Learn More
Resend Email
6
netikras
10d

Soo.. over the span of 1 month, x2 MAC servers have died (hardware failure). I'm in progress of setting up the third one.

What a dumb fucking system MacOS is!!! wtf...

I've spent 4+ hours trying to figure out why the fuck `git clone` is getting stuck and timing out our CI runs.

Turns out, on MacOS you cannot run git clone via ssh IF you have that user logged in via GUI (e.g. VNC). Git is getting stuck at

11:51:26.084245 run-command.c:759 trace: start_command: /opt/homebrew/opt/git/libexec/git-core/git-credential-osxkeychain store

and just chilling there doing nothing, waiting for the user to click on a Cancel button in GUI.
Logged out my VNC session and git magically started working.

What a dumb system... Or perhaps I'm misunderstanding this "security" feature...?

rant

server

devops

git

wtf

keychain

freeze

apple

aws

macos

ci
Favorite
Ranter
Comments
  • 2
    10d
    User input on keyring access, to hinder keyring dumping by effectively informing the user about access attempt, most have it encrypted and this gui ask for master password!
  • 2
    10d
    @max19931 access attempt...? Why would it try to access the logged in user's keyring?

    I'm doing git clone with a repo token for auth.Why the hell does it even touch the GUI session's keyring..? wtf does it need from it?
  • 2
    10d
    @netikras You're holding it wrong. Have you tried holding it correctly?
  • 2
    10d
    So the security turns off if GUI user is not logged in?
  • 0
    9d
    Show me you're a living person
  • 0
    6d
    @netikras repo Token was likely dropped into keyring or how do you think macos x stored Passworts!
  • 0
    6d
    @max19931 why did it drop it to keychain...? I passed it as a cli arg and expected it to be used for that invocation alone -- I did NOT ask it to do anything with secrets' caching/storing/fetching/doing anything with kc.

    Genuine question.
  • 0
    4d
    @netikras just check your KC and see if it dumped it into it!
  • 0
    3d
    @max19931 can't check it ATM. However, while git was frozen in the UI I saw interactive popups saying that it could not find some key in a KC. And it only after I close that popup by clicking on Cancel (or smth like it) and doing the same for all the other similar popups does the git command unfreeze.

    It's a freshly installed MAC dedicated host (AWS).

    I still fail to see how this is a security measure...

    I'm assuming that if git found those ci/cd keys in KC it would not prompt me for anything in UI...
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment