]: flushed 204 bytes
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: KeepAlive, keep_alive: Busy }
 14:10:15 tracing TRACE    📍 [trace]: Conn::read_head
 14:10:15 tracing TRACE    📍 [trace]: received 332 bytes
 14:10:15 tracing TRACE    parse_headers [ 8.15µs | 100.00% ]
 14:10:15 tracing TRACE    ┝━ 📍 [trace]: Response.parse | bytes: 332
 14:10:15 tracing TRACE    ┕━ 📍 [trace]: Response.parse Complete(171)
 14:10:15 tracing DEBUG    🐛 [debug]: parsed 5 headers
 14:10:15 tracing DEBUG    🐛 [debug]: incoming body is content-length (161 bytes)
 14:10:15 tracing TRACE    📍 [trace]: decode; state=Length(161)
 14:10:15 tracing DEBUG    🐛 [debug]: incoming body completed
 14:10:15 tracing TRACE    📍 [trace]: maybe_notify; read_from_io blocked
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 14:10:15 tracing TRACE    📍 [trace]: put; add idle connection for ("https", sharelatex.tum.de)
 14:10:15 tracing DEBUG    🐛 [debug]: pooling idle connection for ("https", sharelatex.tum.de)
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 14:10:15 tracing TRACE    📍 [trace]: idle interval checking for expired
 14:10:15 tracing TRACE    📍 [trace]: take? ("https", sharelatex.tum.de): expiration = Some(90s)
 14:10:15 tracing DEBUG    🐛 [debug]: reuse idle connection for ("https", sharelatex.tum.de)
 14:10:15 tracing TRACE    encode_headers [ 2.48µs | 100.00% ]
 14:10:15 tracing TRACE    ┕━ 📍 [trace]: Client::encode method=GET, body=None
 14:10:15 tracing DEBUG    🐛 [debug]: flushed 256 bytes
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: KeepAlive, keep_alive: Busy }
 14:10:15 tracing TRACE    📍 [trace]: Conn::read_head
 14:10:15 tracing TRACE    📍 [trace]: received 727 bytes
 14:10:15 tracing TRACE    parse_headers [ 7.10µs | 100.00% ]
 14:10:15 tracing TRACE    ┝━ 📍 [trace]: Response.parse | bytes: 727
 14:10:15 tracing TRACE    ┕━ 📍 [trace]: Response.parse Complete(413)
 14:10:15 tracing DEBUG    🐛 [debug]: parsed 11 headers
 14:10:15 tracing DEBUG    🐛 [debug]: incoming body is content-length (314 bytes)
 14:10:15 tracing TRACE    📍 [trace]: decode; state=Length(314)
 14:10:15 tracing DEBUG    🐛 [debug]: incoming body completed
 14:10:15 tracing TRACE    📍 [trace]: maybe_notify; read_from_io blocked
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 14:10:15 tracing TRACE    📍 [trace]: put; add idle connection for ("https", sharelatex.tum.de)
 14:10:15 tracing DEBUG    🐛 [debug]: pooling idle connection for ("https", sharelatex.tum.de)
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 14:10:15 tracing INFO     run [ 276ms | 0.10% / 100.00% ]
 14:10:15 tracing INFO     ┝━ ThreadSafeRepository::discover() [ 1.99ms | 0.06% / 0.72% ]
 14:10:15 tracing INFO     │  ┕━ open_from_paths() [ 1.82ms | 0.13% / 0.66% ]
 14:10:15 tracing INFO     │     ┝━ gix_path::git::install_config_path() [ 1.40ms | 0.51% ]
 14:10:15 tracing DEBUG    │     │  ┕━ 🐛 [debug]: invoking git for installation config path | cmd: "git" "config" "-l" "--show-origin"
 14:10:15 tracing INFO     │     ┕━ gix_odb::Store::at() [ 65.3µs | 0.02% ]
 14:10:15 tracing INFO     ┝━ remote::Connection::ref_map() [ 274ms | 0.01% / 99.04% ]
 14:10:15 tracing INFO     │  ┕━ remote::Connection::fetch_refs() [ 274ms | 0.01% / 99.03% ]
 14:10:15 tracing DEBUG    │     ┕━ gix_protocol::handshake() [ 274ms | 99.02% ] service: UploadPack | extra_parameters: []
 14:10:15 tracing DEBUG    │        ┝━ 🐛 [debug]: launching credential helper | cmd: "/bin/sh" "-c" "git credential-store \"$@\"" "--" "get"
 14:10:15 tracing DEBUG    │        ┕━ 🐛 [debug]: launching credential helper | cmd: "/bin/sh" "-c" "git credential-store \"$@\"" "--" "store"
 14:10:15 tracing INFO     ┕━ fetch::Prepare::receive() [ 387µs | 0.01% / 0.14% ]
 14:10:15 tracing DEBUG       ┕━ negotiate [ 353µs | 0.02% / 0.13% ] protocol_version: 1
 14:10:15 tracing DEBUG          ┝━ mark_complete_and_common_ref [ 127µs | 0.05% ] mappings: 1
 14:10:15 tracing DEBUG          ┕━ update_refs() [ 179µs | 0.02% / 0.06% ] mappings: 1
 14:10:15 tracing DEBUG             ┕━ apply [ 138µs | 0.05% ] edits: 1
+refs/heads/*:refs/remotes/origin/*
        c06d7715706f3dc6a3cef8237a62f57246772ebd refs/heads/master -> refs/remotes/origin/master [up-to-date]
server sent 2 tips, 1 were filtered due to 1 refspec(s).
no negotiation was necessary

Successful git on Linux:

GIT_TRACE=1 git fetch

$ GIT_TRACE=1 git fetch
14:16:09.432203 git.c:463               trace: built-in: git fetch
14:16:09.432645 run-command.c:659       trace: run_command: git remote-https origin https://git@sharelatex.tum.de/git/652e8a160217f4be93b0ac82
14:16:09.433734 git.c:749               trace: exec: git-remote-https origin https://git@sharelatex.tum.de/git/652e8a160217f4be93b0ac82
14:16:09.433762 run-command.c:659       trace: run_command: git-remote-https origin https://git@sharelatex.tum.de/git/652e8a160217f4be93b0ac82
14:16:09.652356 run-command.c:659       trace: run_command: 'git credential-store get'
14:16:09.655997 git.c:463               trace: built-in: git credential-store get
14:16:09.799312 run-command.c:659       trace: run_command: 'git credential-store store'
14:16:09.802910 git.c:463               trace: built-in: git credential-store store
14:16:09.803525 run-command.c:659       trace: run_command: git rev-list --objects --stdin --not --exclude-hidden=fetch --all --quiet --alternate-refs
14:16:09.808071 run-command.c:1523      run_processes_parallel: preparing to run up to 1 tasks
14:16:09.808091 run-command.c:1551      run_processes_parallel: done
14:16:09.808100 run-command.c:659       trace: run_command: git maintenance run --auto --no-quiet
14:16:09.809343 git.c:463               trace: built-in: git maintenance run --auto --no-quiet

These are to compare against the Windows runs and hopefully see where it fails.

[Byron]

Great to hear, and we also clearly see the credential helper invocations match up.

Curious to see the other results - I will wait :).