diff --git a/backend/src/services/git.rs b/backend/src/services/git.rs index dc00b78..9abe3bf 100644 --- a/backend/src/services/git.rs +++ b/backend/src/services/git.rs @@ -115,7 +115,16 @@ fn git_auth_config() -> GitAuthConfig { .ok() .map(PathBuf::from) .filter(|p| p.exists()); - let passphrase = std::env::var("IRONPAD_GIT_SSH_PASSPHRASE").ok(); + let passphrase = std::env::var("IRONPAD_GIT_SSH_PASSPHRASE") + .ok() + .and_then(|s| { + let trimmed = s.trim().to_string(); + if trimmed.is_empty() { + None + } else { + Some(trimmed) + } + }); GitAuthConfig { username, @@ -147,11 +156,28 @@ fn remote_callbacks() -> git2::RemoteCallbacks<'static> { let public_key: Option<&Path> = auth.public_key.as_deref(); let passphrase = auth.passphrase.as_deref(); - match git2::Cred::ssh_key(username, public_key, private_key, passphrase) { + // First try with configured public key path (if provided), + // then retry without public key file to avoid mismatch issues. + if let Some(pub_key_path) = public_key { + match git2::Cred::ssh_key(username, Some(pub_key_path), private_key, passphrase) { + Ok(cred) => return Ok(cred), + Err(e) => { + tracing::warn!( + "SSH key auth with explicit public key failed for user '{}', private '{}', public '{}': {}", + username, + private_key.display(), + pub_key_path.display(), + e + ); + } + } + } + + match git2::Cred::ssh_key(username, None, private_key, passphrase) { Ok(cred) => return Ok(cred), Err(e) => { tracing::warn!( - "SSH key auth from file failed for user '{}', key '{}': {}", + "SSH key auth from private key failed for user '{}', key '{}': {}", username, private_key.display(), e