[buildgear-devel] Source downloading failed from private github repo
martin.lund at keep-it-simple.com
Wed Aug 6 14:07:09 MDT 2014
Hi Qing Jin,
On 2014-08-06 12:58, Qing Jin wrote:
> I am using buildgear to build the source from github private repo. But
> the building failed with downloading this error:
> Downloading sources.. (1 files)
> Downloading 'https://github.com/xxxxxx/archive/xxxxxxx.tar.gz'
> Error 404 (HTTP response code said error)
> The source link in buildfile is given like this:
> source=https://github.com/(private <https://github.com/%28private>
> The tarball file is made automatically when doing release for this
> repo and is available for downloading in github.
> Does buildgear support source downloading from github private repo?
Download of private github archive tarballs, no.
Download of public github archive tarballs, yes.
Regarding the 404 error you see:
"Typically, we send a |404| error when your client isn’t properly
authenticated. You might expect to see a |403 Forbidden| in these cases.
However, since we don’t want to provide /any/ information about private
repositories, the API returns a |404| error instead."
Basically, adding support for downloading private github archive
tarballs would require the buildgear download manager to mimic the login
steps that your browser performs to do github authentication. That would
demand special and non-trivial github handling in the download manager.
This is not a very good idea because we want to keep the download
manager as generic as possible and only support well known download
If you need to download sources from a secure location I would strongly
recommend setting up a sftp server to host your release tarballs
instead. This way you can even have your users reuse their github SSH keys.
sftp:// using SSH keys is well tested with buildgear.
That being said, github does leave another alternative - that is
downloading private archive tarballs using OAuth2 Token via
api.github.com (see https://developer.github.com/v3/#authentication).
In this case you can access your archive by regular https in combination
with a OAuth2 token:
Unfortunately, the URI above results in a poorly named download file
(file will be named <tag version>?access_token=<token>) which you would
have to manually extract in the build() function - it's not pretty but
it is possible.
Regardless, I would recommend going with sftp:// - it's more elegant
than using github OAuth2 tokens and more secure, especially if your are
distributing company protected tarballs.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the buildgear-devel