##// END OF EJS Templates
u » av6 » wip » mercurial_keyring
RSS

Clone from https://foss.heptapod.net/mercurial/mercurial_keyring

Extra notes about keyring problems. Version bump to 4.8
Marcin Kasperski -
r262:18be622f default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,335 +1,338 b''
1
2 1.2.1
3 ~~~~~~~~~~~~
4
5 Tested against hg 4.8 (no changes needed).
1
6
2 1.2.0
7 1.2.0
3 ~~~~~~~~~~~~
8 ~~~~~~~~~~~~
4
9
5 #62 Compatible with Mercurial 4.7 (some fixes were needed to avoid
10 #62 Compatible with Mercurial 4.7 (some fixes were needed to avoid
6 crashes while working in this version). Most important fixes were made
11 crashes while working in this version). Most important fixes were made
7 in meu (so here we just depend on proper version), but there are also
12 in meu (so here we just depend on proper version), but there are also
8 individual fixes here (related to smtp handling).
13 individual fixes here (related to smtp handling).
9
14
10 #61 In case keyring library raises exceptions (like recent versions do
15 #61 In case keyring library raises exceptions (like recent versions do
11 when no backend is available), we don't crash mercurial anymore.
16 when no backend is available), we don't crash mercurial anymore.
12 mercurial_keyring emits the warning and falls back to normal password
17 mercurial_keyring emits the warning and falls back to normal password
13 handling (propts).
18 handling (propts).
14
19
15 Refreshing smtp monkeypatch to be a bit more like modern mercurials
20 Refreshing smtp monkeypatch to be a bit more like modern mercurials
16 (in particular, obligatory cert falidaton).
21 (in particular, obligatory cert falidaton).
17
22
18
19
20 1.1.9
23 1.1.9
21 ~~~~~~~~~~~~
24 ~~~~~~~~~~~~
22
25
23 4.6-compatibility, 4.5-testing.
26 4.6-compatibility, 4.5-testing.
24
27
25 1.1.8
28 1.1.8
26 ~~~~~~~~~~~~~
29 ~~~~~~~~~~~~~
27
30
28 Updated links after bitbucket changes.
31 Updated links after bitbucket changes.
29
32
30 1.1.7
33 1.1.7
31 ~~~~~~~~~~~~~~~~~~
34 ~~~~~~~~~~~~~~~~~~
32
35
33 #52 hg keyring_check and hg keyring_clear did not work since
36 #52 hg keyring_check and hg keyring_clear did not work since
34 Mercurial 3.9 (incompatibility caused by commit 2c019aac6b99,
37 Mercurial 3.9 (incompatibility caused by commit 2c019aac6b99,
35 introducing passwdb).
38 introducing passwdb).
36
39
37 1.1.6
40 1.1.6
38 ~~~~~~~~~~~~~~~~~~
41 ~~~~~~~~~~~~~~~~~~
39
42
40 Fixed NameError showing up in some password saving scenarios, in
43 Fixed NameError showing up in some password saving scenarios, in
41 particular in case of password save failures (thanks to Andrew
44 particular in case of password save failures (thanks to Andrew
42 Taumoefolau for reporting and fixing).
45 Taumoefolau for reporting and fixing).
43
46
44 1.1.5
47 1.1.5
45 ~~~~~~~~~~~~~~~~~~
48 ~~~~~~~~~~~~~~~~~~
46
49
47 Mercurial 3.9 compatibility.
50 Mercurial 3.9 compatibility.
48
51
49 1.1.4
52 1.1.4
50 ~~~~~~~~~~~~~~~~~~
53 ~~~~~~~~~~~~~~~~~~
51
54
52 Gracefully handle failures to save passwords - they are reported
55 Gracefully handle failures to save passwords - they are reported
53 as warnings, but don't break the operation being executed.
56 as warnings, but don't break the operation being executed.
54
57
55 Compatibility fixes for upcoming 3.9 release (which changes SSL API
58 Compatibility fixes for upcoming 3.9 release (which changes SSL API
56 noticeably, what impact SMTP passwords handling in mercurial_keyring).
59 noticeably, what impact SMTP passwords handling in mercurial_keyring).
57
60
58 1.1.3
61 1.1.3
59 ~~~~~~~~~~~~~~~~~~
62 ~~~~~~~~~~~~~~~~~~
60
63
61 Mercurial 3.8 compatibility for email over SSL/TLS (SMTPS/STARTTLS
64 Mercurial 3.8 compatibility for email over SSL/TLS (SMTPS/STARTTLS
62 constructors changed). Should not spoil older versions.
65 constructors changed). Should not spoil older versions.
63
66
64 1.1.2
67 1.1.2
65 ~~~~~~~~~~~~~~~~~~
68 ~~~~~~~~~~~~~~~~~~
66
69
67 The keyring_check and keyring_clear commands can be run outside
70 The keyring_check and keyring_clear commands can be run outside
68 repository (if given some path as parameter).
71 repository (if given some path as parameter).
69
72
70 Fixed some messages.
73 Fixed some messages.
71
74
72 README updates (a few language fixes, added note about GUI tools).
75 README updates (a few language fixes, added note about GUI tools).
73
76
74 1.1.1
77 1.1.1
75 ~~~~~~~~~~~~~~~~~~
78 ~~~~~~~~~~~~~~~~~~
76
79
77 #49 Fixed the bug due to url-stored usernames did not work (introduced
80 #49 Fixed the bug due to url-stored usernames did not work (introduced
78 in 1.0.0 and not completely fixed in 1.0.1).
81 in 1.0.0 and not completely fixed in 1.0.1).
79
82
80 #50 Bad doc url in error message
83 #50 Bad doc url in error message
81
84
82
85
83 1.1.0
86 1.1.0
84 ~~~~~~~~~~~~~~~~~~
87 ~~~~~~~~~~~~~~~~~~
85
88
86 Forward compatibility for Mercurial 3.8 (should not break old mercurials)
89 Forward compatibility for Mercurial 3.8 (should not break old mercurials)
87
90
88 1.0.1
91 1.0.1
89 ~~~~~~~~~~~~~~~~~~
92 ~~~~~~~~~~~~~~~~~~
90
93
91 URLs containing usernames (https://John@some.service/somewhat) were
94 URLs containing usernames (https://John@some.service/somewhat) were
92 not working unless username was also configured separately (username
95 not working unless username was also configured separately (username
93 presence in url was not detected properly).
96 presence in url was not detected properly).
94
97
95 Liberated prefix matching, path https://John@some.service/somewhat can
98 Liberated prefix matching, path https://John@some.service/somewhat can
96 be matched both against prefix https://some.service and against
99 be matched both against prefix https://some.service and against
97 https://John@some.service. That mostly matches what mercurial itself
100 https://John@some.service. That mostly matches what mercurial itself
98 does.
101 does.
99
102
100 1.0.0
103 1.0.0
101 ~~~~~~~~~~~~~~~~~~
104 ~~~~~~~~~~~~~~~~~~
102
105
103 Added
106 Added
104 hg keyring_check
107 hg keyring_check
105 and
108 and
106 hg keyring_clear PATH-OR-ALIAS
109 hg keyring_clear PATH-OR-ALIAS
107 commands
110 commands
108
111
109 Removed obsolete workarounds (compatibility for very old Mercurials -
112 Removed obsolete workarounds (compatibility for very old Mercurials -
110 some for pre-1.0, some for 1.4, some for 1.8/1.9).
113 some for pre-1.0, some for 1.4, some for 1.8/1.9).
111 Mercurial 2.0 is now required.
114 Mercurial 2.0 is now required.
112
115
113 Improved information about path prefix. In particular it is shown
116 Improved information about path prefix. In particular it is shown
114 whenever user is asked for password, for example:
117 whenever user is asked for password, for example:
115 hg pull bitbucket
118 hg pull bitbucket
116 http authorization required
119 http authorization required
117 realm: BitBucket
120 realm: BitBucket
118 url: https://bitbucket.org/Mekk
121 url: https://bitbucket.org/Mekk
119 user: Mekk (fixed in hgrc or url)
122 user: Mekk (fixed in hgrc or url)
120 password:
123 password:
121
124
122 Improved README.
125 Improved README.
123
126
124 Improved debug information.
127 Improved debug information.
125
128
126 0.8.0
129 0.8.0
127 ~~~~~~~~~~~~~~~~~~
130 ~~~~~~~~~~~~~~~~~~
128
131
129 Module is simplified a bit, but requires mercurial_extension_utils.
132 Module is simplified a bit, but requires mercurial_extension_utils.
130 Debug messages are prefixed with keyring: not [HgKeyring]
133 Debug messages are prefixed with keyring: not [HgKeyring]
131
134
132 0.7.1
135 0.7.1
133 ~~~~~~~~~~~~~~~~~~
136 ~~~~~~~~~~~~~~~~~~
134
137
135 #48 NullHandler import failure no longer breaks the extension.
138 #48 NullHandler import failure no longer breaks the extension.
136 May help python 2.6 compatibility.
139 May help python 2.6 compatibility.
137
140
138 0.7.0
141 0.7.0
139 ~~~~~~~~~~~~~~~~~~~
142 ~~~~~~~~~~~~~~~~~~~
140
143
141 Delaying keyring module import until passwords are really needed. It
144 Delaying keyring module import until passwords are really needed. It
142 can noticeably improve Mercurial (non pull/push) performance in some
145 can noticeably improve Mercurial (non pull/push) performance in some
143 cases (no longer slow hg status because D-Bus is busy an keyring tries
146 cases (no longer slow hg status because D-Bus is busy an keyring tries
144 to activate KDE Wallet through it…).
147 to activate KDE Wallet through it…).
145
148
146 0.6.7
149 0.6.7
147 ~~~~~~~~~~~~~~~~~
150 ~~~~~~~~~~~~~~~~~
148
151
149 #46 Fixed syntax of smtp.tls configuration setting (current Mercurials
152 #46 Fixed syntax of smtp.tls configuration setting (current Mercurials
150 doesn't handle "true" anymore, TortoiseHG crashed with mercurial
153 doesn't handle "true" anymore, TortoiseHG crashed with mercurial
151 keyring enabled while currently recommended starttls/smtps/none values
154 keyring enabled while currently recommended starttls/smtps/none values
152 were in use).
155 were in use).
153
156
154 0.6.6
157 0.6.6
155 ~~~~~~~~~~~~~~~~~
158 ~~~~~~~~~~~~~~~~~
156
159
157 #44 Handling some more mercurial versions in demandimport-detection
160 #44 Handling some more mercurial versions in demandimport-detection
158 logic.
161 logic.
159
162
160 0.6.5
163 0.6.5
161 ~~~~~~~~~~~~~~~~~
164 ~~~~~~~~~~~~~~~~~
162
165
163 #36 Shutting up warning about no logging handlers.
166 #36 Shutting up warning about no logging handlers.
164
167
165 0.6.4
168 0.6.4
166 ~~~~~~~~~~~~~~~~~
169 ~~~~~~~~~~~~~~~~~
167
170
168 #44 Pre-2.9.1 Mercurials compatibility (probing for active
171 #44 Pre-2.9.1 Mercurials compatibility (probing for active
169 demandimport differently).
172 demandimport differently).
170
173
171 0.6.3
174 0.6.3
172 ~~~~~~~~~~~~~~~~~
175 ~~~~~~~~~~~~~~~~~
173
176
174 #41 Fix for incorrect demandimport activity check logic, which could
177 #41 Fix for incorrect demandimport activity check logic, which could
175 cause various problems with imports after mercurial_keyring is
178 cause various problems with imports after mercurial_keyring is
176 imported.
179 imported.
177
180
178 0.6.2
181 0.6.2
179 ~~~~~~~~~~~~~~~~~
182 ~~~~~~~~~~~~~~~~~
180
183
181 #33 Fix for UnicodeDecodeErrors happening on some backends (especially
184 #33 Fix for UnicodeDecodeErrors happening on some backends (especially
182 Vault) when passwords with non-ascii characters are in use and native
185 Vault) when passwords with non-ascii characters are in use and native
183 locale is not utf-8. Passwords are no longer saved to keyring backends
186 locale is not utf-8. Passwords are no longer saved to keyring backends
184 as-entered, they are now decoded from local encoding (whichever is
187 as-entered, they are now decoded from local encoding (whichever is
185 detected by Mercurial), then encoded to unicode.
188 detected by Mercurial), then encoded to unicode.
186
189
187 0.6.1
190 0.6.1
188 ~~~~~~~~~~~~~~~~~
191 ~~~~~~~~~~~~~~~~~
189
192
190 #30 Yet another demandimport conflict fixed.
193 #30 Yet another demandimport conflict fixed.
191
194
192 0.6.0
195 0.6.0
193 ~~~~~~~~~~~~~~~~~
196 ~~~~~~~~~~~~~~~~~
194
197
195 #28 Disable demandimport completely during keyring import. Mayhaps it
198 #28 Disable demandimport completely during keyring import. Mayhaps it
196 will resolve (most) demandimport conflict errors.
199 will resolve (most) demandimport conflict errors.
197
200
198 0.5.7
201 0.5.7
199 ~~~~~~~~~~~~~~~~~
202 ~~~~~~~~~~~~~~~~~
200
203
201 #27 Some more demandimport ignores.
204 #27 Some more demandimport ignores.
202
205
203 0.5.6
206 0.5.6
204 ~~~~~~~~~~~~~~~~~
207 ~~~~~~~~~~~~~~~~~
205
208
206 #24, #25 Demandimport fixes (import failures in specific cases).
209 #24, #25 Demandimport fixes (import failures in specific cases).
207
210
208 Better way of demandimport-ignoring modules. In particular, we append
211 Better way of demandimport-ignoring modules. In particular, we append
209 more of them if gobject happens to be on the list.
212 more of them if gobject happens to be on the list.
210
213
211 0.5.5
214 0.5.5
212 ~~~~~~~~~~~~~~~~~
215 ~~~~~~~~~~~~~~~~~
213
216
214 Fix for gnome keyring import problems.
217 Fix for gnome keyring import problems.
215
218
216 0.5.4
219 0.5.4
217 ~~~~~~~~~~~~~~~~~
220 ~~~~~~~~~~~~~~~~~
218
221
219 #22 Some more demandimport ignores (fix import failures).
222 #22 Some more demandimport ignores (fix import failures).
220
223
221 SMTP password was not cleared properly (after detecting that it is
224 SMTP password was not cleared properly (after detecting that it is
222 invalid).
225 invalid).
223
226
224 Clarified license to be modified BSD style license.
227 Clarified license to be modified BSD style license.
225
228
226 0.5.3
229 0.5.3
227 ~~~~~~~~~~~~~~~~~
230 ~~~~~~~~~~~~~~~~~
228
231
229 Remove useless import which caused problems on Mercurial 2.3 when
232 Remove useless import which caused problems on Mercurial 2.3 when
230 demandimport was not enabled
233 demandimport was not enabled
231
234
232 0.5.1
235 0.5.1
233 ~~~~~~~~~~~~~~~~~
236 ~~~~~~~~~~~~~~~~~
234
237
235 Add help text to output for hg help.
238 Add help text to output for hg help.
236
239
237 0.5.0
240 0.5.0
238 ~~~~~~~~~~~~~~~~~
241 ~~~~~~~~~~~~~~~~~
239
242
240 Improved bad password detection. Internally: extension is now able to
243 Improved bad password detection. Internally: extension is now able to
241 properly differentiate between an authentication failure and a new
244 properly differentiate between an authentication failure and a new
242 request to the same url.
245 request to the same url.
243
246
244 Fixes in debug message
247 Fixes in debug message
245
248
246 Further debug messages patching
249 Further debug messages patching
247
250
248 Improving debug messages handling.
251 Improving debug messages handling.
249
252
250 Mercurial Keyring debug messages are now prefixed with
253 Mercurial Keyring debug messages are now prefixed with
251 [HgKeyring] to make distinguishing them easier
254 [HgKeyring] to make distinguishing them easier
252
255
253 0.4.6
256 0.4.6
254 ~~~~~~~~~~~~~~~~~
257 ~~~~~~~~~~~~~~~~~
255
258
256 More compatibility (changed signature of httpconnection.readauthforuri
259 More compatibility (changed signature of httpconnection.readauthforuri
257 , introduced post Mercurial 1.9 - since hg.0593e8f81c71)
260 , introduced post Mercurial 1.9 - since hg.0593e8f81c71)
258
261
259 Fix compatibility code which did not work due to demandimport issues
262 Fix compatibility code which did not work due to demandimport issues
260 (attempts to catch ImportErrors on "from mercurial.url import
263 (attempts to catch ImportErrors on "from mercurial.url import
261 readauthforuri" were not working properly).
264 readauthforuri" were not working properly).
262
265
263 0.4.5
266 0.4.5
264 ~~~~~~~~~~~~~~~~~
267 ~~~~~~~~~~~~~~~~~
265
268
266 Mercurial 1.9 compatibility (readauthforuri has been moved into new
269 Mercurial 1.9 compatibility (readauthforuri has been moved into new
267 httpconnection module).
270 httpconnection module).
268
271
269 0.4.4
272 0.4.4
270 ~~~~~~~~~~~~~~~~~
273 ~~~~~~~~~~~~~~~~~
271
274
272 Mercurial 1.8 compatibility (passwordmgr.readauthtoken() has been
275 Mercurial 1.8 compatibility (passwordmgr.readauthtoken() has been
273 moved into mercurial.url.readauthforuri).
276 moved into mercurial.url.readauthforuri).
274
277
275 0.4.3
278 0.4.3
276 ~~~~~~~~~~~~~~~~~
279 ~~~~~~~~~~~~~~~~~
277
280
278 Keyring fork no longer is needed as keyring releases are available
281 Keyring fork no longer is needed as keyring releases are available
279 again.
282 again.
280
283
281 Workaround for gnomekeyring mercurial.demandimport incompatibility:
284 Workaround for gnomekeyring mercurial.demandimport incompatibility:
282 mercurial.demandimport, which is enabled while in a mercurial
285 mercurial.demandimport, which is enabled while in a mercurial
283 extensions, prevents the correct import of gobject._gobject and
286 extensions, prevents the correct import of gobject._gobject and
284 consequently doesn't allow the loading of the gnomekeyring module,
287 consequently doesn't allow the loading of the gnomekeyring module,
285 which can be used by keyring. This just adds the proper module to
288 which can be used by keyring. This just adds the proper module to
286 demandimport ignore list.
289 demandimport ignore list.
287
290
288 0.4.2
291 0.4.2
289 ~~~~~~~~~~~~~~~~~
292 ~~~~~~~~~~~~~~~~~
290
293
291 No longer raising an error when username is specified both in ~/.hgrc
294 No longer raising an error when username is specified both in ~/.hgrc
292 and <repo>/.hg/hgrc if it is the same in both places.
295 and <repo>/.hg/hgrc if it is the same in both places.
293
296
294 Docs recommend sborho keyring fork.
297 Docs recommend sborho keyring fork.
295
298
296 0.4.1
299 0.4.1
297 ~~~~~~~~~~~~~~~~~
300 ~~~~~~~~~~~~~~~~~
298
301
299 Some tweaks and docs related to prefix handling.
302 Some tweaks and docs related to prefix handling.
300
303
301 Explicit information that keyring is not used due to lack of username.
304 Explicit information that keyring is not used due to lack of username.
302
305
303 0.4.0
306 0.4.0
304 ~~~~~~~~~~~~~~~~~
307 ~~~~~~~~~~~~~~~~~
305
308
306 Store and lookup prefix from [auth] so that password is shared amongst
309 Store and lookup prefix from [auth] so that password is shared amongst
307 shared auth entries
310 shared auth entries
308
311
309 0.3.3
312 0.3.3
310 ~~~~~~~~~~~~~~~~~
313 ~~~~~~~~~~~~~~~~~
311
314
312 Better error message
315 Better error message
313
316
314 0.3.2
317 0.3.2
315 ~~~~~~~~~~~~~~~~~
318 ~~~~~~~~~~~~~~~~~
316
319
317 Doc tweaks
320 Doc tweaks
318
321
319 0.3.1
322 0.3.1
320 ~~~~~~~~~~~~~~~~~
323 ~~~~~~~~~~~~~~~~~
321
324
322 Introduced and documented PyPi package, added setup.py
325 Introduced and documented PyPi package, added setup.py
323
326
324 0.2.0
327 0.2.0
325 ~~~~~~~~~~~~~~~~~
328 ~~~~~~~~~~~~~~~~~
326
329
327 Added handling of SMTP passwords (tested on patchbomb extension but
330 Added handling of SMTP passwords (tested on patchbomb extension but
328 should work on anything what utilizes mercurial.mail)
331 should work on anything what utilizes mercurial.mail)
329
332
330 Docstrings mention Debian keyring packages.
333 Docstrings mention Debian keyring packages.
331
334
332 0.1.1
335 0.1.1
333 ~~~~~~~~~~~~~~~~~
336 ~~~~~~~~~~~~~~~~~
334
337
335 Initial public release
338 Initial public release
Show file before | Show file after | Hide comments
@@ -1,408 +1,418 b''
1 .. -*- mode: rst; compile-command: "rst2html README.txt README.html" -*-
1 .. -*- mode: rst; compile-command: "rst2html README.txt README.html" -*-
2
2
3 =======================================================
3 =======================================================
4 Mercurial Keyring
4 Mercurial Keyring
5 =======================================================
5 =======================================================
6
6
7 Mercurial Keyring is a Mercurial_ extension used to securely save HTTP
7 Mercurial Keyring is a Mercurial_ extension used to securely save HTTP
8 and SMTP authentication passwords in password databases (Gnome
8 and SMTP authentication passwords in password databases (Gnome
9 Keyring, KDE KWallet, OSXKeyChain, Windows Vault etc).
9 Keyring, KDE KWallet, OSXKeyChain, Windows Vault etc).
10
10
11 With ``mercurial_keyring`` active, Mercurial remembers your passwords
11 With ``mercurial_keyring`` active, Mercurial remembers your passwords
12 and reuses them without prompting (as if you stored them in ``.hgrc``),
12 and reuses them without prompting (as if you stored them in ``.hgrc``),
13 but password storage is reasonably secure.
13 but password storage is reasonably secure.
14
14
15 Actual password storage is implemented by the keyring_ library, this
15 Actual password storage is implemented by the keyring_ library, this
16 extension glues it to Mercurial.
16 extension glues it to Mercurial.
17
17
18 .. contents::
18 .. contents::
19 :local:
19 :local:
20 :depth: 2
20 :depth: 2
21
21
22 .. sectnum::
22 .. sectnum::
23
23
24 .. _keyring: http://pypi.python.org/pypi/keyring
24 .. _keyring: http://pypi.python.org/pypi/keyring
25 .. _Mercurial: http://mercurial.selenic.com
25 .. _Mercurial: http://mercurial.selenic.com
26
26
27 How does it work
27 How does it work
28 =======================================================
28 =======================================================
29
29
30 On your first pull or push to HTTP url (or first email sent via given
30 On your first pull or push to HTTP url (or first email sent via given
31 SMTP server), you are prompted for the password, just like bare
31 SMTP server), you are prompted for the password, just like bare
32 Mercurial does. But the password you entered is saved to appropriate
32 Mercurial does. But the password you entered is saved to appropriate
33 password database. On successive runs, whenever the password is
33 password database. On successive runs, whenever the password is
34 needed, ``mercurial_keyring`` checks for password in password
34 needed, ``mercurial_keyring`` checks for password in password
35 database, and uses it without troubling you.
35 database, and uses it without troubling you.
36
36
37 In case password turns out to be incorrect (for example, because you
37 In case password turns out to be incorrect (for example, because you
38 changed it, or entered it incorrectly), ``mercurial_keyring`` prompts
38 changed it, or entered it incorrectly), ``mercurial_keyring`` prompts
39 you again, and overwrites the password.
39 you again, and overwrites the password.
40
40
41 You can use many passwords (for various remote urls). Saved passwords
41 You can use many passwords (for various remote urls). Saved passwords
42 are identified by pair of username and url prefix. See below for
42 are identified by pair of username and url prefix. See below for
43 information how to configure those properly.
43 information how to configure those properly.
44
44
45 Installation
45 Installation
46 =======================================================
46 =======================================================
47
47
48 Prerequisites
48 Prerequisites
49 -------------
49 -------------
50
50
51 This extension requires keyring_ and `mercurial_extension_utils`_ to
51 This extension requires keyring_ and `mercurial_extension_utils`_ to
52 work. In many cases both will be installed automatically while you
52 work. In many cases both will be installed automatically while you
53 install ``mercurial_keyring``, but you may need to control the process.
53 install ``mercurial_keyring``, but you may need to control the process.
54
54
55 The keyring_ library can usually be installed by::
55 The keyring_ library can usually be installed by::
56
56
57 pip install --user keyring
57 pip install --user keyring
58
58
59 (or ``easy_install keyring``), but on some systems it is preferable to
59 (or ``easy_install keyring``), but on some systems it is preferable to
60 use official distribution archive. For example, on Debian and Ubuntu,
60 use official distribution archive. For example, on Debian and Ubuntu,
61 you may install ``python-keyring`` and either ``python-keyring-gnome``
61 you may install ``python-keyring`` and either ``python-keyring-gnome``
62 or ``python-keyring-kwallet`` packages::
62 or ``python-keyring-kwallet`` packages::
63
63
64 sudo apt-get install python-keyring python-keyring-gnome
64 sudo apt-get install python-keyring python-keyring-gnome
65
65
66 (this will save you the need to provide working compiler and various
66 (this will save you the need to provide working compiler and various
67 development libraries).
67 development libraries).
68
68
69 The `mercurial_extension_utils`_ module is tiny Python-only module,
69 The `mercurial_extension_utils`_ module is tiny Python-only module,
70 which can be installed by::
70 which can be installed by::
71
71
72 pip install --user mercurial_extension_utils
72 pip install --user mercurial_extension_utils
73
73
74 but in some cases (Windows…) requires more care. See
74 but in some cases (Windows…) requires more care. See
75 `mercurial_extension_utils`_ documentation.
75 `mercurial_extension_utils`_ documentation.
76
76
77
77
78 Extension installation
78 Extension installation
79 ----------------------
79 ----------------------
80
80
81 There are two possible ways of installing the extension: using PyPi package,
81 There are two possible ways of installing the extension: using PyPi package,
82 or using source clone.
82 or using source clone.
83
83
84 To install as a package::
84 To install as a package::
85
85
86 pip install --user mercurial_keyring
86 pip install --user mercurial_keyring
87
87
88 (or ``sudo pip install mercurial_keyring`` for system-wide
88 (or ``sudo pip install mercurial_keyring`` for system-wide
89 installation) and then enable it in ``~/.hgrc`` (or
89 installation) and then enable it in ``~/.hgrc`` (or
90 ``/etc/mercurial/hgrc`` or ``Mercurial.ini``) using::
90 ``/etc/mercurial/hgrc`` or ``Mercurial.ini``) using::
91
91
92 [extensions]
92 [extensions]
93 mercurial_keyring =
93 mercurial_keyring =
94
94
95 To install using source clone, install keyring_ according to the
95 To install using source clone, install keyring_ according to the
96 instructions above, then clone::
96 instructions above, then clone::
97
97
98 hg clone https://bitbucket.org/Mekk/mercurial_keyring/
98 hg clone https://bitbucket.org/Mekk/mercurial_keyring/
99 hg clone https://bitbucket.org/Mekk/mercurial-extension_utils/
99 hg clone https://bitbucket.org/Mekk/mercurial-extension_utils/
100
100
101 and configure Mercurial using full path to the extension module::
101 and configure Mercurial using full path to the extension module::
102
102
103 [extensions]
103 [extensions]
104 mercurial_keyring = /path/to/mercurial_keyring/mercurial_keyring.py
104 mercurial_keyring = /path/to/mercurial_keyring/mercurial_keyring.py
105
105
106 .. _the code:
106 .. _the code:
107 .. _mercurial_keyring.py: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/mercurial_keyring.py
107 .. _mercurial_keyring.py: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/mercurial_keyring.py
108
108
109 Password backend configuration
109 Password backend configuration
110 =======================================================
110 =======================================================
111
111
112 The most appropriate password backend should usually be picked without
112 The most appropriate password backend should usually be picked without
113 configuration (considering installed libraries, operating system,
113 configuration (considering installed libraries, operating system,
114 active desktop session). Still, if necessary, it can be configured
114 active desktop session). Still, if necessary, it can be configured
115 using ``keyringrc.cfg`` file. Refer to keyring_ docs for more
115 using ``keyringrc.cfg`` file. Refer to keyring_ docs for more
116 details.
116 details.
117
117
118 .. note::
118 .. note::
119
119
120 With current (as I write) keyring (5.6), this file is (on Linux)
120 With current (as I write) keyring (5.6), this file is (on Linux)
121 located at ``~/.local/share/python_keyring/keyringrc.cfg`` and
121 located at ``~/.local/share/python_keyring/keyringrc.cfg`` and
122 it's example content looks like::
122 it's example content looks like::
123
123
124 [backend]
124 [backend]
125 default-keyring=keyring.backends.Gnome.Keyring
125 default-keyring=keyring.backends.Gnome.Keyring
126 # default-keyring=keyring.backends.kwallet.Keyring
126 # default-keyring=keyring.backends.kwallet.Keyring
127
127
128 For list of known backends run ``pydoc keyring.backends`` or
128 For list of known backends run ``pydoc keyring.backends`` or
129 ``keyring --list-backends`` (which of those commands work,
129 ``keyring --list-backends`` (which of those commands work,
130 depends on the keyring_ version).
130 depends on the keyring_ version).
131
131
132
132
133 ``hgrc`` configuration (HTTP)
133 ``hgrc`` configuration (HTTP)
134 =======================================================
134 =======================================================
135
135
136 Mercurial Keyring uses standard Mercurial ``[auth]`` configuration to
136 Mercurial Keyring uses standard Mercurial ``[auth]`` configuration to
137 detect your username (on given remote) and url prefix. You are
137 detect your username (on given remote) and url prefix. You are
138 strongly advised to configure both.
138 strongly advised to configure both.
139
139
140 Without the username ``mercurial_keyring`` can't save or restore
140 Without the username ``mercurial_keyring`` can't save or restore
141 passwords, so it disables itself.
141 passwords, so it disables itself.
142
142
143 Without url prefix ``mercurial_keyring`` works, but binds passwords to
143 Without url prefix ``mercurial_keyring`` works, but binds passwords to
144 repository urls. That means you will have to (re)enter password for
144 repository urls. That means you will have to (re)enter password for
145 every repository cloned from given remote (and that there will be many
145 every repository cloned from given remote (and that there will be many
146 copies of this password in secure storage).
146 copies of this password in secure storage).
147
147
148 Repository level configuration
148 Repository level configuration
149 ------------------------------------
149 ------------------------------------
150
150
151 Edit repository-local ``.hg/hgrc`` and save there the remote
151 Edit repository-local ``.hg/hgrc`` and save there the remote
152 repository path and the username, but do not save the password. For
152 repository path and the username, but do not save the password. For
153 example:
153 example:
154
154
155 ::
155 ::
156
156
157 [paths]
157 [paths]
158 myremote = https://my.server.com/hgrepo/someproject
158 myremote = https://my.server.com/hgrepo/someproject
159
159
160 [auth]
160 [auth]
161 myremote.prefix = https://my.server.com/hgrepo
161 myremote.prefix = https://my.server.com/hgrepo
162 myremote.username = John
162 myremote.username = John
163
163
164 Simpler form with url-embedded name can also be used:
164 Simpler form with url-embedded name can also be used:
165
165
166 ::
166 ::
167
167
168 [paths]
168 [paths]
169 bitbucket = https://John@my.server.com/hgrepo/someproject/
169 bitbucket = https://John@my.server.com/hgrepo/someproject/
170
170
171 but is not recommended.
171 but is not recommended.
172
172
173 Note that all repositories sharing the same ``prefix`` share the same
173 Note that all repositories sharing the same ``prefix`` share the same
174 password.
174 password.
175
175
176 Mercurial allows also for password in ``.hg/hgrc`` (either given by
176 Mercurial allows also for password in ``.hg/hgrc`` (either given by
177 ``Β«prefixΒ».password``, or embedded in url). If such password is found,
177 ``Β«prefixΒ».password``, or embedded in url). If such password is found,
178 Mercurial Keyring disables itself.
178 Mercurial Keyring disables itself.
179
179
180
180
181 Account-level configuration
181 Account-level configuration
182 ---------------------------
182 ---------------------------
183
183
184 If you are consistent about remote repository nicknames, you can
184 If you are consistent about remote repository nicknames, you can
185 configure the username in your `~/.hgrc` (`.hgrc` in your home
185 configure the username in your `~/.hgrc` (`.hgrc` in your home
186 directory). For example, write there::
186 directory). For example, write there::
187
187
188 [auth]
188 [auth]
189 acme.prefix = hg.acme.com/repositories
189 acme.prefix = hg.acme.com/repositories
190 acme.username = johnny
190 acme.username = johnny
191 acme.schemes = http https
191 acme.schemes = http https
192 bitbucket.prefix = https://bitbucket.org
192 bitbucket.prefix = https://bitbucket.org
193 bitbucket.username = Mekk
193 bitbucket.username = Mekk
194 mydep.prefix = https://dev.acmeorg.com
194 mydep.prefix = https://dev.acmeorg.com
195 mydep.username = drmartin
195 mydep.username = drmartin
196
196
197 and as long as you use ``acme`` alias for repositories like
197 and as long as you use ``acme`` alias for repositories like
198 ``https://hg.acme.com/repositories/my_beautiful_app``, username
198 ``https://hg.acme.com/repositories/my_beautiful_app``, username
199 ``johnny`` will be used, and the same password reused. Similarly
199 ``johnny`` will be used, and the same password reused. Similarly
200 any ``hg push bitbucket`` will share the same password.
200 any ``hg push bitbucket`` will share the same password.
201
201
202 With such config repository-level ``.hg/hgrc`` need only contain
202 With such config repository-level ``.hg/hgrc`` need only contain
203 ``[paths]``.
203 ``[paths]``.
204
204
205 Additional advantage of this method is that it works also during
205 Additional advantage of this method is that it works also during
206 `clone`.
206 `clone`.
207
207
208
208
209 .. note::
209 .. note::
210
210
211 Mercurial Keyring works well with `Path Pattern`_. On my setup I use
211 Mercurial Keyring works well with `Path Pattern`_. On my setup I use
212 prefix as above, and::
212 prefix as above, and::
213
213
214 [path_pattern]
214 [path_pattern]
215 bitbucket.local = ~/devel/{below}
215 bitbucket.local = ~/devel/{below}
216 bitbucket.remote = https://bitbucket.org/Mekk/{below:/=-}
216 bitbucket.remote = https://bitbucket.org/Mekk/{below:/=-}
217
217
218 so all my repositories understand ``hg push bitbucket`` without
218 so all my repositories understand ``hg push bitbucket`` without
219 any repository-level configuration.
219 any repository-level configuration.
220
220
221
221
222 ``hgrc`` configuration (SMTP)
222 ``hgrc`` configuration (SMTP)
223 =======================================================
223 =======================================================
224
224
225 Edit either repository-local ``.hg/hgrc``, or ``~/.hgrc`` and set
225 Edit either repository-local ``.hg/hgrc``, or ``~/.hgrc`` and set
226 there all standard email and smtp properties, including SMTP
226 there all standard email and smtp properties, including SMTP
227 username, but without SMTP password. For example:
227 username, but without SMTP password. For example:
228
228
229 ::
229 ::
230
230
231 [email]
231 [email]
232 method = smtp
232 method = smtp
233 from = Joe Doe <Joe.Doe@remote.com>
233 from = Joe Doe <Joe.Doe@remote.com>
234
234
235 [smtp]
235 [smtp]
236 host = smtp.gmail.com
236 host = smtp.gmail.com
237 port = 587
237 port = 587
238 username = JoeDoe@gmail.com
238 username = JoeDoe@gmail.com
239 tls = true
239 tls = true
240
240
241 Just as in case of HTTP, you *must* set username, but *must not* set
241 Just as in case of HTTP, you *must* set username, but *must not* set
242 password here to use the extension, in other cases it will revert to
242 password here to use the extension, in other cases it will revert to
243 the default behavior.
243 the default behavior.
244
244
245 Usage
245 Usage
246 ======================================================
246 ======================================================
247
247
248 Saving and restoring passwords
248 Saving and restoring passwords
249 -------------------------------------------------------
249 -------------------------------------------------------
250
250
251 Configure the repository as above, then just ``hg pull``, ``hg push``,
251 Configure the repository as above, then just ``hg pull``, ``hg push``,
252 etc. You should be asked for the password only once (per every
252 etc. You should be asked for the password only once (per every
253 username and remote repository prefix or url combination).
253 username and remote repository prefix or url combination).
254
254
255 Similarly, for email, configure as above and just ``hg email``.
255 Similarly, for email, configure as above and just ``hg email``.
256 Again, you will be asked for the password once (per every username and
256 Again, you will be asked for the password once (per every username and
257 email server address combination).
257 email server address combination).
258
258
259 Checking password status (``hg keyring_check``)
259 Checking password status (``hg keyring_check``)
260 -------------------------------------------------------
260 -------------------------------------------------------
261
261
262 The ``keyring_check`` command can be used to check whether/which
262 The ``keyring_check`` command can be used to check whether/which
263 password(s) are saved. It can be used in three ways:
263 password(s) are saved. It can be used in three ways:
264
264
265 - without parameters, it prints info related to all HTTP paths
265 - without parameters, it prints info related to all HTTP paths
266 defined for current repository (everything from ``hg paths``
266 defined for current repository (everything from ``hg paths``
267 that resolves to HTTP url)::
267 that resolves to HTTP url)::
268
268
269 hg keyring_check
269 hg keyring_check
270
270
271 - given alias as param, it prints info about this alias::
271 - given alias as param, it prints info about this alias::
272
272
273 hg keyring_check work
273 hg keyring_check work
274
274
275 - finally, any path can be checked::
275 - finally, any path can be checked::
276
276
277 hg keyring_check https://bitbucket.org/Mekk/mercurial_keyring
277 hg keyring_check https://bitbucket.org/Mekk/mercurial_keyring
278
278
279 Deleting saved password (``hg keyring_clear``)
279 Deleting saved password (``hg keyring_clear``)
280 -------------------------------------------------------
280 -------------------------------------------------------
281
281
282 The ``keyring_clear`` command removes saved password related to given
282 The ``keyring_clear`` command removes saved password related to given
283 path. It can be used in two ways:
283 path. It can be used in two ways:
284
284
285 - given alias as param, it drops password used by this alias::
285 - given alias as param, it drops password used by this alias::
286
286
287 hg keyring_clear work
287 hg keyring_clear work
288
288
289 - given full path, it drops password related to this path::
289 - given full path, it drops password related to this path::
290
290
291 hg keyring_clear https://bitbucket.org/Mekk/mercurial_keyring
291 hg keyring_clear https://bitbucket.org/Mekk/mercurial_keyring
292
292
293 Managing passwords using GUI tools
293 Managing passwords using GUI tools
294 ------------------------------------------------------
294 ------------------------------------------------------
295
295
296 Many password backends provide GUI tools for password management,
296 Many password backends provide GUI tools for password management,
297 for example Gnome Keyring passwords can be managed using ``seahorse``,
297 for example Gnome Keyring passwords can be managed using ``seahorse``,
298 and KDE Wallet using ``kwalletmanager``. Those GUI tools can be used
298 and KDE Wallet using ``kwalletmanager``. Those GUI tools can be used
299 to review, edit, or delete saved passwords.
299 to review, edit, or delete saved passwords.
300
300
301 Unfortunately, as I write, keyring_ library does not allow one to
301 Unfortunately, as I write, keyring_ library does not allow one to
302 configure how/where exactly saved passwords are put in the hierarchy,
302 configure how/where exactly saved passwords are put in the hierarchy,
303 and the place is not always intuitive. For example, in KDE Wallet, all
303 and the place is not always intuitive. For example, in KDE Wallet, all
304 passwords saved using ``mercurial_keyring`` show up in the folder
304 passwords saved using ``mercurial_keyring`` show up in the folder
305 named ``Python``.
305 named ``Python``.
306
306
307 .. note::
307 .. note::
308
308
309 This is slightly problematic in case ``mercurial_keyring`` is not
309 This is slightly problematic in case ``mercurial_keyring`` is not
310 the only program using keyring_ library. Passwords saved by another
310 the only program using keyring_ library. Passwords saved by another
311 Python application or script (which also uses keyring_) will be put
311 Python application or script (which also uses keyring_) will be put
312 into the same place, and it may be unclear which password belongs
312 into the same place, and it may be unclear which password belongs
313 to which program. To remedy this, ``mercurial_keyring`` applies
313 to which program. To remedy this, ``mercurial_keyring`` applies
314 slightly unusual labels of the form
314 slightly unusual labels of the form
315 ``Β«usernameΒ»ο»Ώ@@ο»ΏΒ«urlprefixΒ»ο»Ώ@ο»ΏMercurial`` - for example my bitbucket
315 ``Β«usernameΒ»ο»Ώ@@ο»ΏΒ«urlprefixΒ»ο»Ώ@ο»ΏMercurial`` - for example my bitbucket
316 password is labelled ``Mekkο»Ώ@@ο»Ώhttpsο»Ώ://ο»Ώbitbucket.orgο»Ώ@ο»ΏMercurial``.
316 password is labelled ``Mekkο»Ώ@@ο»Ώhttpsο»Ώ://ο»Ώbitbucket.orgο»Ώ@ο»ΏMercurial``.
317
317
318 Implementation details
318 Implementation details
319 =======================================================
319 =======================================================
320
320
321 The extension is monkey-patching the mercurial ``passwordmgr`` class
321 The extension is monkey-patching the mercurial ``passwordmgr`` class
322 to replace the ``find_user_password`` method. Detailed order of operations
322 to replace the ``find_user_password`` method. Detailed order of operations
323 is described in the comments inside `the code`_.
323 is described in the comments inside `the code`_.
324
324
325 Frequent problems
325 Frequent problems
326 =======================================================
326 =======================================================
327
327
328 Most problems people face while using ``mercurial_keyring`` are in
328 Most problems people face while using ``mercurial_keyring`` are in
329 fact problems with ``keyring`` library and it's backends. In
329 fact problems with ``keyring`` library and it's backends. In
330 particular, those can manifest by:
330 particular, those can manifest by:
331
331
332 - technical errors mentioning sentences like ``No recommended backend
332 - technical errors mentioning sentences like ``No recommended backend
333 was available. Install the keyrings.alt package…`` (or similar),
333 was available. Install the keyrings.alt package…`` (or similar),
334
334
335 - warnings like ``keyring: keyring backend doesn't seem to work…``
335 - warnings like ``keyring: keyring backend doesn't seem to work…``
336
336
337 - password prompts on every action (= passwords not being saved).
337 - password prompts on every action (= passwords not being saved).
338
338
339 Those almost always mean that *natural* keyring backend for given
339 Those almost always mean that *natural* keyring backend for given
340 desktop type doesn't work, or is not present at all. For example,
340 desktop type doesn't work, or is not present at all. For example,
341 some necessary runtime component can be down (say, you use Linux, but
341 some necessary runtime component can be down (say, you use Linux, but
342 have neither Gnome Keyring, nor KDE Wallet, running). Or appropriate
342 have neither Gnome Keyring, nor KDE Wallet, running). Or appropriate
343 backend is not installed because it could not be build during
343 backend is not installed because it could not be build during
344 keyring_ library installation (maybe because some required library
344 keyring_ library installation (maybe because some required library
345 was not present at the moment of keyring installation, or maybe because compiler
345 was not present at the moment of keyring installation, or maybe because compiler
346 as such is not present on the system).
346 as such is not present on the system).
347
347
348 To diagnose such problems, try using ``keyring`` utility, as described
348 To diagnose such problems, try using ``keyring`` utility, as described
349 on keyring_ documentation page, for example by::
349 on keyring_ documentation page, for example by::
350
350
351 keyring --list-backends
351 keyring --list-backends
352 keyring -b keyrings.alt.Gnome.Keyring set testsvc testuser
352 keyring -b keyrings.alt.Gnome.Keyring set testsvc testuser
353 keyring -b keyrings.alt.Gnome.Keyring get testsvc testuser
353 keyring -b keyrings.alt.Gnome.Keyring get testsvc testuser
354
354
355 (of course using appropriate backend). If you miss the ``keyring`` command
355 (of course using appropriate backend). If you miss the ``keyring`` command
356 as such, try ``python -m keyring`` instead::
356 as such, try ``python -m keyring`` instead::
357
357
358 python -m keyring --list-backends
358 python -m keyring --list-backends
359 python -m keyring -b keyrings.alt.Gnome.Keyring set testsvc testuser
359 python -m keyring -b keyrings.alt.Gnome.Keyring set testsvc testuser
360 python -m keyring -b keyrings.alt.Gnome.Keyring get testsvc testuser
360 python -m keyring -b keyrings.alt.Gnome.Keyring get testsvc testuser
361
361
362 If appropriate backend is missing (not listed), or doesn't work
362 If appropriate backend is missing (not listed), or doesn't work
363 (second or third command fails), your keyring is broken. Try looking
363 (second or third command fails), your keyring is broken. Try looking
364 for further pointers in keyring_ documentation, that project mailing
364 for further pointers in keyring_ documentation, that project mailing
365 list, or issue tracker. Typically it will turn out, that you need to
365 list, or issue tracker. Typically it will turn out, that you need to
366 install some missing tool, or library, and reinstall keyring.
366 install some missing tool, or library, and reinstall keyring.
367
367
368 .. note::
369
370 Depending on keyring_ version, installation of some dependency may
371 resolve problem. For example (as of late 2018), I got KDE Wallet
372 backend working with pip-installed keyring after::
373
374 pip install dbus-python
375
376
368 If ``keyring`` command works, but mercurial with mercurial_keyring does not,
377 If ``keyring`` command works, but mercurial with mercurial_keyring does not,
369 try enforcing proper backend (by means of ``keyringrc.cfg``, see above).
378 try enforcing proper backend (by means of ``keyringrc.cfg``, see above).
370 Only if this doesn't help, there may be a bug in mercurial_keyring.
379 Only if this doesn't help, there may be a bug in mercurial_keyring.
371
380
372 .. note::
381 .. note::
373
382
374 By far easiest way to have properly working keyring is to use
383 By far easiest way to have properly working keyring is to use
375 packaged binary version (like ``python-keyring`` Ubuntu package, or
384 packaged binary version (like ``python-keyring`` Ubuntu package, or
376 keyring bundled with TortoiseHG on some systems). If you pip-installed
385 keyring bundled with TortoiseHG on some systems). If you pip-installed
377 keyring and it doesn't work, you may consider ``pip uninstall keyring``
386 keyring and it doesn't work, you may consider ``pip uninstall keyring``
378 and look for binary package instead.
387 and look for binary package instead.
379
388
380
389
381
390
391
382 History
392 History
383 =======================================================
393 =======================================================
384
394
385 See `HISTORY.txt`_.
395 See `HISTORY.txt`_.
386
396
387 Development
397 Development
388 =======================================================
398 =======================================================
389
399
390 Development is tracked on BitBucket, see
400 Development is tracked on BitBucket, see
391 http://bitbucket.org/Mekk/mercurial_keyring/
401 http://bitbucket.org/Mekk/mercurial_keyring/
392
402
393
403
394 Additional notes
404 Additional notes
395 =======================================================
405 =======================================================
396
406
397 Information about this extension is also available
407 Information about this extension is also available
398 on Mercurial Wiki: http://mercurial.selenic.com/wiki/KeyringExtension
408 on Mercurial Wiki: http://mercurial.selenic.com/wiki/KeyringExtension
399
409
400 Check also `other Mercurial extensions I wrote`_.
410 Check also `other Mercurial extensions I wrote`_.
401
411
402 .. _other Mercurial extensions I wrote: http://mekk.bitbucket.io/mercurial.html
412 .. _other Mercurial extensions I wrote: http://mekk.bitbucket.io/mercurial.html
403
413
404 .. _HISTORY.txt: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/HISTORY.txt
414 .. _HISTORY.txt: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/HISTORY.txt
405 .. _TortoiseHg: http://tortoisehg.bitbucket.org/
415 .. _TortoiseHg: http://tortoisehg.bitbucket.org/
406 .. _Mercurial: http://mercurial.selenic.com
416 .. _Mercurial: http://mercurial.selenic.com
407 .. _mercurial_extension_utils: https://bitbucket.org/Mekk/mercurial-extension_utils/
417 .. _mercurial_extension_utils: https://bitbucket.org/Mekk/mercurial-extension_utils/
408 .. _Path Pattern: https://bitbucket.org/Mekk/mercurial-path_pattern/
418 .. _Path Pattern: https://bitbucket.org/Mekk/mercurial-path_pattern/
General Comments 0
You need to be logged in to leave comments. Login now