From: Bryan C. Mills <bcmills@google.com>
Date: Wed, 10 Mar 2021 04:27:48 +0000 (-0500)
Subject: cmd/go: suppress SSH password prompts when fetching modules or repos
X-Git-Tag: go1.17beta1~267
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=86e42c2fbf;p=gostls13.git

cmd/go: suppress SSH password prompts when fetching modules or repos

We were already setting GIT_SSH_COMMAND (if unset) to explicitly
include 'ControlMaster=no' in order to disable connection pooling.
Now we also set 'BatchMode=yes' to suppress password prompts for
password-protected keys.

While we're here, we also set GCM_INTERACTIVE=never to suppress
similar prompts from the Git Credential Manager for Windows.

Fixes #44904

Change-Id: Iebb050079ff7dd54d5b944c459ae212e9e6f2579
Reviewed-on: https://go-review.googlesource.com/c/go/+/300157
Trust: Bryan C. Mills <bcmills@google.com>
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jay Conrod <jayconrod@google.com>
---

diff --git a/doc/go1.17.html b/doc/go1.17.html
index 0521f9fd91..6aa9d5b876 100644
--- a/doc/go1.17.html
+++ b/doc/go1.17.html
@@ -138,6 +138,17 @@ Do not send CLs removing the interior tags from such phrases.
   module root when invoked within the <code>vendor</code> tree.
 </p>
 
+<h4 id="password-prompts">Password prompts</h4>
+
+<p><!-- golang.org/issue/44904 -->
+  The <code>go</code> command by default now suppresses SSH password prompts and
+  Git Credential Manager prompts when fetching Git repositories using SSH, as it
+  already did previously for other Git password prompts. Users authenticating to
+  private Git repos with password-protected SSH may configure
+  an <code>ssh-agent</code> to enable the <code>go</code> command to use
+  password-protected SSH keys.
+</p>
+
 <h2 id="runtime">Runtime</h2>
 
 <p>
diff --git a/src/cmd/go/internal/get/get.go b/src/cmd/go/internal/get/get.go
index 4c57ee3518..c28bce8cfc 100644
--- a/src/cmd/go/internal/get/get.go
+++ b/src/cmd/go/internal/get/get.go
@@ -126,7 +126,7 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) {
 		base.Fatalf("go get: -insecure flag is no longer supported; use GOINSECURE instead")
 	}
 
-	// Disable any prompting for passwords by Git.
+	// Disable any prompting for passwords by Git itself.
 	// Only has an effect for 2.3.0 or later, but avoiding
 	// the prompt in earlier versions is just too hard.
 	// If user has explicitly set GIT_TERMINAL_PROMPT=1, keep
@@ -136,7 +136,10 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) {
 		os.Setenv("GIT_TERMINAL_PROMPT", "0")
 	}
 
-	// Disable any ssh connection pooling by Git.
+	// Also disable prompting for passwords by the 'ssh' subprocess spawned by
+	// Git, because apparently GIT_TERMINAL_PROMPT isn't sufficient to do that.
+	// Adding '-o BatchMode=yes' should do the trick.
+	//
 	// If a Git subprocess forks a child into the background to cache a new connection,
 	// that child keeps stdout/stderr open. After the Git subprocess exits,
 	// os /exec expects to be able to read from the stdout/stderr pipe
@@ -150,7 +153,14 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) {
 	// assume they know what they are doing and don't step on it.
 	// But default to turning off ControlMaster.
 	if os.Getenv("GIT_SSH") == "" && os.Getenv("GIT_SSH_COMMAND") == "" {
-		os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no")
+		os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no -o BatchMode=yes")
+	}
+
+	// And one more source of Git prompts: the Git Credential Manager Core for Windows.
+	//
+	// See https://github.com/microsoft/Git-Credential-Manager-Core/blob/master/docs/environment.md#gcm_interactive.
+	if os.Getenv("GCM_INTERACTIVE") == "" {
+		os.Setenv("GCM_INTERACTIVE", "never")
 	}
 
 	// Phase 1. Download/update.
diff --git a/src/cmd/go/internal/modload/init.go b/src/cmd/go/internal/modload/init.go
index 88d647d9ea..99c0c2b981 100644
--- a/src/cmd/go/internal/modload/init.go
+++ b/src/cmd/go/internal/modload/init.go
@@ -163,7 +163,11 @@ func Init() {
 	// assume they know what they are doing and don't step on it.
 	// But default to turning off ControlMaster.
 	if os.Getenv("GIT_SSH") == "" && os.Getenv("GIT_SSH_COMMAND") == "" {
-		os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no")
+		os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no -o BatchMode=yes")
+	}
+
+	if os.Getenv("GCM_INTERACTIVE") == "" {
+		os.Setenv("GCM_INTERACTIVE", "never")
 	}
 
 	if modRoot != "" {