I’m setting up the i3 spin and prefer to use netrc for my git credential helper. For those who don’t know it’s a perl script that encrypts and decrypts your git credentials so you don’t have to log in every time you want to update a private repo. It uses the perl module Getopt::long. I’ve verified that it is installed and available when I use sudo but without I get permission denied. I need to use it without sudo since the sudo environment doesn’t have the rest of my git settings. I’ve verified file permissions to the script and perl module so I’m guessing it’s some sort of SeLnux issue. Being new to SeLinux I have no idea where to find the cause or what to do next. Help?
Try perl -V, at the end of the output, after @INC, will be a list of directories automatically included for libraries. My list includes /usr/share/perl5/vendor_perl, and find /usr -name Long.pm shows /usr/share/perl5/vendor_perl/Getopt/Long.pm.
You said you verified permissions to the module, so without sudo you did an ls -l /root/share/perl5/Getopt/Long.pm and it is world readable, correct?
I’m curious as to where the /root/share/… path came from, but I am clueless about the i3 spin.
You said that is readable, but IMHO and experience anything under /root should never be world readable. That would explain why your regular user cannot read it.
Also, nothing should ever be installed under /root so that path is certainly suspect.
How did you install netrc? It seems that it may have been installed incorrectly if something was put in the /root directory tree.
I would strongly suggest using an SSH key to connect with git instead of storing your HTTP credentials this way. If you need encryption/decryption with git repos, git-crypt is in the Fedora repos, but I would suggest using something like Hashicorp Vault instead for managing and consuming credentials in runtime.
Indeed it’s looking for the module in the wrong place. Didn’t notice that. The script doesn’t specify a path just “use Getopt::Long;” Perhaps there’s some kind of perl environment variable I need to set.
Can’t test because you did not link the repo used so cannot be sure I am using the same package and cannot look at the code to see what it does nor how it gets installed.
Please link that ‘github’ or ‘gitlab’ site so I can test what you are doing.
Wow, blast from the past with that one. Seriously, though, using SSH instead is better convenience and security. The RedHat article I linked was an attempt to be Git Vendor agnostic, but really the steps are: create an ssh key (ssh-keygen) and upload the public key (ie, .pub file created from the previous command) to the git provider (or add it to ~/.ssh/authorized_keys of the git repo user if doing it the old school way.)
yeah ssh would be better, but it would also take a lot of time to migrate. Lots of repos in lots of places. As it is it’s only broken on one machine, and that happens to be fedora. I’ll keep messing with it until I either give up on Fedora or bite the bullet and switch to ssh or just fix the dang thing.
There is, but you don’t need any of those as long as you install perl and the perl modules from the Fedora repository. As far as I remember, you also don’t need to set any environment variable if you install modules from CPAN,
Also see /usr/libexec/git-core/git-credential-netrc . So if you have git installed you already have the file on your system. And it is installed in a place where git will search for it.
