Unable to 'git clone' AWS CodeCommit repository

flexion

Active member
Sep 23, 2020
196
137
43
Switzerland
I'm using AWS CodeCommit (git) to store all my code and I tried to clone a repo on IRIX by using 'git clone' (Ver 2.22.0 from the SGUG-RSE installation), but git always reports a 403 error. Credentials are 100% correct, same procedure is working fine on a linux box.

What could be wrong here?


log output when performing git clone: (GIT_CURL_VERBOSE=1)

Cloning into 'ch.flexion.000000'...
* Connected to git-codecommit.eu-central-1.amazonaws.com (52.94.204.165) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /usr/sgug/etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-SHA
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=git-codecommit.eu-central-1.amazonaws.com
* start date: Aug 17 00:00:00 2020 GMT
* expire date: Jul 26 12:00:00 2021 GMT
* subjectAltName: host "git-codecommit.eu-central-1.amazonaws.com" matched cert's "git-codecommit.eu-central-1.amazonaws.com"
* issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
* SSL certificate verify ok.
> GET /v1/repos/ch.flexion.000000/info/refs?service=git-upload-pack HTTP/1.1

Host: git-codecommit.eu-central-1.amazonaws.com
User-Agent: git/2.22.0
Accept: */*
Accept-Encoding: deflate, gzip
Pragma: no-cache

< HTTP/1.1 401
< x-amzn-RequestId: 5eb6cfd4-000000000000-fc34a7861cb6
< WWW-Authenticate: Basic realm=""
< Content-Type: text/xml
< Content-Length: 95
< Date: Sat, 15 May 2021 04:59:07 GMT
<
* Connection #0 to host git-codecommit.eu-central-1.amazonaws.com left intact

Username for 'https://git-codecommit.eu-central-1.amazonaws.com':
Password for 'https://0000000000000@git-codecommit.eu-central-1.amazonaws.com':


* Couldn't find host git-codecommit.eu-central-1.amazonaws.com in the .netrc file; using defaults
* Connection 0 seems to be dead!
* Closing connection 0
* Hostname git-codecommit.eu-central-1.amazonaws.com was found in DNS cache
* Trying 52.94.204.165...
* TCP_NODELAY set
* Connected to git-codecommit.eu-central-1.amazonaws.com (52.94.204.165) port 443 (#1)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /usr/sgug/etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL re-using session ID
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-SHA
* ALPN, server did not agree to a protocol
* old SSL session ID is stale, removing
* Server certificate:
* subject: CN=git-codecommit.eu-central-1.amazonaws.com
* start date: Aug 17 00:00:00 2020 GMT
* expire date: Jul 26 12:00:00 2021 GMT
* subjectAltName: host "git-codecommit.eu-central-1.amazonaws.com" matched cert's "git-codecommit.eu-central-1.amazonaws.com"
* issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
* SSL certificate verify ok.
* Server auth using Basic with user '000000000000'
> GET /v1/repos/ch.flexion.0000000000/info/refs?service=git-upload-pack HTTP/1.1
Host: git-codecommit.eu-central-1.amazonaws.com
Authorization: Basic 0000000000000000000000000000K2xXQUs=
User-Agent: git/2.22.0
Accept: */*
Accept-Encoding: deflate, gzip
Pragma: no-cache

< HTTP/1.1 403
< x-amzn-RequestId: dd1e96c8-00000000000-69477ae21869
< Content-Type: text/xml
< Content-Length: 138
< Date: Sat, 15 May 2021 04:59:26 GMT
<
* Connection #1 to host git-codecommit.eu-central-1.amazonaws.com left intact
fatal: unable to access 'https://git-codecommit.eu-central-1.amazonaws.com/v1/repos/ch.flexion.0000000/': The requested URL returned error: 403
 

Elf

Storybook / Retired, ex-staff
Feb 4, 2019
792
252
63
Mountain West (US)
That's an odd one; how do the headers, and in particular the Authorization header, differ between this and the Linux one that works? You might want to decode the Authorization header if it differs.
 
  • Like
Reactions: flexion

flexion

Active member
Sep 23, 2020
196
137
43
Switzerland
good idea, thanks! I've decoded and compared the Authorization headers, and it turns out on the SGI machine the pwd part is cut off after exactly 32 characters! :eek:
Credentials are generated by AWS IAM, so there is no way to change the password to a shorter one... :unsure:
 
  • Like
Reactions: Elf

flexion

Active member
Sep 23, 2020
196
137
43
Switzerland
Added username and password to the clone URL instead of being asked, and encoded the password with encodeURIComponent() due to special chars.
now it's working! (y)
 

Elf

Storybook / Retired, ex-staff
Feb 4, 2019
792
252
63
Mountain West (US)
Interesting! Might be worth notifying the RSE people of the bug and/or finding the 32 character buffer and submitting a PR to fix that :)
 

About us

  • Silicon Graphics User Group (SGUG) is a community for users, developers, and admirers of Silicon Graphics (SGI) products. We aim to be a friendly hobbyist community for discussing all aspects of SGIs, including use, software development, the IRIX Operating System, and troubleshooting, as well as facilitating hardware exchange.

User Menu