I am in the process of upgrading from Kirkstone to Scarthgap (via Langdale, Mickledore and Nanbield). As my host system (openSUSE) doesn't meet the system requirements, I use the buildtools-extended tarball.
Since the migration step from Mickledore to Nanbield, I cannot access my company's GIT server (runing GitLab, requires https + authentifaction) anymore. When I use the GIT client from openSUSE, everything works fine, but when the GIT command from the buildtools tarball is used, I get a "remote: HTTP Basic: Access denied." error message (log below). When I compare this log with the working version, I see that ... - h2 is used instead of http/1.1 - authentication happens straight after SSL setup (before the GET command) Could the GIT client in the buildtools tarball be configured in a way that it works with https + authentication? GIT_TRACE_CURL=TRUE GIT_TRACE_CURL_NO_DATA=1 GIT_TRACE_REDACT=FALSE GIT_TRACE2_REDACT=FALSE git clone g...@git.mycompany.com:myrepo.git Cloning into 'myrepo'... 12:35:38.736181 http.c:820 == Info: Trying xxx.xxx.xxx.xxx:443... 12:35:38.736581 http.c:820 == Info: Connected to git.mycompany.com (xxx.xxx.xxx.xxx) port 443 12:35:38.738282 http.c:820 == Info: ALPN: curl offers http/1.1 12:35:38.738544 http.c:820 == Info: TLSv1.3 (OUT), TLS handshake, Client hello (1): 12:35:38.749279 http.c:820 == Info: CAfile: /build/buildtools/sysroots/x86_64-pokysdk-linux/etc/ssl/certs/ca-certificates.crt 12:35:38.749303 http.c:820 == Info: CApath: none 12:35:38.749385 http.c:820 == Info: TLSv1.3 (IN), TLS handshake, Server hello (2): 12:35:38.749698 http.c:820 == Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): 12:35:38.749722 http.c:820 == Info: TLSv1.3 (IN), TLS handshake, Certificate (11): 12:35:38.750274 http.c:820 == Info: TLSv1.3 (IN), TLS handshake, CERT verify (15): 12:35:38.750368 http.c:820 == Info: TLSv1.3 (IN), TLS handshake, Finished (20): 12:35:38.750407 http.c:820 == Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): 12:35:38.750432 http.c:820 == Info: TLSv1.3 (OUT), TLS handshake, Finished (20): 12:35:38.750537 http.c:820 == Info: SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 12:35:38.750546 http.c:820 == Info: ALPN: server accepted http/1.1 12:35:38.750555 http.c:820 == Info: Server certificate: 12:35:38.750571 http.c:820 == Info: subject: CN=*.mycompany.com 12:35:38.750581 http.c:820 == Info: start date: Feb 28 00:00:00 2024 GMT 12:35:38.750589 http.c:820 == Info: expire date: Mar 15 23:59:59 2025 GMT 12:35:38.750606 http.c:820 == Info: subjectAltName: host "git.mycompany.com" matched cert's "*.mycompany.com" 12:35:38.750622 http.c:820 == Info: issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA 12:35:38.750629 http.c:820 == Info: SSL certificate verify ok. 12:35:38.750632 http.c:820 == Info: using HTTP/1.1 NOTE: openSUSE's GIT client uses HTTP/2 here and also performs authentication here. 12:35:38.750680 http.c:767 => Send header, 0000000247 bytes (0x000000f7) 12:35:38.750688 http.c:779 => Send header: GET /myrepo.git/info/refs?service=git-upload-pack HTTP/1.1 12:35:38.750690 http.c:779 => Send header: Host: git.mycompany.com 12:35:38.750692 http.c:779 => Send header: User-Agent: git/2.42.0 12:35:38.750694 http.c:779 => Send header: Accept: */* 12:35:38.750696 http.c:779 => Send header: Accept-Encoding: deflate, gzip 12:35:38.750698 http.c:779 => Send header: Pragma: no-cache 12:35:38.750699 http.c:779 => Send header: Git-Protocol: version=2 12:35:38.750701 http.c:779 => Send header: 12:35:38.764115 http.c:820 == Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): 12:35:38.764234 http.c:820 == Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): 12:35:38.764247 http.c:820 == Info: old SSL session ID is stale, removing 12:35:38.774919 http.c:767 <= Recv header, 0000000027 bytes (0x0000001b) 12:35:38.774944 http.c:779 <= Recv header: HTTP/1.1 401 Unauthorized NOTE: working version returns "HTTP/2 401" here. 12:35:38.774947 http.c:767 <= Recv header, 0000000015 bytes (0x0000000f) 12:35:38.774949 http.c:779 <= Recv header: Server: nginx 12:35:38.774953 http.c:767 <= Recv header, 0000000037 bytes (0x00000025) 12:35:38.774954 http.c:779 <= Recv header: Date: Tue, 07 May 2024 12:35:38 GMT 12:35:38.774957 http.c:767 <= Recv header, 0000000041 bytes (0x00000029) 12:35:38.774963 http.c:779 <= Recv header: Content-Type: text/plain; charset=utf-8 12:35:38.774973 http.c:767 <= Recv header, 0000000021 bytes (0x00000015) 12:35:38.774977 http.c:779 <= Recv header: Content-Length: 270 12:35:38.774980 http.c:767 <= Recv header, 0000000024 bytes (0x00000018) 12:35:38.774982 http.c:779 <= Recv header: Connection: keep-alive 12:35:38.774987 http.c:767 <= Recv header, 0000000025 bytes (0x00000019) 12:35:38.774989 http.c:779 <= Recv header: Cache-Control: no-cache 12:35:38.774991 http.c:767 <= Recv header, 0000000014 bytes (0x0000000e) 12:35:38.774996 http.c:779 <= Recv header: Vary: Accept 12:35:38.774999 http.c:767 <= Recv header, 0000000040 bytes (0x00000028) 12:35:38.775001 http.c:779 <= Recv header: WWW-Authenticate: Basic realm="GitLab" 12:35:38.775007 http.c:767 <= Recv header, 0000000033 bytes (0x00000021) 12:35:38.775009 http.c:779 <= Recv header: X-Content-Type-Options: nosniff 12:35:38.775015 http.c:767 <= Recv header, 0000000028 bytes (0x0000001c) 12:35:38.775018 http.c:779 <= Recv header: X-Download-Options: noopen 12:35:38.775020 http.c:767 <= Recv header, 0000000029 bytes (0x0000001d) 12:35:38.775025 http.c:779 <= Recv header: X-Frame-Options: SAMEORIGIN 12:35:38.775028 http.c:767 <= Recv header, 0000000078 bytes (0x0000004e) 12:35:38.775033 http.c:779 <= Recv header: X-Gitlab-Meta: {"correlation_id":"XXXXXXXXXXXXXXXXXXXXXXXXXX","version":"1"} 12:35:38.775036 http.c:767 <= Recv header, 0000000041 bytes (0x00000029) 12:35:38.775041 http.c:779 <= Recv header: X-Permitted-Cross-Domain-Policies: none 12:35:38.775044 http.c:767 <= Recv header, 0000000042 bytes (0x0000002a) 12:35:38.775046 http.c:779 <= Recv header: X-Request-Id: XXXXXXXXXXXXXXXXXXXXXXXXXX 12:35:38.775051 http.c:767 <= Recv header, 0000000021 bytes (0x00000015) 12:35:38.775053 http.c:779 <= Recv header: X-Runtime: 0.021434 12:35:38.775056 http.c:767 <= Recv header, 0000000021 bytes (0x00000015) 12:35:38.775061 http.c:779 <= Recv header: X-Xss-Protection: 0 12:35:38.775064 http.c:767 <= Recv header, 0000000002 bytes (0x00000002) 12:35:38.775071 http.c:779 <= Recv header: 12:35:38.775087 http.c:820 == Info: Connection #0 to host git.mycompany.com left intact remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See https://git.mycompany.com/help/topics/git/troubleshooting_git#error-on-git-fetch-http-basic-access-denied fatal: Authentication failed for 'https://git.mycompany.com/myrepo.git/' _______________________________________________________ Christian Eggers Software Engineer ARRI Arnold & Richter Cine Technik GmbH & Co. Betriebs KG Arriweg 17, 83071 Stephanskirchen www.arri.com +49 8036 3009-3118 cegg...@arri.de Arnold & Richter Cine Technik GmbH & Co. Betriebs KG Sitz: München - Registergericht: Amtsgericht München - Handelsregisternummer: HRA 57918 Persönlich haftender Gesellschafter: Arnold & Richter Cine Technik GmbH Sitz: München - Registergericht: Amtsgericht München - Handelsregisternummer: HRB 54477 Geschäftsführer: Dr. Matthias Erb (Chairman); Lars Weyer; Walter Trauninger
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#199093): https://lists.openembedded.org/g/openembedded-core/message/199093 Mute This Topic: https://lists.openembedded.org/mt/105959618/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-