Show More
@@ -1,194 +1,194 b'' | |||||
1 | .. -*- mode: rst -*- |
|
1 | .. -*- mode: rst -*- | |
2 |
|
2 | |||
3 | ================= |
|
3 | ================= | |
4 | mercurial_keyring |
|
4 | mercurial_keyring | |
5 | ================= |
|
5 | ================= | |
6 |
|
6 | |||
7 | ``mercurial_keyring`` is a Mercurial_ extension used to securely save |
|
7 | ``mercurial_keyring`` is a Mercurial_ extension used to securely save | |
8 | HTTP and SMTP authentication passwords in password databases (Gnome |
|
8 | HTTP and SMTP authentication passwords in password databases (Gnome | |
9 | Keyring, KDE KWallet, OSXKeyChain, specific solutions for Win32 and |
|
9 | Keyring, KDE KWallet, OSXKeyChain, specific solutions for Win32 and | |
10 | command line). This extension uses and wraps services of the keyring_ |
|
10 | command line). This extension uses and wraps services of the keyring_ | |
11 | library. |
|
11 | library. | |
12 |
|
12 | |||
13 | .. _keyring: http://pypi.python.org/pypi/keyring |
|
13 | .. _keyring: http://pypi.python.org/pypi/keyring | |
14 | .. _Mercurial: http://mercurial.selenic.com |
|
14 | .. _Mercurial: http://mercurial.selenic.com | |
15 |
|
15 | |||
16 | How does it work |
|
16 | How does it work | |
17 | ================ |
|
17 | ================ | |
18 |
|
18 | |||
19 | The extension prompts for the password on the first pull/push (in case |
|
19 | The extension prompts for the password on the first pull/push (in case | |
20 | of HTTP) or first email (in case of SMTP), just like it is done by |
|
20 | of HTTP) or first email (in case of SMTP), just like it is done by | |
21 | default, but saves the password. On successive runs it checks for the |
|
21 | default, but saves the password. On successive runs it checks for the | |
22 | username in ``.hg/hgrc``, then for suitable password in the password |
|
22 | username in ``.hg/hgrc``, then for suitable password in the password | |
23 | database, and uses those credentials (if found). |
|
23 | database, and uses those credentials (if found). | |
24 |
|
24 | |||
25 | In case password turns out to be incorrect (either because it was |
|
25 | In case password turns out to be incorrect (either because it was | |
26 | invalid, or because it was changed on the server) or missing it just |
|
26 | invalid, or because it was changed on the server) or missing it just | |
27 | prompts the user again. |
|
27 | prompts the user again. | |
28 |
|
28 | |||
29 | Passwords are identified by the combination of username and remote |
|
29 | Passwords are identified by the combination of username and remote | |
30 | address, so they can be reused between repositories if they access the |
|
30 | address, so they can be reused between repositories if they access the | |
31 | same remote repository (or the same SMTP server). |
|
31 | same remote repository (or the same SMTP server). | |
32 |
|
32 | |||
33 | Installation |
|
33 | Installation | |
34 | ============ |
|
34 | ============ | |
35 |
|
35 | |||
36 | Prerequisites |
|
36 | Prerequisites | |
37 | ------------- |
|
37 | ------------- | |
38 |
|
38 | |||
39 | Install the keyring_ library: |
|
39 | Install the keyring_ library: | |
40 |
|
40 | |||
41 | :: |
|
41 | :: | |
42 |
|
42 | |||
43 | easy_install keyring |
|
43 | easy_install keyring | |
44 |
|
44 | |||
45 | (or ``pip keyring``). On Debian "Sid" the library can be also |
|
45 | (or ``pip keyring``). On Debian "Sid" the library can be also | |
46 | installed from the official archive (packages ``python-keyring`` |
|
46 | installed from the official archive (packages ``python-keyring`` | |
47 | and either ``python-keyring-gnome`` or ``python-keyring-kwallet``). |
|
47 | and either ``python-keyring-gnome`` or ``python-keyring-kwallet``). | |
48 |
|
48 | |||
49 | Extension installation |
|
49 | Extension installation | |
50 | ---------------------- |
|
50 | ---------------------- | |
51 |
|
51 | |||
52 | There are two possible ways of installing the extension: using PyPi package, |
|
52 | There are two possible ways of installing the extension: using PyPi package, | |
53 | or using individual file. |
|
53 | or using individual file. | |
54 |
|
54 | |||
55 | To install as a package use ``easy_install``: |
|
55 | To install as a package use ``easy_install``: | |
56 |
|
56 | |||
57 | :: |
|
57 | :: | |
58 |
|
58 | |||
59 | easy_install mercurial_keyring |
|
59 | easy_install mercurial_keyring | |
60 |
|
60 | |||
61 | and then enable it in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``) using: |
|
61 | and then enable it in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``) using: | |
62 |
|
62 | |||
63 | :: |
|
63 | :: | |
64 |
|
64 | |||
65 | [extensions] |
|
65 | [extensions] | |
66 | mercurial_keyring = |
|
66 | mercurial_keyring = | |
67 |
|
67 | |||
68 | To install using individual file, download the |
|
68 | To install using individual file, download the | |
69 | `mercurial_keyring.py`_ file, save it anywhere you like, and |
|
69 | `mercurial_keyring.py`_ file, save it anywhere you like, and | |
70 | put the following in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``): |
|
70 | put the following in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``): | |
71 |
|
71 | |||
72 | :: |
|
72 | :: | |
73 |
|
73 | |||
74 | [extensions] |
|
74 | [extensions] | |
75 | hgext.mercurial_keyring = /path/to/mercurial_keyring.py |
|
75 | hgext.mercurial_keyring = /path/to/mercurial_keyring.py | |
76 |
|
76 | |||
77 | .. _the code: |
|
77 | .. _the code: | |
78 | .. _mercurial_keyring.py: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/mercurial_keyring.py |
|
78 | .. _mercurial_keyring.py: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/mercurial_keyring.py | |
79 |
|
79 | |||
80 | Password backend configuration |
|
80 | Password backend configuration | |
81 | ============================== |
|
81 | ============================== | |
82 |
|
82 | |||
83 | The library should usually pick the most appropriate password backend |
|
83 | The library should usually pick the most appropriate password backend | |
84 | without configuration. Still, if necessary, it can be configured using |
|
84 | without configuration. Still, if necessary, it can be configured using | |
85 | ``~/keyringrc.cfg`` file (``keyringrc.cfg`` in the home directory of |
|
85 | ``~/keyringrc.cfg`` file (``keyringrc.cfg`` in the home directory of | |
86 | the current user). Refer to keyring_ docs for more details. |
|
86 | the current user). Refer to keyring_ docs for more details. | |
87 |
|
87 | |||
88 | *I considered handling similar options in hgrc, but decided that |
|
88 | *I considered handling similar options in hgrc, but decided that | |
89 | single user may use more than one keyring-based script. Still, I am |
|
89 | single user may use more than one keyring-based script. Still, I am | |
90 | open to suggestions.* |
|
90 | open to suggestions.* | |
91 |
|
91 | |||
92 | Repository configuration (HTTP) |
|
92 | Repository configuration (HTTP) | |
93 | =============================== |
|
93 | =============================== | |
94 |
|
94 | |||
95 | Edit repository-local ``.hg/hgrc`` and save there the remote |
|
95 | Edit repository-local ``.hg/hgrc`` and save there the remote | |
96 | repository path and the username, but do not save the password. For |
|
96 | repository path and the username, but do not save the password. For | |
97 | example: |
|
97 | example: | |
98 |
|
98 | |||
99 | :: |
|
99 | :: | |
100 |
|
100 | |||
101 | [paths] |
|
101 | [paths] | |
102 | myremote = https://my.server.com/hgrepo/someproject |
|
102 | myremote = https://my.server.com/hgrepo/someproject | |
103 |
|
103 | |||
104 | [auth] |
|
104 | [auth] | |
105 | myremote.schemes = http https |
|
105 | myremote.schemes = http https | |
106 | myremote.prefix = my.server.com/hgrepo |
|
106 | myremote.prefix = my.server.com/hgrepo | |
107 | myremote.username = mekk |
|
107 | myremote.username = mekk | |
108 |
|
108 | |||
109 | Simpler form with url-embedded name can also be used: |
|
109 | Simpler form with url-embedded name can also be used: | |
110 |
|
110 | |||
111 | :: |
|
111 | :: | |
112 |
|
112 | |||
113 | [paths] |
|
113 | [paths] | |
114 | bitbucket = https://User@bitbucket.org/User/project_name/ |
|
114 | bitbucket = https://User@bitbucket.org/User/project_name/ | |
115 |
|
115 | |||
116 | If prefix is specified, it is used to identify the password (so all |
|
116 | If prefix is specified, it is used to identify the password (so all | |
117 | repositories with the same prefix and the same username will share the |
|
117 | repositories with the same prefix and the same username will share the | |
118 | same password). Otherwise full repository URL is used for this |
|
118 | same password). Otherwise full repository URL is used for this | |
119 | purpose. |
|
119 | purpose. | |
120 |
|
120 | |||
121 | Note: if both username and password are given in ``.hg/hgrc``, |
|
121 | Note: if both username and password are given in ``.hg/hgrc``, | |
122 | extension will use them without using the password database. If |
|
122 | extension will use them without using the password database. If | |
123 | username is not given, extension will prompt for credentials every |
|
123 | username is not given, extension will prompt for credentials every | |
124 | time, also without saving the password. |
|
124 | time, also without saving the password. | |
125 |
|
125 | |||
126 | Finally, if you are consistent about remote repository nicknames, |
|
126 | Finally, if you are consistent about remote repository nicknames, | |
127 | you can configure the username in your `~/.hgrc` (`.hgrc` in your |
|
127 | you can configure the username in your `~/.hgrc` (`.hgrc` in your | |
128 | home directory). For example, write there: |
|
128 | home directory). For example, write there:: | |
129 |
|
129 | |||
130 | [auth] |
|
130 | [auth] | |
131 | acme.prefix = hg.acme.com/repositories |
|
131 | acme.prefix = hg.acme.com/repositories | |
132 | acme.username = johnny |
|
132 | acme.username = johnny | |
133 | acme.schemes = http https |
|
133 | acme.schemes = http https | |
134 |
|
134 | |||
135 | and as long as you will be using alias `acme` for repositories like |
|
135 | and as long as you will be using alias `acme` for repositories like | |
136 | `https://hg.acme.com/repositories/my_beautiful_app`, username |
|
136 | `https://hg.acme.com/repositories/my_beautiful_app`, username | |
137 | `johnnny` will be used, and the same password reused. |
|
137 | `johnnny` will be used, and the same password reused. | |
138 |
|
138 | |||
139 | The advantage of this method is that it works also for `clone`. |
|
139 | The advantage of this method is that it works also for `clone`. | |
140 |
|
140 | |||
141 | Repository configuration (SMTP) |
|
141 | Repository configuration (SMTP) | |
142 | =============================== |
|
142 | =============================== | |
143 |
|
143 | |||
144 | Edit either repository-local ``.hg/hgrc``, or ``~/.hgrc`` and set |
|
144 | Edit either repository-local ``.hg/hgrc``, or ``~/.hgrc`` and set | |
145 | there all standard email and smtp properties, including SMTP |
|
145 | there all standard email and smtp properties, including SMTP | |
146 | username, but without SMTP password. For example: |
|
146 | username, but without SMTP password. For example: | |
147 |
|
147 | |||
148 | :: |
|
148 | :: | |
149 |
|
149 | |||
150 | [email] |
|
150 | [email] | |
151 | method = smtp |
|
151 | method = smtp | |
152 | from = Joe Doe <Joe.Doe@remote.com> |
|
152 | from = Joe Doe <Joe.Doe@remote.com> | |
153 |
|
153 | |||
154 | [smtp] |
|
154 | [smtp] | |
155 | host = smtp.gmail.com |
|
155 | host = smtp.gmail.com | |
156 | port = 587 |
|
156 | port = 587 | |
157 | username = JoeDoe@gmail.com |
|
157 | username = JoeDoe@gmail.com | |
158 | tls = true |
|
158 | tls = true | |
159 |
|
159 | |||
160 | Just as in case of HTTP, you *must* set username, but *must not* set |
|
160 | Just as in case of HTTP, you *must* set username, but *must not* set | |
161 | password here to use the extension, in other cases it will revert to |
|
161 | password here to use the extension, in other cases it will revert to | |
162 | the default behavior. |
|
162 | the default behavior. | |
163 |
|
163 | |||
164 | Usage |
|
164 | Usage | |
165 | ===== |
|
165 | ===== | |
166 |
|
166 | |||
167 | Configure the repository as above, then just ``hg pull``, ``hg push``, |
|
167 | Configure the repository as above, then just ``hg pull``, ``hg push``, | |
168 | etc. You should be asked for the password only once (per every |
|
168 | etc. You should be asked for the password only once (per every | |
169 | username and remote repository prefix or url combination). |
|
169 | username and remote repository prefix or url combination). | |
170 |
|
170 | |||
171 |
|
171 | |||
172 | Similarly, for email, configure as above and just ``hg email``. |
|
172 | Similarly, for email, configure as above and just ``hg email``. | |
173 | Again, you will be asked for the password once (per every username and |
|
173 | Again, you will be asked for the password once (per every username and | |
174 | email server address combination). |
|
174 | email server address combination). | |
175 |
|
175 | |||
176 | Implementation details |
|
176 | Implementation details | |
177 | ====================== |
|
177 | ====================== | |
178 |
|
178 | |||
179 | The extension is monkey-patching the mercurial ``passwordmgr`` class |
|
179 | The extension is monkey-patching the mercurial ``passwordmgr`` class | |
180 | to replace the find_user_password method. Detailed order of operations |
|
180 | to replace the find_user_password method. Detailed order of operations | |
181 | is described in the comments inside `the code`_. |
|
181 | is described in the comments inside `the code`_. | |
182 |
|
182 | |||
183 | Development |
|
183 | Development | |
184 | =========== |
|
184 | =========== | |
185 |
|
185 | |||
186 | Development is tracked on BitBucket, see |
|
186 | Development is tracked on BitBucket, see | |
187 | http://bitbucket.org/Mekk/mercurial_keyring/ |
|
187 | http://bitbucket.org/Mekk/mercurial_keyring/ | |
188 |
|
188 | |||
189 |
|
189 | |||
190 | Additional notes |
|
190 | Additional notes | |
191 | ================ |
|
191 | ================ | |
192 |
|
192 | |||
193 | Information about this extension is also available |
|
193 | Information about this extension is also available | |
194 | on Mercurial Wiki: http://mercurial.selenic.com/wiki/KeyringExtension |
|
194 | on Mercurial Wiki: http://mercurial.selenic.com/wiki/KeyringExtension |
General Comments 0
You need to be logged in to leave comments.
Login now