Description
I am unable to download (via https) & install a package from a public repo on GitLab that is in a subgroup when using a shortcut package specifier. I'm using the pacote library directly to do the download and install, but I can reproduce the issue with the npm CLI as well.
To repro:
- First, ensure you have no SSH keys present (e.g. in $HOME/.ssh). Because pacote will try all available transport types, having SSH keys may mask the issue.
- Create a new directory and use
npm initto create a new package.json file. - In that newly created directory, run
npm install gitlab:adpt/starters/hello-node
Expected behavior:
The requested package installs into the node_modules directory without error.
Actual behavior:
I get the following error message:
npm ERR! Error while executing:
npm ERR! /usr/bin/git ls-remote -h -t ssh://git@gitlab.com/adpt/starters%2Fhello-node.git
npm ERR!
npm ERR! Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.
npm ERR!
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.
npm ERR!
npm ERR! exited with error code: 128
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2019-07-30T20_28_02_210Z-debug.log
Analysis & debugging:
Although the error that is shown is for accessing the repo via the ssh: protocol, that error is actually not surprising because there are specifically no SSH keys set up.
The real issue is that pacote first tried accessing the GitLab repo via the https: protocol, which should have succeeded, but did not. Unfortunately, the npm CLI and pacote don't make it easy to see this process happening.
By adding a console.log statement in the error case logic of function revs in pacote/lib/util/git.js (line 164 in my current version):
console.log(err.message)
You can see that pacote first tried https, then ssh:
Error while executing:
/usr/bin/git ls-remote -h -t https://gitlab.com/adpt/starters%2Fhello-node.git
fatal: https://gitlab.com/adpt/starters%2Fhello-node.git/info/refs not valid: is this a git repository?
exited with error code: 128
Error while executing:
/usr/bin/git ls-remote -h -t ssh://git@gitlab.com/adpt/starters%2Fhello-node.git
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
exited with error code: 128
If I run the following git command manually on the command line, I get the same error that pacote did:
/usr/bin/git ls-remote -h -t https://gitlab.com/adpt/starters%2Fhello-node.git
fatal: https://gitlab.com/adpt/starters%2Fhello-node.git/info/refs not valid: is this a git repository?
However, if I change the URL-encoded slash character (%2F) back to an actual slash (/), the command completes successfully:
/usr/bin/git ls-remote -h -t https://gitlab.com/adpt/starters/hello-node.git
323e15dc83860abe2ae634c7f866df2e91cc4531 refs/heads/master
Conclusion & Suggested Solution:
GitLab does not appear to support URL-encoded slashes as separators for subgroups when accessing via https.
So I suggest that the https template that hosted-git-info provides for GitLab should not URL encode those slashes as it is currently.
I'll send a PR later for feedback on that approach.