Ubuntu.my.id

Error when using Git credential helper with gnome-keyring as Sudo

Posted on Mar 22, 2022

Question

I was looking for a way to store credentials securely while connecting to our Git server which uses SSL. I came across this suggestion by @james-ward (only edit I made was I updated our "system" config instead of our "global" config for Git (https://stackoverflow.com/a/14528360/6195194)

sudo apt-get install libgnome-keyring-dev
cd /usr/share/doc/git/contrib/credential/gnome-keyring
sudo make
git config --system credential.helper /usr/share/doc/git/contrib/credential/gnome-keyring/git-credential-gnome-keyring

I then can run

git clone https://ipaddress/git/repo.git

and the credential helper will store my credentials, however when I run the following:

sudo git clone https://ipaddress/git/repo.git testfolder

it give me the following error

** (process:3713): CRITICAL **: Error communicating with gnome-keyring-daemon

I sometimes need to run sudo git clone since sometimes the directory where I need to make a clone requires it. Any help would be appreciated.

Versions I am using: - git version 1.9.1 - Ubuntu Server 14.0.4

Thank you in advance! -Richard O.

Answer

Beside the use of sudo, note that in 2016, libgnome-keyring is specific to GNOME and is now deprecated (since January 2014, actually).

2022 option: git-credential-manager

Microsoft provides a cross-platform credential helper named GCM (Git Credential Manager), which you can install (no need to build it) and configure:

git-credential-manager-core configure

You will need Git 2.27+ to use it.

2016 option: git-credential-libsecret

Git 2.11+ (Q4 2016) included a new credential helper using libsecret.

See commit 87d1353 (09 Oct 2016) by Mantas Mikulėnas (grawity).
(Merged by Junio C Hamano -- gitster -- in commit bfe800c, 26 Oct 2016)

A new credential helper that talks via "libsecret" with implementations of XDG Secret Service API has been added to contrib/credential/.

it uses libsecret which can support other implementations of XDG Secret Service API.

But in 2022, this is no longer needed. See above

As noted by mati865 in the comments:

It should be noted that some distros like Arch and Fedora provide helpers available as both binary and source.

  • Libsecret binary on Arch: /usr/lib/git-core/git-credential-libsecret, and
  • Libsecret binary on Fedora: /usr/libexec/git-core/git-credential-libsecret.

Note: As @rugk adds in the comments, for Fedora and Git v2.25.2-1 or higher, you need to install an extra package with that binary, because it has been split from the main git package:

dnf install git-credential-libsecret

Git 2.41 (Q2 2023) clarifies:

See commit 0a3a972, commit 64f1e65, commit de2fb99, commit 048b673, commit 5747c80, commit 71201ab, commit 16b305c (01 May 2023) by Taylor Blau (ttaylorr).
(Merged by Junio C Hamano -- gitster -- in commit fbbf60a, 10 May 2023)

contrib/credential: remove 'gnome-keyring' credential helper

Co-authored-by: Jeff King
Signed-off-by: Jeff King
Signed-off-by: Taylor Blau

libgnome-keyring was deprecated in 2014 (in favor of libsecret), more than nine years ago.

The credential helper implemented using libgnome-keyring has had a small handful of commits since 2013, none of which implemented or changed any functionality.
The last commit to do substantial work in this area was 15f7221 ("contrib/git-credential-gnome-keyring.c: support really ancient gnome-keyring", 2013-09-23, Git v1.8.5-rc0 -- merge), just shy of nine years ago.

This credential helper suffers from the same fgets()-related injection attack (using the new "wwwauth[]" feature) as in the previous commit.
Instead of patching it, let's remove this helper as deprecated.