Drone

Gitea 1.8.0 and Drone 1.1.0 unable to clone repository (2FA)

When setting up drone and gitea, my user cannot log in, the the following message:

Login Failed. Forbidden

Before pulling the latest gitea and drone docker images I was able to login.

Current versions:

  • Drone from docker drone/drone:1
  • Gitea from docker gitea/gitea:1 (799f5e0)
  • Reverse proxy: traefik

Gitea logs:
[Macaron] 2019-04-27 10:07:20: Started GET /api/v1/users/[:user]/tokens for 88.217.37.92
gitea_1 | [Macaron] 2019-04-27 10:07:20: Completed GET /api/v1/users/[:user]/tokens 403 Forbidden in 37.509493ms

(Where [:user] is my username)

Is this due to the way the api in Gitea works? api/v1/users/[:user]/tokens requires basic authentication in url?

Is there anything I would miss from configuration below?

Thanks a lot for your help!

My docker-compose.yml is as follows:

version: "3.7"

services:
  gitea:
    image: gitea/gitea:1
    restart: always
    volumes:
      - gitea:/data
    ports:
      - "222:22"
    networks:
      - traefik

  drone:
    image: drone/drone:1
    restart: always
    volumes:
      - drone:/data
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DRONE_GITEA_SERVER=https://${GITEA_SERVER_HOST}
      - DRONE_GIT_ALWAYS_AUTH=true
      - DRONE_RUNNER_CAPACITY=2
      - DRONE_SERVER_HOST=${DRONE_SERVER_HOST}
      - DRONE_SERVER_PROTO=https
      - DRONE_TLS_AUTOCERT=false
      - DRONE_AGENTS_ENABLED=false
    networks:
      - traefik

volumes:
  gitea:
  drone:

networks:
  traefik:
    external: true
    name: traefik

I omitted the labels for traefik configuration to make it more readable.

Update:

I made the login work creating an oauth2 application in Gitea and adding the following to the environment in the drone service:

- DRONE_GITEA_CLIENT_ID=__client_id__
- DRONE_GITEA_CLIENT_SECRET=__secret__

It seems for drone 1.1.0 (as stated in the changelog) the gitea now supports oauth2.

Now the next problem is cloning does not work:

1 Initialized empty Git repository in /drone/src/.git/
2	+ git fetch origin +refs/heads/master:
3	fatal: could not read Username for 'https://URL': No such device or address

Gitea logs the following:
Completed GET /user/repo.git/info/refs?service=git-upload-pack 401 Unauthorized

Where user is my username, and repo.git is the name of the repository.

Any advice how to continue? Thanks!

I recommend searching discourse for could not read Username or No such device or address. There are well documented solutions for this issue, starting with Gitea/Gogs - Git - No such device or address - Debugging

Thanks for your reply @bradrydzewski
I already checked all those links :slight_smile:
Also implemented the .drone.yml for debug, and finished without any issues. Curl works as expected.

Unfortunately I could not find the actual root cause (maybe I missed something on those posts?)

Another detail I found is given I have 2FA active in Gitea, I cannot pull the repo by username and password but I need the token.

What would be the right configuration?
Should I then configure
- DRONE_GIT_ALWAYS=true
- DRONE_GIT_USERNAME=x-oauth-token
- DRONE_GIT_PASSWORD=?

What would be the right password?

Thanks a lot for your help.

There are known issues (in Gitea) with 2FA and their new oauth2 implementation as it related to cloning a repository. I believe the Gitea folks are working to patch this in the 1.8.1 release, according to techknowlogick (Gitea maintainer). You might want to check in the Gitea discord channel to get more information.

2 Likes

Thanks! I just saw the conversation and the patch is already merge into master branch. (I believe this is the PR)

I hope this is released soon.

For anyone coming here from search, what @bradrydzewski said above is correct. There was a bug in Gitea that’ll be released in 1.8.1. The patch has been merged, and we are just waiting for a release which should be within the next week. Feel free to join us on Gitea discord if you need help in the interim.

Edit: Gitea v1.8.1 has been released

3 Likes