fedpkg

Clone

#574 Fork a package using anonymous auth
Closed: Fixed 18 days ago by onosek. Opened 5 months ago by mohicks.

Closed: Fixed
Reopen Issue

I've been trying to push some changes to a project fork so I can issue a PR. I'm doing it anonymously (with dist-git). I am not a package maintainer.

The instructions are to fedpkg clone -a, and then fedpkg fork. This resulted in me not being able to push to my fork. (or git remote update, for that matter). What I eventually figured out was to remove the ssh:// auth from .git/config and make the URL similar to my "origin" URL, which was cloned with "anonymous".

Should there be a way for fedpkg fork to specify anonymous fork? Should fedpkg fork always use anonymous auth if the main repository was cloned with -a/--anonymous?

Hi @mohicks.
Oh, can I see where the instructions you are talking about can be found? Regarding pull-requests I am aware of this:
https://docs.fedoraproject.org/en-US/ci/pull-requests/
Unfortunately, the fork functionality is allowed only after logging and requires permissions. It is specified in Pagure and fedpkg just uses Pagure's API for creating a fork.
I think the validity/usefulness of your suggestion should be considered elsewhere (higher Fedora instance) in my opinion.

On Wed, Jan 08, 2025 at 02:07:30AM +0000, Ondrej Nosek wrote:

onosek added a new comment to an issue you are following:
``
Hi @mohicks.
Oh, can I see where the instructions you are talking about can be found? Regarding pull-requests I am aware of this:
https://docs.fedoraproject.org/en-US/ci/pull-requests/
Unfortunately, the fork functionality is allowed only after logging and requires permissions. It is specified in Pagure and fedpkg just uses Pagure's API for creating a fork.
I think the validity/usefulness of your suggestion should be considered elsewhere (higher Fedora instance) in my opinion.

I'm not 100% sure what instructions I was following anymore. It may
have been:

https://docs.fedoraproject.org/en-US/package-maintainers/Pull_Request_Guide/#review

It does mention that these instructions are for those not in the
'packager' group.

mh

--
Martin Hicks | mort@bork.org
Bork Consulting Inc. | +1 (613) 266-2296

I gave it some time and it seems I probably didn't understand your issue. I originally thought that fedpkg fork was failing or was not available in the cloned anonymous repo.
I created a new FAS user, who is not a maintainer to test the scenario. And realized, that fedpkg fork works even for those who are not maintaners. Although the command is not mentioned in the instruction page you provided to me. It creates the fork, but there is a difference in 'remotes'. It creates remote for ssh protocol, not for https. And that is probably your issue. Right?

[root@22eb46f25b6d test233]# fedpkg clone -a fedpkg
Cloning into 'fedpkg'...
remote: Enumerating objects: 704, done.
remote: Counting objects: 100% (704/704), done.
remote: Compressing objects: 100% (697/697), done.
remote: Total 704 (delta 277), reused 77 (delta 2), pack-reused 0
Receiving objects: 100% (704/704), 210.02 KiB | 881.00 KiB/s, done.
Resolving deltas: 100% (277/277), done.
[root@22eb46f25b6d test233]# cd fedpkg
# create a dist-git token with `fedpkg set-distgit-token`; on the web page use ACL="Fork a project"
[root@22eb46f25b6d fedpkg]# fedpkg --user test233 fork
Fork of the repository has been created: 'https://src.fedoraproject.org/fork/test233/rpms/fedpkg'
Adding as remote 'test233'.
[root@22eb46f25b6d fedpkg]# git remote -v
origin  https://src.fedoraproject.org/rpms/fedpkg.git (fetch)
origin  https://src.fedoraproject.org/rpms/fedpkg.git (push)
test233 ssh://test233@pkgs.fedoraproject.org/forks/test233/rpms/fedpkg.git (fetch)
test233 ssh://test233@pkgs.fedoraproject.org/forks/test233/rpms/fedpkg.git (push)
[root@22eb46f25b6d fedpkg]# git remote add anonymous https://src.fedoraproject.org/forks/test233/rpms/fedpkg.git
[root@22eb46f25b6d fedpkg]# git remote -v
anonymous   https://src.fedoraproject.org/forks/test233/rpms/fedpkg.git (fetch)
anonymous   https://src.fedoraproject.org/forks/test233/rpms/fedpkg.git (push)
origin  https://src.fedoraproject.org/rpms/fedpkg.git (fetch)
origin  https://src.fedoraproject.org/rpms/fedpkg.git (push)
test233 ssh://test233@pkgs.fedoraproject.org/forks/test233/rpms/fedpkg.git (fetch)
test233 ssh://test233@pkgs.fedoraproject.org/forks/test233/rpms/fedpkg.git (push)
...
prepare the commit
...
[root@22eb46f25b6d fedpkg]# git push anonymous

I tested it inside of the docker container, so I couldn't finish the push operation (OIDC auth didn't work there), but I suppose it should be OK on the normal host.
With another remote added ('anonymous'; shown above), we can't use fedpkg push, but git push <remote>.

Adding the https remote instead of ssh remote would be potentially solvable in the code.
But this is the workaround.

Yes, that's the issue. If I clone anonymously, I expected the fork to also work with anonymous (http) credentials. Look at the URL I provided under the "Cloning the repository" heading:

fedpkg clone --anonymous some-package
cd some-package
fedpkg fork

Commit 7bbcf54 fixes this issue

Metadata Update from @onosek:
- Issue set to the milestone: 1.46
4 days ago

Log in to comment on this ticket.

Metadata
None
None
None
None
Related Pull Requests
  • #596 Merged 18 days ago
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.