#878599 git: [PATCH] Ship git-credential-libsecret

Package:
git
Source:
git
Description:
fast, scalable, distributed revision control system
Submitter:
Date:
2025-11-22 23:19:02 UTC
Severity:
wishlist
Tags:
#878599#5
Date:
2017-10-14 22:09:16 UTC
From:
To:
Dear Maintainer,

The git package doesn't currently ship with support for any kind of a
secret storage for credentials. The attached patch fixes it, by
shipping git-credential-libsecret from contrib/.

#878599#10
Date:
2019-12-16 04:54:25 UTC
From:
To:
I would love to see git-credential-libsecret packaged.

This patch would ship git-credential-libsecret in the git package, which
would add libsecret and its dependencies to the dependencies of git.
Since many people use the git package on servers, that might not be
welcome. (I personally wouldn't object, as those dependencies seem quite
small.)

It might also make sense to generate a separate git-credential-libsecret
binary package containing this binary.

Either way, I'd love to see this packaged.

#878599#15
Date:
2019-12-16 23:17:28 UTC
From:
To:
Hi,

Josh Triplett wrote:

It seems you forgot to attach the patch.
package any other libsecret-related helpers.  Or even
"git-secretservice" or "git-gnome".

Thanks for your work on this.

Excited,
Jonathan

#878599#24
Date:
2019-12-17 01:23:15 UTC
From:
To:
Josh Triplett wrote:
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=878599;filename=0001-Ship-git-credential-libsecret.patch.gz;msg=5

That said, I'd still welcome a git-libsecret (or git-secretservice)
package, just like you're hinting.  Patches welcome.

Sincerely,
Jonathan

#878599#29
Date:
2019-12-17 02:23:44 UTC
From:
To:
I was responding to the previous patch provided in the bug, and discussing the alternate approach of a second package.
#878599#34
Date:
2019-12-17 05:56:01 UTC
From:
To:
Adjusted patch attached. It's untested and I'm not that familiar with
building Debian packages, so approach with care. I hope someone will
take it to completion from here.

#878599#39
Date:
2022-10-07 12:12:03 UTC
From:
To:
Hello,

this thread seems to be stale, but I'd still like to have the libsecret
credential helper present in Debian repository.

I tested the submitted patch and did some adjustments so that the
package actually builds. I did it against 2.20 because I was not able to
find git branch for current stable 2.30.2, but when I tried on the
downloaded 2.30.2 sources, the patch applied with one minimal change.

I will be happy to modify to the last stable if you point me to it.
(The debian-stable branch points to 2.20).

I also tested the resulting 2.30 package on my Bullseye machine and it
installs and works fine (it's just not listed in `git help -a`, but I'm
not sure that it should be).

Can we ressurect the discussion and progress with this topic?

Best regards,
Vit Kabele

#878599#44
Date:
2023-03-21 06:40:23 UTC
From:
To:
The difficulty of installing git-credential-libsecret on Debian and
Ubuntu was recently discussed on the Git mailing list
https://lore.kernel.org/git/Y2rdw7RD8mGTF40w@tapette.crustytoothpaste.net/

Any chance to take another look at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878599#39 ?

Other distros name the package git-credential-libsecret matching the binary name
https://pkgs.org/search/?q=git-credential-libsecret . This is easiest
for users. If Debian chooses a different package name, it would be
helpful to specify `Provides: git-credential-libsecret`
https://www.debian.org/doc/debian-policy/ch-relationships.html#virtual-packages-provides

#878599#49
Date:
2023-05-02 08:00:00 UTC
From:
To:
Hi. If it's helpful, I rebased the patch on the debian-sid branch. I
tested the patch by building and installing and using the helper
and it worked. I'll try to keep the patch up to date at
https://github.com/hickford/git/commits/git-credential-libsecret

package git-credential-libsecret

This is a useful credential helper

New package named 'git-credential-libsecret' for consistency with
application name and package name in other distributions
https://pkgs.org/search/?q=git-credential-libsecret

Co-authored-by: Ville Skyttä <ville.skytta@iki.fi>
Co-authored-by: Vit Kabele <vit.kabele@sysgo.com>
---
debian/control | 19 +++++++++++++++++++
debian/git-credential-libsecret.install | 1 +
debian/rules | 5 +++++
3 files changed, 25 insertions(+)
create mode 100644 debian/git-credential-libsecret.install

diff --git a/debian/control b/debian/control
index 0a68bb4447..4fad66b250 100644
--- a/debian/control
+++ b/debian/control
@@ -6,6 +6,7 @@ Uploaders: Anders Kaseorg <andersk@mit.edu>
Build-Depends: libz-dev, gettext,
libpcre2-dev | libpcre3-dev,
libcurl4-gnutls-dev, libexpat1-dev,
+ libsecret-1-dev,
subversion, libsvn-perl, libyaml-perl,
tcl, python3,
libhttp-date-perl | libtime-parsedate-perl,
@@ -33,6 +34,7 @@ Pre-Depends: ${misc:Pre-Depends}
Recommends: ca-certificates, patch, less, ssh-client
Suggests: gettext-base, git-daemon-run | git-daemon-sysvinit,
git-doc, git-email, git-gui, gitk, gitweb,
+ git-credential-libsecret,
git-cvs, git-mediawiki, git-svn
Breaks: bash-completion (<< 1:1.90-1),
dgit (<< 5.1~),
@@ -296,11 +298,28 @@ Description: fast, scalable, distributed
revision control system (web interface)
If libcgi-fast-perl is installed, gitweb can also be run over FastCGI
(and served by nginx, for example).
+Package: git-credential-libsecret
+Architecture: all
+Multi-Arch: foreign
+Depends: ${misc:Depends}, git (>> ${source:Upstream-Version}), git
(<< ${source:Upstream-Version}-.)
+Description: fast, scalable, distributed revision control system
(libsecret credential helper)
+ Git is popular version control system designed to handle very large
+ projects with speed and efficiency; it is used for many high profile
+ open source projects, most notably the Linux kernel.
+ .
+ Git falls in the category of distributed source code management tools.
+ Every Git working directory is a full-fledged repository with full
+ revision tracking capabilities, not dependent on network access or a
+ central server.
+ .
+ This package provides a helper for storing credentials using libsecret.
+
Package: git-all
Architecture: all
Multi-Arch: foreign
Depends: ${misc:Depends}, git (>> ${source:Upstream-Version}), git (<<
${source:Upstream-Version}-.),
git-doc, git-cvs, git-mediawiki, git-svn,
+ git-credential-libsecret,
git-email, git-gui, gitk, gitweb
Suggests: git-daemon-run | git-daemon-sysvinit
Description: fast, scalable, distributed revision control system (all
subpackages)
diff --git a/debian/git-credential-libsecret.install
b/debian/git-credential-libsecret.install
new file mode 100644
index 0000000000..d61ca822bc
--- /dev/null
+++ b/debian/git-credential-libsecret.install
@@ -0,0 +1 @@
+debian/tmp/usr/lib/git-core/git-credential-libsecret* usr/lib/git-core
diff --git a/debian/rules b/debian/rules
index 8e388be72b..3b9b1fda3a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -65,6 +65,7 @@ build-stamp:
override_dh_auto_build-arch: build-stamp
$(MAKE) -C contrib/subtree all $(OPTS)
ln -s contrib/subtree/git-subtree
+ $(MAKE) -C contrib/credential/libsecret all $(OPTS)
override_dh_auto_test-arch:
test -z '$(TEST)' || \
@@ -92,6 +93,7 @@ override_dh_auto_clean:
$(MAKE) -C contrib/subtree clean $(OPTS)
$(MAKE) clean $(OPTS)
rm -f git-subtree
+ $(MAKE) -C contrib/credential/libsecret clean $(OPTS)
override_dh_clean:
dh_clean -Xmailinfo.c.orig
@@ -100,6 +102,9 @@ override_dh_auto_install-arch:
# git
DESTDIR='$(GIT)' $(MAKE) install $(OPTS)
DESTDIR='$(GIT)' $(MAKE) -C contrib/subtree install $(OPTS)
+ install -d -m0755 '$(TMP)'/usr/lib/git-core/
+ install -m0755 contrib/credential/libsecret/git-credential-libsecret \
+ '$(TMP)'/usr/lib/git-core/
install -d -m0755 '$(GIT)'/var/lib/git
rm -rf '$(GIT)'/usr/share/man
# don't include arch, cvs, p4, svn, email, gui tools, and gitk program
--
2.39.2

#878599#54
Date:
2023-06-19 07:00:00 UTC
From:
To:
Hi Jonathan, hi Anders. Please could you take a look at this patch [1] to
package
git-credential-libsecret in Debian? This is user-friendly more secure
alternative to saving Git credentials in plaintext.

#878599#59
Date:
2024-04-01 18:59:19 UTC
From:
To:
Thanks to people who have helped out with refining the patch. Anything
I could do to help nudge this forward?

#878599#64
Date:
2025-01-07 21:36:40 UTC
From:
To:
Hi. I rebased the patch again for easy application
https://github.com/hickford/git/commits/git-credential-libsecret

#878599#69
Date:
2025-03-18 23:04:48 UTC
From:
To:
Hi. I see that the project is active again [1]. I rebased the patch
(attached) on the debian-sid branch. You can also look at the HEAD
commit at  https://github.com/hickford/git/commits/git-credential-libsecret

[1] https://repo.or.cz/git/debian.git/shortlog/refs/heads/debian-sid
---

package git-credential-libsecret

This is a useful Git credential helper.

New package named 'git-credential-libsecret' for consistency with
application name and package name in other distributions
https://pkgs.org/search/?q=git-credential-libsecret

#878599#76
Date:
2025-09-07 16:42:10 UTC
From:
To:
Hi Jonathan,

Please could you take another look at the attached patch to package
Git credential helper git-credential-libsecret? You seemed interested
in 2019 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946879#10 .
Feedback welcome.

This bug has been open since 2017 -- it would be great to fix.

I rebased the patch on the debian-sid branch at
https://repo.or.cz/git/debian.git/shortlog/refs/heads/debian-sid .

The patch is also available at
https://github.com/hickford/git/commits/git-credential-libsecret/ HEAD
commit

Kind regards
-M
---
debian: package git-credential-libsecret

Package is named 'git-credential-libsecret' for consistency with
application name and package name in other distributions
https://pkgs.org/search/?q=git-credential-libsecret

Tested package build, install and application:

    dpkg-buildpackage --no-sign
    sudo apt install ~/git-credential-libsecret_2.51.0-1_all.deb
    cd t && GIT_TEST_INSTALLED=/usr/bin
GIT_TEST_CREDENTIAL_HELPER=libsecret make t0303-credential-external.sh

Co-authored-by: Ville Skyttä <ville.skytta@iki.fi>
Co-authored-by: Vit Kabele <vit.kabele@sysgo.com>
Co-authored-by: M Hickford <mirth.hickford@gmail.com>
Tested-by: Vit Kabele <vit.kabele@sysgo.com>
Tested-by: M Hickford <mirth.hickford@gmail.com>

#878599#81
Date:
2025-09-09 20:28:05 UTC
From:
To:
Hi,

I'm wondering why the changes in debian/rules can't be more consistent with subtree.

- L69
  A link to the directory contrib/credential/libsecret is created
  ln -s contrib/credential/libsecret
  Instead, a link to the built binary is consistent with git-subtree
  ln -s contrib/credential/libsecret/contrib/git-credential-libsecret
- L94 can then be
  rm -f git-subtree git-credential-libsecret
- L103-105 can then be
  DESTDIR='$(GIT)' $(MAKE) -C contrib/credential/libsecret install $(OPTS)

Would be great to see this bug fixed. :)

Thanks

#878599#86
Date:
2025-09-12 07:00:00 UTC
From:
To:
Thanks for the feedback. I've applied the first two suggestions. The
third suggestion turns out not to be possible because
contrib/credential/libsecret/Makefile lacks an install target.

#878599#97
Date:
2025-11-22 23:15:52 UTC
From:
To:
helpers that also provide an install target.  So the three extra lines in
debian/rules could be replaced now.

However, I would prefer git-credential-libsecret as a new package name as
well, not just because other distros have chosen this name, but it would
also be aligned with Debian's packages git-credential-azure and
git-credential-oauth.

And there are still some fixes needed for this patch:
- Build-Depends is missing pkgconf and libglib2.0-dev.  It might have
   worked for you without these dependencies if pkgconf was already
   installed on your system, and libglib2.0-dev being also a dependency
   of libsecret-1-dev is installed anyway.  Yet it is usually better to
   avoid those side-effects.
- Architecture of the new package git-credential-libsecret cannot be
   'all', it must be 'any' because the credential helper is a compiled
   executable and, thus, architecture dependent.
- Please do not hardcode library dependencies such as libsecret-1-0.
   Always use the variable ${shlibs:Depends} and let dh_shlibdeps do its
   magic to calculate the dependencies, e.g.,
   'libc6 (>= 2.34), libglib2.0-0 (>= 2.28.0), libsecret-1-0 (>= 0.18)'.
- I think it makes sense to also add:
   'Suggests: gnome-keyring, libkf5wallet-bin, keepassxc'.
- In debian/rules in the command line
   'ln -s contrib/credential/libsecret/contrib/git-credential-libsecret',
   the second occurence of 'contrib' is wrong and needs to be eliminated,
   the path to the executable is just 'contrib/credential/libsecret'.
- As it is only one executable to be copied, the asterisk in the line in
   git-credential-libsecret.install makes no sense at all.

For your convenience, please find the updated patch attached to this
e-mail along with the resulting binary package
git-credential-libsecret_2.51.0-1_amd64.deb.

Best regards,

Thomas Uhle