git-credential-manager
git-credential-manager copied to clipboard
git-ecosystem
GCM hangs without errors. Azure DevOps
Version
2.1.2
Operating system
Linux
OS version or distribution
Linux Win10 5.15.90.1-microsoft-standard-WSL2 [Ubuntu 22.04 LTS]
Git hosting provider(s)
Azure DevOps
Other hosting provider
No response
(Azure DevOps only) What format is your remote URL?
https://dev.azure.com/{org}
Can you access the remote repository directly in the browser?
Yes, I can access the repository
Expected behavior
I chose to use the secretservice helper. Gnome keyring opens and I can enter my password.
then gcm should use the secretservice and perform the auth code flow.
And I should be able to do a git pull
Actual behavior
I chose to use the secretservice helper. Gnome keyring opens and I can enter my password.
Then git pull command is hanging.
Logs
Git logs
14:51:46.040892 git.c:455 trace: built-in: git fetch
14:51:46.041414 run-command.c:668 trace: run_command: GIT_DIR=.git git remote-https origin 'https://[email protected]/investpsp/DS-I%20Tools/_git/dsi-tools'
14:51:46.043981 git.c:742 trace: exec: git-remote-https origin 'https://[email protected]/investpsp/DS-I%20Tools/_git/dsi-tools'
14:51:46.044178 run-command.c:668 trace: run_command: git-remote-https origin 'https://[email protected]/investpsp/DS-I%20Tools/_git/dsi-tools'
14:51:46.253995 run-command.c:668 trace: run_command: '/usr/local/bin/git-credential-manager get'
14:51:46.401363 git.c:455 trace: built-in: git config --null --list
14:51:46.535836 ...re/Application.cs:95 trace: [RunInternalAsync] Version: 2.1.2.0
14:51:46.537184 ...re/Application.cs:96 trace: [RunInternalAsync] Runtime: .NET 6.0.16
14:51:46.537226 ...re/Application.cs:97 trace: [RunInternalAsync] Platform: Linux (x86-64)
14:51:46.537240 ...re/Application.cs:98 trace: [RunInternalAsync] OSVersion: Linux Win10 5.15.90.1-microsoft-standard-WSL2 #1 SMP Fri Jan 27 02:56:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
14:51:46.537257 ...re/Application.cs:99 trace: [RunInternalAsync] AppPath: /usr/local/bin/git-credential-manager
14:51:46.537340 ...e/Application.cs:100 trace: [RunInternalAsync] InstallDir: /usr/local/share/gcm-core/
14:51:46.537405 ...e/Application.cs:101 trace: [RunInternalAsync] Arguments: get
14:51:46.636340 ...GitCommandBase.cs:33 trace: [ExecuteAsync] Start 'get' command...
14:51:46.660277 ...GitCommandBase.cs:47 trace: [ExecuteAsync] Detecting host provider for input:
14:51:46.666284 ...GitCommandBase.cs:48 trace: [ExecuteAsync] protocol=https
14:51:46.666574 ...GitCommandBase.cs:48 trace: [ExecuteAsync] host=dev.azure.com
14:51:46.666605 ...GitCommandBase.cs:48 trace: [ExecuteAsync] path=investpsp/DS-I Tools/_git/dsi-tools
14:51:46.666624 ...GitCommandBase.cs:48 trace: [ExecuteAsync] username=investpsp
14:51:46.675879 ...viderRegistry.cs:149 trace: [GetProviderAsync] Performing auto-detection of host provider.
14:51:46.676684 ...viderRegistry.cs:162 trace: [GetProviderAsync] Auto-detect probe timeout is 2 ms.
14:51:46.680322 ...viderRegistry.cs:170 trace: [GetProviderAsync] Checking against 4 host providers registered with priority 'Normal'.
14:51:46.681390 ...GitCommandBase.cs:50 trace: [ExecuteAsync] Host provider 'Azure Repos' was selected.
14:51:46.686769 ...osHostProvider.cs:85 trace: [GetCredentialAsync] Looking for existing credential in store with service=https://dev.azure.com/investpsp account=...
14:51:46.693281 ...osHostProvider.cs:90 trace: [GetCredentialAsync] No existing credentials found.
14:51:46.693523 ...osHostProvider.cs:93 trace: [GetCredentialAsync] Creating new credential...
14:51:46.695059 ...sHostProvider.cs:195 trace: [GeneratePersonalAccessTokenAsync] Determining Microsoft Authentication Authority...
14:51:46.707775 ...eDevOpsRestApi.cs:43 trace: [GetAuthorityAsync] HTTP: HEAD https://dev.azure.com/investpsp
14:51:46.710971 ...pClientFactory.cs:60 trace: [CreateClient] Creating new HTTP client instance...
14:51:46.716876 ...pClientFactory.cs:80 trace: [CreateClient] Git's SSL/TLS backend is: OpenSsl
14:51:46.722142 git.c:455 trace: built-in: git version
14:51:46.741859 git.c:455 trace: built-in: git config --null --type=path 'http.https://dev.azure.com/investpsp/DS-I%20Tools/_git/dsi-tools.sslCAInfo'
14:51:46.746580 git.c:455 trace: built-in: git config --null --type=path 'http.dev.azure.com/investpsp/DS-I%20Tools/_git/dsi-tools.sslCAInfo'
14:51:46.751649 git.c:455 trace: built-in: git config --null --type=path 'http.https://dev.azure.com/investpsp/DS-I%20Tools/_git.sslCAInfo'
14:51:46.756030 git.c:455 trace: built-in: git config --null --type=path 'http.dev.azure.com/investpsp/DS-I%20Tools/_git.sslCAInfo'
14:51:46.759611 git.c:455 trace: built-in: git config --null --type=path 'http.https://dev.azure.com/investpsp/DS-I%20Tools.sslCAInfo'
14:51:46.763489 git.c:455 trace: built-in: git config --null --type=path 'http.dev.azure.com/investpsp/DS-I%20Tools.sslCAInfo'
14:51:46.767557 git.c:455 trace: built-in: git config --null --type=path http.https://dev.azure.com/investpsp.sslCAInfo
14:51:46.771553 git.c:455 trace: built-in: git config --null --type=path http.dev.azure.com/investpsp.sslCAInfo
14:51:46.775322 git.c:455 trace: built-in: git config --null --type=path http.https://dev.azure.com.sslCAInfo
14:51:46.779353 git.c:455 trace: built-in: git config --null --type=path http.dev.azure.com.sslCAInfo
14:51:46.783232 git.c:455 trace: built-in: git config --null --type=path http.https://azure.com.sslCAInfo
14:51:46.786895 git.c:455 trace: built-in: git config --null --type=path http.azure.com.sslCAInfo
14:51:46.790568 git.c:455 trace: built-in: git config --null --type=path http.sslCAInfo
14:51:48.282275 git.c:455 trace: built-in: git config --null --type=path 'http.https://dev.azure.com/investpsp/DS-I%20Tools/_git/dsi-tools.sslCAInfo'
14:51:48.286456 git.c:455 trace: built-in: git config --null --type=path 'http.dev.azure.com/investpsp/DS-I%20Tools/_git/dsi-tools.sslCAInfo'
14:51:48.290677 git.c:455 trace: built-in: git config --null --type=path 'http.https://dev.azure.com/investpsp/DS-I%20Tools/_git.sslCAInfo'
14:51:48.295144 git.c:455 trace: built-in: git config --null --type=path 'http.dev.azure.com/investpsp/DS-I%20Tools/_git.sslCAInfo'
14:51:48.300208 git.c:455 trace: built-in: git config --null --type=path 'http.https://dev.azure.com/investpsp/DS-I%20Tools.sslCAInfo'
14:51:48.305342 git.c:455 trace: built-in: git config --null --type=path 'http.dev.azure.com/investpsp/DS-I%20Tools.sslCAInfo'
14:51:48.309544 git.c:455 trace: built-in: git config --null --type=path http.https://dev.azure.com/investpsp.sslCAInfo
14:51:48.315350 git.c:455 trace: built-in: git config --null --type=path http.dev.azure.com/investpsp.sslCAInfo
14:51:48.322362 git.c:455 trace: built-in: git config --null --type=path http.https://dev.azure.com.sslCAInfo
14:51:48.326674 git.c:455 trace: built-in: git config --null --type=path http.dev.azure.com.sslCAInfo
14:51:48.331350 git.c:455 trace: built-in: git config --null --type=path http.https://azure.com.sslCAInfo
14:51:48.335145 git.c:455 trace: built-in: git config --null --type=path http.azure.com.sslCAInfo
14:51:48.339269 git.c:455 trace: built-in: git config --null --type=path http.sslCAInfo
gcm diagnose
Running diagnostics...
[ OK ] Environment
[ OK ] File system
[ OK ] Networking
[ OK ] Git
[ OK ] Credential storage
[ OK ] Microsoft authentication (AAD/MSA)
[ OK ] GitHub API
Diagnostic summary: 7 passed, 0 skipped, 0 failed.
Log files:
/home/pierre/repos/dsi-tools/gcm-diagnose.log
...
14:51:46.695059 ...sHostProvider.cs:195 trace: [GeneratePersonalAccessTokenAsync] Determining Microsoft Authentication Authority...
14:51:46.707775 ...eDevOpsRestApi.cs:43 trace: [GetAuthorityAsync] HTTP: HEAD https://dev.azure.com/investpsp
14:51:46.710971 ...pClientFactory.cs:60 trace: [CreateClient] Creating new HTTP client instance...
14:51:46.716876 ...pClientFactory.cs:80 trace: [CreateClient] Git's SSL/TLS backend is: OpenSsl
It looks like GCM is stuck waiting the network request to HEAD https://dev.azure.com/investpsp.
I see you are using WSL; do you have any firewall rules or security prompts in Windows?
What happens if you run the following in the WSL instance?
curl -I https://dev.azure.com/investpsp
Yes we do have strong firewall but i run this from a "more relaxed" env.
Results from curl -I https://dev.azure.com/investpsp :
❯ curl -I https://dev.azure.com/investpsp
HTTP/2 401
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 89525
content-type: text/html
expires: -1
p3p: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
set-cookie: VstsSession=%7B%22PersistentSessionId%22%3A%222b213418-46dc-4fe8-9903-396c2e8d5666%22%2C%22PendingAuthenticationSessionId%22%3A%2200000000-0000-0000-0000-000000000000%22%2C%22CurrentAuthenticationSessionId%22%3A%2200000000-0000-0000-0000-000000000000%22%2C%22SignInState%22%3A%7B%7D%7D;SameSite=None; domain=.dev.azure.com; expires=Fri, 10-May-2024 20:52:14 GMT; path=/; secure; HttpOnly
www-authenticate: Bearer authorization_uri=https://login.microsoftonline.com/e3a7cef6-ae1f-480d-a1e8-2ce7bd85f50e
www-authenticate: Basic realm="https://tfsprodcca1.visualstudio.com/"
www-authenticate: TFS-Federated
x-tfs-processid: cbdc115c-407c-4056-8528-8bf6a919f428
strict-transport-security: max-age=31536000; includeSubDomains
activityid: a0b00dd5-8360-4bd7-9b5f-22fa40e0dd32
x-tfs-session: a0b00dd5-8360-4bd7-9b5f-22fa40e0dd32
x-vss-e2eid: a0b00dd5-8360-4bd7-9b5f-22fa40e0dd32
x-vss-senderdeploymentid: 4ff21e82-8865-0b2e-ffe8-9598818f8190
x-tfs-fedauthrealm: https://tfsprodcca1.visualstudio.com/
x-tfs-fedauthissuer: https://dev.azure.com/investpsp/
x-vss-authorizationendpoint: https://vssps.dev.azure.com/investpsp/
x-vss-resourcetenant: e3a7cef6-ae1f-480d-a1e8-2ce7bd85f50e
x-frame-options: SAMEORIGIN
x-tfs-soapexception: %3C%3Fxml%20version%3D%221.0%22%20encoding%3D%22utf-8%22%3F%3E%3Csoap%3AEnvelope%20xmlns%3Asoap%3D%22http%3A%2F%2Fwww.w3.org%2F2003%2F05%2Fsoap-envelope%22%3E%3Csoap%3ABody%3E%3Csoap%3AFault%3E%3Csoap%3ACode%3E%3Csoap%3AValue%3Esoap%3AReceiver%3C%2Fsoap%3AValue%3E%3Csoap%3ASubcode%3E%3Csoap%3AValue%3EUnauthorizedRequestException%3C%2Fsoap%3AValue%3E%3C%2Fsoap%3ASubcode%3E%3C%2Fsoap%3ACode%3E%3Csoap%3AReason%3E%3Csoap%3AText%20xml%3Alang%3D%22en%22%3ETF400813%3A%20The%20user%20%27aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa%27%20is%20not%20authorized%20to%20access%20this%20resource.%3C%2Fsoap%3AText%3E%3C%2Fsoap%3AReason%3E%3C%2Fsoap%3AFault%3E%3C%2Fsoap%3ABody%3E%3C%2Fsoap%3AEnvelope%3E
x-tfs-serviceerror: TF400813%3A%20The%20user%20%27aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa%27%20is%20not%20authorized%20to%20access%20this%20resource.
x-vss-s2stargetservice: 00000002-0000-8888-8000-000000000000/visualstudio.com
x-tfs-fedauthredirect: https://spsprodcca1.vssps.visualstudio.com/_signin?realm=dev.azure.com&reply_to=https%3A%2F%2Fdev.azure.com%2Finvestpsp%2F&redirect=1&hid=edcb4ce1-c801-490a-9d17-94471ad056d7&context=eyJodCI6MiwiaGlkIjoiYzgyODFiYmItODFlYy00ZmZiLTgzYzktM2FlYWRmN2MyYTZiIiwicXMiOnt9LCJyciI6IiIsInZoIjoiIiwiY3YiOiIiLCJjcyI6IiJ90#ctx=eyJTaWduSW5Db29raWVEb21haW5zIjpbImh0dHBzOi8vbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSIsImh0dHBzOi8vbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSJdfQ2
request-context: appId=cid-v1:72d31d95-1757-44f5-b910-a46611808454
access-control-expose-headers: Request-Context
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 2EAFB6ABBED74655B1CD4EC6FD0D4C32 Ref B: YMQ01EDGE0615 Ref C: 2023-05-11T20:52:14Z
date: Thu, 11 May 2023 20:52:13 GMT
Did you only start to notice this starting with the 2.1.x releases or did you notice it with the 2.0.x releases as well?
@li
Did you only start to notice this starting with the
2.1.xreleases or did you notice it with the2.0.xreleases as well?
I used to have a setup with 2.0.x on another on prem infra which was working. We moved to a new VMware version and I had to do my git setup again in my VM (which does not work now). It could be that they added security rules in the firewall. Are you aware of any tools that would allow me to test that? There is no SSL inspection on my environment, so I would be surprised if it's a certificate issue.
@pievalentin - were you able to test whether the hang still occurs when you downgrade?