Using CAC/PIV cards with git - is it worth upstreaming the git and curl patches?
378 views
Skip to first unread message
Wheeler, David A
Oct 8, 2015, 10:41:00 AM10/8/15
to mil...@googlegroups.com
All:
There are various instructions for using CAC/PIV cards with git, such as:
https://rite.sd.spawar.navy.mil/confluence/display/RITE/Using+git+with+CAC
and there's even a script:
https://github.com/bpstahlman/cac-enabled-git-setup
However, they depend on patching the source for git and curl, and then recompiling them. That isn't really a good long-term approach. I'd like to try to get those patches (or something like them) pushed upstream... but only if that'd actually be useful.
So - would that be worth doing? Are there a number of people who are using *patched* git and curl to make them work with CAC and PIV cards? Please let me know!
--- David A. Wheeler
There are various instructions for using CAC/PIV cards with git, such as:
https://rite.sd.spawar.navy.mil/confluence/display/RITE/Using+git+with+CAC
and there's even a script:
https://github.com/bpstahlman/cac-enabled-git-setup
However, they depend on patching the source for git and curl, and then recompiling them. That isn't really a good long-term approach. I'd like to try to get those patches (or something like them) pushed upstream... but only if that'd actually be useful.
So - would that be worth doing? Are there a number of people who are using *patched* git and curl to make them work with CAC and PIV cards? Please let me know!
--- David A. Wheeler
Wheeler, David A
Oct 8, 2015, 10:43:30 AM10/8/15
to mil...@googlegroups.com
I said:
> Are there a number of people who are using *patched* git and curl to make them work with CAC and PIV cards?
Quick addition: If there *alternative* ways for using git + CAC/PIV cards that are recommended instead, I'd like to know that too.
> Are there a number of people who are using *patched* git and curl to make them work with CAC and PIV cards?
--- David A. Wheeler
Richard Bullington-McGuire
Oct 8, 2015, 11:55:08 AM10/8/15
to mil...@googlegroups.com
I can't really speak to whether anyone is using these, but getting support for PKCS#11 / CAC authentication into the mainstream curl and git sources would unblock a major impediment to adoption of this stack in any context where strong authentication is required.
I've been itchy to take a stab at fixing this for the last 6 years, but I don't have an active project or the sort of sponsorship that would make it worthwhile currently.
--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Richard Bullington-McGuire <richard.bulli...@gmail.com>
PGP key IDs: RSA: 0x93862305 DH/DSS: 0xDAC3028E
Jamie Jones
Oct 8, 2015, 2:06:10 PM10/8/15
to mil...@googlegroups.com
David,
You can use CAC/PIV based access as long as your git commands run over SSH instead of HTTPS, and we know that Smart Card (PKCS11/15) integration is strong in **almost ALL** major OS's for use with ssh (Windows and the putty cac extensions being the only gap). However, I do think modern git for windows is shipping with an modern openssh implementation that may make it moot as well.
Reply all
Reply to author
Forward
0 new messages