Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zsh is not allowed to call git-credential-keepassxc #83

Open
3 tasks done
tategotoazarasi opened this issue Jul 16, 2023 · 1 comment
Open
3 tasks done

zsh is not allowed to call git-credential-keepassxc #83

tategotoazarasi opened this issue Jul 16, 2023 · 1 comment

Comments

@tategotoazarasi
Copy link

Description

I'm encountering an issue with KeePassXC integration with git. Whenever I attempt to use git commands that require authentication, I receive the error "ERRO /usr/bin/zsh (uid=1000, gid=1000) is not allowed to call git-credential-keepassxc, Caused by: N/A". This issue occurs when I use command line git in zsh, but does not happen with GUI-based Git clients like GitHub Desktop and the built-in Git in Jetbrains products.

Environment

  • OS: Linux archlinux 6.4.3-zen1-1-zen Windows compatibility #1 ZEN SMP PREEMPT_DYNAMIC Tue, 11 Jul 2023 05:13:16 +0000 x86_64 GNU/Linux
  • keepassxc --version output: KeePassXC 2.7.5
  • git-credential-keepassxc --version output: git-credential-keepassxc 0.13.0 (strict-caller, notification, encryption, yubikey)

Checklist

  • I've read the README
  • I've read the Wiki
  • This is an issue regarding the project itself (instead of linking, packaging, anti-virus, etc.)

Configuration

I am using KeePassXC with git through zsh shell. I have set the git configuration to use 'keepassxc' as the credential helper.

Logs

Here is the error I get when I attempt to call git-credential-keepassxc:

> git-credential-keepassxc caller me
Jul 16 07:03:06.065 ERRO /usr/bin/zsh (uid=1000, gid=1000) is not allowed to call git-credential-keepassxc, Caused by: N/A
@tategotoazarasi tategotoazarasi changed the title zsh is not allowed to call git-credential-keepassxc, Caused by: N/A zsh is not allowed to call git-credential-keepassxc Jul 16, 2023
@TheLonelyGhost
Copy link

The git-credential-keepassxc caller me function does 3 things from the freshly-installed state:

  1. Initializes a config file on the filesystem which tracks what processes have been authorized to connect to the configured KeePassXC database
  2. Adds the current shell (according to the path to the executable) and user (uid and gid)
  3. Enforces strict-caller mode for subsequent usage of git-credential-keepassxc

If you change shells, users, or group identities it will deny you access. Working as designed, for better or worse. This leaves you with 2 options:

a. Find the shell already authorized and use it to authorize /usr/bin/zsh for your user
b. Reset the strict caller settings and re-connect git-credential-keepassxc to your KeePassXC database

For option a: git-credential-keepassxc caller add --uid 1000 --gid 1000 /usr/bin/zsh

For option b: there is a config file somewhere in one of the dot-files in your user's home directory that hints at being the git-credential-keepassxc config file. I don't recall the name or precise location of it, but if you find it, delete it. That will allow you to re-enable strict-caller from your new shell, if you desire.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TheLonelyGhost @tategotoazarasi