#Cloning a git repository with SSH is failing

I'm trying to follow this cookbook recipe to clone a private GitHub repository using an SSH key already available on my host.
https://docs.dagger.io/cookbook#clone-a-remote-git-repository-into-a-container-by-branch-tag-or-commit

I'm able to clone the repository from a terminal with git clone ... without issue.

However, when I replace the git repository URL in that cookbook example and try to run it I get the following error.

Error: failed to load cache key: NotFound: rpc error: code = NotFound desc = socket default not found: {"response":{"data":null,"errors":[{"message":"failed to load   
che key: NotFound: rpc error: code = NotFound desc = socket default not found","path":["container","from","withDirectory","terminal"]}],"status":200,"headers":{}},"r  
uest":{"query":"\n      { container  { from (address: \"alpine:latest\") { withDirectory (path: \"/src\",directory: \"ChV4eGgzOmIwODkyZDUwYjkwOWIyZDgSZQoVeHhoMzpiMDg  
mQ1MGI5MDliMmQ4EkwKFXh4aDM6ZDg2NTNkYTVhZWRmZGM3MRINCglEaXJlY3RvcnkYARoEdHJlZUoVeHhoMzpiMDg5MmQ1MGI5MDliMmQ4Ugd2MC4xNi4xEm0KFXh4aDM6ZDg2NTNkYTVhZWRmZGM3MRJUChV4eGgzOm  
NzRiN2M1M2RjYjQwZmISCgoGR2l0UmVmGAEaBmJyYW5jaCIQCgRuYW1lEgg6Bm1hc3RlckoVeHhoMzpkODY1M2RhNWFlZGZkYzcxEn4KFXh4aDM6ZjQ3NGI3YzUzZGNiNDBmYhJlEhEKDUdpdFJlcG9zaXRvcnkYARoDZ  
0IisKA3VybBIkOiJnaXRAZ2l0aHViLmNvbTpnaWZmZ2FmZi9jaGFydHMuZ2l0ShV4eGgzOmY0NzRiN2M1M2RjYjQwZmJSB3YwLjE2LjE=\") { terminal  { withWorkdir (path: \"/src\") { withExec (a  
s: [\"ls\",\"-lah\",\".\"]) { stdout  }}}}}} }\n    "}}                                                                                                                
Error: failed to load cache key: NotFound: rpc error: code = NotFound desc = socket default not found                                                                  
! process "tsx --no-deprecation --tsconfig /src/tsconfig.json /src/src/__dagger.entrypoint.ts" did not complete successfully: exit code: 1

https://github.com/dagger/dagger/issues/9723

@tidal basin do you have your SSH agent and your private key imported? sometimes git clone falls back to other strategies to fetch the credentials which is not the ssh agent

if you run ssh -T git@github.com does that work for you?

there's a similar thread here: #1297939394598015009 message

I am also running into this !? any resolution for this ?

Oki this is I think a documentation issue ...

@open phoenix where you able to figoure out what was failing in your case?

happy to improve our docs about this. cc @abstract wing

https://github.com/dagger/dagger/issues/9723#issuecomment-2690903129

I add comment on the BUG-report ... wasn't clear to my how ssh-add works / affects this ...

gotcha, I know why that worked in your case

actually using ssh -T to test is not really accurate

as the ssh CLI looks for the private key in your .ssh folder to use them

yeah, that might be missleading yes ...

unfortunaluy this still fails though ?

func (m *Base) PublishImageFromGit(ctx context.Context) (string, error) {
repo := dag.Git(gitRepo)

var source *dagger.Directory
source = repo.Tag("4.5.1").Tree()
//source = repo.Tag("4.5.1").Tree().Directory("tooling")

// Print the directory structure for debugging
entries, err := source.Entries(ctx)
if err != nil {
    return "", err
}

fmt.Println(entries) // This should show all folders, including "tooling"

return m.PublishImage(ctx, source)

}

! failed to load cache key: NotFound: rpc error: code = NotFound desc = socket default not found

have you checked that SSH_AUTH_SOCK is correctly set?

from where you're calling your dagger pipeline

and also ssh-add -l should list your corresponding private keys there

$ ssh-add /home/ubuntu/.ssh/manfred.nilsson@synkzone.com
Identity added: /home/ubuntu/.ssh/manfred.nilsson@synkzone.com (manfred.nilsson@synkzone.com)

$ ssh-add -l
256 SHA256:mT8Wvv7HvOwUKpSVxC4Z0XONXoS1S17WLkGSTw3jE/0 manfred.nilsson@synkzone.com (ED25519)

is it because its ED25519 and not RS ?

RSA *

probloy not then .. any good guide to what is correct ?

It should be set automatically by your SSH_AGENT

If you echo that variable it doesn't exist in your env?

$ eval "$(ssh-agent -s)" && ssh-add $HOME/.ssh/manfred.nilsson@synkzone.com && echo $SSH_AUTH_SOCK && ssh-add -l && dagger call publish-image-from-git
Agent pid 50082
Identity added: /home/ubuntu/.ssh/manfred.nilsson@synkzone.com (manfred.nilsson@synkzone.com)
/tmp/ssh-SWHDfD61U6Yu/agent.50081
256 SHA256:mT8Wvv7HvOwUKpSVxC4Z0XONXoS1S17WLkGSTw3jE/0 manfred.nilsson@synkzone.com (ED25519)
✔ connect 0.2s
✔ load module 0.6s
✔ parsing command line arguments 0.0s

✔ base: Base! 0.0s
✘ .publishImageFromGit: String! 0.3s
! failed to load cache key: NotFound: rpc error: code = NotFound desc = socket default not found
│ ✔ git(url: "git@git.synkzone.dev:Tooling/Base.git"): GitRepository! 0.0s
│ ✔ .branch(name: "master"): GitRef! 0.0s
│ ○ .tree: Directory! 0.1s
│ ✘ .entries: [String!]! 0.0s
│ ! failed to load cache key: NotFound: rpc error: code = NotFound desc = socket default not found

Setup tracing at https://dagger.cloud/traces/setup. To hide set DAGGER_NO_NAG=1

So how do I resolve this ? Any chance some one can point me in the right direction to debbug this ?

I am using Gitea, and it would real nice to be able to clone, pull, push , tag and commit

in a resonable easy way

this works ... but isa cludge

return dag.Container().
    //From("cgr.dev/chainguard/wolfi-base:latest").
    From("alpine:latest").
    WithExec([]string{"apk", "add", "git", "openssh-client", "ca-certificates", "bash"}).
    WithWorkdir("/src").
    WithUnixSocket(sockPath, sshAuthSock).
    WithEnvVariable("SSH_AUTH_SOCK", sockPath).
    WithEnvVariable("GIT_SSH_COMMAND", "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no").
    WithExec([]string{"sh", "-c", "git clone " + gitRepo + " && ls -la ./Base"}).Stdout(ctx)

yes, I agree the dag.Git should work though. Not sure if this is a known issue cc @high anchor @quiet beacon ?

I'm running a quick test

hey, taking a look 👀

So, this proves that the socket is indeed working -- making a repro rn with the repro you gave on the issue 🙏

It seems like a regression -- trying to check when ; I am very surprised if it's not a regression. I can indeed repro, thanks for the issue

oh. yeah would be nice if it gets fixed ... I found this in Dagger verser also ... might want to look into stealing the test (with Gitea ) as I think it might be popular option for local git repos ... I would do it my self but I am not yet good enough to manage I am afraid

https://github.com/seungyeop-lee/daggerverse/tree/d582cc3d753317c638198c0a425b6bfb6d352793/private-git

Hey, it's not a regression but a security feature on our end: we prevent a module from accessing host sockets without users explicit consent.

We have isolated the root cause, coming up with a better error message / a repro and an alternative for you (directly on the issue)

was this security feature recent Guillaume? IDK why but I had the impression that this worked before when you implemented the private git support 🙏

I was very surprised too at first, that's why it took a bit of time to isolate, but it's an edge case of the security-by-design pattern of Dagger. Writing everything in the issue to not lose it 😇 (75% finished)

It's not recent though, you'll understand why in the comment -- i was confused too at first

Answered: https://github.com/dagger/dagger/issues/9723#issuecomment-2691796721 cc @open phoenix

Oh right, makes sense. Thx for the refresher Guillaume 🙏

We should document this better. cc @abstract wing

Still not having much luck getting Dagger to git clone a repository over SSH.
https://github.com/dagger/dagger/issues/9723#issuecomment-2697495840

@tidal basin I see you're online. Have a sec to check this out?

Very weird, I am online too if needed

My guess, could you remove all your SSH keys on your agent ssh-add -D, then just add your key

Does it work for you @open phoenix ?

It's working now, but I had to recreate my SSH agent and re-add the key. Maybe the existing SSH auth sock managed by the Dev Container can't be used by Dagger.

ok, that's good to know 🙏

having said that, I should work with the DevContainers ssh socket though 🤔

sry, yes I did get it to work .. but I am still passing in the key/file and doing a git clone inside ... since I want to do more with it ... IDK if it is the right way to do it or not .. I am only getting started with dagger ... what I am trying to do is run same local && ci .. including doing release .. so i would like to use SVN / SVU to generate the tags based on history and then also add tag etc etc ... shouldn't be anything strange I think ? how are other doing it ?