Permission denied with opam-publish

jserot · November 12, 2025, 4:20pm

Hello,

I’ve tried to use opam-publish to publish a new version of my rfsm package. The used version in 2.2.0. I get the following error message

$ opam-publish 

The following will be published:
  - rfsm version 2.2 with opam file at /Users/jserot/Dev/ml/rfsm/rfsm.opam
    archive at https://github.com/jserot/rfsm/archive/refs/tags/2.2.tar.gz


You will be shown the patch before submitting.
Please confirm the above data. Continue ?  [Y/n] Y
Cloning the package repository, this may take a while...
+ /usr/local/bin/git "clone" "git@github.com:ocaml/opam-repository.git" "/Users/jserot/.opam/plugins/opam-publish/repos/ocaml%opam-repository"
- Cloning into '/Users/jserot/.opam/plugins/opam-publish/repos/ocaml%opam-repository'...
- git@github.com: Permission denied (publickey).
- fatal: Could not read from remote repository.
- 
- Please make sure you have the correct access rights
- and the repository exists.
[ERROR] Uncaught exception: "/usr/local/bin/git clone git@github.com:ocaml/opam-repository.git
        /Users/jserot/.opam/plugins/opam-publish/repos/ocaml%opam-repository" exited with code 128

IIUC, opam-publish tries to clone the opam repo on GH into my local .opam directory and fails because i do not have the required auths. Is this repo not public ?

Jocelyn

Leonidas · November 12, 2025, 4:40pm

It sounds more like it tries to git clone git@github.com:ocaml/opam-repository.git and there is no SSH public/private keypair on your system to allow doing that. Does running this command in the shell manually work for you?

kit-ty-kate · November 12, 2025, 4:54pm

opam-publish < 2.7.0 requires an SSH key registered with github that git is able to use, as @Leonidas said.

opam-publish 2.7.0 changes that to use the token directly but has some issues that are being currently dealt with (automatic token migration, missing token permission).
If you can keep these issues in mind, you can use 2.7.0 by removing the ~/.opam/plugins/opam-publish directory to reset the previous configuration and adding the missing workflow permission when creating the new token.

But if you have an SSH key, better keep opam-publish at its current version and use the key for now until these issues are dealt with.

jserot · November 12, 2025, 5:01pm

Seems you’re right @Leonidas. Running the git clone command from the shell gives the same error.

Thx for the suggestion @kit-ty-kate. I will try to use SSH keys (although it has never been clear for me how ro create and use them, unfortunately - but my fault )

Topic		Replies	Views
Trying to publish my first package to opam. Not succeeding. Permissions issue Learning	11	285	April 9, 2025
Opam publish and GH authentification Learning opam	8	432	November 30, 2023
[ANN] opam-publish 2.7.0 Ecosystem opam , announce , opam-publish , opam-repository	0	122	October 7, 2025
[ANN] opam 2.5.0~rc1 & opam-publish 2.7.1 Ecosystem opam , announce	0	100	November 21, 2025
Publishing to Opam Community	14	1519	September 8, 2020

Permission denied with opam-publish

Related topics