Git Sync Fails with SSH Agent Socket Configuration #647
Description
When attempting to enable Git synchronization in XPipe 17.4, if the "Git SSH identity" is set to "OpenSSH agent" and the "SSH agent socket" is explicitly configured in the XPipe settings, the synchronization fails with a Permission denied (publickey) error. This occurs even when a valid SSH agent is running and accessible at the specified socket path.
The issue seems to be that XPipe's internal Git operations do not correctly utilize the "SSH agent socket" setting to set the SSH_AUTH_SOCK environment variable for the Git process it invokes. Instead, it appears to rely on the SSH_AUTH_SOCK environment variable being set externally in the shell environment where XPipe is launched.
Steps to Reproduce
- Perform a fresh installation of XPipe 17.4.
- Open XPipe settings.
- Navigate to the Git synchronization section.
- Enable Git synchronization.
- Set "Git remote URL" to a valid SSH Git repository URL (e.g.,
[email protected]:<username>/xpipe-sync.git). - Set "Git SSH identity" to "OpenSSH agent".
- Set "SSH agent socket" to the correct path of your SSH agent socket (e.g.,
/home/<username>/.bitwarden-ssh-agent.sock). - Ensure that the
SSH_AUTH_SOCKenvironment variable is not set in your shell environment (e.g., by unsetting it or launching XPipe from a shell where it's not defined). - Attempt to trigger a Git synchronization.
Expected Behavior
XPipe should successfully connect to the Git remote repository using the SSH agent specified by the "SSH agent socket" setting, without requiring the SSH_AUTH_SOCK environment variable to be set externally.
Actual Behavior
The synchronization fails with the following error:
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Unable to fetch from remote repository [email protected]:<username>/xpipe-sync.git
Please make sure that:
- You have the correct repository URL
- Your repository URL matches the rules regarding a .git suffix (Some remotes require a .git suffix, some require it to be omitted, others do not care)
- Your configured git user has the necessary access right via credentials or a token
- You have internet connectivity
- Your SSH identity setting is correct and functional
If "Public key identifier" is then set to the actual public key string (e.g., ssh-ed25519 AAAA[...]), a different error related to file permissions occurs:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/tmp/key-902650826.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/tmp/key-902650826.pub": bad permissions
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Unable to fetch from remote repository [email protected]:<username>/xpipe-sync.git
Please make sure that:
- You have the correct repository URL
- Your repository URL matches the rules regarding a .git suffix (Some remotes require a .git suffix, some require it to be omitted, others do not care)
- Your configured git user has the necessary access right via credentials or a token
- You have internet connectivity
- Your SSH identity setting is correct and functional
Workaround
Setting the SSH_AUTH_SOCK environment variable externally in the shell where XPipe is launched resolves the issue. For example, by adding export SSH_AUTH_SOCK=/home/<username>/.bitwarden-ssh-agent.sock to .bashrc (even if using a different shell like fish), and then restarting XPipe, Git synchronization works correctly.
Environment
- XPipe Version: 17.4
- Operating System: Linux (specific distribution not provided, but likely a common desktop Linux distribution)
- Shell: fish (user's primary shell)
- SSH Agent: Bitwarden SSH Agent (via
/home/<username>/.bitwarden-ssh-agent.sock) - Git Remote: GitHub
Additional Information
The expectation is that the "SSH agent socket" setting in XPipe should be sufficient for XPipe to configure the SSH_AUTH_SOCK environment variable for the Git processes it spawns, similar to how other applications might manage environment variables for child processes. Relying on an externally set SSH_AUTH_SOCK defeats the purpose of having this configuration option within XPipe itself, especially for users who might not set this variable globally or use different shell configurations.