Show More
@@ -1,168 +1,174 b'' | |||||
1 |
|
|
1 | .. -*- mode: rst -*- | |
2 |
|
2 | |||
3 | ================= |
|
3 | ================= | |
4 | mercurial_keyring |
|
4 | mercurial_keyring | |
5 | ================= |
|
5 | ================= | |
6 |
|
6 | |||
7 |
``mercurial_keyring`` is a Mercurial_ extension to securely save |
|
7 | ``mercurial_keyring`` is a Mercurial_ extension used to securely save | |
8 | and SMTP authentication passwords in password databases (Gnome |
|
8 | HTTP and SMTP authentication passwords in password databases (Gnome | |
9 | Keyring, KDE KWallet, OSXKeyChain, specific solutions for Win32 and |
|
9 | Keyring, KDE KWallet, OSXKeyChain, specific solutions for Win32 and | |
10 | command line). This extension uses and wraps services of the keyring_ |
|
10 | command line). This extension uses and wraps services of the keyring_ | |
11 | library. |
|
11 | library. | |
12 |
|
12 | |||
13 | .. _keyring: http://pypi.python.org/pypi/keyring |
|
13 | .. _keyring: http://pypi.python.org/pypi/keyring | |
14 | .. _Mercurial: http://mercurial.selenic.com |
|
14 | .. _Mercurial: http://mercurial.selenic.com | |
15 |
|
15 | |||
16 | How does it work |
|
16 | How does it work | |
17 | ================ |
|
17 | ================ | |
18 |
|
18 | |||
19 | The extension prompts for the password on the first pull/push (in case |
|
19 | The extension prompts for the password on the first pull/push (in case | |
20 | of HTTP) or first email (in case of SMTP), just like it is done by |
|
20 | of HTTP) or first email (in case of SMTP), just like it is done by | |
21 | default, but saves the given password (keyed by the combination of |
|
21 | default, but saves the password. On successive runs it checks for the | |
22 | username and remote repository url - for HTTP - or smtp server |
|
22 | username in ``.hg/hgrc``, then for suitable password in the password | |
23 | address - for SMTP) in the password database. On successive runs it |
|
23 | database, and uses those credentials (if found). | |
24 | checks for the username in ``.hg/hgrc``, then for suitable password in |
|
|||
25 | the password database, and uses those credentials (if found). |
|
|||
26 |
|
24 | |||
27 | In case password turns out to be incorrect (either because it was |
|
25 | In case password turns out to be incorrect (either because it was | |
28 | invalid, or because it was changed on the server) or missing it just |
|
26 | invalid, or because it was changed on the server) or missing it just | |
29 | prompts the user again. |
|
27 | prompts the user again. | |
30 |
|
28 | |||
|
29 | Passwords are identified by the combination of username and remote | |||
|
30 | repository url (for HTTP) or username and smtp server address (for | |||
|
31 | SMTP), so they can be reused between repositories if they access | |||
|
32 | the same remote repository. | |||
|
33 | ||||
31 | Installation |
|
34 | Installation | |
32 | ============ |
|
35 | ============ | |
33 |
|
36 | |||
34 | Prerequisites |
|
37 | Prerequisites | |
35 | ------------- |
|
38 | ------------- | |
36 |
|
39 | |||
37 | Install the keyring_ library: |
|
40 | Install the keyring_ library: | |
38 |
|
41 | |||
39 | :: |
|
42 | :: | |
40 |
|
43 | |||
41 | easy_install keyring |
|
44 | easy_install keyring | |
42 |
|
45 | |||
43 | (or ``pip keyring``). On Debian "Sid" the library can be also |
|
46 | (or ``pip keyring``). On Debian "Sid" the library can be also | |
44 | installed from the official archive (packages ``python-keyring`` |
|
47 | installed from the official archive (packages ``python-keyring`` | |
45 | and either ``python-keyring-gnome`` or ``python-keyring-kwallet``). |
|
48 | and either ``python-keyring-gnome`` or ``python-keyring-kwallet``). | |
46 |
|
49 | |||
47 | Extension installation |
|
50 | Extension installation | |
48 | ---------------------- |
|
51 | ---------------------- | |
49 |
|
52 | |||
50 | There are two possible ways of installing the extension: using PyPi package, |
|
53 | There are two possible ways of installing the extension: using PyPi package, | |
51 | or using individual file. |
|
54 | or using individual file. | |
52 |
|
55 | |||
53 | To install as a package use ``easy_install``: |
|
56 | To install as a package use ``easy_install``: | |
54 |
|
57 | |||
55 | :: |
|
58 | :: | |
56 |
|
59 | |||
57 | easy_install mercurial_keyring |
|
60 | easy_install mercurial_keyring | |
58 |
|
61 | |||
59 |
and then |
|
62 | and then enable it in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``) using: | |
60 |
|
63 | |||
61 | :: |
|
64 | :: | |
62 |
|
65 | |||
63 | [extensions] |
|
66 | [extensions] | |
64 | mercurial_keyring = |
|
67 | mercurial_keyring = | |
65 |
|
68 | |||
66 | To install using individual file, download the |
|
69 | To install using individual file, download the | |
67 |
|
|
70 | `mercurial_keyring.py`_ file, save it anywhere you like, and | |
68 | put the following in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``): |
|
71 | put the following in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``): | |
69 |
|
72 | |||
70 | :: |
|
73 | :: | |
71 |
|
74 | |||
72 | [extensions] |
|
75 | [extensions] | |
73 | hgext.mercurial_keyring = /path/to/mercurial_keyring.py |
|
76 | hgext.mercurial_keyring = /path/to/mercurial_keyring.py | |
74 |
|
77 | |||
|
78 | .. _the code: | |||
|
79 | .. _mercurial_keyring.py: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/mercurial_keyring.py | |||
|
80 | ||||
75 | Password backend configuration |
|
81 | Password backend configuration | |
76 | ============================== |
|
82 | ============================== | |
77 |
|
83 | |||
78 | The library should usually pick the most appropriate password backend |
|
84 | The library should usually pick the most appropriate password backend | |
79 | without configuration. Still, if necessary, it can be configured using |
|
85 | without configuration. Still, if necessary, it can be configured using | |
80 | ``~/keyringrc.cfg`` file (``keyringrc.cfg`` in the home directory of |
|
86 | ``~/keyringrc.cfg`` file (``keyringrc.cfg`` in the home directory of | |
81 | the current user). Refer to keyring_ docs for more details. |
|
87 | the current user). Refer to keyring_ docs for more details. | |
82 |
|
88 | |||
83 |
|
|
89 | *I considered handling similar options in hgrc, but decided that | |
84 | single user may use more than one keyring-based script. Still, I am |
|
90 | single user may use more than one keyring-based script. Still, I am | |
85 |
open to suggestions. |
|
91 | open to suggestions.* | |
86 |
|
92 | |||
87 | Repository configuration (HTTP) |
|
93 | Repository configuration (HTTP) | |
88 | =============================== |
|
94 | =============================== | |
89 |
|
95 | |||
90 | Edit repository-local ``.hg/hgrc`` and save there the remote |
|
96 | Edit repository-local ``.hg/hgrc`` and save there the remote | |
91 | repository path and the username, but do not save the password. For |
|
97 | repository path and the username, but do not save the password. For | |
92 | example: |
|
98 | example: | |
93 |
|
99 | |||
94 | :: |
|
100 | :: | |
95 |
|
101 | |||
96 | [paths] |
|
102 | [paths] | |
97 | myremote = https://my.server.com/hgrepo/someproject |
|
103 | myremote = https://my.server.com/hgrepo/someproject | |
98 |
|
104 | |||
99 | [auth] |
|
105 | [auth] | |
100 | myremote.schemes = http https |
|
106 | myremote.schemes = http https | |
101 | myremote.prefix = my.server.com/hgrepo |
|
107 | myremote.prefix = my.server.com/hgrepo | |
102 | myremote.username = mekk |
|
108 | myremote.username = mekk | |
103 |
|
109 | |||
104 | Simpler form with url-embedded name can also be used: |
|
110 | Simpler form with url-embedded name can also be used: | |
105 |
|
111 | |||
106 | :: |
|
112 | :: | |
107 |
|
113 | |||
108 | [paths] |
|
114 | [paths] | |
109 | bitbucket = https://User@bitbucket.org/User/project_name/ |
|
115 | bitbucket = https://User@bitbucket.org/User/project_name/ | |
110 |
|
116 | |||
111 | Note: if both username and password are given in ``.hg/hgrc``, |
|
117 | Note: if both username and password are given in ``.hg/hgrc``, | |
112 | extension will use them without using the password database. If |
|
118 | extension will use them without using the password database. If | |
113 | username is not given, extension will prompt for credentials every |
|
119 | username is not given, extension will prompt for credentials every | |
114 | time, also without saving the password. |
|
120 | time, also without saving the password. | |
115 |
|
121 | |||
116 | Repository configuration (SMTP) |
|
122 | Repository configuration (SMTP) | |
117 | =============================== |
|
123 | =============================== | |
118 |
|
124 | |||
119 | Edit either repository-local ``.hg/hgrc``, or ``~/.hgrc`` and set |
|
125 | Edit either repository-local ``.hg/hgrc``, or ``~/.hgrc`` and set | |
120 |
there all standard email and smtp properties, including |
|
126 | there all standard email and smtp properties, including SMTP | |
121 |
username, but without |
|
127 | username, but without SMTP password. For example: | |
122 |
|
128 | |||
123 | :: |
|
129 | :: | |
124 |
|
130 | |||
125 | [email] |
|
131 | [email] | |
126 | method = smtp |
|
132 | method = smtp | |
127 | from = Joe Doe <Joe.Doe@remote.com> |
|
133 | from = Joe Doe <Joe.Doe@remote.com> | |
128 |
|
134 | |||
129 | [smtp] |
|
135 | [smtp] | |
130 | host = smtp.gmail.com |
|
136 | host = smtp.gmail.com | |
131 | port = 587 |
|
137 | port = 587 | |
132 | username = JoeDoe@gmail.com |
|
138 | username = JoeDoe@gmail.com | |
133 | tls = true |
|
139 | tls = true | |
134 |
|
140 | |||
135 |
Just as in case of HTTP, you |
|
141 | Just as in case of HTTP, you *must* set username, but *must not* set | |
136 |
|
|
142 | password here to use the extension, in other cases it will revert to | |
137 |
|
|
143 | the default behavior. | |
138 |
|
144 | |||
139 | Usage |
|
145 | Usage | |
140 | ===== |
|
146 | ===== | |
141 |
|
147 | |||
142 | Configure the repository as above, then just ``hg pull``, ``hg push``, |
|
148 | Configure the repository as above, then just ``hg pull``, ``hg push``, | |
143 | etc. You should be asked for the password only once (per every |
|
149 | etc. You should be asked for the password only once (per every | |
144 | username+remote_repository_url combination). |
|
150 | username+remote_repository_url combination). | |
145 |
|
151 | |||
146 | Similarly, for email, configure as above and just ``hg email``. |
|
152 | Similarly, for email, configure as above and just ``hg email``. | |
147 | Again, you will be asked for the password once (per every |
|
153 | Again, you will be asked for the password once (per every | |
148 | username+email_server_name+email_server_port). |
|
154 | username+email_server_name+email_server_port). | |
149 |
|
155 | |||
150 | Implementation details |
|
156 | Implementation details | |
151 | ====================== |
|
157 | ====================== | |
152 |
|
158 | |||
153 | The extension is monkey-patching the mercurial ``passwordmgr`` class |
|
159 | The extension is monkey-patching the mercurial ``passwordmgr`` class | |
154 | to replace the find_user_password method. Detailed order of operations |
|
160 | to replace the find_user_password method. Detailed order of operations | |
155 | is described in the comments inside the code. |
|
161 | is described in the comments inside `the code`_. | |
156 |
|
162 | |||
157 | Development |
|
163 | Development | |
158 | =========== |
|
164 | =========== | |
159 |
|
165 | |||
160 | Development is tracked on BitBucket, see |
|
166 | Development is tracked on BitBucket, see | |
161 | http://bitbucket.org/Mekk/mercurial_keyring/ |
|
167 | http://bitbucket.org/Mekk/mercurial_keyring/ | |
162 |
|
168 | |||
163 |
|
169 | |||
164 | Additional notes |
|
170 | Additional notes | |
165 | ================ |
|
171 | ================ | |
166 |
|
172 | |||
167 | Information about this extension is also available |
|
173 | Information about this extension is also available | |
168 | on Mercurial Wiki: http://mercurial.selenic.com/wiki/KeyringExtension |
|
174 | on Mercurial Wiki: http://mercurial.selenic.com/wiki/KeyringExtension |
General Comments 0
You need to be logged in to leave comments.
Login now