Git send-email blocked by gmail security changes (and how to fix it)


Benjamin Esquivel
 

TL;DR Google App passwords are a workaround if your google password is not working in git send-email. 

Hi,

Not sure if this is the right list but I thought of sending it here as a starter. I was following Stephen Jolley’s email for the Project status where it has a section for ‘ways to contribute’ and a pointer to the newcomers wiki. There is a link on How to Submit a Patch[1]  which has an example on how to add a gmail account there. I followed it but in the end I was blocked by an error stating that my 'Username and Password not accepted’. Googled a proposed fix[2] to go to the gmail security settings and enable "Access for less secure apps” but the solution is outdated as my settings had a notice saying that it was removed some time ago.

But I found that you can use another security feature from google called app passwords[3]. And that means that it will give you one specific password for your app needs. I tested this in the git send-email line and it worked. I don’t know if others are doing this or if their previous settings remain ok if these were configured before the recent security resets that google has done.

Is anyone struggling with this?
Should we update the wiki to include this tip?

Regards,


Nicolas Dechesne
 



On Thu, Sep 22, 2022 at 5:20 AM Benjamin Esquivel <benjamin.esquivel@...> wrote:
TL;DR Google App passwords are a workaround if your google password is not working in git send-email. 

Hi,

Not sure if this is the right list but I thought of sending it here as a starter. I was following Stephen Jolley’s email for the Project status where it has a section for ‘ways to contribute’ and a pointer to the newcomers wiki. There is a link on How to Submit a Patch[1]  which has an example on how to add a gmail account there. I followed it but in the end I was blocked by an error stating that my 'Username and Password not accepted’. Googled a proposed fix[2] to go to the gmail security settings and enable "Access for less secure apps” but the solution is outdated as my settings had a notice saying that it was removed some time ago.

But I found that you can use another security feature from google called app passwords[3]. And that means that it will give you one specific password for your app needs. I tested this in the git send-email line and it worked. I don’t know if others are doing this or if their previous settings remain ok if these were configured before the recent security resets that google has done.

You did the right thing. This is also how I use gmail with git-send-email. 
 

Is anyone struggling with this?

I don't remember if they disabled it for all gmail users, or only for users who enable 2FA.. but using apps specific token is what we should recommend to everyone. 
 
Should we update the wiki to include this tip?

Yes, definitely. If you want to do it, please go ahead.  If you need help with that, let me know. 





Benjamin Esquivel
 



On Sep 21, 2022, at 11:07 PM, Nicolas Dechesne <nicolas.dechesne@...> wrote:



On Thu, Sep 22, 2022 at 5:20 AM Benjamin Esquivel <benjamin.esquivel@...> wrote:
TL;DR Google App passwords are a workaround if your google password is not working in git send-email. 

Hi,

Not sure if this is the right list but I thought of sending it here as a starter. I was following Stephen Jolley’s email for the Project status where it has a section for ‘ways to contribute’ and a pointer to the newcomers wiki. There is a link on How to Submit a Patch[1]  which has an example on how to add a gmail account there. I followed it but in the end I was blocked by an error stating that my 'Username and Password not accepted’. Googled a proposed fix[2] to go to the gmail security settings and enable "Access for less secure apps” but the solution is outdated as my settings had a notice saying that it was removed some time ago.

But I found that you can use another security feature from google called app passwords[3]. And that means that it will give you one specific password for your app needs. I tested this in the git send-email line and it worked. I don’t know if others are doing this or if their previous settings remain ok if these were configured before the recent security resets that google has done.

You did the right thing. This is also how I use gmail with git-send-email. 
 

Is anyone struggling with this?

I don't remember if they disabled it for all gmail users, or only for users who enable 2FA.. but using apps specific token is what we should recommend to everyone. 
 
Should we update the wiki to include this tip?

Yes, definitely. If you want to do it, please go ahead.  If you need help with that, let me know. 
I have just requested an account to the wiki and I’ll update that section once I get it :)


Martin Jansa
 

On Thu, Sep 22, 2022 at 6:51 PM Benjamin Esquivel <benjamin.esquivel@...> wrote:


On Sep 21, 2022, at 11:07 PM, Nicolas Dechesne <nicolas.dechesne@...> wrote:



On Thu, Sep 22, 2022 at 5:20 AM Benjamin Esquivel <benjamin.esquivel@...> wrote:
TL;DR Google App passwords are a workaround if your google password is not working in git send-email. 

Hi,

Not sure if this is the right list but I thought of sending it here as a starter. I was following Stephen Jolley’s email for the Project status where it has a section for ‘ways to contribute’ and a pointer to the newcomers wiki. There is a link on How to Submit a Patch[1]  which has an example on how to add a gmail account there. I followed it but in the end I was blocked by an error stating that my 'Username and Password not accepted’. Googled a proposed fix[2] to go to the gmail security settings and enable "Access for less secure apps” but the solution is outdated as my settings had a notice saying that it was removed some time ago.

But I found that you can use another security feature from google called app passwords[3]. And that means that it will give you one specific password for your app needs. I tested this in the git send-email line and it worked. I don’t know if others are doing this or if their previous settings remain ok if these were configured before the recent security resets that google has done.

You did the right thing. This is also how I use gmail with git-send-email. 
 

Is anyone struggling with this?

I don't remember if they disabled it for all gmail users, or only for users who enable 2FA.. but using apps specific token is what we should recommend to everyone. 
 
Should we update the wiki to include this tip?

Yes, definitely. If you want to do it, please go ahead.  If you need help with that, let me know. 
I have just requested an account to the wiki and I’ll update that section once I get it :)

There was another thread about sending e-mails with git send-email this week:
which pointed to this longer explanation:

FWIW: I'm happily using msmtp with gmail account which is then used by git send-email (through sendmail) with additional benefit that you can use the same from mutt, cron, command line or whatever else you might want to send e-mail (instead of using something specific to git send-email).

All you need to do is to install msmtp and short ~/.msmtprc like:
account default
auth login
password foo.bar's.app.password

tls
tls_certcheck off
tls_starttls on

Then
git config sendemail.to <corresponding.ML>
e.g. openembedded-core@... in repos, so that you don't need to manually type To: every time.

So yes, please update the wiki, but it's not as complicated as it might seem (based on the questions about this topic), nor is it specific to OE/Yocto.

Cheers,