Show More
| @@ -1,194 +1,194 b'' | |||||
| 1 | .. -*- mode: rst -*- |
|
1 | .. -*- mode: rst -*- | |
| 2 |
|
2 | |||
| 3 | ================= |
|
3 | ================= | |
| 4 | mercurial_keyring |
|
4 | mercurial_keyring | |
| 5 | ================= |
|
5 | ================= | |
| 6 |
|
6 | |||
| 7 | ``mercurial_keyring`` is a Mercurial_ extension used to securely save |
|
7 | ``mercurial_keyring`` is a Mercurial_ extension used to securely save | |
| 8 | HTTP and SMTP authentication passwords in password databases (Gnome |
|
8 | HTTP and SMTP authentication passwords in password databases (Gnome | |
| 9 | Keyring, KDE KWallet, OSXKeyChain, specific solutions for Win32 and |
|
9 | Keyring, KDE KWallet, OSXKeyChain, specific solutions for Win32 and | |
| 10 | command line). This extension uses and wraps services of the keyring_ |
|
10 | command line). This extension uses and wraps services of the keyring_ | |
| 11 | library. |
|
11 | library. | |
| 12 |
|
12 | |||
| 13 | .. _keyring: http://pypi.python.org/pypi/keyring |
|
13 | .. _keyring: http://pypi.python.org/pypi/keyring | |
| 14 | .. _Mercurial: http://mercurial.selenic.com |
|
14 | .. _Mercurial: http://mercurial.selenic.com | |
| 15 |
|
15 | |||
| 16 | How does it work |
|
16 | How does it work | |
| 17 | ================ |
|
17 | ================ | |
| 18 |
|
18 | |||
| 19 | The extension prompts for the password on the first pull/push (in case |
|
19 | The extension prompts for the password on the first pull/push (in case | |
| 20 | of HTTP) or first email (in case of SMTP), just like it is done by |
|
20 | of HTTP) or first email (in case of SMTP), just like it is done by | |
| 21 | default, but saves the password. On successive runs it checks for the |
|
21 | default, but saves the password. On successive runs it checks for the | |
| 22 | username in ``.hg/hgrc``, then for suitable password in the password |
|
22 | username in ``.hg/hgrc``, then for suitable password in the password | |
| 23 | database, and uses those credentials (if found). |
|
23 | database, and uses those credentials (if found). | |
| 24 |
|
24 | |||
| 25 | In case password turns out to be incorrect (either because it was |
|
25 | In case password turns out to be incorrect (either because it was | |
| 26 | invalid, or because it was changed on the server) or missing it just |
|
26 | invalid, or because it was changed on the server) or missing it just | |
| 27 | prompts the user again. |
|
27 | prompts the user again. | |
| 28 |
|
28 | |||
| 29 | Passwords are identified by the combination of username and remote |
|
29 | Passwords are identified by the combination of username and remote | |
| 30 | address, so they can be reused between repositories if they access the |
|
30 | address, so they can be reused between repositories if they access the | |
| 31 | same remote repository (or the same SMTP server). |
|
31 | same remote repository (or the same SMTP server). | |
| 32 |
|
32 | |||
| 33 | Installation |
|
33 | Installation | |
| 34 | ============ |
|
34 | ============ | |
| 35 |
|
35 | |||
| 36 | Prerequisites |
|
36 | Prerequisites | |
| 37 | ------------- |
|
37 | ------------- | |
| 38 |
|
38 | |||
| 39 | Install the keyring_ library: |
|
39 | Install the keyring_ library: | |
| 40 |
|
40 | |||
| 41 | :: |
|
41 | :: | |
| 42 |
|
42 | |||
| 43 | easy_install keyring |
|
43 | easy_install keyring | |
| 44 |
|
44 | |||
| 45 | (or ``pip keyring``). On Debian "Sid" the library can be also |
|
45 | (or ``pip keyring``). On Debian "Sid" the library can be also | |
| 46 | installed from the official archive (packages ``python-keyring`` |
|
46 | installed from the official archive (packages ``python-keyring`` | |
| 47 | and either ``python-keyring-gnome`` or ``python-keyring-kwallet``). |
|
47 | and either ``python-keyring-gnome`` or ``python-keyring-kwallet``). | |
| 48 |
|
48 | |||
| 49 | Extension installation |
|
49 | Extension installation | |
| 50 | ---------------------- |
|
50 | ---------------------- | |
| 51 |
|
51 | |||
| 52 | There are two possible ways of installing the extension: using PyPi package, |
|
52 | There are two possible ways of installing the extension: using PyPi package, | |
| 53 | or using individual file. |
|
53 | or using individual file. | |
| 54 |
|
54 | |||
| 55 | To install as a package use ``easy_install``: |
|
55 | To install as a package use ``easy_install``: | |
| 56 |
|
56 | |||
| 57 | :: |
|
57 | :: | |
| 58 |
|
58 | |||
| 59 | easy_install mercurial_keyring |
|
59 | easy_install mercurial_keyring | |
| 60 |
|
60 | |||
| 61 | and then enable it in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``) using: |
|
61 | and then enable it in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``) using: | |
| 62 |
|
62 | |||
| 63 | :: |
|
63 | :: | |
| 64 |
|
64 | |||
| 65 | [extensions] |
|
65 | [extensions] | |
| 66 | mercurial_keyring = |
|
66 | mercurial_keyring = | |
| 67 |
|
67 | |||
| 68 | To install using individual file, download the |
|
68 | To install using individual file, download the | |
| 69 | `mercurial_keyring.py`_ file, save it anywhere you like, and |
|
69 | `mercurial_keyring.py`_ file, save it anywhere you like, and | |
| 70 | put the following in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``): |
|
70 | put the following in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``): | |
| 71 |
|
71 | |||
| 72 | :: |
|
72 | :: | |
| 73 |
|
73 | |||
| 74 | [extensions] |
|
74 | [extensions] | |
| 75 | hgext.mercurial_keyring = /path/to/mercurial_keyring.py |
|
75 | hgext.mercurial_keyring = /path/to/mercurial_keyring.py | |
| 76 |
|
76 | |||
| 77 | .. _the code: |
|
77 | .. _the code: | |
| 78 | .. _mercurial_keyring.py: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/mercurial_keyring.py |
|
78 | .. _mercurial_keyring.py: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/mercurial_keyring.py | |
| 79 |
|
79 | |||
| 80 | Password backend configuration |
|
80 | Password backend configuration | |
| 81 | ============================== |
|
81 | ============================== | |
| 82 |
|
82 | |||
| 83 | The library should usually pick the most appropriate password backend |
|
83 | The library should usually pick the most appropriate password backend | |
| 84 | without configuration. Still, if necessary, it can be configured using |
|
84 | without configuration. Still, if necessary, it can be configured using | |
| 85 | ``~/keyringrc.cfg`` file (``keyringrc.cfg`` in the home directory of |
|
85 | ``~/keyringrc.cfg`` file (``keyringrc.cfg`` in the home directory of | |
| 86 | the current user). Refer to keyring_ docs for more details. |
|
86 | the current user). Refer to keyring_ docs for more details. | |
| 87 |
|
87 | |||
| 88 | *I considered handling similar options in hgrc, but decided that |
|
88 | *I considered handling similar options in hgrc, but decided that | |
| 89 | single user may use more than one keyring-based script. Still, I am |
|
89 | single user may use more than one keyring-based script. Still, I am | |
| 90 | open to suggestions.* |
|
90 | open to suggestions.* | |
| 91 |
|
91 | |||
| 92 | Repository configuration (HTTP) |
|
92 | Repository configuration (HTTP) | |
| 93 | =============================== |
|
93 | =============================== | |
| 94 |
|
94 | |||
| 95 | Edit repository-local ``.hg/hgrc`` and save there the remote |
|
95 | Edit repository-local ``.hg/hgrc`` and save there the remote | |
| 96 | repository path and the username, but do not save the password. For |
|
96 | repository path and the username, but do not save the password. For | |
| 97 | example: |
|
97 | example: | |
| 98 |
|
98 | |||
| 99 | :: |
|
99 | :: | |
| 100 |
|
100 | |||
| 101 | [paths] |
|
101 | [paths] | |
| 102 | myremote = https://my.server.com/hgrepo/someproject |
|
102 | myremote = https://my.server.com/hgrepo/someproject | |
| 103 |
|
103 | |||
| 104 | [auth] |
|
104 | [auth] | |
| 105 | myremote.schemes = http https |
|
105 | myremote.schemes = http https | |
| 106 | myremote.prefix = my.server.com/hgrepo |
|
106 | myremote.prefix = my.server.com/hgrepo | |
| 107 | myremote.username = mekk |
|
107 | myremote.username = mekk | |
| 108 |
|
108 | |||
| 109 | Simpler form with url-embedded name can also be used: |
|
109 | Simpler form with url-embedded name can also be used: | |
| 110 |
|
110 | |||
| 111 | :: |
|
111 | :: | |
| 112 |
|
112 | |||
| 113 | [paths] |
|
113 | [paths] | |
| 114 | bitbucket = https://User@bitbucket.org/User/project_name/ |
|
114 | bitbucket = https://User@bitbucket.org/User/project_name/ | |
| 115 |
|
115 | |||
| 116 | If prefix is specified, it is used to identify the password (so all |
|
116 | If prefix is specified, it is used to identify the password (so all | |
| 117 | repositories with the same prefix and the same username will share the |
|
117 | repositories with the same prefix and the same username will share the | |
| 118 | same password). Otherwise full repository URL is used for this |
|
118 | same password). Otherwise full repository URL is used for this | |
| 119 | purpose. |
|
119 | purpose. | |
| 120 |
|
120 | |||
| 121 | Note: if both username and password are given in ``.hg/hgrc``, |
|
121 | Note: if both username and password are given in ``.hg/hgrc``, | |
| 122 | extension will use them without using the password database. If |
|
122 | extension will use them without using the password database. If | |
| 123 | username is not given, extension will prompt for credentials every |
|
123 | username is not given, extension will prompt for credentials every | |
| 124 | time, also without saving the password. |
|
124 | time, also without saving the password. | |
| 125 |
|
125 | |||
| 126 | Finally, if you are consistent about remote repository nicknames, |
|
126 | Finally, if you are consistent about remote repository nicknames, | |
| 127 | you can configure the username in your `~/.hgrc` (`.hgrc` in your |
|
127 | you can configure the username in your `~/.hgrc` (`.hgrc` in your | |
| 128 | home directory). For example, write there: |
|
128 | home directory). For example, write there:: | |
| 129 |
|
129 | |||
| 130 | [auth] |
|
130 | [auth] | |
| 131 | acme.prefix = hg.acme.com/repositories |
|
131 | acme.prefix = hg.acme.com/repositories | |
| 132 | acme.username = johnny |
|
132 | acme.username = johnny | |
| 133 | acme.schemes = http https |
|
133 | acme.schemes = http https | |
| 134 |
|
134 | |||
| 135 | and as long as you will be using alias `acme` for repositories like |
|
135 | and as long as you will be using alias `acme` for repositories like | |
| 136 | `https://hg.acme.com/repositories/my_beautiful_app`, username |
|
136 | `https://hg.acme.com/repositories/my_beautiful_app`, username | |
| 137 | `johnnny` will be used, and the same password reused. |
|
137 | `johnnny` will be used, and the same password reused. | |
| 138 |
|
138 | |||
| 139 | The advantage of this method is that it works also for `clone`. |
|
139 | The advantage of this method is that it works also for `clone`. | |
| 140 |
|
140 | |||
| 141 | Repository configuration (SMTP) |
|
141 | Repository configuration (SMTP) | |
| 142 | =============================== |
|
142 | =============================== | |
| 143 |
|
143 | |||
| 144 | Edit either repository-local ``.hg/hgrc``, or ``~/.hgrc`` and set |
|
144 | Edit either repository-local ``.hg/hgrc``, or ``~/.hgrc`` and set | |
| 145 | there all standard email and smtp properties, including SMTP |
|
145 | there all standard email and smtp properties, including SMTP | |
| 146 | username, but without SMTP password. For example: |
|
146 | username, but without SMTP password. For example: | |
| 147 |
|
147 | |||
| 148 | :: |
|
148 | :: | |
| 149 |
|
149 | |||
| 150 | [email] |
|
150 | [email] | |
| 151 | method = smtp |
|
151 | method = smtp | |
| 152 | from = Joe Doe <Joe.Doe@remote.com> |
|
152 | from = Joe Doe <Joe.Doe@remote.com> | |
| 153 |
|
153 | |||
| 154 | [smtp] |
|
154 | [smtp] | |
| 155 | host = smtp.gmail.com |
|
155 | host = smtp.gmail.com | |
| 156 | port = 587 |
|
156 | port = 587 | |
| 157 | username = JoeDoe@gmail.com |
|
157 | username = JoeDoe@gmail.com | |
| 158 | tls = true |
|
158 | tls = true | |
| 159 |
|
159 | |||
| 160 | Just as in case of HTTP, you *must* set username, but *must not* set |
|
160 | Just as in case of HTTP, you *must* set username, but *must not* set | |
| 161 | password here to use the extension, in other cases it will revert to |
|
161 | password here to use the extension, in other cases it will revert to | |
| 162 | the default behavior. |
|
162 | the default behavior. | |
| 163 |
|
163 | |||
| 164 | Usage |
|
164 | Usage | |
| 165 | ===== |
|
165 | ===== | |
| 166 |
|
166 | |||
| 167 | Configure the repository as above, then just ``hg pull``, ``hg push``, |
|
167 | Configure the repository as above, then just ``hg pull``, ``hg push``, | |
| 168 | etc. You should be asked for the password only once (per every |
|
168 | etc. You should be asked for the password only once (per every | |
| 169 | username and remote repository prefix or url combination). |
|
169 | username and remote repository prefix or url combination). | |
| 170 |
|
170 | |||
| 171 |
|
171 | |||
| 172 | Similarly, for email, configure as above and just ``hg email``. |
|
172 | Similarly, for email, configure as above and just ``hg email``. | |
| 173 | Again, you will be asked for the password once (per every username and |
|
173 | Again, you will be asked for the password once (per every username and | |
| 174 | email server address combination). |
|
174 | email server address combination). | |
| 175 |
|
175 | |||
| 176 | Implementation details |
|
176 | Implementation details | |
| 177 | ====================== |
|
177 | ====================== | |
| 178 |
|
178 | |||
| 179 | The extension is monkey-patching the mercurial ``passwordmgr`` class |
|
179 | The extension is monkey-patching the mercurial ``passwordmgr`` class | |
| 180 | to replace the find_user_password method. Detailed order of operations |
|
180 | to replace the find_user_password method. Detailed order of operations | |
| 181 | is described in the comments inside `the code`_. |
|
181 | is described in the comments inside `the code`_. | |
| 182 |
|
182 | |||
| 183 | Development |
|
183 | Development | |
| 184 | =========== |
|
184 | =========== | |
| 185 |
|
185 | |||
| 186 | Development is tracked on BitBucket, see |
|
186 | Development is tracked on BitBucket, see | |
| 187 | http://bitbucket.org/Mekk/mercurial_keyring/ |
|
187 | http://bitbucket.org/Mekk/mercurial_keyring/ | |
| 188 |
|
188 | |||
| 189 |
|
189 | |||
| 190 | Additional notes |
|
190 | Additional notes | |
| 191 | ================ |
|
191 | ================ | |
| 192 |
|
192 | |||
| 193 | Information about this extension is also available |
|
193 | Information about this extension is also available | |
| 194 | on Mercurial Wiki: http://mercurial.selenic.com/wiki/KeyringExtension |
|
194 | on Mercurial Wiki: http://mercurial.selenic.com/wiki/KeyringExtension | |
General Comments 0
You need to be logged in to leave comments.
Login now