README.txt
179 lines
| 5.0 KiB
| text/plain
|
TextLexer
Marcin Kasperski
|
r37 | .. -*- mode: rst -*- | ||
|
Marcin Kasperski
|
r35 | |||
| ================= | ||||
| mercurial_keyring | ||||
| ================= | ||||
|
Marcin Kasperski
|
r37 | ``mercurial_keyring`` is a Mercurial_ extension used to securely save | ||
| HTTP and SMTP authentication passwords in password databases (Gnome | ||||
|
Marcin Kasperski
|
r36 | Keyring, KDE KWallet, OSXKeyChain, specific solutions for Win32 and | ||
| command line). This extension uses and wraps services of the keyring_ | ||||
| library. | ||||
|
Marcin Kasperski
|
r35 | |||
| .. _keyring: http://pypi.python.org/pypi/keyring | ||||
|
Marcin Kasperski
|
r36 | .. _Mercurial: http://mercurial.selenic.com | ||
|
Marcin Kasperski
|
r35 | |||
| How does it work | ||||
| ================ | ||||
| The extension prompts for the password on the first pull/push (in case | ||||
| of HTTP) or first email (in case of SMTP), just like it is done by | ||||
|
Marcin Kasperski
|
r37 | default, but saves the password. On successive runs it checks for the | ||
| username in ``.hg/hgrc``, then for suitable password in the password | ||||
| database, and uses those credentials (if found). | ||||
|
Marcin Kasperski
|
r35 | |||
| In case password turns out to be incorrect (either because it was | ||||
|
Marcin Kasperski
|
r36 | invalid, or because it was changed on the server) or missing it just | ||
| prompts the user again. | ||||
|
Marcin Kasperski
|
r35 | |||
|
Marcin Kasperski
|
r37 | Passwords are identified by the combination of username and remote | ||
|
Marcin Kasperski
|
r46 | address, so they can be reused between repositories if they access the | ||
| same remote repository (or the same SMTP server). | ||||
|
Marcin Kasperski
|
r37 | |||
|
Marcin Kasperski
|
r35 | Installation | ||
| ============ | ||||
|
Marcin Kasperski
|
r36 | Prerequisites | ||
| ------------- | ||||
| Install the keyring_ library: | ||||
|
Marcin Kasperski
|
r35 | |||
| :: | ||||
| easy_install keyring | ||||
| (or ``pip keyring``). On Debian "Sid" the library can be also | ||||
|
Marcin Kasperski
|
r36 | installed from the official archive (packages ``python-keyring`` | ||
| and either ``python-keyring-gnome`` or ``python-keyring-kwallet``). | ||||
| Extension installation | ||||
| ---------------------- | ||||
| There are two possible ways of installing the extension: using PyPi package, | ||||
| or using individual file. | ||||
| To install as a package use ``easy_install``: | ||||
|
Marcin Kasperski
|
r35 | |||
|
Marcin Kasperski
|
r36 | :: | ||
| easy_install mercurial_keyring | ||||
|
Marcin Kasperski
|
r37 | and then enable it in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``) using: | ||
|
Marcin Kasperski
|
r35 | |||
|
Marcin Kasperski
|
r36 | :: | ||
| [extensions] | ||||
| mercurial_keyring = | ||||
| To install using individual file, download the | ||||
|
Marcin Kasperski
|
r37 | `mercurial_keyring.py`_ file, save it anywhere you like, and | ||
|
Marcin Kasperski
|
r35 | put the following in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``): | ||
| :: | ||||
| [extensions] | ||||
| hgext.mercurial_keyring = /path/to/mercurial_keyring.py | ||||
|
Marcin Kasperski
|
r37 | .. _the code: | ||
| .. _mercurial_keyring.py: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/mercurial_keyring.py | ||||
|
Marcin Kasperski
|
r35 | Password backend configuration | ||
| ============================== | ||||
| The library should usually pick the most appropriate password backend | ||||
| without configuration. Still, if necessary, it can be configured using | ||||
| ``~/keyringrc.cfg`` file (``keyringrc.cfg`` in the home directory of | ||||
| the current user). Refer to keyring_ docs for more details. | ||||
|
Marcin Kasperski
|
r37 | *I considered handling similar options in hgrc, but decided that | ||
|
Marcin Kasperski
|
r35 | single user may use more than one keyring-based script. Still, I am | ||
|
Marcin Kasperski
|
r37 | open to suggestions.* | ||
|
Marcin Kasperski
|
r35 | |||
| Repository configuration (HTTP) | ||||
| =============================== | ||||
| Edit repository-local ``.hg/hgrc`` and save there the remote | ||||
| repository path and the username, but do not save the password. For | ||||
| example: | ||||
| :: | ||||
| [paths] | ||||
| myremote = https://my.server.com/hgrepo/someproject | ||||
| [auth] | ||||
| myremote.schemes = http https | ||||
| myremote.prefix = my.server.com/hgrepo | ||||
| myremote.username = mekk | ||||
| Simpler form with url-embedded name can also be used: | ||||
| :: | ||||
| [paths] | ||||
| bitbucket = https://User@bitbucket.org/User/project_name/ | ||||
|
Marcin Kasperski
|
r46 | If prefix is specified, it is used to identify the password (so all | ||
| repositories with the same prefix and the same username will share the | ||||
| same password). Otherwise full repository URL is used for this | ||||
| purpose. | ||||
|
Marcin Kasperski
|
r35 | Note: if both username and password are given in ``.hg/hgrc``, | ||
| extension will use them without using the password database. If | ||||
| username is not given, extension will prompt for credentials every | ||||
| time, also without saving the password. | ||||
| Repository configuration (SMTP) | ||||
| =============================== | ||||
| Edit either repository-local ``.hg/hgrc``, or ``~/.hgrc`` and set | ||||
|
Marcin Kasperski
|
r37 | there all standard email and smtp properties, including SMTP | ||
| username, but without SMTP password. For example: | ||||
|
Marcin Kasperski
|
r35 | |||
| :: | ||||
| [email] | ||||
| method = smtp | ||||
| from = Joe Doe <Joe.Doe@remote.com> | ||||
| [smtp] | ||||
| host = smtp.gmail.com | ||||
| port = 587 | ||||
| username = JoeDoe@gmail.com | ||||
| tls = true | ||||
|
Marcin Kasperski
|
r37 | Just as in case of HTTP, you *must* set username, but *must not* set | ||
| password here to use the extension, in other cases it will revert to | ||||
| the default behavior. | ||||
|
Marcin Kasperski
|
r35 | |||
| Usage | ||||
| ===== | ||||
|
Marcin Kasperski
|
r36 | Configure the repository as above, then just ``hg pull``, ``hg push``, | ||
| etc. You should be asked for the password only once (per every | ||||
|
Marcin Kasperski
|
r46 | username and remote repository prefix or url combination). | ||
|
Marcin Kasperski
|
r35 | |||
|
Marcin Kasperski
|
r36 | Similarly, for email, configure as above and just ``hg email``. | ||
|
Marcin Kasperski
|
r46 | Again, you will be asked for the password once (per every username and | ||
| email server address combination). | ||||
|
Marcin Kasperski
|
r35 | |||
| Implementation details | ||||
| ====================== | ||||
|
Marcin Kasperski
|
r36 | The extension is monkey-patching the mercurial ``passwordmgr`` class | ||
| to replace the find_user_password method. Detailed order of operations | ||||
|
Marcin Kasperski
|
r37 | is described in the comments inside `the code`_. | ||
|
Marcin Kasperski
|
r35 | |||
| Development | ||||
| =========== | ||||
|
Marcin Kasperski
|
r36 | Development is tracked on BitBucket, see | ||
| http://bitbucket.org/Mekk/mercurial_keyring/ | ||||
|
Marcin Kasperski
|
r35 | |||
| Additional notes | ||||
| ================ | ||||
| Information about this extension is also available | ||||
|
Marcin Kasperski
|
r36 | on Mercurial Wiki: http://mercurial.selenic.com/wiki/KeyringExtension | ||