Disable interactive git terminal prompts during fetches#11744
Merged
zanieb merged 1 commit intoastral-sh:mainfrom Feb 25, 2025
Merged
Disable interactive git terminal prompts during fetches#11744zanieb merged 1 commit intoastral-sh:mainfrom
zanieb merged 1 commit intoastral-sh:mainfrom
Conversation
Contributor
Author
|
It looks like the test drive is having at least some sort of git credentials configuration leaking through global user state. If I run it naively, it fails directly: But if I run it with my (Which then also fails because I didn't use the correct credentials, but that's besides the point) |
Member
|
I'm not sure if this is the change we want. Disabling the spinner entirely seems like a loss. It's unclear to me if we even want to try to support interactive authentication here.
Do we need to just change the git configuration home to a tmpdir or something? |
Member
|
cc @jtfmumm since this was on your list of projects |
Contributor
Author
If the spinner should stay, then interactive auth needs to go. I removed the spinner because it was the easier fix, but with some instructions I can also try to disable interactive auth instead. Keeping this PR as a hotfix in the meantime would also be okay for me. This issue is a major road block for a project migration to uv, because the project has private dependencies and if these are not set up correctly beforehand the application will seemingly just hang forever. |
Contributor
Author
|
Turns out that disabling the prompt is pretty easy, and it even works with other interactive auth mechanisms outside of the CLI. This is clearly a better solution. I'm not sure on whether the env variable should be set to all |
zanieb
reviewed
Feb 25, 2025
zanieb
reviewed
Feb 25, 2025
zanieb
reviewed
Feb 25, 2025
crates/uv/tests/it/pip_install.rs
Outdated
| Resolved 1 package in [TIME] | ||
| Prepared 1 package in [TIME] | ||
| Installed 1 package in [TIME] | ||
| + uv-private-pypackage==0.1.0 (from git+https://***@github.com/astral-test/uv-private-pypackage@d780faf0ac91257d4d5a4f0c5a0e4509608c0071) |
Member
There was a problem hiding this comment.
I'm guessing this succeeds because the credentials are in the git cache. Is there a way to disable that?
Member
There was a problem hiding this comment.
Oh it does fail in CI
8 │- + uv-private-pypackage==0.1.0 (from git+https://***@github.com/astral-test/uv-private-pypackage@d780faf0ac91257d4d5a4f0c5a0e4509608c0071)
5 │+ × Failed to download and build `uv-private-pypackage @ git+[https://github.com/astral-test/uv-private-pypackage`](https://github.com/astral-test/uv-private-pypackage%60)
6 │+ ├─▶ Git operation failed
7 │+ ├─▶ failed to clone into: [CACHE_DIR]/git-v0/db/8401f5508e3e612d
8 │+ ╰─▶ process didn't exit successfully: `/usr/bin/git fetch --force --update-head-ok 'https://github.com/astral-test/uv-private-pypackage' '+HEAD:refs/remotes/origin/HEAD'` (exit status: 128)
9 │+ --- stderr
10 │+ fatal: could not read Username for 'https://github.com/': terminal prompts disabled
Maybe you just need to update the snapshot?
We should also probably special-case this error, but we can track that in a new issue.
Member
|
Thanks for looking into that! |
piegamesde
force-pushed
the
main
branch
4 times, most recently
from
8b9c193 to
f8bf20c
Compare
The interactive terminal prompt is not compatible with our TUI spinner animation, which will shadow the prompt and make it look like uv is hanging forever. Interactive auth is still supported via GUI mechanisms configured through git, like SSH_ASKPASS. This fixes astral-sh#5107
zanieb
changed the title
zanieb
approved these changes
Feb 25, 2025
| let mut cmd = ProcessBuilder::new(GIT.as_ref()?); | ||
| // Fix for https://github.com/astral-sh/uv/issues/5107. | ||
| // Interactive prompts via GUI like SSH_ASKPASS still work | ||
| cmd.env("GIT_TERMINAL_PROMPT", "0"); |
Member
There was a problem hiding this comment.
Technically, yeah. Though we don't read it, so it matters less. I can add it.
Collaborator
There was a problem hiding this comment.
Still good source for documentation purposes internally like we annotate with #[attr_hidden] the other git env vars https://github.com/astral-sh/uv/blob/main/crates/uv-static/src/env_vars.rs#L454
Member
There was a problem hiding this comment.
Oh thanks, I didn't notice we were hiding attrs.
loic-lescoat
pushed a commit
to loic-lescoat/uv
that referenced
this pull request
Mar 2, 2025
) ## Summary The animation shadows any interactive authentication prompt which may occur when resolving dependencies of private repos. Fixes astral-sh#5107. ## Test Plan I started creating `install_git_private_https_interactive` as a regression test but am unsure how to test this because it is interactive and I don't really know the test framework
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Mar 6, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.6.3` -> `0.6.4` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>astral-sh/uv (astral-sh/uv)</summary> ### [`v0.6.4`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#064) [Compare Source](astral-sh/uv@0.6.3...0.6.4) ##### Enhancements - Upgrade pypy3.10 to v7.3.19 ([#​11814](astral-sh/uv#11814)) - Allow configuring log verbosity from the CLI (i.e., `-vvv`) ([#​11758](astral-sh/uv#11758)) - Warn when duplicate index names found in single file ([#​11824](astral-sh/uv#11824)) ##### Bug fixes - Always store registry index on resolution packages ([#​11815](astral-sh/uv#11815)) - Avoid error on relative paths in `uv tool uninstall` ([#​11889](astral-sh/uv#11889)) - Avoid silently dropping errors in directory enumeration ([#​11890](astral-sh/uv#11890)) - Disable interactive git terminal prompts during fetches ([#​11744](astral-sh/uv#11744)) - Discover Windows registry (PEP 514) Python versions across 32/64-bit ([#​11801](astral-sh/uv#11801)) - Don't panic on Ctrl-C in confirm prompt ([#​11706](astral-sh/uv#11706)) - Fix non-directory in workspace on Windows ([#​11833](astral-sh/uv#11833)) - Make interpreter caching robust to OS upgrades ([#​11875](astral-sh/uv#11875)) - Respect `include-system-site-packages` in layered environments ([#​11873](astral-sh/uv#11873)) - Suggest `uv tool update-shell` in PowerShell ([#​11846](astral-sh/uv#11846)) - Update code page to `65001` before setting environment variables in virtual environments ([#​11831](astral-sh/uv#11831)) - Use hash instead of full wheel name in wheels bucket ([#​11738](astral-sh/uv#11738)) - Fix version string truncation while generating cache_key ([#​11830](astral-sh/uv#11830)) - Explicitly handle ctrl-c in confirmation prompt instead of using a signal handler ([#​11897](astral-sh/uv#11897)) ##### Performance - Avoid cloning to string when creating cache path ([#​11772](astral-sh/uv#11772)) - Avoid redundant clones in version containment check ([#​11767](astral-sh/uv#11767)) - Avoid string allocation when enumerating tool names ([#​11910](astral-sh/uv#11910)) - Avoid using owned `String` for package name constructors ([#​11768](astral-sh/uv#11768)) - Avoid using owned `String` in deserializers ([#​11764](astral-sh/uv#11764)) - Migrate to `zlib-rs` (again) ([#​11894](astral-sh/uv#11894)) - Remove unnecessary clones when adding package names ([#​11771](astral-sh/uv#11771)) - Skip unquote allocation for non-quoted strings ([#​11813](astral-sh/uv#11813)) - Use `SmallString` for filenames and URLs ([#​11765](astral-sh/uv#11765)) - Use a Boxed slice for version specifiers ([#​11766](astral-sh/uv#11766)) - Use matches over contains for extra value parsing ([#​11770](astral-sh/uv#11770)) ##### Documentation - Avoid fallback to PyPI in mixed CPU/CUDA example ([#​11115](astral-sh/uv#11115)) - Docs: Clarify that setting cache-keys overrides defaults ([#​11895](astral-sh/uv#11895)) - Document our MSRV policy ([#​11898](astral-sh/uv#11898)) - Fix reference to macOS cache path ([#​11845](astral-sh/uv#11845)) - Fix typo in `no_default_groups` documentation and changelog ([#​11928](astral-sh/uv#11928)) - Update the "Locking and syncing" page ([#​11647](astral-sh/uv#11647)) - Update alternative indexes documentation to use new interface ([#​10826](astral-sh/uv#10826)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xODUuMCIsInVwZGF0ZWRJblZlciI6IjM5LjE4NS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The animation shadows any interactive authentication prompt which may occur when resolving dependencies of private repos.
Fixes #5107.
Test Plan
I started creating
install_git_private_https_interactiveas a regression test but am unsure how to test this because it is interactive and I don't really know the test framework