Skip to main content

Crate git_lfs_creds

Crate git_lfs_creds 

Source
Expand description

Credential helper bridge for Git LFS (git credential fill/approve/reject).

LFS endpoints are usually HTTPS, and HTTPS auth needs a username and password. Rather than maintaining a separate credential store, this crate defers to git’s existing one: whatever the user has already configured for their git remote (osxkeychain, libsecret, manager, store, plain cache, …) is what LFS uses too.

The Helper trait represents one credential source. A HelperChain tries multiple sources in order, broadcasting Helper::approve / Helper::reject to every helper so caches stay in sync. The bundled implementations are:

  • CachingHelper: in-process cache keyed on the Query tuple (protocol, host, path).
  • GitCredentialHelper: shells out to git credential fill/approve/reject, picking up whatever helper the user has configured.
  • AskpassHelper: spawns the GIT_ASKPASS / core.askpass / SSH_ASKPASS program for interactive prompts.
  • NetrcCredentialHelper: parses ~/.netrc (or _netrc on Windows) for host-keyed login/password pairs.

SSH remotes follow a different flow. SshAuthClient runs git-lfs-authenticate <path> <operation> over SSH and parses an SshAuth response containing a replacement HTTPS endpoint plus short-lived authorization headers; no username/password is asked of the user. Results are cached per request key with the server-supplied expiry honored.

Structs§

AskpassHelper
Spawns program per call with a single prompt argument and reads the username or password from stdout.
CachingHelper
Process-local credential cache, keyed on the full Query tuple.
Credentials
A username/password pair returned by a credential helper.
GitCredentialHelper
Shells out to the git binary’s credential subsystem.
HelperChain
Try each helper in order on fill, broadcast approve / reject.
NetrcCredentialHelper
Netrc-backed credential helper.
Query
The fields git credential expects on stdin, and that Helper implementations key on.
SshAuth
Parsed git-lfs-authenticate response with absolute expiry resolved.
SshAuthClient
Spawns ssh user@host git-lfs-authenticate <path> <operation> and caches the result. Cloneable (cache is Arc-backed via Mutex).

Enums§

HelperError
Things that can go wrong while invoking a credential helper.
SshAuthError
Things that can go wrong while resolving SSH-based credentials.
SshOperation
git-lfs-authenticate <path> <operation> operation argument.

Traits§

Helper
Resolve credentials for a given query, and report success/failure back so the helper can persist or invalidate its state.