Using Git Client with CollabTools
Topics: Developer, CollabTools
Related: GitLab Runner, CollabTools API, Configuration and Teardown Scripts, Submission Service, Using Python with the ReST API, Jira Help Desk, OKR Board, CollabTools Email, Jira Issue Security, Add a New Account to CollabTools, CollabTools API

Prerequisites

Before trying to use a CAC or ECA with git, ensure you can first login successfully to GitLab or Bitbucket using a browser and the certificate you want to use with git.

Windows

Install Git

  1. Download Git for Windows
  2. Install using the default options

Setup Git

CAC

  1. Obtain your CAC Thumbprint. You can list certificates with the following powershell command:
Get-ChildItem -path cert:\CurrentUser\My
  1. Replace {{ CAC Thumbprint }} with the thumbprint of your CAC in the commands below.
  2. Run the following powershell commands:
git config --global http.'https://*.arcus.mil'.extraHeader "Cookie: consent=true; dashboard=yes"
git config --global http.'https://*.arcus.mil'.followRedirects true
git config --global http.'https://*.arcus.mil'.cookieFile $HOME\\git-cookie
git config --global http.'https://*.arcus.mil'.sslBackend schannel
git config --global http.'https://*.arcus.mil'.sslCert "CurrentUser\My\{{ CAC Thumbprint }}"

ECA

  1. Obtain your ECA Thumbprint. You can list certificates with the following powershell command:
Get-ChildItem -path cert:\CurrentUser\My
  1. Replace {{ ECA Thumbprint }} with the thumbprint of your ECA in the commands below.
  2. Run the following powershell commands:
git config --global http.'https://*.arcus.mil'.extraHeader "Cookie: consent=true; dashboard=yes"
git config --global http.'https://*.arcus.mil'.followRedirects true
git config --global http.'https://*.arcus.mil'.cookieFile $HOME\\git-cookie
git config --global http.'https://*.arcus.mil'.sslBackend schannel
git config --global http.'https://*.arcus.mil'.sslCert "CurrentUser\My\{{ ECA Thumbprint }}"

Linux

Install Git

Red Hat

yum install git

Ubuntu

apt install git

Setup Git

CAC

Run the following commands to configure git to use your CAC:

git config --global http.'https://*.arcus.mil'.extraHeader "Cookie: consent=true; dashboard=yes"
git config --global http.'https://*.arcus.mil'.followRedirects true
git config --global http.'https://*.arcus.mil'.cookieFile $HOME/git-cookie
git config --global http.'https://*.arcus.mil'.sslCert "pkcs11:manufacturer=piv_II;id=%01"
git config --global http.'https://*.arcus.mil'.sslKey "pkcs11:manufacturer=piv_II;id=%01"

ECA

  1. Obtain the full path to your ECA that is on your git client.
  2. Replace {{ path to pem file }} with the full path from step 1 in the commands below.
  3. Run the following commands to configure git to use your ECA:
git config --global http.'https://*.arcus.mil'.extraHeader "Cookie: consent=true; dashboard=yes"
git config --global http.'https://*.arcus.mil'.followRedirects true
git config --global http.'https://*.arcus.mil'.cookieFile $HOME/git-cookie
git config --global http.'https://*.arcus.mil'.sslCertPasswordProtected true
git config --global http.'https://*.arcus.mil'.sslCert "{{ path to pem file
git config --global http.'https://*.arcus.mil'.sslCertPasswordProtected true }}

MacOS

Prereqs

These instructions are tested using the native curl on MacOS. Verify you are using the native by running curl --version. The output should look similar to the following (pay close attention to the first line and ensure it is similar - close version numbers should be fine):

macosx:~ computer$ curl --version
curl 7.84.0 (x86_64-apple-darwin22.0) libcurl/7.84.0 (SecureTransport) LibreSSL/3.3.6 zlib/1.2.11 nghttp2/1.47.0
Release-Date: 2022-06-27
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS GSS-API HSTS HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz MultiSSL NTLM NTLM_WB SPNEGO SSL threadsafe UnixSockets

Install Git

brew install git

Setup Git

ECA

  1. Open Keychain Access and find your ECA. It will likely be in the “login” keychain under the “My Certificates” category.
  2. Copy down the name of your ECA. You will likely see two identical entries that is fine because name will be the same for both.
  3. Replace {{ ECA Name }} with the name of your ECA in the commands below.
  4. Run the following commands:
git config --global http.'https://*.arcus.mil'.extraHeader "Cookie: consent=true; dashboard=yes"
git config --global http.'https://*.arcus.mil'.followRedirects true
git config --global http.'https://*.arcus.mil'.cookieFile $HOME/git-cookie
git config --global http.'https://*.arcus.mil'.sslBackend secure-transport
git config --global http.'https://*.arcus.mil'.sslCert "{{ ECA Name }}"

CAC

Run the following commands to configure git to use your CAC:

sslCert="$(sc_auth identities | grep 'Certificate For PIV Authentication' | cut -d '-' -f 2- | awk '{$1=$1};1')"
git config --global http.'https://*.arcus.mil'.extraHeader "Cookie: consent=true; dashboard=yes"
git config --global http.'https://*.arcus.mil'.followRedirects true
git config --global http.'https://*.arcus.mil'.cookieFile $HOME/git-cookie
git config --global http.'https://*.arcus.mil'.sslBackend secure-transport
git config --global http.'https://*.arcus.mil'.sslCert "${sslCert}"

Clone a repository

Create an Access Token

Bitbucket

  1. Follow these directions to create an HTTP access token
  2. Note your Bitbucket username
  3. Note the value of the HTTP access token

HTTP Access Token

GitLab

  1. Follow these directions to create a personal access token
  2. Note the name of the personal access token
  3. Note the value of the personal access token

Personal Access Token

Clone

Once the setup is complete, you will now be able to interact with (push, pull, clone, etc.) your repo through your CollabTools. For example:

To clone a repository in Bitbucket, enter: git clone https://bitbucket.arcus.mil/scm/myproject/myproject.git

To clone a repository in GitLab, enter: git clone https://gitlab-premium.arcus.mil/myproject/myproject.git

First you will be prompted for your PKI PIN, then you will be asked for your name and access token. The name and access token will be cached across multiple transactions.

NOTES:

  1. If you are using a CAC, you will be prompted to enter your PIN (on all OS). If you are using an ECA, you will be prompted to enter your ECA password on Linux and your Keychain Access password on MacOS.
  2. If you have not logged in to the git server before, you will be prompted for the credenials you created when setting up the access token.