git clone hanging forever on `run_command: git-credential-manager get`
VinGarcia opened this issue · 5 comments
Version
2.0.886+ea93cb5158
Operating system
Windows
OS version or distribution
Windows (Windows 11 Pro) (x64)
Git hosting provider(s)
GitHub Enterprise Server
Other hosting provider
No response
(Azure DevOps only) What format is your remote URL?
None
Can you access the remote repository directly in the browser?
Yes, I can access the repository
Expected behavior
I expected git clone to clone the target repository correctly in a few seconds.
Actual behavior
git clone freezes forever. Using trace and --verbose modes show the last log line is this:
16:36:19.744178 run-command.c:655 trace: run_command: git-credential-manager get
Logs
$env:GIT_TRACE=1; $env:GIT_CURL_VERBOSE=1; git clone --verbose https://$env:GITHUB_TOKEN@github.mycompanyname.com/myorg/myrepo.git installer
16:36:19.525082 exec-cmd.c:237 trace: resolved executable dir: C:/Program Files/Git/mingw64/bin
16:36:19.536599 git.c:460 trace: built-in: git clone --verbose https://@github.mycompanyname.com/myorg/myrepo.git installer
16:36:19.555391 run-command.c:655 trace: run_command: git remote-https origin https://@github.mycompanyname.com/myorg/myrepo.git
Cloning into 'installer'...
16:36:19.586007 exec-cmd.c:237 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
16:36:19.587135 git.c:750 trace: exec: git-remote-https origin https://@github.mycompanyname.com/myorg/myrepo.git
16:36:19.587659 run-command.c:655 trace: run_command: git-remote-https origin https://@github.mycompanyname.com/myorg/myrepo.git
16:36:19.612636 exec-cmd.c:237 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
16:36:19.617867 http.c:724 == Info: Couldn't find host github.mycompanyname.com in the (nil) file; using defaults
16:36:19.617867 http.c:724 == Info: Trying 102.15.37.28:443...
16:36:19.630377 http.c:724 == Info: Connected to github.mycompanyname.com (102.15.37.28) port 443 (#0)
16:36:19.633887 http.c:724 == Info: ALPN: offers h2
16:36:19.633887 http.c:724 == Info: ALPN: offers http/1.1
16:36:19.633887 http.c:724 == Info: CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
16:36:19.633887 http.c:724 == Info: CApath: none
16:36:19.633887 http.c:724 == Info: [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Client hello (1):
16:36:19.633887 http.c:724 == Info: [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Server hello (2):
16:36:19.633887 http.c:724 == Info: [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
16:36:19.633887 http.c:724 == Info: [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Certificate (11):
16:36:19.649622 http.c:724 == Info: [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, CERT verify (15):
16:36:19.649622 http.c:724 == Info: [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Finished (20):
16:36:19.649622 http.c:724 == Info: [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
16:36:19.649622 http.c:724 == Info: [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Finished (20):
16:36:19.649622 http.c:724 == Info: SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
16:36:19.649622 http.c:724 == Info: ALPN: server accepted h2
16:36:19.649622 http.c:724 == Info: Server certificate:
16:36:19.649622 http.c:724 == Info: subject: CN=github.mycompanyname.com
16:36:19.649622 http.c:724 == Info: start date: May 1 00:43:16 2023 GMT
16:36:19.649622 http.c:724 == Info: expire date: Jul 30 00:43:15 2023 GMT
16:36:19.649622 http.c:724 == Info: subjectAltName: host "github.mycompanyname.com" matched cert's "github.mycompanyname.com"
16:36:19.649622 http.c:724 == Info: issuer: C=US; O=Let's Encrypt; CN=R3
16:36:19.649622 http.c:724 == Info: SSL certificate verify ok.
16:36:19.649622 http.c:724 == Info: Using HTTP2, server supports multiplexing
16:36:19.649622 http.c:724 == Info: Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
16:36:19.650131 http.c:724 == Info: h2h3 [:method: GET]
16:36:19.650131 http.c:724 == Info: h2h3 [:path: /myorg/myrepo.git/info/refs?service=git-upload-pack]
16:36:19.650131 http.c:724 == Info: h2h3 [:scheme: https]
16:36:19.650131 http.c:724 == Info: h2h3 [:authority: github.mycompanyname.com]
16:36:19.650131 http.c:724 == Info: h2h3 [user-agent: git/2.39.2.windows.1]
16:36:19.650131 http.c:724 == Info: h2h3 [accept: /]
16:36:19.650131 http.c:724 == Info: h2h3 [accept-encoding: deflate, gzip, br, zstd]
16:36:19.650131 http.c:724 == Info: h2h3 [pragma: no-cache]
16:36:19.650131 http.c:724 == Info: h2h3 [git-protocol: version=2]
16:36:19.650131 http.c:724 == Info: Using Stream ID: 1 (easy handle 0x17ea28ff5e0)
16:36:19.650131 http.c:671 => Send header, 0000000233 bytes (0x000000e9)
16:36:19.650131 http.c:683 => Send header: GET /myorg/myrepo.git/info/refs?service=git-upload-pack HTTP/2
16:36:19.650131 http.c:683 => Send header: Host: github.mycompanyname.com
16:36:19.650131 http.c:683 => Send header: user-agent: git/2.39.2.windows.1
16:36:19.650131 http.c:683 => Send header: accept: /
16:36:19.650131 http.c:683 => Send header: accept-encoding: deflate, gzip, br, zstd
16:36:19.650131 http.c:683 => Send header: pragma: no-cache
16:36:19.650131 http.c:683 => Send header: git-protocol: version=2
16:36:19.650131 http.c:683 => Send header:
16:36:19.650131 http.c:724 == Info: [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
16:36:19.650131 http.c:724 == Info: [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
16:36:19.650131 http.c:724 == Info: old SSL session ID is stale, removing
16:36:19.661646 http.c:671 <= Recv header, 0000000013 bytes (0x0000000d)
16:36:19.661646 http.c:683 <= Recv header: HTTP/2 401
16:36:19.661646 http.c:671 <= Recv header, 0000000026 bytes (0x0000001a)
16:36:19.661646 http.c:683 <= Recv header: server: GitHub Babel 2.0
16:36:19.661646 http.c:671 <= Recv header, 0000000026 bytes (0x0000001a)
16:36:19.661646 http.c:683 <= Recv header: content-type: text/plain
16:36:19.661646 http.c:671 <= Recv header, 0000000054 bytes (0x00000036)
16:36:19.661646 http.c:683 <= Recv header: content-security-policy: default-src 'none'; sandbox
16:36:19.661646 http.c:671 <= Recv header, 0000000020 bytes (0x00000014)
16:36:19.661646 http.c:683 <= Recv header: content-length: 23
16:36:19.661646 http.c:671 <= Recv header, 0000000040 bytes (0x00000028)
16:36:19.661646 http.c:683 <= Recv header: www-authenticate: Basic realm="GitHub"
16:36:19.661646 http.c:671 <= Recv header, 0000000023 bytes (0x00000017)
16:36:19.661646 http.c:683 <= Recv header: x-frame-options: DENY
16:36:19.661646 http.c:671 <= Recv header, 0000000002 bytes (0x00000002)
16:36:19.661646 http.c:683 <= Recv header:
16:36:19.661646 http.c:724 == Info: Ignoring the response-body
16:36:19.661646 http.c:724 == Info: Connection #0 to host github.mycompanyname.com left intact
16:36:19.661646 http.c:724 == Info: Issue another request to this URL: 'https://@github.mycompanyname.com/myorg/myrepo.git/info/refs?service=git-upload-pack'
16:36:19.661646 http.c:724 == Info: Couldn't find host github.mycompanyname.com in the (nil) file; using defaults
16:36:19.661646 http.c:724 == Info: Found bundle for host: 0x17ea28e6bd0 [can multiplex]
16:36:19.661646 http.c:724 == Info: Re-using existing connection #0 with host github.mycompanyname.com
16:36:19.661646 http.c:724 == Info: Server auth using Basic with user ''
16:36:19.661646 http.c:724 == Info: h2h3 [:method: GET]
16:36:19.661646 http.c:724 == Info: h2h3 [:path: /myorg/myrepo.git/info/refs?service=git-upload-pack]
16:36:19.661646 http.c:724 == Info: h2h3 [:scheme: https]
16:36:19.661646 http.c:724 == Info: h2h3 [:authority: github.mycompanyname.com]
16:36:19.661646 http.c:724 == Info: h2h3 [authorization: Basic ]
16:36:19.661646 http.c:724 == Info: h2h3 [user-agent: git/2.39.2.windows.1]
16:36:19.661646 http.c:724 == Info: h2h3 [accept: /]
16:36:19.661646 http.c:724 == Info: h2h3 [accept-encoding: deflate, gzip, br, zstd]
16:36:19.661646 http.c:724 == Info: h2h3 [pragma: no-cache]
16:36:19.661646 http.c:724 == Info: h2h3 [git-protocol: version=2]
16:36:19.661646 http.c:724 == Info: Using Stream ID: 3 (easy handle 0x17ea28ff5e0)
16:36:19.661646 http.c:671 => Send header, 0000000312 bytes (0x00000138)
16:36:19.661646 http.c:683 => Send header: GET /myorg/myrepo.git/info/refs?service=git-upload-pack HTTP/2
16:36:19.661646 http.c:683 => Send header: Host: github.mycompanyname.com
16:36:19.661646 http.c:683 => Send header: authorization: Basic
16:36:19.661646 http.c:683 => Send header: user-agent: git/2.39.2.windows.1
16:36:19.661646 http.c:683 => Send header: accept: /
16:36:19.661646 http.c:683 => Send header: accept-encoding: deflate, gzip, br, zstd
16:36:19.661646 http.c:683 => Send header: pragma: no-cache
16:36:19.661646 http.c:683 => Send header: git-protocol: version=2
16:36:19.661646 http.c:683 => Send header:
16:36:19.665154 http.c:671 <= Recv header, 0000000013 bytes (0x0000000d)
16:36:19.665154 http.c:683 <= Recv header: HTTP/2 401
16:36:19.665154 http.c:671 <= Recv header, 0000000026 bytes (0x0000001a)
16:36:19.665154 http.c:683 <= Recv header: server: GitHub Babel 2.0
16:36:19.665154 http.c:671 <= Recv header, 0000000026 bytes (0x0000001a)
16:36:19.665154 http.c:683 <= Recv header: content-type: text/plain
16:36:19.665154 http.c:671 <= Recv header, 0000000054 bytes (0x00000036)
16:36:19.665154 http.c:683 <= Recv header: content-security-policy: default-src 'none'; sandbox
16:36:19.665154 http.c:671 <= Recv header, 0000000020 bytes (0x00000014)
16:36:19.665154 http.c:683 <= Recv header: content-length: 29
16:36:19.665154 http.c:724 == Info: Authentication problem. Ignoring this.
16:36:19.665154 http.c:671 <= Recv header, 0000000040 bytes (0x00000028)
16:36:19.665154 http.c:683 <= Recv header: www-authenticate: Basic realm="GitHub"
16:36:19.665154 http.c:671 <= Recv header, 0000000023 bytes (0x00000017)
16:36:19.665154 http.c:683 <= Recv header: x-frame-options: DENY
16:36:19.665154 http.c:671 <= Recv header, 0000000002 bytes (0x00000002)
16:36:19.665154 http.c:683 <= Recv header:
16:36:19.665154 http.c:724 == Info: Connection #0 to host github.mycompanyname.com left intact
16:36:19.665154 run-command.c:655 trace: run_command: 'git credential-manager get'
16:36:19.744178 exec-cmd.c:237 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
16:36:19.744178 git.c:750 trace: exec: git-credential-manager get
16:36:19.744178 run-command.c:655 trace: run_command: git-credential-manager get
Adding a little bit more information:
I am trying to run this clone command on a Github actions workflow and the runner machine is an Azure VM if this is relevant.
I have access to the runner machine but since the GITHUB_TOKEN is only available during the run I can't reproduce it exactly locally.
Locally on the machine I can use git clone normally when logged in the machine using:
git clone git@github.mycompanyname.com:myorg/myrepo
Cloning through https using a personal access token also works fine.
The version of git I am using is: git version 2.39.2.windows.1
I also noticed this issue is a lot like #364, but since that one was closed and related to an older version of git I thought it worth creating a new issue.
Finally, this does not seem to be a case of a slow run, I left one instance of it running for 1h and 45 minutes and it was still hanging in the exact same place.
We noticed this and wanted to double check the interpolation of $env:GITHUB_TOKEN is working correctly in the below. We notice that in the Git traces, the username and password fields in the URL are empty.
$env:GIT_TRACE=1; $env:GIT_CURL_VERBOSE=1; git clone --verbose https://$env:[GITHUB_TOKEN@github.mycompanyname.com](mailto:GITHUB_TOKEN@github.mycompanyname.com)/myorg/myrepo.git installer
...
16:36:19.536599 git.c:460 trace: built-in: git clone --verbose https://@github.mycompanyname.com/myorg/myrepo.git installer
GCM is probably hanging because it's showing a prompt on the VM to sign in. If you could also include GCM tracing (GCM_TRACE=1) in addition to the Git tracing, that would help us confirm.
@VinGarcia - were you able to determine whether the interpolation was the problem? If not, can you send along the requested traces?
#1246 (comment)
@VinGarcia did you manage to check if this was the problem?
Closing due to lack of response.