rhythmic-battery-45198
09/24/2022, 1:40 AMrhythmic-battery-45198
09/24/2022, 1:40 AMSSH_AUTH_SOCK
to subprocess-environment.env_vars
. I was able to git clone
and pip install
using ssh authentication. But, pants was failing to authenticate. After running commands in the sandbox manually to reproduce, I noticed that removing the --lock
argument to one of the pex commands fixed the issue. So, I checked if there was anything interesting in the lockfile and found
"artifacts": [
{
"algorithm": "sha256",
"hash": "429f5dd381fb70e5e899ff8dcaf9f1cef1a16e03034466d86d711dd06adaaa5d",
"url": "git+ssh://****@github.com:/<my-company>/<my-repo>.git@<my-sha>"
}
],
The url has literal ****
instead of git
for the username. I had noticed this in the logs but thought that it was sensitive data being filtered from the logs. My dependency is
<my-package>@ <git+ssh://git@github.com>:/<my-company>/<my-repo>.git@<my-sha>
happy-kitchen-89482
09/24/2022, 3:17 AMhappy-kitchen-89482
09/24/2022, 3:17 AMhappy-kitchen-89482
09/24/2022, 4:46 AMhappy-kitchen-89482
09/24/2022, 4:50 AMhappy-kitchen-89482
09/24/2022, 4:59 AMhappy-kitchen-89482
09/24/2022, 5:01 AM$ python -m pex.cli lock create "ansicolors@ <git+ssh://git@github.com/jonathaneunice/colors.git@c965f5b9103c5bd32a1572adb8024ebe83278fb0>" | jq -r .locked_resolves[0].locked_requirements[0].artifacts[0].url
git+ssh://****@github.com/jonathaneunice/colors.git@c965f5b9103c5bd32a1572adb8024ebe83278fb0
happy-kitchen-89482
09/24/2022, 5:02 AMrhythmic-battery-45198
09/24/2022, 3:36 PMhappy-kitchen-89482
09/24/2022, 3:43 PMrhythmic-battery-45198
09/24/2022, 3:48 PMenough-analyst-54434
09/30/2022, 6:51 PM