HTTPS Clone fails with remote pointer not found using Go transport #836
Labels
No Label
bug
duplicate
enhancement
invalid
question
up for grabs
wontfix
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: jcarr/git2go#836
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Given:
Clone) initialize aRepositorybefore they run a testCloneseem to be using a local file pathI am not really sure if this is due to a misuse of the API, or a bug. In any case, the following used to work before not too long ago with
git2go/v31and backing crypto / transport dependencies:While attempting to update to
git2go/v32however, and trying to depend on less C libraries, this now returns aremote pointer not founderror:Following the breadcrumbs, it seems to end on https://github.com/libgit2/git2go/blob/main/clone.go#L43 returning
-7(which makes me wonder even more).I am facing the same issue. I wonder if this has something to do with compiling libgit2 with the openSSL and libSSH libraries.
The language around these is a bit confusing, so I wonder if this is one potential problem
Following the introduction of Go native transports, the configuration to link against these libraries was disabled in this repository: https://github.com/libgit2/git2go/blob/main/script/build-libgit2.sh#L76-L77.
However, even after spending hours trying various configuration options, we have not been able to get a working version of
v32, with or without the crypto libs. All eventually failing in some step of theCloneoperation.I am not sure how go native transports work, but let me tinker around and see if I can get it to work. I am still relatively new to this CGO and cross-language compiling. I will keep posting my findings, lets hope something works :P
After a bit of tinkering, I have turned on the HTTPS flag
-DUSE_HTTPS=ONnow when I try to clone, I get the error
this leads me to believe that simply linking the OpenSSL library is the issue now
UPDATE: I got it to work, (ie, it is not throwing any more SSL errors)
but a few more errors with setting cert checks and verification remain.
Currently the new bug is
EDIT: I will update my process of getting this whole thing to work once I iron out the kinks
@hiddeco using your test, I am able to get it working with recompiling the vendored libgit2 with
CMAKE
-DUSE_HTTPS=ONinscripts/build-libgit2.shmy setup is probably slightly different from yours since I am packaging gogit2 as a submodule, but I believe that is the minimal tweak required.
also, my tests were cached, so I had to use
go clean -testcacheand re runyikes, this seems to be caused by the fact that libgit2 duplicates the remote while cloning, so git2go can't match the original
Remoteobject to the one passed into the callback :/ we probably need a different way of matching the remote instead of by-pointer.But why does it work with the openssl libraries activated?
From: lhchavez @.>
Sent: Monday, October 11, 2021 5:28:44 PM
To: libgit2/git2go @.>
Cc: Yashodhan Ghadge @.>; Comment @.>
Subject: Re: [libgit2/git2go] HTTPS
Clonefails withremote pointer not foundusing Go transport (#836)yikes, this seems to be caused by the fact that libgit2 duplicates the remote while cloning, so git2go can't match the original Remote object to the one passed into the callback :/ we probably need a different way of matching the remote instead of by-pointer.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com/libgit2/git2go/issues/836#issuecomment-940083296, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ACCHNM4CNQ73LKSYNNPUK2LUGLYBZANCNFSM5E6KTZ2A.
that uses a different codepath that doesn't involve the remote callbacks.
Oh, if you have some pointers (pun intended) could you let me know? I would like to work on this if it does turn out to be a bug.
it is indeed a bug. what should happen is that given that we have no way of recovering the original
Remote(due to the underlying pointers being different), if we receive something that is not in our list of remotes, maybe we can create a newRemoteobject backed by the*git_remotethat's passed into thesmartTransportCallback. but then we need to handle that with care because we can't just free it: that would break libgit2 and cause use-after-frees :Sand add a test, haha.
wow, I just tried to go through the code paths, and yes it's pretty complicated. My question is, if the pointer in the smartTransportCallback is in fact a copy, and has nothing to do with the original *git_remote, then, we can safely free it right? it won't affect libgit2's cloning process since that will be performed on the original *git_remote pointer. (I am super new to C bindings, and libgit2, so if it sounds stupid, it probably is)
solution 2, is it possible to fix this pointer allocation on libgit2's side? can we submit an upstream PR that returns the same objects that are passed to the cloning process?
we can't ^^;; that pointer is owned by libgit2 and if we free it we will cause a double free D:
5bd49aeeeb/src/clone.c (L407-L421)(the last line is the call togit_remote_freeon the copy).i don't think so, that copy was introduced very intentionally:
3c607685daright, so it landlocks on all sides. What code path does it take when the OpenSSL / libssh2 is compiled against libgit2? cause it seems to work just fine along that code path. Can we try to mimic what happens along that path?
we can't: that codepath is done 100% in libgit2 D: anything that crosses the Go/C boundary needs to go through a very different codepath.
right, if you don't mind, can you explain what code path is taken for the Go/C cloning process? I lose it the minute it goes to C.git_clone(args). Perhaps, then I can spend some time to think about this, and maybe try to make an educated guess and propose a solution. Cause I'm all out of ideas rn
yeah, if OpenSSL / libssh2 are involved, that's pretty much it: once it goes to
C.git_clone(args), there's nothing else observable from Go. once it returns, the clone is finished (or failed).when this goes through Go,
b7bad55e4b/src/clone.c (L348)calls9b155184fe/clone.go (L56)to create theRemote, and then there's some more shenanigans with the Transports.f1fa96c7b7is a good place to look at how the transports themselves are plumbed through and thenb983e1daeboutlines the HTTPS-only part.thanks for the pointers :P. I will trace this and try to think of a solution.
sounds good! https://github.com/libgit2/git2go/issues/836#issuecomment-940414675 contains a partial outline of what the solution might end up looking like.
I followed the chain, from what I can see, the callback is only triggered when it is explicitly passed.
1697cd6ff5/src/clone.c (L272-L278)I trace it further to
b7bad55e4b/src/remote.c (L767)now just to check if my working theory is on track,
b7bad55e4b/src/remote.c (L794-L798)these lines will trigger the go transport callbacks, right?
so, let's say we run a simple clone code from golang, and don't pass any callback funcs for remoteCallbacks, it will try to use the native C default callbacks and invoke the HTTPS C transports.
But if we do pass the callbacks in golang, it will trigger those instead, thus now bringing the transports control back in golang.
If this working theory is incorrect please let me know. I think if I understand this right, I might get closer to a solution
EDIT: I am trying to understand most of this code from libgit2 master and the version linked in the git2go submodule so there is a slight chance the code links may not perfectly match up
it will try to use the native C default callbacks for remotes, but transports are a completely different beast that use different codepaths: If the remote object already has a transport assigned to it or the remote callbacks have a transport factory, it will use those. otherwise, it will use
git_transport_new, which has its own set of callbacks. git2go registers the transport callbacks upon library initialization.control can be passed back to golang even without the remote callbacks: it can also be returned when the transports callbacks are registered.
the outline of the solution in https://github.com/libgit2/git2go/issues/836#issuecomment-940414675 is more or less as follows:
Remoteto add a flag (calledweakfor consistency with the one fromRepository) that tellsRemote.Freeto not callgit_remote_freeto prevent the double-free.git_remote *by pointer in the list of tracked pointers, a newRemoteobject can be created with theweakflag turned on. The newly-createdRemote'scallbackscan be leftnilbecause if it hadn't beennilin the original object, we would have found it in the list of remotes!But there's something that I didn't think of beforehand: We would also need to create a
Repositoryobject from thegit_remote_ownerof thegit_remote *, so we might have to also track the mapping of all theRepository/git_repository *weak objects that we know of.f1fa96c7b7has the code to trackRemoteobjects, so maybe a similar pattern can be used for weakRepositoryobjects. That way if (for whatever reason) the user modified theRepositoryobject in the remote callbacks, we can restore that state in the transport callbacks.Right with this, I think can start work to get a pr opened. Give me a few days to get this up. I'm now quite clear on what's happening to a large degree
update! i just realized that the
Repositoryobjects are completely stateless in git2go: all state is stored in the libgit2 layer. so we don't need to trackRepositoryobjects at all! just create a new weak one and be done with it :DThis is good to know. Cause I'll be honest. I'm thinking I've gone in over my head, trying to create a pr. Now that there is less changes to make it is always good :P
I have created a PR, I think this is the bare minimum change like you listed out, I will add tests for this (I need a valid GitHub url that I can add in the test, will this repo's link itself be okay?)
Plus fixing / adding any more code/comments/formatting too
@codexetreme bit of unsolicited advice - based on experience relying on real GitHub repositories for tests (and moving away from them) - I would use a mocking Git server using a project like https://github.com/sosedoff/gitkit
In addition, thank you very much for taking care of this, as I was out of time 🙇 🥇
ah I thought so too. Just pushed a test where I was checking if github was up :P.
in anycase, your(@lhchavez) solution works !!!!!!
test clones (as of yet github repo) via https no questions asked :)
I will get the mocking server up in the test code now
okay, so the mocking server has no HTTPS support, which means, we'll need to add it externally via some other mechanism for the test (since the point is to test HTTPS transport :P)
EDIT: any suggestions/ideas?
The library I mentioned has support for HTTP/S, but you have to create some tiny wrappers to make it work, see https://github.com/fluxcd/pkg/blob/main/gittestserver/server.go#L134 for our take :-).
no need for HTTPS in the test! tests always use the managed transports:
6eae74c128/git_test.go (L14)HTTP-only is fine (even preferred) to keep this being simpler.
Ah, so there's no need to reference a repo on GitHub/gitlab to test this?
Also, can you share your Dev environment setup? I'm currently opening the project on intellij with the go plugin. This works for the most part, but misses some cgo calls as errors
@hiddeco 's suggestion is to have a fully hermetic test that does not require communicating to any external server over the network, and only has a dependency on the
gitbinary being installed on the test machine (a reasonable assumption).ha, i have a much more spartan setup: Vim with https://github.com/dense-analysis/ale and https://pkg.go.dev/golang.org/x/tools/gopls . cgo in general is hard to analyze :S
Hello, so I'm still a bit confused. (My sincere apologies , since I'm still not 100% sure about what the entire codebase does).
The server we'll need to setup for this test, do we add it as a dependency in go.mod (it's just one test, so I wonder).
When loading the repo into the server, do we reference the locally cloned repo from which the test is being run ? (I'm not sure if this is entirely possible, but seems doable)
With managed transports, why do we prefer it being in http? In my experience, Https is the one that messes up all the time in any communication ( SAN domains, certs, cipher suites etc, etc)
Considering all this, locally I have a simple setup which runs the server with this repo cloned in a separate location. Then I give it as a http URL to this test.
Can you please offer further insight and guidance?
UPDATES:
I took some time to rethink and here's what I've come up with:
now there is no dependency on external networks or any confusion with repos and such
please let me know if I've missed something :)
Is it possible that during this fix, a detail around the
FetchOptions#RemoteCallbackswas forgotten? Looking at the tests, this should work in combination with callingFetch:However, our code which makes use of
Cloneand has test coverage for various authentication configurations, fails if we attempt to update fromv31(with OpenSSL and OpenSSH2) tov33(without any additional C dependencies):Ah, looks like the SSH issue would be solved by switching to
NewCredentialSSHKeyFromSigner, the certificate issue however I still can't explain.once you switch to
NewCredentialSSHKeyFromSignercan you post the new error? I wanna see what the new error is,just wanna try and fix (still relatively new to OSS, so yknow might be slow, but eventually I'll get there 😅 )
plus, I am going to use this lib in my own personal project too, and your use case for using this lib is the similar to mine :P, any errors you face, I will face too
The
NewCredentialSSHKeyFromSignerchanged something for SSH, but still didn't result in a working transport:For HTTPS, no matter what changes I am trying to make, none of the callbacks seem to work (username and password, custom CA, etc.).
What we are working on is OSS by the way, and can be consulted at: https://github.com/fluxcd/source-controller/pull/465 (which depends on
v31targeted work in https://github.com/fluxcd/source-controller/pull/462, but we want to move tov33as soon as we get it working properly, given C dependencies are resulting in "other issues" (build complexity, etc.)).nice! I'll take a look for contributing too:)
for this
this I think I know why, when the code for making the fake remote is executed, data for callbacks from the original remote pointer is lost, I can possibly test my hypothesis and update
can you link a small test in the fluxCD codebase I can use to make a quick and dirty test(with HTTPS and callbacks)?
If you run the
pkg/git/strategytest from#465, you'll see it fail.got it :) let me try to make some changes to the libgit code on my side and see if that test works with my assumed hypothesis
I think your hypothesis is right by the way, but this should either be documented, or properly addressed.
The workaround for us would be to first initialize an empty repository, then add a remote, and then call fetch, but having a working
Clonewould safe us from a lot of "bootstrapping" :-)the way I understand the git code (at least the non C parts) is that here
the issue is since the go code does not get access to the originally created object (which should be the owners arg), I am not sure how to propagate the callbacks you are setting in the code to this bit of code.
There is also a high chance this is not the place to look for the bug 😂
I am trying something here, if it works,
Clonewill work no workarounds neededUPDATES:
I looked at the code, the callbacks are going through C code, so there is a high chance it's not as easy a fix, imo we need a way to recover the original callback funcs ptrs.
@lhchavez can you please assist on how to fix this?
If it is too hard to fix, we'll resort to https://github.com/libgit2/git2go/issues/836#issuecomment-951228416. But I think this limitation should in this case be documented, so that other people don't fall into the same trap.
makes sense, maybe a small note in the README, but I think this is a major point that needs to be solved cause moving forward, if go transports are to work, they have to work with these callbacks, (I am probably just missing something really small and obvious :P) let's wait for the maintainers/owners to lend their feedback till then
Another error for the mix, I rewrote the callbacks to be more like the git2go tests in:
3290736(#465)This has made a new error surface in which the connection simply seems to get closed prematurely:
@hiddeco did this comment about premature closing get resolved? did you find a workaround?
per: https://github.com/libgit2/git2go/issues/836#issuecomment-951291223
We are seeing
io: read/write on closed pipefor https