github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-11 17:46:29 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

git lfs (only lfs) auth issue #9219

New Issue
Open
opened 2025-11-02 08:32:29 -06:00 by GiteaMirror · 1 comment
GiteaMirror commented 2025-11-02 08:32:29 -06:00
Owner
Copy Link

Originally created by @jajcayn on GitHub (Jul 12, 2022).

Description

Hey, so this is a bit tricky. I'll try to be brief and structured

Intro

We have a private repo on GitHub. We also push/pull large files, so we need support for git-lfs, however, we do not want to have these big files on GitHub. My idea was to run gitea on our mini-server, just for large files.

Setup

We are running gitea in a docker stack (see below for a full docker-compose.yml). I also set SSH Container Passthrough, although I have the feeling that was not necessary. As a test, I created a simple repository, and tried to push/pull from my machine, and it works.
The next step was to set up a lfs repo. I created an empty repository only for lfs files. I also created .lfsconfig in our "main" repo hosted on GitHub. I also set up all the necessary stuff with git lfs install git lfs track *h5 etc etc.

Contents of .lfsconfig

[lfs]
	url = http://XXX.XXX.XXX.XXXX:3000/nikola/<repo name>.git/info/lfs

What works

So when I try to push or pull lfs file, everything works out of the box. To be honest, I have no idea why, because:

  • I added my public ssh key to gitea, but I can see it was actually never used
  • when I first push some lfs file, gitea never asked me for any credentials (.lfsconfig is setup using http)
  • it just worked, without any proper authentication

I thought it was weird but why not. I was happy it works, the large files are actually stored on our server and in main repo on GitHub there is only a hash.

When my colleague was trying to set this up, at first I wasn't sure how, but in the end it worked:

  • she created an account on our gitea
  • she added her ssh public key (but again, never used)
  • I added her as a collaborator on our lfs repo (admin privileges)
  • it works for her, but again, no password was ever asked

What doesn't and I have no idea why

Now the bad news. I have just created a virtual machine for testing purposes. I cloned main repo from GitHub there, tried to do the same trick with lfs, i.e.:

  • I created an account for this testing machine on our gitea and added its ssh public key (again, never used)
  • I added this new user as a collaborator to our lfs repo (again, admin privileges)

This doesn't work. I added logs using GIT_TRACE=1 GIT_TRANSFER_TRACE=1 GIT_CURL_VERBOSE=1 git lfs fetch as a gist (see below). It just hangs. When I ping our server that hosts gitea it can see it fine. The setup is the same as with me and my colleague.

Any pointers would be perfect because now I am afraid that if anyone new would join our team, I won't be able to setup a lfs repo for them, since to be honest - I have no idea WHY it works when it never asked for a password, it apparently doesn't use ssh keys and for first two users it works, for third (the testing machine) it does not.

Thanks!

Gitea Version

1.16.8

Can you reproduce the bug on the Gitea demo site?

No
(never tried)

Log Gist

https://gist.github.com/jajcayn/46a297ef9f862970f2d12e478d79a40b

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

docker-compose as per https://docs.gitea.io/en-us/install-with-docker/

version: "3"

networks:
  gitea:
    external: false

services:
  server:
    image: gitea/gitea:1.16.8
    container_name: gitea
    environment:
      - USER_UID=114
      - USER_GID=118
      - GITEA__database__DB_TYPE=mysql
      - GITEA__database__HOST=db:3306
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=XXXXXXXXXXXXXX
    restart: always
    networks:
      - gitea
    volumes:
      - /mnt/dockers/gitea_for_lfs/gitea:/data
      - /home/git/.ssh/:/data/git/.ssh
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "222:22"
    depends_on:
      - db
  db:
    image: mysql:8
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=XXXXXXXXXXXXX
      - MYSQL_USER=gitea
      - MYSQL_PASSWORD=XXXXXXXXXXXXXXXXX
      - MYSQL_DATABASE=gitea
    networks:
      - gitea
    volumes:
      - /mnt/dockers/gitea_for_lfs/mysql:/var/lib/mysql

Database

MySQL

Originally created by @jajcayn on GitHub (Jul 12, 2022). ### Description Hey, so this is a bit tricky. I'll try to be brief and structured ## Intro We have a private repo on GitHub. We also push/pull large files, so we need support for git-lfs, however, we do not want to have these big files on GitHub. My idea was to run `gitea` on our mini-server, just for large files. ## Setup We are running `gitea` in a docker stack (see below for a full docker-compose.yml). I also set SSH Container Passthrough, although I have the feeling that was not necessary. As a test, I created a simple repository, and tried to push/pull from my machine, and it works. The next step was to set up a lfs repo. I created an empty repository only for lfs files. I also created `.lfsconfig` in our "main" repo hosted on GitHub. I also set up all the necessary stuff with `git lfs install` `git lfs track *h5` etc etc. Contents of .lfsconfig ```bash [lfs] url = http://XXX.XXX.XXX.XXXX:3000/nikola/<repo name>.git/info/lfs ``` ## What works So when I try to push or pull lfs file, everything works out of the box. To be honest, I have no idea why, because: - I added my public ssh key to `gitea`, but I can see it was actually never used - when I first push some lfs file, `gitea` never asked me for any credentials (.lfsconfig is setup using http) - it just worked, without any proper authentication I thought it was weird but why not. I was happy it works, the large files are actually stored on our server and in main repo on GitHub there is only a hash. When my colleague was trying to set this up, at first I wasn't sure how, but in the end it worked: - she created an account on our `gitea` - she added her ssh public key (but again, never used) - I added her as a collaborator on our lfs repo (admin privileges) - it works for her, but again, no password was ever asked ## What doesn't and I have no idea why Now the bad news. I have just created a virtual machine for testing purposes. I cloned main repo from GitHub there, tried to do the same trick with lfs, i.e.: - I created an account for this testing machine on our `gitea` and added its ssh public key (again, never used) - I added this new user as a collaborator to our lfs repo (again, admin privileges) This doesn't work. I added logs using `GIT_TRACE=1 GIT_TRANSFER_TRACE=1 GIT_CURL_VERBOSE=1 git lfs fetch` as a gist (see below). It just hangs. When I ping our server that hosts `gitea` it can see it fine. The setup is the same as with me and my colleague. Any pointers would be perfect because now I am afraid that if anyone new would join our team, I won't be able to setup a lfs repo for them, since to be honest - I have no idea WHY it works when it never asked for a password, it apparently doesn't use ssh keys and for first two users it works, for third (the testing machine) it does not. Thanks! ### Gitea Version 1.16.8 ### Can you reproduce the bug on the Gitea demo site? No (never tried) ### Log Gist https://gist.github.com/jajcayn/46a297ef9f862970f2d12e478d79a40b ### Screenshots _No response_ ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? docker-compose as per https://docs.gitea.io/en-us/install-with-docker/ ```docker version: "3" networks: gitea: external: false services: server: image: gitea/gitea:1.16.8 container_name: gitea environment: - USER_UID=114 - USER_GID=118 - GITEA__database__DB_TYPE=mysql - GITEA__database__HOST=db:3306 - GITEA__database__NAME=gitea - GITEA__database__USER=gitea - GITEA__database__PASSWD=XXXXXXXXXXXXXX restart: always networks: - gitea volumes: - /mnt/dockers/gitea_for_lfs/gitea:/data - /home/git/.ssh/:/data/git/.ssh - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "3000:3000" - "222:22" depends_on: - db db: image: mysql:8 restart: always environment: - MYSQL_ROOT_PASSWORD=XXXXXXXXXXXXX - MYSQL_USER=gitea - MYSQL_PASSWORD=XXXXXXXXXXXXXXXXX - MYSQL_DATABASE=gitea networks: - gitea volumes: - /mnt/dockers/gitea_for_lfs/mysql:/var/lib/mysql ``` ### Database MySQL
GiteaMirror added the type/bugtopic/lfs labels 2025-11-02 08:32:29 -06:00
GiteaMirror commented 2025-11-02 08:32:30 -06:00
Author
Owner
Copy Link

@Danstiv commented on GitHub (Jan 27, 2025):

Hello @jajcayn!
Have you solved this problem?

@Danstiv commented on GitHub (Jan 27, 2025): Hello @jajcayn! Have you solved this problem?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label topic/lfs type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#9219
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?