gix fails to read credential store in ~/.git-credentials

[jalil-salame]

Current behavior 😯

gix fetch fails on a repository using a Token for authentication. The token is stored in ~/.git-credentials:

~/.git-credentials

https://git:[[TOKEN]]@sharelatex.tum.de

The config is not minimal

gix config

# From 'C:/Program Files/Git/etc/gitconfig' (GitInstallation)
[diff "astextplain"]
        textconv = astextplain

[filter "lfs"]
        clean = git-lfs clean -- %f
        smudge = git-lfs smudge -- %f
        process = git-lfs filter-process
        required = true

[http]
        sslBackend = openssl
        sslCAInfo = C:/Program Files/Git/mingw64/etc/ssl/certs/ca-bundle.crt

[core]
        autocrlf = true
        fscache = true
        symlinks = false

[pull]
        rebase = false

[credential]
        helper = manager
[credential "https://dev.azure.com"]
        useHttpPath = true

[init]
        defaultBranch = master

# From 'D:\Users\[[REDACTED]]\.gitconfig' (User)
[http]
        proxy = [[REDACTED]]
        sslVerify = false

[https]
        proxy = [[REDACTED]]

[delta]
        navigate = true
        light = false
        line-numbers = true
        zero-style = dim syntax

[core]
        pager = delta
        autocrlf = false

[interactive]
        diffFilter = delta --color-only

[merge]
        conflictstyle = diff3

[diff]
        colorMoved = default

[credential]
        helper = store
[credential "https://sharelatex.tum.de"]
        provider = generic

# From '.\.git\config' (Local)
[core]
        repositoryformatversion = 0
        filemode = false
        bare = false
        logallrefupdates = true
        symlinks = false
        ignorecase = true

[remote "origin"]
        url = https://[email protected]/git/[[REDACTED]]
        fetch = +refs/heads/*:refs/remotes/origin/*

[branch "master"]
        remote = origin
        merge = refs/heads/master

# From 'memory' (EnvOverride)
[gitoxide "https"]
        proxy = [[REDACTED]] # from HTTPS_PROXY
        proxy = [[REDACTED]] # from https_proxy
[gitoxide "http"]
        noProxy = [[REDACTED]] # from NO_PROXY
        noProxy = [[REDACTED]] # from no_proxy
        proxy = [[REDACTED]] # from http_proxy

I am behind a corporate proxy using a windows computer. So I have to be kinda careful about what logs I post :c.

I am using gitoxide-max-pure-v0.31.1-x86_64-pc-windows-msvc from the GitHub releases.

gix --trace fetch

$ gix --trace fetch
 12:04:48 tracing TRACE    📍 [trace]: checkout waiting for idle connection: ("https", sharelatex.tum.de)
 12:04:48 tracing TRACE    📍 [trace]: Http::connect; scheme=Some("http"), host=Some("[[REDACTED]]"), port=Some(Port(8080))
 12:04:48 tracing TRACE    📍 [trace]: handle passed back
 12:04:48 tracing DEBUG    🐛 [debug]: querying: [[REDACTED]] A
 12:04:48 tracing DEBUG    🐛 [debug]: sending request: [Query { name: Name("[[REDACTED]]"), query_type: A, query_class: IN }]
 12:04:48 tracing DEBUG    🐛 [debug]: reconnecting: NameServerConfig { socket_addr: [[REDACTED]], protocol: Udp, tls_dns_name: None, trust_nx_responses: false, bind_addr: None }
 12:04:48 tracing DEBUG    🐛 [debug]: enqueueing message:QUERY:[Query { name: Name("[[REDACTED]]"), query_type: A, query_class: IN }]
 12:04:48 tracing DEBUG    🐛 [debug]: reconnecting: NameServerConfig { socket_addr: [[REDACTED]], protocol: Udp, tls_dns_name: None, trust_nx_responses: false, bind_addr: None }
 12:04:48 tracing DEBUG    🐛 [debug]: enqueueing message:QUERY:[Query { name: Name("[[REDACTED]]"), query_type: A, query_class: IN }]
 12:04:48 tracing DEBUG    🐛 [debug]: final message: ; header 12763:QUERY:RD:NoError:QUERY:0/0/0
 12:04:48 tracing ; query
 12:04:48 tracing ;; [[REDACTED]] IN A
 12:04:48 tracing
 12:04:48 tracing DEBUG    🐛 [debug]: final message: ; header 9177:QUERY:RD:NoError:QUERY:0/0/0
 12:04:48 tracing ; query
 12:04:48 tracing ;; [[REDACTED]] IN A
 12:04:48 tracing
 12:04:48 tracing DEBUG    🐛 [debug]: created socket successfully
 12:04:48 tracing DEBUG    🐛 [debug]: created socket successfully
 12:04:48 tracing TRACE    📍 [trace]: reading CNAME
 12:04:48 tracing TRACE    📍 [trace]: reading A
 12:04:48 tracing TRACE    📍 [trace]: reading NS
 12:04:48 tracing TRACE    📍 [trace]: reading NS
 12:04:48 tracing TRACE    📍 [trace]: reading A
 12:04:48 tracing TRACE    📍 [trace]: reading A
 12:04:48 tracing DEBUG    🐛 [debug]: received message id: 12763
 12:04:48 tracing DEBUG    🐛 [debug]: Response:; header 12763:RESPONSE:RD,AA,RA:NoError:QUERY:2/2/2
 12:04:48 tracing ; query
 12:04:48 tracing ;; [[REDACTED]] IN A
 12:04:48 tracing ; answers 2
 12:04:48 tracing [[REDACTED]] 600 IN CNAME [[REDACTED]]
 12:04:48 tracing [[REDACTED]] 12 IN A [[REDACTED]]
 12:04:48 tracing ; nameservers 2
 12:04:48 tracing [[REDACTED]] 600 IN NS [[REDACTED]]
 12:04:48 tracing [[REDACTED]] 600 IN NS [[REDACTED]]
 12:04:48 tracing ; additionals 2
 12:04:48 tracing [[REDACTED]] 600 IN A [[REDACTED]]
 12:04:48 tracing [[REDACTED]] 600 IN A [[REDACTED]]
 12:04:48 tracing
 12:04:48 tracing DEBUG    🐛 [debug]: Response:; header 12763:RESPONSE:RD,AA,RA:NoError:QUERY:2/2/2
 12:04:48 tracing ; query
 12:04:48 tracing ;; [[REDACTED]] IN A
 12:04:48 tracing ; answers 2
 12:04:48 tracing [[REDACTED]] 600 IN CNAME [[REDACTED]]
 12:04:48 tracing [[REDACTED]] 12 IN A [[REDACTED]]
 12:04:48 tracing ; nameservers 2
 12:04:48 tracing [[REDACTED]] 600 IN NS [[REDACTED]]
 12:04:48 tracing [[REDACTED]] 600 IN NS [[REDACTED]]
 12:04:48 tracing ; additionals 2
 12:04:48 tracing [[REDACTED]] 600 IN A [[REDACTED]]
 12:04:48 tracing [[REDACTED]] 600 IN A [[REDACTED]]
 12:04:48 tracing
 12:04:48 tracing DEBUG    🐛 [debug]: connecting to [[REDACTED]]
 12:04:48 tracing DEBUG    🐛 [debug]: connected to [[REDACTED]]
 12:04:49 tracing TRACE    📍 [trace]: client handshake Http1
 12:04:49 tracing TRACE    📍 [trace]: handshake complete, spawning background dispatcher task
 12:04:49 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Busy }
 12:04:49 tracing TRACE    📍 [trace]: checkout dropped for ("https", sharelatex.tum.de)
 12:04:49 tracing TRACE    encode_headers [ 26.1µs | 100.00% ]
 12:04:49 tracing TRACE    ┕━ 📍 [trace]: Client::encode method=GET, body=None
 12:04:49 tracing DEBUG    🐛 [debug]: flushed 204 bytes
 12:04:49 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: KeepAlive, keep_alive: Busy }
 12:04:49 tracing TRACE    📍 [trace]: Conn::read_head
 12:04:49 tracing TRACE    📍 [trace]: received 332 bytes
 12:04:49 tracing TRACE    parse_headers [ 42.0µs | 100.00% ]
 12:04:49 tracing TRACE    ┝━ 📍 [trace]: Response.parse | bytes: 332
 12:04:49 tracing TRACE    ┕━ 📍 [trace]: Response.parse Complete(171)
 12:04:49 tracing DEBUG    🐛 [debug]: parsed 5 headers
 12:04:49 tracing DEBUG    🐛 [debug]: incoming body is content-length (161 bytes)
 12:04:49 tracing TRACE    📍 [trace]: decode; state=Length(161)
 12:04:49 tracing DEBUG    🐛 [debug]: incoming body completed
 12:04:49 tracing TRACE    📍 [trace]: maybe_notify; read_from_io blocked
 12:04:49 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 12:04:49 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 12:04:49 tracing TRACE    📍 [trace]: put; add idle connection for ("https", sharelatex.tum.de)
 12:04:49 tracing DEBUG    🐛 [debug]: pooling idle connection for ("https", sharelatex.tum.de)
 12:04:49 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 12:04:49 tracing INFO     run [ 289ms | 53.69% / 100.00% ]
 12:04:49 tracing INFO     ┕━ ThreadSafeRepository::discover() [ 134ms | 1.16% / 46.31% ]
 12:04:49 tracing INFO        ┕━ open_from_paths() [ 131ms | 21.68% / 45.15% ]
 12:04:49 tracing INFO           ┝━ gix_path::git::install_config_path() [ 67.2ms | 23.22% ]
 12:04:49 tracing INFO           ┕━ gix_odb::Store::at() [ 714µs | 0.25% ]
Error: Failed to obtain credentials

Caused by:
    0: An IO error occurred while communicating to the credentials helper
    1: program not found

Expected behavior 🤔

gix fetch should use the credentials in ~/.git-credentials and successfully establish the connection.

Git behavior

git fetch just works.

Steps to reproduce 🕹

I will try to reproduce it in the public Overleaf instance instead of my University's but this are the steps:

1. Create an Overleaf project (on my uni's instance(?))
2. Enable git integration
3. Use the token to clone the project.
4. Store the token using git credentials store (in ~/.git-credentials)
5. Try to fetch with gix (no updates to the repo required) (maybe you need to be behind an http proxy(?))

As far as I can tell this only happens on windows(?), but I didn't use the git credentials store within linux. I will try that ASAP, but I'm filing the issue while I'm still behind the proxy.

Performed tests (Results in the comments)

• Windows GIT_TRACE=1 git fetch
• Test on Windows with main
• Test on Windows with v0.30.0
• Test on Windows without ~/.git-credentials
• Test on Windows w/o proxy
• Test on Windows with public Overleaf instance
• Test on Windows with private GitHub Repo
• Linux GIT_TRACE=1 git fetch
• Test on Linux with main
• Test on Linux with v0.31.1

[Byron]

Thanks for reporting!

I'd definitely appreciate if you could try if it truly works with a public overleaf instance, and if it's related to Windows as you think it might be.

In general, gix will ask git to get the installation path to be sure all configuration is loaded. Then it's able to use all credential helpers that git can use, which should allow it to pick up previously stored credentials with the respective credential helper.

Please also run GIT_TRACE=1 git fetch to see which helpers git is invoking. You should be able to see which helpers are invoked with gix --trace fetch as well, but if not that's something that should definitely be added.

It will be interesting to see if the involvement of a proxy matters here, but I think not.

What could also be an issue is the usage of per-URL credential helper configuration, even though this simple case should work.

With your help, I am sure we will figure this out though - thanks in advance.

[NobodyXu]

On my laptop GIT_TRACE=1 git fetch gives me:

20:36:24.232005 git.c:463               trace: built-in: git fetch
20:36:24.233960 run-command.c:659       trace: run_command: GIT_DIR=.git git remote-https origin https://g
ithub.com/cargo-bins/cargo-binstall
20:36:24.239116 git.c:749               trace: exec: git-remote-https origin https://github.com/cargo-bins
/cargo-binstall
20:36:24.239587 run-command.c:659       trace: run_command: git-remote-https origin https://github.com/car
go-bins/cargo-binstall
20:36:24.914164 run-command.c:659       trace: run_command: git rev-list --objects --stdin --not --exclude
-hidden=fetch --all --quiet --alternate-refs
20:36:24.945646 run-command.c:1524      run_processes_parallel: preparing to run up to 1 tasks
20:36:24.945674 run-command.c:1551      run_processes_parallel: done
20:36:24.945685 run-command.c:659       trace: run_command: git maintenance run --auto --no-quiet
20:36:24.953244 git.c:463               trace: built-in: git maintenance run --auto --no-quiet

[Byron]

Thanks! Can you help me to see how this relates to the issue here? Accessing a public GitHub repository won't trigger authentication, and even if it would it's probably different from an overleaf instance with a token (and comparably complex configuration).

[NobodyXu]

Ohh I was just trying to help to see if I can provide any information regarding the helper.
I totally forgot that git fetch on public repo would not need authentication.

I ran GIT_TRACE=1 git push and it does show the helper program on MacOS:

20:42:02.717474 git.c:463               trace: built-in: git push
20:42:02.718437 run-command.c:659       trace: run_command: GIT_DIR=.git git remote-https origin https://github.com/cargo-bins/cargo-binstall
20:42:02.723517 git.c:749               trace: exec: git-remote-https origin https://github.com/cargo-bins/cargo-binstall
20:42:02.723953 run-command.c:659       trace: run_command: git-remote-https origin https://github.com/cargo-bins/cargo-binstall
20:42:03.019785 run-command.c:659       trace: run_command: 'git credential-osxkeychain get'
20:42:03.046466 git.c:749               trace: exec: git-credential-osxkeychain get
20:42:03.047794 run-command.c:659       trace: run_command: git-credential-osxkeychain get
20:42:03.447197 run-command.c:659       trace: run_command: 'git credential-osxkeychain store'
20:42:03.472040 git.c:749               trace: exec: git-credential-osxkeychain store
20:42:03.473730 run-command.c:659       trace: run_command: git-credential-osxkeychain store
20:42:03.507627 run-command.c:659       trace: run_command: 'git credential-store store'
20:42:03.518610 git.c:463               trace: built-in: git credential-store store
Everything up-to-date

I'm using the MacOS keychain, so it also uses MacOS specific helper program.

[jalil-salame]

Please also run GIT_TRACE=1 git fetch to see which helpers git is invoking. You should be able to see which helpers are invoked with gix --trace fetch as well, but if not that's something that should definitely be added.

I did run gix --trace fetch on the offending repo, you should be able to see the log if you expand the spoiler.

I forgot how to ask git to provide the trace, I will do that soon (by Monday)

[Byron]

Thanks, I saw, and realised that indeed it won't print git credential invocations anyway. This has been addressed in bc44497 though so you probably want to re-run with a locally compiled version of the latest main as well as obtain the baseline with GIT_TRACE=1 git fetch.

In any case, it will be most helpful if this can be made reproducible on something that's publicly accessible. Also it will be interesting to see if this issue is platform dependent for some reason.

[jalil-salame]

On Linux using gix v0.30.0 from nixpkgs. Version 0.31.1 should be available soon in nixos-unstable, it is already merged on nixpkgs.

gix fetch on Linux properly works when it asks for the token.

It also works properly when you use the credentials store (~/.git-credentials):

$ gix --trace fetch
 11:13:59 tracing INFO     run [ 393ms | 99.42% / 100.00% ]
 11:13:59 tracing INFO     ┝━ ThreadSafeRepository::discover() [ 1.92ms | 0.04% / 0.49% ]
 11:13:59 tracing INFO     │  ┕━ open_from_paths() [ 1.78ms | 0.08% / 0.45% ]
 11:13:59 tracing INFO     │     ┝━ gix_path::git::install_config_path() [ 1.41ms | 0.36% ]
 11:13:59 tracing INFO     │     ┕━ gix_odb::Store::at() [ 53.5µs | 0.01% ]
 11:13:59 tracing INFO     ┕━ fetch::Prepare::receive() [ 354µs | 0.01% / 0.09% ]
 11:13:59 tracing INFO        ┕━ negotiate [ 324µs | 0.01% / 0.08% ]
 11:13:59 tracing DEBUG          ┝━ mark_complete_and_common_ref [ 132µs | 0.03% ] mappings: 1
 11:13:59 tracing DEBUG          ┕━ update_refs() [ 150µs | 0.01% / 0.04% ] mappings: 1
 11:13:59 tracing DEBUG             ┕━ apply [ 108µs | 0.03% ] edits: 1
+refs/heads/*:refs/remotes/origin/*
        c06d7715706f3dc6a3cef8237a62f57246772ebd refs/heads/master -> refs/remotes/origin/master [up-to-date]
server sent 2 tips, 1 were filtered due to 1 refspec(s).
no negotiation was necessary

My guess is either the proxy or the windows stuff is messing this up, next try will be windows without the proxy. It could also be from the mismatched versions.

gix --trace fetch does not show what it searches specifically (which paths/binaries it calls), could you point me where to instrument it.

Next Steps

• Test on Windows without ~/.git-credentials
• Test on Windows with v0.30.0
• Test on Windows with main
• Test on Windows w/o proxy
• Test on Windows with public Overleaf instance
• Test on Linux with v0.31.1
• Test on Windows with private GitHub Repo

feel free to add more steps

It feels like I'm becoming an expert at hitting all the authentication edgecases c:

[jalil-salame]

Thanks, I saw, and realised that indeed it won't print git credential invocations anyway. This has been addressed in bc44497 though so you probably want to re-run with a locally compiled version of the latest main as well as obtain the baseline with GIT_TRACE=1 git fetch.

In any case, it will be most helpful if this can be made reproducible on something that's publicly accessible. Also it will be interesting to see if this issue is platform dependent for some reason.

Wow you are fast c:

I have some chores to do so I'll start testing in an hour or two. As always, happy to work with you!

[Byron]

feel free to add more steps

I am sure you have your reason, but I'd recommend building your own from the latest main which now informs about any program invocation it performs - these logs should be far more useful especially in comparison to baseline gi. On windows, builds are easiest with cargo build --release --no-default-features --features max-pure.

It feels like I'm becoming an expert at hitting all the authentication edgecases c:

It's strange to say, but I do appreciate it 😅. It's a major plus for gix (crate and binary) to work out of the box just like git does - imagine those using git2, they essentially have to implement all this themselves and it's just impossible. gix also isn't 100% compatible just yet as credential configuration can be very complex, but thanks to you it will definitely get there faster 🙏.

[jalil-salame]

* [x]  Test on Linux with `v0.31.1`

No issues, it is either windows or the proxy.

I am sure you have your reason, but I'd recommend building your own from the latest main

I don't know how good my rust toolchain is on Windows. I was fighting with chocolatey for a few hours to get linker.exe installed. I wanted to exhaust the other options first c:

[jalil-salame]

Successful fetch with gix main on Linux (max-pure).

gix --trace fetch

$ gix --trace fetch
 14:10:15 tracing TRACE    📍 [trace]: checkout waiting for idle connection: ("https", sharelatex.tum.de)
 14:10:15 tracing TRACE    📍 [trace]: Http::connect; scheme=Some("https"), host=Some("sharelatex.tum.de"), port=None
 14:10:15 tracing DEBUG    🐛 [debug]: resolving host="sharelatex.tum.de"
 14:10:15 tracing DEBUG    🐛 [debug]: connecting to 131.159.108.1:443
 14:10:15 tracing DEBUG    🐛 [debug]: connected to 131.159.108.1:443
 14:10:15 tracing TRACE    📍 [trace]: client handshake Http1
 14:10:15 tracing TRACE    📍 [trace]: handshake complete, spawning background dispatcher task
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Busy }
 14:10:15 tracing TRACE    📍 [trace]: checkout dropped for ("https", sharelatex.tum.de)
 14:10:15 tracing TRACE    encode_headers [ 6.99µs | 100.00% ]
 14:10:15 tracing TRACE    ┕━ 📍 [trace]: Client::encode method=GET, body=None
 14:10:15 tracing DEBUG    🐛 [debug]: flushed 204 bytes
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: KeepAlive, keep_alive: Busy }
 14:10:15 tracing TRACE    📍 [trace]: Conn::read_head
 14:10:15 tracing TRACE    📍 [trace]: received 332 bytes
 14:10:15 tracing TRACE    parse_headers [ 8.15µs | 100.00% ]
 14:10:15 tracing TRACE    ┝━ 📍 [trace]: Response.parse | bytes: 332
 14:10:15 tracing TRACE    ┕━ 📍 [trace]: Response.parse Complete(171)
 14:10:15 tracing DEBUG    🐛 [debug]: parsed 5 headers
 14:10:15 tracing DEBUG    🐛 [debug]: incoming body is content-length (161 bytes)
 14:10:15 tracing TRACE    📍 [trace]: decode; state=Length(161)
 14:10:15 tracing DEBUG    🐛 [debug]: incoming body completed
 14:10:15 tracing TRACE    📍 [trace]: maybe_notify; read_from_io blocked
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 14:10:15 tracing TRACE    📍 [trace]: put; add idle connection for ("https", sharelatex.tum.de)
 14:10:15 tracing DEBUG    🐛 [debug]: pooling idle connection for ("https", sharelatex.tum.de)
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 14:10:15 tracing TRACE    📍 [trace]: idle interval checking for expired
 14:10:15 tracing TRACE    📍 [trace]: take? ("https", sharelatex.tum.de): expiration = Some(90s)
 14:10:15 tracing DEBUG    🐛 [debug]: reuse idle connection for ("https", sharelatex.tum.de)
 14:10:15 tracing TRACE    encode_headers [ 2.48µs | 100.00% ]
 14:10:15 tracing TRACE    ┕━ 📍 [trace]: Client::encode method=GET, body=None
 14:10:15 tracing DEBUG    🐛 [debug]: flushed 256 bytes
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: KeepAlive, keep_alive: Busy }
 14:10:15 tracing TRACE    📍 [trace]: Conn::read_head
 14:10:15 tracing TRACE    📍 [trace]: received 727 bytes
 14:10:15 tracing TRACE    parse_headers [ 7.10µs | 100.00% ]
 14:10:15 tracing TRACE    ┝━ 📍 [trace]: Response.parse | bytes: 727
 14:10:15 tracing TRACE    ┕━ 📍 [trace]: Response.parse Complete(413)
 14:10:15 tracing DEBUG    🐛 [debug]: parsed 11 headers
 14:10:15 tracing DEBUG    🐛 [debug]: incoming body is content-length (314 bytes)
 14:10:15 tracing TRACE    📍 [trace]: decode; state=Length(314)
 14:10:15 tracing DEBUG    🐛 [debug]: incoming body completed
 14:10:15 tracing TRACE    📍 [trace]: maybe_notify; read_from_io blocked
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 14:10:15 tracing TRACE    📍 [trace]: put; add idle connection for ("https", sharelatex.tum.de)
 14:10:15 tracing DEBUG    🐛 [debug]: pooling idle connection for ("https", sharelatex.tum.de)
 14:10:15 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 14:10:15 tracing INFO     run [ 276ms | 0.10% / 100.00% ]
 14:10:15 tracing INFO     ┝━ ThreadSafeRepository::discover() [ 1.99ms | 0.06% / 0.72% ]
 14:10:15 tracing INFO     │  ┕━ open_from_paths() [ 1.82ms | 0.13% / 0.66% ]
 14:10:15 tracing INFO     │     ┝━ gix_path::git::install_config_path() [ 1.40ms | 0.51% ]
 14:10:15 tracing DEBUG    │     │  ┕━ 🐛 [debug]: invoking git for installation config path | cmd: "git" "config" "-l" "--show-origin"
 14:10:15 tracing INFO     │     ┕━ gix_odb::Store::at() [ 65.3µs | 0.02% ]
 14:10:15 tracing INFO     ┝━ remote::Connection::ref_map() [ 274ms | 0.01% / 99.04% ]
 14:10:15 tracing INFO     │  ┕━ remote::Connection::fetch_refs() [ 274ms | 0.01% / 99.03% ]
 14:10:15 tracing DEBUG    │     ┕━ gix_protocol::handshake() [ 274ms | 99.02% ] service: UploadPack | extra_parameters: []
 14:10:15 tracing DEBUG    │        ┝━ 🐛 [debug]: launching credential helper | cmd: "/bin/sh" "-c" "git credential-store \"$@\"" "--" "get"
 14:10:15 tracing DEBUG    │        ┕━ 🐛 [debug]: launching credential helper | cmd: "/bin/sh" "-c" "git credential-store \"$@\"" "--" "store"
 14:10:15 tracing INFO     ┕━ fetch::Prepare::receive() [ 387µs | 0.01% / 0.14% ]
 14:10:15 tracing DEBUG       ┕━ negotiate [ 353µs | 0.02% / 0.13% ] protocol_version: 1
 14:10:15 tracing DEBUG          ┝━ mark_complete_and_common_ref [ 127µs | 0.05% ] mappings: 1
 14:10:15 tracing DEBUG          ┕━ update_refs() [ 179µs | 0.02% / 0.06% ] mappings: 1
 14:10:15 tracing DEBUG             ┕━ apply [ 138µs | 0.05% ] edits: 1
+refs/heads/*:refs/remotes/origin/*
        c06d7715706f3dc6a3cef8237a62f57246772ebd refs/heads/master -> refs/remotes/origin/master [up-to-date]
server sent 2 tips, 1 were filtered due to 1 refspec(s).
no negotiation was necessary

Successful git on Linux:

GIT_TRACE=1 git fetch

$ GIT_TRACE=1 git fetch
14:16:09.432203 git.c:463               trace: built-in: git fetch
14:16:09.432645 run-command.c:659       trace: run_command: git remote-https origin https://[email protected]/git/652e8a160217f4be93b0ac82
14:16:09.433734 git.c:749               trace: exec: git-remote-https origin https://[email protected]/git/652e8a160217f4be93b0ac82
14:16:09.433762 run-command.c:659       trace: run_command: git-remote-https origin https://[email protected]/git/652e8a160217f4be93b0ac82
14:16:09.652356 run-command.c:659       trace: run_command: 'git credential-store get'
14:16:09.655997 git.c:463               trace: built-in: git credential-store get
14:16:09.799312 run-command.c:659       trace: run_command: 'git credential-store store'
14:16:09.802910 git.c:463               trace: built-in: git credential-store store
14:16:09.803525 run-command.c:659       trace: run_command: git rev-list --objects --stdin --not --exclude-hidden=fetch --all --quiet --alternate-refs
14:16:09.808071 run-command.c:1523      run_processes_parallel: preparing to run up to 1 tasks
14:16:09.808091 run-command.c:1551      run_processes_parallel: done
14:16:09.808100 run-command.c:659       trace: run_command: git maintenance run --auto --no-quiet
14:16:09.809343 git.c:463               trace: built-in: git maintenance run --auto --no-quiet

These are to compare against the Windows runs and hopefully see where it fails.

[Byron]

Great to hear, and we also clearly see the credential helper invocations match up.

Curious to see the other results - I will wait :).

[jalil-salame]

Windows (git works, gix fails)

GIT_TRACE=1 git fetch

10:27:32.733865 exec-cmd.c:244          trace: resolved executable dir: C:/Program Files/Git/mingw64/bin
10:27:32.752473 git.c:463               trace: built-in: git fetch
10:27:32.761643 run-command.c:659       trace: run_command: GIT_DIR=.git git remote-https origin https://[email protected]/git/[[REDACTED]]
10:27:32.788313 exec-cmd.c:244          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
10:27:32.790703 git.c:749               trace: exec: git-remote-https origin https://[email protected]/git/[[REDACTED]]
10:27:32.790703 run-command.c:659       trace: run_command: git-remote-https origin https://[email protected]/git/[[REDACTED]]
10:27:32.815131 exec-cmd.c:244          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
10:27:33.087425 run-command.c:659       trace: run_command: 'git credential-manager get'
10:27:33.176618 exec-cmd.c:244          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
10:27:33.181018 git.c:749               trace: exec: git-credential-manager get
10:27:33.181018 run-command.c:659       trace: run_command: git-credential-manager get
10:27:33.302533 exec-cmd.c:244          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
10:27:33.307537 git.c:463               trace: built-in: git config --null --list
10:27:33.778061 run-command.c:659       trace: run_command: 'git credential-manager store'
10:27:33.860365 exec-cmd.c:244          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
10:27:33.862358 git.c:749               trace: exec: git-credential-manager store
10:27:33.862358 run-command.c:659       trace: run_command: git-credential-manager store
10:27:33.995118 exec-cmd.c:244          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
10:27:33.997746 git.c:463               trace: built-in: git config --null --list
10:27:34.163543 run-command.c:659       trace: run_command: 'git credential-store store'
10:27:34.238539 exec-cmd.c:244          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
10:27:34.242075 git.c:463               trace: built-in: git credential-store store
10:27:34.258822 run-command.c:659       trace: run_command: git rev-list --objects --stdin --not --exclude-hidden=fetch --all --quiet
--alternate-refs
10:27:34.319293 run-command.c:1523      run_processes_parallel: preparing to run up to 1 tasks
10:27:34.319293 run-command.c:1551      run_processes_parallel: done
10:27:34.319293 run-command.c:659       trace: run_command: git maintenance run --auto --no-quiet
10:27:34.337065 exec-cmd.c:244          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
10:27:34.346501 git.c:463               trace: built-in: git maintenance run --auto --no-quiet

Release v0.31.1 from github -msvc version

gix --trace fetch

 10:31:07 tracing TRACE    📍 [trace]: checkout waiting for idle connection: ("https", sharelatex.tum.de)
 10:31:07 tracing TRACE    📍 [trace]: Http::connect; scheme=Some("http"), host=Some("[[REDACTED]]"), port=Some(Port(8080))
 10:31:07 tracing TRACE    📍 [trace]: handle passed back
 10:31:07 tracing DEBUG    🐛 [debug]: querying: [[REDACTED]] A
 10:31:07 tracing DEBUG    🐛 [debug]: sending request: [Query { name: Name("[[REDACTED]]"), query_type: A, query_class: IN }]
 10:31:07 tracing DEBUG    🐛 [debug]: reconnecting: NameServerConfig { socket_addr: [[REDACTED]], protocol: Udp, tls_dns_name: None, trust_nx_responses: false, bind_addr: None }
 10:31:07 tracing DEBUG    🐛 [debug]: enqueueing message:QUERY:[Query { name: Name("[[REDACTED]]"), query_type: A, query_class: IN }]
 10:31:07 tracing DEBUG    🐛 [debug]: reconnecting: NameServerConfig { socket_addr: [[REDACTED]], protocol: Udp, tls_dns_name: None, trust_nx_responses: false, bind_addr: None }
 10:31:07 tracing DEBUG    🐛 [debug]: enqueueing message:QUERY:[Query { name: Name("[[REDACTED]]"), query_type: A, query_class: IN }]
 10:31:07 tracing DEBUG    🐛 [debug]: final message: ; header 64546:QUERY:RD:NoError:QUERY:0/0/0
 10:31:07 tracing ; query
 10:31:07 tracing ;; [[REDACTED]] IN A
 10:31:07 tracing
 10:31:07 tracing DEBUG    🐛 [debug]: final message: ; header 57285:QUERY:RD:NoError:QUERY:0/0/0
 10:31:07 tracing ; query
 10:31:07 tracing ;; [[REDACTED]] IN A
 10:31:07 tracing
 10:31:07 tracing DEBUG    🐛 [debug]: created socket successfully
 10:31:07 tracing DEBUG    🐛 [debug]: created socket successfully
 10:31:07 tracing TRACE    📍 [trace]: reading CNAME
 10:31:07 tracing TRACE    📍 [trace]: reading A
 10:31:07 tracing TRACE    📍 [trace]: reading NS
 10:31:07 tracing TRACE    📍 [trace]: reading NS
 10:31:07 tracing TRACE    📍 [trace]: reading A
 10:31:07 tracing TRACE    📍 [trace]: reading A
 10:31:07 tracing DEBUG    🐛 [debug]: received message id: 64546
 10:31:07 tracing DEBUG    🐛 [debug]: Response:; header 64546:RESPONSE:RD,AA,RA:NoError:QUERY:2/2/2
 10:31:07 tracing ; query
 10:31:07 tracing ;; [[REDACTED]] IN A
 10:31:07 tracing ; answers 2
 10:31:07 tracing [[REDACTED]] 600 IN CNAME [[REDACTED]]
 10:31:07 tracing [[REDACTED]] 20 IN A [[REDACTED]]
 10:31:07 tracing ; nameservers 2
 10:31:07 tracing [[REDACTED]] 600 IN NS [[REDACTED]]
 10:31:07 tracing [[REDACTED]] 600 IN NS [[REDACTED]]
 10:31:07 tracing ; additionals 2
 10:31:07 tracing [[REDACTED]] 600 IN A [[REDACTED]]
 10:31:07 tracing [[REDACTED]] 600 IN A [[REDACTED]]
 10:31:07 tracing
 10:31:07 tracing DEBUG    🐛 [debug]: Response:; header 64546:RESPONSE:RD,AA,RA:NoError:QUERY:2/2/2
 10:31:07 tracing ; query
 10:31:07 tracing ;; [[REDACTED]]. IN A
 10:31:07 tracing ; answers 2
 10:31:07 tracing [[REDACTED]] 600 IN CNAME [[REDACTED]].
 10:31:07 tracing [[REDACTED]] 20 IN A [[REDACTED]]
 10:31:07 tracing ; nameservers 2
 10:31:07 tracing [[REDACTED]] 600 IN NS [[REDACTED]]
 10:31:07 tracing [[REDACTED]] 600 IN NS [[REDACTED]]
 10:31:07 tracing ; additionals 2
 10:31:07 tracing [[REDACTED]] 600 IN A [[REDACTED]]
 10:31:07 tracing [[REDACTED]] 600 IN A [[REDACTED]]
 10:31:07 tracing
 10:31:07 tracing DEBUG    🐛 [debug]: connecting to [[REDACTED]]:8080
 10:31:07 tracing DEBUG    🐛 [debug]: connected to [[REDACTED]]:8080
 10:31:07 tracing TRACE    📍 [trace]: client handshake Http1
 10:31:07 tracing TRACE    📍 [trace]: handshake complete, spawning background dispatcher task
 10:31:07 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Busy }
 10:31:07 tracing TRACE    📍 [trace]: checkout dropped for ("https", sharelatex.tum.de)
 10:31:07 tracing TRACE    encode_headers [ 28.1µs | 100.00% ]
 10:31:07 tracing TRACE    ┕━ 📍 [trace]: Client::encode method=GET, body=None
 10:31:07 tracing DEBUG    🐛 [debug]: flushed 204 bytes
 10:31:07 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: KeepAlive, keep_alive: Busy }
 10:31:07 tracing TRACE    📍 [trace]: Conn::read_head
 10:31:07 tracing TRACE    📍 [trace]: received 332 bytes
 10:31:07 tracing TRACE    parse_headers [ 24.7µs | 100.00% ]
 10:31:07 tracing TRACE    ┝━ 📍 [trace]: Response.parse | bytes: 332
 10:31:07 tracing TRACE    ┕━ 📍 [trace]: Response.parse Complete(171)
 10:31:07 tracing DEBUG    🐛 [debug]: parsed 5 headers
 10:31:07 tracing DEBUG    🐛 [debug]: incoming body is content-length (161 bytes)
 10:31:07 tracing TRACE    📍 [trace]: decode; state=Length(161)
 10:31:07 tracing DEBUG    🐛 [debug]: incoming body completed
 10:31:07 tracing TRACE    📍 [trace]: maybe_notify; read_from_io blocked
 10:31:07 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 10:31:07 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 10:31:07 tracing TRACE    📍 [trace]: put; add idle connection for ("https", sharelatex.tum.de)
 10:31:07 tracing DEBUG    🐛 [debug]: pooling idle connection for ("https", sharelatex.tum.de)
 10:31:07 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 10:31:07 tracing INFO     run [ 334ms | 63.75% / 100.00% ]
 10:31:07 tracing INFO     ┕━ ThreadSafeRepository::discover() [ 121ms | 0.69% / 36.25% ]
 10:31:07 tracing INFO        ┕━ open_from_paths() [ 119ms | 17.39% / 35.56% ]
 10:31:07 tracing INFO           ┝━ gix_path::git::install_config_path() [ 60.1ms | 17.97% ]
 10:31:07 tracing INFO           ┕━ gix_odb::Store::at() [ 666µs | 0.20% ]
Error: Failed to obtain credentials

Caused by:
    0: An IO error occurred while communicating to the credentials helper
    1: program not found

Using stable-x86_64-pc-windows-gnu + max-pure on main

gix --trace fetch

 14:20:54 tracing TRACE    📍 [trace]: checkout waiting for idle connection: ("https", sharelatex.tum.de)
 14:20:54 tracing TRACE    📍 [trace]: Http::connect; scheme=Some("http"), host=Some("[[REDACTED]]"), port=Some(Port(8080))
 14:20:54 tracing DEBUG    🐛 [debug]: resolving host="[[REDACTED]]"
 14:20:54 tracing DEBUG    🐛 [debug]: connecting to [[REDACTED]]:8080
 14:20:55 tracing DEBUG    🐛 [debug]: connected to [[REDACTED]]:8080
 14:20:55 tracing TRACE    📍 [trace]: client handshake Http1
 14:20:55 tracing TRACE    📍 [trace]: handshake complete, spawning background dispatcher task
 14:20:55 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Busy }
 14:20:55 tracing TRACE    📍 [trace]: checkout dropped for ("https", sharelatex.tum.de)
 14:20:55 tracing TRACE    encode_headers [ 11.3µs | 100.00% ]
 14:20:55 tracing TRACE    ┕━ 📍 [trace]: Client::encode method=GET, body=None
 14:20:55 tracing DEBUG    🐛 [debug]: flushed 204 bytes
 14:20:55 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: KeepAlive, keep_alive: Busy }
 14:20:55 tracing TRACE    📍 [trace]: Conn::read_head
 14:20:55 tracing TRACE    📍 [trace]: received 332 bytes
 14:20:55 tracing TRACE    parse_headers [ 12.3µs | 100.00% ]
 14:20:55 tracing TRACE    ┝━ 📍 [trace]: Response.parse | bytes: 332
 14:20:55 tracing TRACE    ┕━ 📍 [trace]: Response.parse Complete(171)
 14:20:55 tracing DEBUG    🐛 [debug]: parsed 5 headers
 14:20:55 tracing DEBUG    🐛 [debug]: incoming body is content-length (161 bytes)
 14:20:55 tracing TRACE    📍 [trace]: decode; state=Length(161)
 14:20:55 tracing DEBUG    🐛 [debug]: incoming body completed
 14:20:55 tracing TRACE    📍 [trace]: maybe_notify; read_from_io blocked
 14:20:55 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 14:20:55 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 14:20:55 tracing TRACE    📍 [trace]: put; add idle connection for ("https", sharelatex.tum.de)
 14:20:55 tracing DEBUG    🐛 [debug]: pooling idle connection for ("https", sharelatex.tum.de)
 14:20:55 tracing TRACE    📍 [trace]: flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
 14:20:55 tracing INFO     run [ 975ms | 0.05% / 100.00% ]
 14:20:55 tracing INFO     ┝━ ThreadSafeRepository::discover() [ 102ms | 0.23% / 10.51% ]
 14:20:55 tracing INFO     │  ┕━ open_from_paths() [ 100ms | 5.14% / 10.28% ]
 14:20:55 tracing INFO     │     ┝━ gix_path::git::install_config_path() [ 49.7ms | 5.09% ]
 14:20:55 tracing DEBUG    │     │  ┕━ 🐛 [debug]: invoking git for installation config path | cmd: "git.exe" "config" "-l" "--show-origin"
 14:20:55 tracing DEBUG    │     ┝━ 🐛 [debug]: invoking git to get system prefix/exec path | cmd: "git.exe" "--exec-path"
 14:20:55 tracing INFO     │     ┕━ gix_odb::Store::at() [ 380µs | 0.04% ]
 14:20:55 tracing INFO     ┕━ remote::Connection::ref_map() [ 872ms | 0.00% / 89.44% ]
 14:20:55 tracing INFO        ┕━ remote::Connection::fetch_refs() [ 872ms | 0.01% / 89.44% ]
 14:20:55 tracing DEBUG          ┕━ gix_protocol::handshake() [ 872ms | 89.43% ] service: UploadPack | extra_parameters: []
 14:20:55 tracing DEBUG             ┕━ 🐛 [debug]: launching credential helper | cmd: "sh" "-c" "git credential-manager \"$@\"" "--" "get"
Error: Failed to obtain credentials

Caused by:
    0: An IO error occurred while communicating to the credentials helper
    1: program not found

I couldn't get the msvc toolchain working but I can reproduce it with the gnu toolchain. I'll try again once I am not behind the proxy.

[jalil-salame]

Removing the ~/.git-credentials file causes git to regenerate it (probably cached somewhere) and gix fails at the same spot.

I don't know how to invoke git credential-manager on the CLI. The obvious git credential-manager get doesn't work(?) (I'm guessing it takes something through stdin?).

I am guessing that is the problem as Linux uses credential-store instead of credential-manager.

I will try removing the proxy later today, but it seems to be working properly?

Scratch that, proxy uses a self-signed ssl cert so I need to turn ssl checking off bu gix does not support that? And trying to add the CA path to http.sslCAinfo does not work. I also tried http.schannelCheckRevoke. I will file an issue against http.sslVerify. I seem to need it c:

[jalil-salame]

Windows with gix version v0.30.0 (from the releases page) also doesn't work (max-pure-msvc)

[Byron]

Thanks for testing!

Is it possible for you to run git credential-manager get in the terminal that you run gix in? My guess is that the program isn't in PATH, even though I'd expect it to be resolved by git itself.

On my installation, I don't have it for example, but I also don't have git credential-manager, so it really seems to be built-in.

git-sdk-64 on  main
❯ ls "/c/Program Files/Git/mingw64/libexec/git-core"
Atlassian.Bitbucket.UI.Shared.dll*              edit.dll*                    git-merge-resolve*          headless-git.exe*       libpcre2-8-0.dll*
Atlassian.Bitbucket.dll*                        gcmcore.dll*                 git-mergetool*              libbrotlicommon.dll*    libpcreposix-0.dll*
GitHub.UI.Shared.dll*                           gcmcoreui.dll*               git-mergetool--lib          libbrotlidec.dll*       libpsl-5.dll*
GitHub.dll*                                     gcmcoreuiwpf.dll*            git-p4*                     libbz2-1.dll*           libssh2-1.dll*
GitLab.UI.Shared.dll*                           git-citool*                  git-quiltimport*            libcares-2.dll*         libssl-1_1-x64.dll*
GitLab.dll*                                     git-credential-wincred.exe*  git-remote-ftp.exe*         libcrypto-1_1-x64.dll*  libstdc++-6.dll*
Microsoft.AzureRepos.dll*                       git-daemon.exe*              git-remote-ftps.exe*        libcurl-4.dll*          libtasn1-6.dll*
Microsoft.Identity.Client.Desktop.dll*          git-difftool--helper*        git-remote-http.exe*        libexpat-1.dll*         libtre-5.dll*
Microsoft.Identity.Client.Extensions.Msal.dll*  git-filter-branch*           git-remote-https.exe*       libffi-8.dll*           libunistring-5.dll*
Microsoft.Identity.Client.dll*                  git-gui*                     git-request-pull*           libgcc_s_seh-1.dll*     libwinpthread-1.dll*
Microsoft.Web.WebView2.Core.dll*                git-gui--askpass*            git-send-email*             libgmp-10.dll*          libzstd.dll*
Microsoft.Web.WebView2.WinForms.dll*            git-gui--askyesno*           git-sh-i18n                 libhogweed-6.dll*       mergetools/
Microsoft.Web.WebView2.Wpf.dll*                 git-gui.tcl*                 git-sh-i18n--envsubst.exe*  libiconv-2.dll*         scalar.exe*
Newtonsoft.Json.dll*                            git-http-backend.exe*        git-sh-setup                libidn2-0.dll*          tcl86.dll*
System.Buffers.dll*                             git-http-fetch.exe*          git-submodule*              libintl-8.dll*          tk86.dll*
System.CommandLine.dll*                         git-http-push.exe*           git-subtree*                liblzma-5.dll*          zlib1.dll*
System.Memory.dll*                              git-imap-send.exe*           git-svn*                    libnettle-8.dll*
System.Numerics.Vectors.dll*                    git-instaweb*                git-update*                 libnghttp2-14.dll*
System.Runtime.CompilerServices.Unsafe.dll*     git-merge-octopus*           git-web--browse*            libp11-kit-0.dll*
WebView2Loader.dll*                             git-merge-one-file*          git.exe*                    libpcre-1.dll*

It is my feeling that git might manually resolve this executable, which would then be located in the exec-path:

10:27:33.176618 exec-cmd.c:244          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
10:27:33.181018 git.c:749               trace: exec: git-credential-manager get
10:27:33.181018 run-command.c:659       trace: run_command: git-credential-manager get

Can you try to find the git-credential-manager binary in the git-core directory? And does it execute if you do git credential-manager?

I probably am on a pretty old version, maybe that's why it's called differently in my installation.

❯ git --version
git version 2.36.0.rc1.windows.1

In any case, once we figure out why gix can't find the credential helper, I think the issue is solved.

Scratch that, proxy uses a self-signed ssl cert so I need to turn ssl checking off bu gix does not support that? And trying to add the CA path to http.sslCAinfo does not work.

With max-pure, these are not implemented. But with the curl version, some of them are, but probably not enough for your particular case.

❯ gix config-tree | rg -i ssl
 👌️   gitoxide.http.sslVersionMax                 ❗️entirely new to set the upper bound for the allowed ssl version range. Overwrites the max bound of `http.sslVersion` if set. Min and Max must be set to become effective.❗️
 👌️   gitoxide.http.sslVersionMin                 ❗️entirely new to set the lower bound for the allowed ssl version range. Overwrites the min bound of `http.sslVersion` if set. Min and Max must be set to become effective.❗️
 🤔   http.proxySSLCAInfo                                  not planned ℹ on demand ℹ                                                                                                                       
 🤔   http.proxySSLCert                                    not planned ℹ on demand ℹ                                                                                                                       
 🤔   http.proxySSLCertPasswordProtected                   not planned ℹ on demand ℹ                                                                                                                       
 🤔   http.proxySSLKey                                     not planned ℹ on demand ℹ                                                                                                                       
 👌️   http.schannelUseSSLCAInfo                            ❗️only used as switch internally to turn off using the sslCAInfo, unconditionally. If unset, it has no effect, whereas in `git` it defaults to false.❗️
 🤔   http.sslBackend                                      not planned ℹ on demand ℹ                                                                                                                       
 👌️   http.sslCAInfo                                       ❗️overridden by 'GIT_SSL_CAINFO'❗️                                                                                                              
 🤔   http.sslCAPath                                       not planned ℹ on demand ℹ                                                                                                                       
 🤔   http.sslCert                                         not planned ℹ on demand ℹ                                                                                                                       
 🤔   http.sslCertPasswordProtected                        not planned ℹ on demand ℹ                                                                                                                       
 🤔   http.sslCipherList                                   not planned ℹ on demand ℹ                                                                                                                       
 🤔   http.sslKey                                          not planned ℹ on demand ℹ                                                                                                                       
 🤔   http.sslTry                                          not planned ℹ on demand ℹ                                                                                                                       
 🤔   http.sslVerify                                       not planned ℹ on demand ℹ                                                                                                                       
 👌️   http.sslVersion                                      ❗️accepts the new 'default' value which means to use the curl default just like the empty string does. overridden by 'GIT_SSL_VERSION'❗️                                                                                    

[jalil-salame]

Is it possible for you to run git credential-manager get in the terminal that you run gix in? My guess is that the program isn't in PATH, even though I'd expect it to be resolved by git itself.

git credential-manager get works. I'll see about finding it's install location tomorrow. We can explore the SSL issue once we get to it c: Maybe then I can actually contribute some Rust.

[Byron]

git credential-manager get works. I'll see about finding it's install location tomorrow.

That's great, but also doesn't explain why it fails with program not found when trying to execute it using git itself in gix.

 14:20:55 tracing DEBUG             ┕━ 🐛 [debug]: launching credential helper | cmd: "sh" "-c" "git credential-manager \"$@\"" "--" "get"
Error: Failed to obtain credentials

Caused by:
    0: An IO error occurred while communicating to the credentials helper
    1: program not found

Thinking about it, it's a bit of a problem that git is currently required to launch credential helpers anyway, as all git really does is to look for helpers in PATH and in its exec-path.

But the question remains: Why can't it find `'the program'? What is the program anyway?
Oh… I think I have a hunch now.

The credential manager is configured like this:

[credential]
        helper = manager

This means it's supposed to be run through a shell. Thus it launches sh and program not found might relate to sh not being available from the environment that you run gix in.

Can it be that it's a command-prompt? Can you execute sh? What about sh.exe? Probably both don't work, but git.exe does, right?

So maybe, ultimately, this a windows issue and the solution would be to avoid going through sh if there is a way to go through git.exe instead, i.e. if there are no additional arguments.

I will try implementing that.

[jalil-salame]

So, two problems here:

1. Neither sh nor sh.exe are in $Path
2. git-credential-manager isn't in $Path either
   • It is in an internal git path: C:\Program Files\Git\mingw64\bin\git-credential-manager.exe

For 1 you could do the shell escaping for git-credential-manager that you need to do for "$@" inside Rust, and just ignore the sh part.

For 2 you'd need to find the git install ($Path tends to have C:\Program Files\Git\cmd) and then add C:\Program Files\Git\mingw64\bin\ to path too, but I don't know how this interacts with thing like scoop or chocolatey.

[Byron]

Is git.exe in path? I'd think so - and if so, one can call git credential-manager and git will do the resolution itself. This is what I plan to do.

[jalil-salame]

Is git.exe in path? I'd think so - and if so, one can call git credential-manager and git will do the resolution itself. This is what I plan to do.

Yes and yes c: git credential-manager works OOTB

[Byron]

Please do try the version from #1111 as I think it will fix the problem.

Details

Now such a shell simply won't be used for cases like these, which is the same that git does. It's interesting that this worked naturally in git as it doesn't have special handling like gitoxide now has. Instead, it turned out, it just ignores shell-based invocation on Windows entirely - note the lack of use_shell checks in the native windows portion of the code. For gitoxide, I won't go there just yet as sh is available depending on the git-installation as far as I could tell, but if it remains becoming a problem, shell-usage could also be prohibited on windows as well or at least one could check for its existence before failing.

[jalil-salame]

Fixed by #1111 🎉

[jalil-salame]

#1111 has been merged and the issue is thus fixed 🎉