我正在尝试将 AWS CodeCommit 用于我的存储库。对于那些不知道的人,CC 需要一个特定的 git 凭证助手来生成 HTTPS 请求的密码,因为它是加密的和基于时间的。这正常工作。
但是,我确实有一个更严重的问题:git 似乎会自动在 Keychain 中缓存我对时间敏感的凭据,这意味着在 15 分钟左右后,我只会在推送或获取时收到 403 错误。
我尝试按照此处的说明进行操作,但我没有在osxkeychain
任何地方进行配置。据我所知,它被硬编码到 Apple git 中。
这是git
显示问题的一对痕迹:
初始提取
MikeBook-Pro:sensei-cli mike$ GIT_TRACE=1 git fetch 13:43:19.583664 git.c:348 跟踪:内置:git 'fetch' 13:43:19.584764 run-command.c:347 跟踪:run_command:'git-remote-https''origin''https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sensei -cli' 13:43:20.024288 run-command.c:347 跟踪:run_command:'git credential-osxkeychain get' 13:43:20.025203 run-command.c:195 trace: exec: '/bin/sh' '-c' 'git credential-osxkeychain get' 'git credential-osxkeychain get' 13:43:20.029429 git.c:557 跟踪:执行:'git-credential-osxkeychain''get' # 最后一个命令什么也不返回,因为钥匙串里什么都没有。 13:43:20.029928 run-command.c:347 跟踪:run_command:'git-credential-osxkeychain''get' 13:43:21.016738 run-command.c:347 trace: run_command: 'aws --profile default codecommit credential-helper $@ get' # 这将返回正确生成的凭据 13:43:21.018020 run-command.c:195 trace: exec: '/bin/sh' '-c' 'aws --profile default codecommit credential-helper $@ get' 'aws --profile default codecommit credential-helper $@得到' 13:43:21.985711 run-command.c:347 跟踪:run_command:'git credential-osxkeychain store' # 这会将凭证存储在钥匙串中 13:43:21.986731 run-command.c:195 trace: exec: '/bin/sh' '-c' 'git credential-osxkeychain store' 'git credential-osxkeychain store' 13:43:21.991811 git.c:557 跟踪:执行:'git-credential-osxkeychain''存储' 13:43:21.992266 run-command.c:347 跟踪:run_command:'git-credential-osxkeychain''store'13:43:22.017201 run-command.c:347 跟踪:run_command:'aws --profile 默认代码提交凭证-helper $@ store' 13:43:22.017897 run-command.c:195 trace: exec: '/bin/sh' '-c' 'aws --profile default codecommit credential-helper $@ store' 'aws --profile default codecommit credential-helper $@商店' 13:43:22.302123 run-command.c:347 跟踪:run_command:'rev-list''--objects''--stdin''--not''--all''--quiet' ...
后续提取
MikeBook-Pro:sensei-cli mike$ GIT_TRACE=1 git fetch 13:53:51.224971 git.c:348 跟踪:内置:git 'fetch' 13:53:51.231140 run-command.c:347 跟踪:run_command:'git-remote-https''origin''https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sensei -cli' 13:53:53.855917 run-command.c:347 跟踪:run_command:'git credential-osxkeychain get' 13:53:53.859291 run-command.c:195 trace: exec: '/bin/sh' '-c' 'git credential-osxkeychain get' 'git credential-osxkeychain get' 13:53:53.876895 git.c:557 跟踪:执行:'git-credential-osxkeychain''get' # 这确实返回凭据,所以它不会尝试任何帮助程序 13:53:53.877419 run-command.c:347 跟踪:run_command:'git-credential-osxkeychain''get' 致命:无法访问“https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sensei-cli/”:请求的 URL 返回错误:403
git --version
和git config -l
输出
MikeBook-Pro:sensei-cli mike$ git --version git 版本 2.4.9 (Apple Git-60)
MikeBook-Pro:sensei-cli mike$ git config -l user.name=迈克·卡隆 user.email=myemail@domain.com credential.helper=!aws --profile 默认代码提交 credential-helper $@ credential.usehttppath=true core.repositoryformatversion=0 core.filemode=true core.bare=false core.logallrefupdates=true core.ignorecase=true core.precomposeunicode=true remote.origin.url=https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sensei-cli remote.origin.fetch=+refs/heads/*:refs/remotes/origin/* branch.master.remote=起源 branch.master.merge=refs/heads/master