Host key verification failed (gatsby-transformer-gitinfo)

We have a problem when building our website. It has worked flawlessly in the past, but somehow we get problems now. The main issue seems to be with the gatsby-transformer-gitinfo plugin, that somehow seems to not be able to connect to our GitLab repo. A few hints:

• Building the website locally (using gatsby) works
• Building and deploying the website locally using netlify-cli also works
• We tried resetting the deploy keys in GitLab/Netlify but that doesn’t help
• I am a bit puzzled about that plugin trying to access the remote since netlify already pulls a full (blobless) copy of the repo onto the runner

Any hints?

Thanks

I have posted the required information below.

Site: https://develop--sortdesk.netlify.app/

11:43:09 AM: Failed during stage 'building site': Build script returned non-zero exit code: 2 (https://ntl.fyi/exit-code-2)
11:42:03 AM: build-image version: c11c0eb9939c949586b0f78302107908b668a11e (focal)
11:42:03 AM: buildbot version: a2a75cd601823162af463c102626e4b39e9f469c
11:42:03 AM: Building without cache
11:42:03 AM: Starting to prepare the repo for build
11:42:04 AM: No cached dependencies found. Cloning fresh repo
11:42:04 AM: git clone --filter=blob:none git@gitlab.com:sortdesk/products/website
11:42:04 AM: Preparing Git Reference merge-requests/40/head
11:42:08 AM: Starting to install dependencies
11:42:08 AM: Python version set to 3.8
11:42:08 AM: Attempting Ruby version 2.7.2, read from environment
11:42:09 AM: Using Ruby version 2.7.2
11:42:09 AM: Started restoring cached go cache
11:42:09 AM: Finished restoring cached go cache
11:42:09 AM: Installing Go version 1.17 (requested 1.17)
11:42:14 AM: go version go1.17 linux/amd64
11:42:14 AM: Using PHP version 8.0
11:42:15 AM: Downloading and installing node v18.14.0...
11:42:15 AM: Downloading https://nodejs.org/dist/v18.14.0/node-v18.14.0-linux-x64.tar.xz...
11:42:15 AM: Computing checksum with sha256sum
11:42:16 AM: Checksums matched!
11:42:18 AM: Now using node v18.14.0 (npm v9.3.1)
11:42:18 AM: Enabling Node.js Corepack
11:42:18 AM: Started restoring cached build plugins
11:42:18 AM: Finished restoring cached build plugins
11:42:18 AM: Started restoring cached corepack dependencies
11:42:18 AM: Finished restoring cached corepack dependencies
11:42:18 AM: No npm workspaces detected
11:42:18 AM: Started restoring cached node modules
11:42:18 AM: Finished restoring cached node modules
11:42:18 AM: Installing npm packages using npm version 9.3.1
11:42:22 AM: npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
11:42:22 AM: npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
11:42:22 AM: npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
11:42:22 AM: npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
11:42:22 AM: npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
11:42:41 AM: added 1455 packages, and audited 1456 packages in 23s
11:42:41 AM: 244 packages are looking for funding
11:42:41 AM:   run `npm fund` for details
11:42:41 AM: 13 vulnerabilities (3 moderate, 7 high, 3 critical)
11:42:41 AM: To address issues that do not require attention, run:
11:42:41 AM:   npm audit fix
11:42:41 AM: Some issues need review, and may require choosing
11:42:41 AM: a different dependency.
11:42:41 AM: Run `npm audit` for details.
11:42:41 AM: npm packages installed
11:42:42 AM: Install dependencies script success
11:42:42 AM: Starting build script
11:42:43 AM: Detected 1 framework(s)
11:42:43 AM: gatsby at version 5.9.0
11:42:43 AM: Section completed: initializing
11:42:44 AM: ​
11:42:44 AM: Netlify Build                                                 
11:42:44 AM: ────────────────────────────────────────────────────────────────
11:42:44 AM: ​
11:42:44 AM: ❯ Version
11:42:44 AM:   @netlify/build 29.12.1
11:42:44 AM: ​
11:42:44 AM: ❯ Flags
11:42:44 AM:   baseRelDir: true
11:42:44 AM:   buildId: 6494176967314a056483e3c9
11:42:44 AM:   deployId: 6494176967314a056483e3cb
11:42:44 AM: ​
11:42:44 AM: ❯ Current directory
11:42:44 AM:   /opt/build/repo
11:42:44 AM: ​
11:42:44 AM: ❯ Config file
11:42:44 AM:   No config file was defined: using default values.
11:42:44 AM: ​
11:42:44 AM: ❯ Context
11:42:44 AM:   deploy-preview
11:42:44 AM: ​
11:42:44 AM: ❯ Installing plugins
11:42:44 AM:    - @netlify/plugin-gatsby@3.6.2
11:42:55 AM: ​
11:42:55 AM: ❯ Loading plugins
11:42:55 AM:    - @netlify/plugin-gatsby@3.6.2 from Netlify app
11:42:56 AM: ​
11:42:56 AM: @netlify/plugin-gatsby (onPreBuild event)                     
11:42:56 AM: ────────────────────────────────────────────────────────────────
11:42:56 AM: ​
11:42:56 AM: No Gatsby cache found. Building fresh.
11:42:56 AM: Please install `gatsby-plugin-netlify` and enable it in your gatsby-config.js. https://www.gatsbyjs.com/plugins/gatsby-plugin-netlify/
11:42:56 AM: ​
11:42:56 AM: (@netlify/plugin-gatsby onPreBuild completed in 9ms)
11:42:56 AM: ​
11:42:56 AM: Build command from Netlify app                                
11:42:56 AM: ────────────────────────────────────────────────────────────────
11:42:56 AM: ​
11:42:56 AM: $ npm run build
11:42:56 AM: > gatsby-tailwind@1.0.0 build
11:42:56 AM: > gatsby build
11:42:59 AM: success compile gatsby files - 1.083s
11:42:59 AM: success load gatsby config - 0.040s
11:42:59 AM: warning Plugin gatsby-plugin-postcss is not compatible with your gatsby version 5.9.0 - It requires gatsby@^4.0.0-next
11:42:59 AM: warning Plugin gatsby-plugin-sass is not compatible with your gatsby version 5.9.0 - It requires gatsby@^4.0.0-next
11:42:59 AM: warning Plugin gatsby-plugin-manifest is not compatible with your gatsby version 5.9.0 - It requires gatsby@^4.0.0-next
11:42:59 AM: warning Plugin gatsby-transformer-gitinfo is not compatible with your gatsby version 5.9.0 - It requires gatsby@^2.0.15
11:42:59 AM: warning Plugin gatsby-plugin-gdpr-cookies is not compatible with your gatsby version 5.9.0 - It requires gatsby@^2.24.77 || ^3.0.0 || ^4.0.0
11:42:59 AM: warning Plugin gatsby-plugin-postcss is not compatible with your gatsby version 5.9.0 - It requires gatsby@^4.0.0-next
11:42:59 AM: warning Plugin gatsby-plugin-sass is not compatible with your gatsby version 5.9.0 - It requires gatsby@^4.0.0-next
11:42:59 AM: warning Plugin gatsby-plugin-manifest is not compatible with your gatsby version 5.9.0 - It requires gatsby@^4.0.0-next
11:42:59 AM: warning Plugin gatsby-transformer-gitinfo is not compatible with your gatsby version 5.9.0 - It requires gatsby@^2.0.15
11:42:59 AM: warning Plugin gatsby-plugin-gdpr-cookies is not compatible with your gatsby version 5.9.0 - It requires gatsby@^2.24.77 || ^3.0.0 || ^4.0.0
11:42:59 AM: success load plugins - 0.360s
11:42:59 AM: warning gatsby-plugin-react-helmet: Gatsby now has built-in support for modifying the document head. Learn more at https://gatsby.dev/gatsby-head
11:42:59 AM: success onPreInit - 0.003s
11:42:59 AM: success initialize cache - 0.041s
11:42:59 AM: success copy gatsby files - 0.099s
11:42:59 AM: success Compiling Gatsby Functions - 0.166s
11:42:59 AM: success onPreBootstrap - 0.175s
11:43:00 AM: success createSchemaCustomization - 0.000s
11:43:01 AM: error gatsby-transformer-gitinfo threw an error while running the onCreateNode lifecycle:
11:43:01 AM: Host key verification failed.
11:43:01 AM: fatal: Could not read from remote repository.
11:43:01 AM: Please make sure you have the correct access rights
11:43:01 AM: and the repository exists.
11:43:01 AM: fatal: could not fetch fcbafe17c2c32539797b2905d20fef94617e5bae from promisor remote
11:43:02 AM: 
11:43:02 AM: 
11:43:02 AM:   Error: Host key verification failed. 
11:43:02 AM:   fatal: Could not read from remote repository.
11:43:02 AM:   Please make sure you have the correct access rights
11:43:02 AM:   and the repository exists.
11:43:02 AM:   fatal: could not fetch fcbafe17c2c32539797b2905d20fef94617e5bae from promisor   remote
11:43:02 AM:   
11:43:02 AM:   - promise.js:90 toError
11:43:02 AM:     [repo]/[simple-git]/promise.js:90:14
11:43:02 AM:   
11:43:02 AM:   - promise.js:61 
11:43:02 AM:     [repo]/[simple-git]/promise.js:61:36
11:43:02 AM:   
11:43:02 AM:   - git.js:1550 Git.<anonymous>
11:43:02 AM:     [repo]/[simple-git]/src/git.js:1550:20
11:43:02 AM:   
11:43:02 AM:   - git.js:1475 Function.Git.fail
11:43:02 AM:     [repo]/[simple-git]/src/git.js:1475:18
11:43:02 AM:   
11:43:02 AM:   - git.js:1433 fail
11:43:02 AM:     [repo]/[simple-git]/src/git.js:1433:20
11:43:02 AM:   
11:43:02 AM:   - git.js:1442 
11:43:02 AM:     [repo]/[simple-git]/src/git.js:1442:16
11:43:02 AM:   
11:43:02 AM:   - task_queues:95 processTicksAndRejections
11:43:02 AM:     node:internal/process/task_queues:95:5
11:43:02 AM:   
11:43:02 AM: 
11:43:02 AM: not finished source and transform nodes - 1.829s
11:43:02 AM: ​
11:43:02 AM: build.command failed                                        
11:43:02 AM: ────────────────────────────────────────────────────────────────
11:43:02 AM: ​
11:43:02 AM:   Error message
11:43:02 AM:   Command failed with exit code 1: npm run build (https://ntl.fyi/exit-code-1)
11:43:02 AM: ​
11:43:02 AM:   Error location
11:43:02 AM:   In Build command from Netlify app:
11:43:02 AM:   npm run build
11:43:02 AM: ​
11:43:02 AM:   Resolved config
11:43:02 AM:   build:
11:43:02 AM:     command: npm run build
11:43:02 AM:     commandOrigin: ui
11:43:02 AM:     environment:
11:43:02 AM:       - GTM_ID
11:43:02 AM:       - NODE_VERSION
11:43:02 AM:       - REVIEW_ID
11:43:02 AM:     publish: /opt/build/repo/public
11:43:02 AM:     publishOrigin: ui
11:43:02 AM:   plugins:
11:43:02 AM:     - inputs: {}
11:43:02 AM:       origin: ui
11:43:02 AM:       package: '@netlify/plugin-gatsby'
11:43:08 AM: Caching artifacts
11:43:08 AM: Started saving node modules
11:43:08 AM: Finished saving node modules
11:43:08 AM: Started saving build plugins
11:43:08 AM: Finished saving build plugins
11:43:08 AM: Started saving corepack cache
11:43:08 AM: Finished saving corepack cache
11:43:08 AM: Started saving pip cache
11:43:08 AM: Finished saving pip cache
11:43:08 AM: Started saving emacs cask dependencies
11:43:08 AM: Finished saving emacs cask dependencies
11:43:08 AM: Started saving maven dependencies
11:43:08 AM: Finished saving maven dependencies
11:43:08 AM: Started saving boot dependencies
11:43:08 AM: Finished saving boot dependencies
11:43:08 AM: Started saving rust rustup cache
11:43:08 AM: Finished saving rust rustup cache
11:43:08 AM: Started saving go dependencies
11:43:08 AM: Finished saving go dependencies
11:43:09 AM: Build failed due to a user error: Build script returned non-zero exit code: 2
11:43:09 AM: Failing build: Failed to build site
11:43:09 AM: Finished processing build request in 1m6.439s

Hiya,

Thanks for reaching out. Can you checkout this support guide as this should get your sorted?

Let me know if that’s not the case.

Thanks for the hint.

• We have tried most of the hints (except for committing the key directly to the repo, which we don’t want to do for obvious reasons)
• We’re also surprized since here we’re not trying to access a submodule, just the main repo.
• As I mentioned it’s also surprizing that the plugin tries to pull from the repo when it’s already available on the runner after Netlify has pulled it.

Not sure how to proceed here.

What exactly are you doing during the build that’s requiring Git access?

Sorry for the late reply I was on vacation

As I mentioned (in my last bullet point of the original post) the gatsby-transformer-gitinfo seems to be making the remote call, but we are not sure why, since the full repo should be available locally on the Netlify runner. We have also opened an issue in the plugin repository if that helps.

Thanks!

I’ve commented on that issue.

@pierre-sortdesk, if you manually run the command:

git log <path to any file you're trying to pull stats for>

as a part of your build command… what do you get? Could you try that in a build and share the link?

Hey, thanks for following up. We have now tried that, here is the link.

We also tried with git show, and surprisingly that gives a Host key verification failed error message (unlike git log above).

We also tried to build Gatsby locally but disabling all our SSH access to the repository beforehand, and that also runs without an issue.

It’s highly confusing but really the Netlify deployment is the only one causing trouble.

Thank you for trying that. That’s weird indeed. We’ve asked the devs to check it and we’ll let you know as we have more info.

As checked with the devs, this could be something that’s not supported indeed. To increase system security, we’re not setting git credentials globally, instead only for the required operations (us cloning the git repo). To further strengthen the security, we’re possibly making it more difficult to run git operations during the build, so for private repos, this might not be working for long.

Thanks for helping out! What is still a mystery to me is why the plugin tries to access the remote instead of the local one. We’ve also tried again with the non-fork version of the repository and it was the same. We will use a runner on our own infrastructure to build the code and then deploy it on Netlify.

Yes, that’s the question our devs had too. As long as you do git operations on the locally cloned repo, that should work. Only accessing the remote repo should not be possible.