Re: Git-devel has broken git-credential-osxkeychain.c for older systems
Given it is in contrib, presumably it got its own upstream? On Apr 21, 2024 at 11:24 +0800, Fred Wright , wrote: > > On Sat, 20 Apr 2024, Saagar Jha wrote: > > > Wait, I use osxkeychain. It’s basically a requirement if you’re pushing > > to an authenticated server over HTTPS and don’t want to have to deal > > with storing keys yourself. I suspect it is used a lot for this. > > I have yet to see a Git repo that didn't allow you to push via SSH > (git://) rather than HTTPS, and that's preferable, anyway. I usually > configure repos to use git:// in both directions, though git allows you to > configure fetch and push separately if you want. > > I avoid Keychain as much as I possibly can, after reading in some > documentation somewhere that it stores all your passwords on the disk in > cleartext the entire time you're logged in. > > I have no objection to having the osxkeychain feature, but I don't > recommend actually using it. > > Fred Wright > > > > On Apr 19, 2024, at 23:52, Kirill A. Korinsky wrote: > > > > > > On Sat, 20 Apr 2024 00:25:47 +0200, > > > Sergio Had wrote: > > > > > > > > What do we do? :) > > > > > > To fix the build you have two options: > > > 1. Revert that patch for system before 10.7 > > > 2. Remove folder contrib/credential/osxkeychain > > > > > > I suggest to follow (2) as simpler thay and the good news that osxkeychain > > > is something that isn't often used.
Re: Git-devel has broken git-credential-osxkeychain.c for older systems
On Sat, 20 Apr 2024, Saagar Jha wrote: Wait, I use osxkeychain. It’s basically a requirement if you’re pushing to an authenticated server over HTTPS and don’t want to have to deal with storing keys yourself. I suspect it is used a lot for this. I have yet to see a Git repo that didn't allow you to push via SSH (git://) rather than HTTPS, and that's preferable, anyway. I usually configure repos to use git:// in both directions, though git allows you to configure fetch and push separately if you want. I avoid Keychain as much as I possibly can, after reading in some documentation somewhere that it stores all your passwords on the disk in cleartext the entire time you're logged in. I have no objection to having the osxkeychain feature, but I don't recommend actually using it. Fred Wright On Apr 19, 2024, at 23:52, Kirill A. Korinsky wrote: On Sat, 20 Apr 2024 00:25:47 +0200, Sergio Had wrote: What do we do? :) To fix the build you have two options: 1. Revert that patch for system before 10.7 2. Remove folder contrib/credential/osxkeychain I suggest to follow (2) as simpler thay and the good news that osxkeychain is something that isn't often used.
Re: livecheck and curl 8.7.1
On Fri, 19 Apr 2024, René J.V. Bertin wrote: On Friday April 19 2024 22:10:40 Kirill A. Korinsky wrote: Because MacPorts download distfiles and packages from HTTP, not HTTPS because it contains checksums for that it downloads :) Nope. Maybe for distfiles that are hosted on the own servers, but the past few years more and more ports have had their `master_sites` converted to https URLs. (With good reason: pure http sites are disappearing little by little.) A random bit of proof: DEBUG: fetch phase started at Fri Apr 19 23:04:39 CEST 2024 ---> Fetching distfiles for pulseaudio DEBUG: Executing org.macports.fetch (pulseaudio) ---> pulseaudio-17.0.tar.xz does not exist in /opt/local/var/macports/distfiles/pulseaudio ---> Attempting to fetch pulseaudio-17.0.tar.xz from https://www.freedesktop.org/software/pulseaudio/releases/ % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 1529k 100 1529k0 0 977k 0 0:00:01 0:00:01 --:--:-- 977k That "proof" is completely (well, almost) irrelevant for end users. It matters for port developers, but once a port is "published", its distfiles are copied to the MacPorts mirrors, where they can be fetched by the system curl on any OS. The "almost" is because the primary distfile source is still included as a candidate for fetching, and in some cases may be chosen ahead of the mirrors. In the non-working curl case, this at the very least adds delay, but there was a case a couple of years ago where MacPorts decided to prefer python.org to the mirrors (at my location), and the fetch (on 10.9) would hang in a way that wasn't subject to a timeout, so it never gave up and never moved on to the mirrors. The response when I reported this was "gee, it's supposed to have timeouts". I don't know exactly what got fixed, but I haven't seen this lately. Livecheck is completely different, since there's no mirroring of the content that livecheck is looking at. Fred Wright
Re: Git-devel has broken git-credential-osxkeychain.c for older systems
On Sat, 20 Apr 2024 20:45:36 +0200, Sergio Had wrote: > > Is someone in touch with Git upstream? It should be pretty trivial to > retain the working code, they are perhaps simply assuming that nobody uses > it. Which is not the case, obviously. I really doubt that anyone care about of macOS 10.6 these days with exception for a few folks in the world, and probably half of them read this mail list :) But propose a patch for git isn't bad idea, indeed. -- wbr, Kirill
Re: Git-devel has broken git-credential-osxkeychain.c for older systems
Is someone in touch with Git upstream? It should be pretty trivial to retain the working code, they are perhaps simply assuming that nobody uses it. Which is not the case, obviously. On Apr 21, 2024 at 02:41 +0800, Kirill A. Korinsky , wrote: > On Sat, 20 Apr 2024 18:19:30 +0200, > Saagar Jha wrote: > > > > Wait, I use osxkeychain. It’s basically a requirement if you’re pushing to > > an authenticated server over HTTPS and don’t want to have to deal with > > storing keys yourself. I suspect it is used a lot for this. > > > > Do you use on 10.6? > > I mean to remove it for 10.6 where it can't work after the patch. > > -- > wbr, Kirill
Re: Git-devel has broken git-credential-osxkeychain.c for older systems
On Sat, 20 Apr 2024 18:19:30 +0200, Saagar Jha wrote: > > Wait, I use osxkeychain. It’s basically a requirement if you’re pushing to > an authenticated server over HTTPS and don’t want to have to deal with > storing keys yourself. I suspect it is used a lot for this. > Do you use on 10.6? I mean to remove it for 10.6 where it can't work after the patch. -- wbr, Kirill
Re: Git-devel has broken git-credential-osxkeychain.c for older systems
Yes, I also use it for this. We want it to work. On Apr 21, 2024 at 00:19 +0800, Saagar Jha , wrote: > Wait, I use osxkeychain. It’s basically a requirement if you’re pushing to an > authenticated server over HTTPS and don’t want to have to deal with storing > keys yourself. I suspect it is used a lot for this. > > > On Apr 19, 2024, at 23:52, Kirill A. Korinsky wrote: > > > > On Sat, 20 Apr 2024 00:25:47 +0200, > > Sergio Had wrote: > > > > > > What do we do? :) > > > > To fix the build you have two options: > > 1. Revert that patch for system before 10.7 > > 2. Remove folder contrib/credential/osxkeychain > > > > I suggest to follow (2) as simpler thay and the good news that osxkeychain > > is something that isn't often used. > > > > -- > > wbr, Kirill
Re: Git-devel has broken git-credential-osxkeychain.c for older systems
Wait, I use osxkeychain. It’s basically a requirement if you’re pushing to an authenticated server over HTTPS and don’t want to have to deal with storing keys yourself. I suspect it is used a lot for this. > On Apr 19, 2024, at 23:52, Kirill A. Korinsky wrote: > > On Sat, 20 Apr 2024 00:25:47 +0200, > Sergio Had wrote: >> >> What do we do? :) > > To fix the build you have two options: > 1. Revert that patch for system before 10.7 > 2. Remove folder contrib/credential/osxkeychain > > I suggest to follow (2) as simpler thay and the good news that osxkeychain > is something that isn't often used. > > -- > wbr, Kirill
Re: Git-devel has broken git-credential-osxkeychain.c for older systems
On Sat, 20 Apr 2024 00:25:47 +0200, Sergio Had wrote: > > What do we do? :) To fix the build you have two options: 1. Revert that patch for system before 10.7 2. Remove folder contrib/credential/osxkeychain I suggest to follow (2) as simpler thay and the good news that osxkeychain is something that isn't often used. -- wbr, Kirill
