Private repo and cargo

hello all. hope my question isnt being repeated many time.

I'm attempting to refer to a rust library in gitlab through git as a private repo. as far as i guess, gitlab publishing deploy token should actually work for git clone as a plain url.

(an example is: mylib = { git = "https://gitlab+deploy-token-123456:s0mepa33w0rd@gitlab.com/some_group/some_project"} )

it works well using git clone but not as cargo dependencies with git. Is there anything critical i have missed?

the message is as below

    Updating git repository `https://gitlab+deploy-token-123456:s0mepa33w0rd@gitlab.com/some_group/some_project`
error: failed to get `some_project` as a dependency of package `app v0.1.0 (/home/app)`

Caused by:
  failed to load source for dependency `some_project`

Caused by:
  Unable to update https://gitlab+deploy-token-123456:s0mepa33w0rd@gitlab.com/some_group/some_project

Caused by:
  failed to clone into: /usr/local/cargo/git/db/some_project-24f6264e39ed1a73

Caused by:
  process didn't exit successfully: `git fetch --force --update-head-ok 'https://gitlab+deploy-token-123456:s0mepa33w0rd@gitlab.com/some_group/some_project' 'refs/heads/master:refs/remotes/origin/master'` (exit code: 128)
  --- stderr
  remote: HTTP Basic: Access denied
  fatal: Authentication failed for 'https://gitlab+deploy-token-123456:s0mepa33w0rd@gitlab.com/some_group/some_project/'

I'm using docker image with Dockerfile as below:

FROM rust:latest AS build

RUN apt-get update && \
    apt-get install musl-tools -y && \
    rustup target add x86_64-unknown-linux-musl && \
    mkdir /home/app

WORKDIR /home/app

COPY ./cargo/config /usr/local/cargo/config

COPY Cargo.toml Cargo.toml

RUN mkdir src/ && \
    echo "fn main() {println!(\"if you see this, the build broke\")}" > src/main.rs && \
    RUSTFLAGS=-Clinker=musl-gcc cargo build --release --target=x86_64-unknown-linux-musl && \
    rm -f /home/app/target/x86_64-unknown-linux-musl/release/deps/app*

the build fail at cargo build.

Try to tweak your Dockerfile so that only that command is run. If it fails too, then it is not (directly) Cargo's fault. If it works, then we can look into solving that.

Also, the documentation mentions the following:

1 Like

yes i changed the username to be without any symbol (so username:password) but turn out its the same. actually im giving the part of dockerfile since i believe it can make the environment reproducible from image rust:latest. saw from some other network resource i will need $CARGO_HOME/config contains

[net]
git-fetch-with-cli = true

on the other hand, i tried to direct git clone in the container and it actually works. so only cargo build returns error message here...

When I have private dependencies and want to include them in a docker image I'll add them as git submodules then tell docker to copy the contents of my vendor/ directory into the image.

So I use mylib = { path = "../vendor/mylib" } in Cargo.toml instead of messing about with deploy tokens.

I'm not sure how you are injecting the deploy token (environment variables, written directly to Cargo.toml and committed to git, etc.), but it may not be a good idea to have it inside your container. It's possible to extract the original instructions that went into building your image so I imagine that could be a security issue.

2 Likes