Using private repository on self Hosted gitlab instance #135
Comments
|
@Ducatel You don't need to specify access token in the project. Authentication is performed by the debugger when it fetches the source file from the server. That said, GitLab currently doesn't support the protocol the VS debugger uses to authenticate to git repositories. See issues BTW, you shouldn't need to specify |
|
OK so, if I understand well, there is no solution yet ? There is a workarround ? And issues doesn't speak about 2FA (2FA is mandatory on my gitlab instance ). Ps: I deleted |
|
@chuckries To comment on any workarounds and 2FA.
Yes, that is correct. |
|
@Ducatel Currently GitLab does not support the Source Link authentication mechanisms that are used by the Visual Studio Debugger. If this issue that @tmat mentioned is ever resolved, it will handle 2FA and the debugger will be able to use it. The only workaround I know of for GitLab is running your own on premises Source Link proxy service. You would embed proxy URL's in the Source Link rather than the raw GitLab URLs. The proxy would need to be able to authenticate to GitLab using GitLab's OAuth mechanisms (which the debugger does not support). The proxy would then forward the Source Link request to GitLab with the appropriate authentication and return the result back to Visual Studio. This workaround is not ideal but today it is the only way to make Source Link work for private GitLab repos. |
|
Hum, sound no good for me :D Can I check in the source if it's possible to path the read token for the Gitlab link with a small trick (adding a configuration like |
|
You mean include the access token to the URL stored in the SourceLink? |
|
Yes in URL param like explained in gitlab doc This solution seem's to not require lot of dev ;) |
|
That seems like a bad idea. You'd be leaking your token to whomever has access to the PDB. |
|
In addition to the security hole, PAT's expire. The Source Link with embedded PAT would only work for so long before it would fail. |
|
In my case there are no security hole. In short, this is just a workaround not perfect (otherwise it not a workaround but a solution :D ) which can allow people to continue working and debugging. |
|
If you want to do this for your own project you can write a target that runs before target |
|
ok, I don't really know how do what you say. 😄 |
|
While I don't condone this, the following snippet should do the trick. Add it to the .csproj or a Directory.Build.targets. <Target Name="AppendSourceLinkPersonalAccessToken"
BeforeTargets="GenerateSourceLinkFile"
DependsOnTargets="$(SourceLinkUrlInitializerTargets)">
<PropertyGroup>
<GitLabPAT Condition="'$(GitLabPAT)'==''">deadbeefdeadbeef</GitLabPAT>
</PropertyGroup>
<ItemGroup>
<SourceRoot>
<SourceLinkUrl>%(SourceLinkUrl)?private_token=$(GitLabPAT)</SourceLinkUrl>
</SourceRoot>
</ItemGroup>
</Target> |
|
Yes with your code the pdb contain the private token. |
|
This issue should be open? @tmat What would be needed to support the GitLab authentication flow? |
|
Super unsafe solution: Reverse proxy in front of gitlab which just adds a private gitlab admin token to the URL if the user agent is "SourceLink" and the url contains "/raw/" shame on me Probably best solution: Implement HTTP Basic auth in GitLab (see https://gitlab.com/gitlab-org/gitlab-ce/issues/36654 ) or do the same in a reverse proxy by acquiring a session cookie first and then accessing the /raw/ content with the session cookie set. |
|
Hi, I recently had the a similar usecase with a C++-Project. I'm currently migrating from subversion to GitLab and I want to Debug Dumps from an execution if they crash in the field. Getting the correct pdb-files is done manually, this can be done with a symbol-server later. Never the less, if I'm debugging an exception, I want to have the correct source file from GitLab. I Used the CMake scripts to generate a source-link.json file. I Simply rewrote the url to point to the /raw/ URL of Gitlab. Everything works so far, except the authentification. Sourcelink would allways download the login-page as my final .cpp file. My solution so far is, to generate an session cookie for Gitlab in Visual Studio 2019. This can be done by logging in to gitlab via the internal web browser: This is maybe not the perfect solution, but in my usecase, it's still simpler than implementing some reverse proxy via localhost or anything desribed above. And, if Visual studio implements the missing feature, the "old" releases will still work, but without the manual login. A Final small remark. If the credentials where wrong it is possible that the wrong file is cached, therefore check the |
@mhofmann85 thank you for the idea! works for me |
|
Thanks alot @mhofmann85 you saved my day! It's hacky but less intrusive than other workarounds here! |
|
@chuckries I think your snippet does not work any more: according to this issue it was a mistake in the first place to allow access to raw files this way. Your idea could maybe still work but would involve a rather convoluted reconstruction of the URL in order to translate it into a GitLab API format: should become I must admit my MSBuild skills are not that high that I'd try to do this... |
|
Even that would not work, because |
|
You can use this small app to rewrite Gitlab URLs to make sourcelink work: |
|
@mhofmann85's trick of using |
|
It doesn't work in 2016, either. Other than hosting your own local GitLab instance you can allow to be public within another security layer, the only way to do it, right now, is as @juangburgos suggested. I wrote GitlabProxy to handle this under IIS and it works flawlessly for me. Maybe it can help someone else. |
|
@sthames42 2016? I've managed to have the browser trick work again in VS2022 by basically recreating the Browser window in an extension... |
|
@odalet Could you please share/publish the extension? It would be of a great help! |
|
@mikhail-barg I had no time to test it, but if i search in the Extension Manager, i find a WebBrowser Extension for VS2022. Maybe you can try that one. |
|
@mikhail-barg , @mhofmann85 The extension you found is indeed the one I quickly crafted this WE; but I was too quick in replying it solves the issue: IT DOES NOT SOLVE THE ISSUE 😭 However, I managed to find another workaround: Unless you are using Windows 11, you should still have the old Internet Explorer browser installed on your system. Execute it (Windows+R then iexplore.exe) and log into your GitLab instance from it (do not mind the rendering: although crappy, the page works). Do not forget to check the "Remember me" box. Once you are authenticated against GitLab in IE, downloading source files via SourceLink in VS2022 should work again...
Hope this helps! |
|
@tmat Thanks for the detailed info on the workaround! I will try it as soon as I face the issue again. |
Hi,
I'm currently migrating my process from gitlink because now I need to use portable PDB.
So I have my own gitlab instance and all of my repos need authorization for reading it.
In my csproj in tried to add:
But there is a way to pass a gitlab read access token ?
Thanks in advance for your help
The text was updated successfully, but these errors were encountered: