diff options
author | Bryan C. Mills <bcmills@google.com> | 2021-03-09 23:27:48 -0500 |
---|---|---|
committer | Bryan C. Mills <bcmills@google.com> | 2021-05-04 15:03:06 +0000 |
commit | 86e42c2fbfe14c41746fe5cfc5c8bda94bb4bc4e (patch) | |
tree | fcb71b5a5a6a83564b47a6d64fe96eb38d1456a4 | |
parent | 5e4f9b077f27c79a69677b7c15dbfd157b1698a4 (diff) | |
download | go-86e42c2fbfe14c41746fe5cfc5c8bda94bb4bc4e.tar.gz go-86e42c2fbfe14c41746fe5cfc5c8bda94bb4bc4e.zip |
cmd/go: suppress SSH password prompts when fetching modules or repos
We were already setting GIT_SSH_COMMAND (if unset) to explicitly
include 'ControlMaster=no' in order to disable connection pooling.
Now we also set 'BatchMode=yes' to suppress password prompts for
password-protected keys.
While we're here, we also set GCM_INTERACTIVE=never to suppress
similar prompts from the Git Credential Manager for Windows.
Fixes #44904
Change-Id: Iebb050079ff7dd54d5b944c459ae212e9e6f2579
Reviewed-on: https://go-review.googlesource.com/c/go/+/300157
Trust: Bryan C. Mills <bcmills@google.com>
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jay Conrod <jayconrod@google.com>
-rw-r--r-- | doc/go1.17.html | 11 | ||||
-rw-r--r-- | src/cmd/go/internal/get/get.go | 16 | ||||
-rw-r--r-- | src/cmd/go/internal/modload/init.go | 6 |
3 files changed, 29 insertions, 4 deletions
diff --git a/doc/go1.17.html b/doc/go1.17.html index 0521f9fd91..6aa9d5b876 100644 --- a/doc/go1.17.html +++ b/doc/go1.17.html @@ -138,6 +138,17 @@ Do not send CLs removing the interior tags from such phrases. module root when invoked within the <code>vendor</code> tree. </p> +<h4 id="password-prompts">Password prompts</h4> + +<p><!-- golang.org/issue/44904 --> + The <code>go</code> command by default now suppresses SSH password prompts and + Git Credential Manager prompts when fetching Git repositories using SSH, as it + already did previously for other Git password prompts. Users authenticating to + private Git repos with password-protected SSH may configure + an <code>ssh-agent</code> to enable the <code>go</code> command to use + password-protected SSH keys. +</p> + <h2 id="runtime">Runtime</h2> <p> diff --git a/src/cmd/go/internal/get/get.go b/src/cmd/go/internal/get/get.go index 4c57ee3518..c28bce8cfc 100644 --- a/src/cmd/go/internal/get/get.go +++ b/src/cmd/go/internal/get/get.go @@ -126,7 +126,7 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) { base.Fatalf("go get: -insecure flag is no longer supported; use GOINSECURE instead") } - // Disable any prompting for passwords by Git. + // Disable any prompting for passwords by Git itself. // Only has an effect for 2.3.0 or later, but avoiding // the prompt in earlier versions is just too hard. // If user has explicitly set GIT_TERMINAL_PROMPT=1, keep @@ -136,7 +136,10 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) { os.Setenv("GIT_TERMINAL_PROMPT", "0") } - // Disable any ssh connection pooling by Git. + // Also disable prompting for passwords by the 'ssh' subprocess spawned by + // Git, because apparently GIT_TERMINAL_PROMPT isn't sufficient to do that. + // Adding '-o BatchMode=yes' should do the trick. + // // If a Git subprocess forks a child into the background to cache a new connection, // that child keeps stdout/stderr open. After the Git subprocess exits, // os /exec expects to be able to read from the stdout/stderr pipe @@ -150,7 +153,14 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) { // assume they know what they are doing and don't step on it. // But default to turning off ControlMaster. if os.Getenv("GIT_SSH") == "" && os.Getenv("GIT_SSH_COMMAND") == "" { - os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no") + os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no -o BatchMode=yes") + } + + // And one more source of Git prompts: the Git Credential Manager Core for Windows. + // + // See https://github.com/microsoft/Git-Credential-Manager-Core/blob/master/docs/environment.md#gcm_interactive. + if os.Getenv("GCM_INTERACTIVE") == "" { + os.Setenv("GCM_INTERACTIVE", "never") } // Phase 1. Download/update. diff --git a/src/cmd/go/internal/modload/init.go b/src/cmd/go/internal/modload/init.go index 88d647d9ea..99c0c2b981 100644 --- a/src/cmd/go/internal/modload/init.go +++ b/src/cmd/go/internal/modload/init.go @@ -163,7 +163,11 @@ func Init() { // assume they know what they are doing and don't step on it. // But default to turning off ControlMaster. if os.Getenv("GIT_SSH") == "" && os.Getenv("GIT_SSH_COMMAND") == "" { - os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no") + os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no -o BatchMode=yes") + } + + if os.Getenv("GCM_INTERACTIVE") == "" { + os.Setenv("GCM_INTERACTIVE", "never") } if modRoot != "" { |