[bitbake-devel] [PATCH 0/1] bitbake: fetch2/git: fix initial http authed clone
Olof Johansson
olof.johansson at axis.com
Tue Jun 4 17:38:59 UTC 2019
On 19-06-04 18:01 +0200, Leif Middelschulte wrote:
> This patch fixes initial clones of git repositories authenticated
> via basic http authentication. This became apparent when code was
> reused to clone submodules too.
>
> The method is the recommended way of cloning source code by CI
> runners. This patch fixes the currently broken behvior.
Hi,
Recommended by whom specifically? Encoding passwords in URIs was
deprecated RFC 3986 for security reasons. Some tools may not be
aware of security sensitive information contained in URIs.
RFC 3986:
> Applications should not render as clear text any data after the
> first colon (":") character found within a userinfo
> subcomponent ...
Having passwords and security sensitive info in the bitbake
metadata also seems a bit weird to me, but bb.fetch2.decodeurl()
does support extracting it. I thought the git fetcher didn't
support auth details (other than user) via the URI by design, but
this is just my assumption.
The gitcredentials manpage recommends using the global
configuration with [credential.<uri-pattern>] blocks to specify
this instead.
https://git-scm.com/docs/gitcredentials
--
olofjn
More information about the bitbake-devel
mailing list