u/av6/wip/mercurial_keyring Commit - r37:85b5f7f2

1

; -*- mode: rst -*-

1

.. -*- mode: rst -*-

2

3

=================

3

=================

4

mercurial_keyring

4

mercurial_keyring

5

=================

5

=================

6

7

``mercurial_keyring`` is a Mercurial_ extension to securely save ~~HTTP~~

7

``mercurial_keyring`` is a Mercurial_ extension used to securely save

8

and SMTP authentication passwords in password databases (Gnome

8

HTTP and SMTP authentication passwords in password databases (Gnome

9

Keyring, KDE KWallet, OSXKeyChain, specific solutions for Win32 and

9

Keyring, KDE KWallet, OSXKeyChain, specific solutions for Win32 and

10

command line). This extension uses and wraps services of the keyring_

10

command line). This extension uses and wraps services of the keyring_

11

library.

11

library.

12

13

.. _keyring: http://pypi.python.org/pypi/keyring

13

.. _keyring: http://pypi.python.org/pypi/keyring

14

.. _Mercurial: http://mercurial.selenic.com

14

.. _Mercurial: http://mercurial.selenic.com

15

16

How does it work

16

How does it work

17

================

17

================

18

19

The extension prompts for the password on the first pull/push (in case

19

The extension prompts for the password on the first pull/push (in case

20

of HTTP) or first email (in case of SMTP), just like it is done by

20

of HTTP) or first email (in case of SMTP), just like it is done by

21

default, but saves the given password (keyed by the combination of

21

default, but saves the password. On successive runs it checks for the

22

username and remote repository url - for HTTP - or smtp server

22

username in ``.hg/hgrc``, then for suitable password in the password

23

address - for SMTP) in the password database. On successive runs it

23

database, and uses those credentials (if found).

24

checks for the username in ``.hg/hgrc``, then for suitable password in

25

the password database, and uses those credentials (if found).

26

24

27

In case password turns out to be incorrect (either because it was

25

In case password turns out to be incorrect (either because it was

28

invalid, or because it was changed on the server) or missing it just

26

invalid, or because it was changed on the server) or missing it just

29

prompts the user again.

27

prompts the user again.

30

28

29

Passwords are identified by the combination of username and remote

30

repository url (for HTTP) or username and smtp server address (for

31

SMTP), so they can be reused between repositories if they access

32

the same remote repository.

33

31

Installation

34

Installation

32

============

35

============

33

36

34

Prerequisites

37

Prerequisites

35

-------------

38

-------------

36

39

37

Install the keyring_ library:

40

Install the keyring_ library:

38

41

39

::

42

::

40

43

41

easy_install keyring

44

easy_install keyring

42

45

43

(or ``pip keyring``). On Debian "Sid" the library can be also

46

(or ``pip keyring``). On Debian "Sid" the library can be also

44

installed from the official archive (packages ``python-keyring``

47

installed from the official archive (packages ``python-keyring``

45

and either ``python-keyring-gnome`` or ``python-keyring-kwallet``).

48

and either ``python-keyring-gnome`` or ``python-keyring-kwallet``).

46

49

47

Extension installation

50

Extension installation

48

----------------------

51

----------------------

49

52

50

There are two possible ways of installing the extension: using PyPi package,

53

There are two possible ways of installing the extension: using PyPi package,

51

or using individual file.

54

or using individual file.

52

55

53

To install as a package use ``easy_install``:

56

To install as a package use ``easy_install``:

54

57

55

::

58

::

56

59

57

easy_install mercurial_keyring

60

easy_install mercurial_keyring

58

61

59

and then ~~configure~~ ``~/.hgrc`` (or ``/etc/mercurial/hgrc``) so:

62

and then enable it in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``) using:

60

63

61

::

64

::

62

65

63

[extensions]

66

[extensions]

64

mercurial_keyring =

67

mercurial_keyring =

65

68

66

To install using individual file, download the

69

To install using individual file, download the

67

``mercurial_keyring.py``_ file, save it anywhere you like, and

70

`mercurial_keyring.py`_ file, save it anywhere you like, and

68

put the following in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``):

71

put the following in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``):

69

72

70

::

73

::

71

74

72

[extensions]

75

[extensions]

73

hgext.mercurial_keyring = /path/to/mercurial_keyring.py

76

hgext.mercurial_keyring = /path/to/mercurial_keyring.py

74

77

78

.. _the code:

79

.. _mercurial_keyring.py: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/mercurial_keyring.py

80

75

Password backend configuration

81

Password backend configuration

76

==============================

82

==============================

77

83

78

The library should usually pick the most appropriate password backend

84

The library should usually pick the most appropriate password backend

79

without configuration. Still, if necessary, it can be configured using

85

without configuration. Still, if necessary, it can be configured using

80

``~/keyringrc.cfg`` file (``keyringrc.cfg`` in the home directory of

86

``~/keyringrc.cfg`` file (``keyringrc.cfg`` in the home directory of

81

the current user). Refer to keyring_ docs for more details.

87

the current user). Refer to keyring_ docs for more details.

82

88

83

''I considered handling similar options in hgrc, but decided that

89

*I considered handling similar options in hgrc, but decided that

84

single user may use more than one keyring-based script. Still, I am

90

single user may use more than one keyring-based script. Still, I am

85

open to suggestions.''

91

open to suggestions.*

86

92

87

Repository configuration (HTTP)

93

Repository configuration (HTTP)

88

===============================

94

===============================

89

95

90

Edit repository-local ``.hg/hgrc`` and save there the remote

96

Edit repository-local ``.hg/hgrc`` and save there the remote

91

repository path and the username, but do not save the password. For

97

repository path and the username, but do not save the password. For

92

example:

98

example:

93

99

94

::

100

::

95

101

96

[paths]

102

[paths]

97

myremote = https://my.server.com/hgrepo/someproject

103

myremote = https://my.server.com/hgrepo/someproject

98

104

99

[auth]

105

[auth]

100

myremote.schemes = http https

106

myremote.schemes = http https

101

myremote.prefix = my.server.com/hgrepo

107

myremote.prefix = my.server.com/hgrepo

102

myremote.username = mekk

108

myremote.username = mekk

103

109

104

Simpler form with url-embedded name can also be used:

110

Simpler form with url-embedded name can also be used:

105

111

106

::

112

::

107

113

108

[paths]

114

[paths]

109

bitbucket = https://User@bitbucket.org/User/project_name/

115

bitbucket = https://User@bitbucket.org/User/project_name/

110

116

111

Note: if both username and password are given in ``.hg/hgrc``,

117

Note: if both username and password are given in ``.hg/hgrc``,

112

extension will use them without using the password database. If

118

extension will use them without using the password database. If

113

username is not given, extension will prompt for credentials every

119

username is not given, extension will prompt for credentials every

114

time, also without saving the password.

120

time, also without saving the password.

115

121

116

Repository configuration (SMTP)

122

Repository configuration (SMTP)

117

===============================

123

===============================

118

124

119

Edit either repository-local ``.hg/hgrc``, or ``~/.hgrc`` and set

125

Edit either repository-local ``.hg/hgrc``, or ``~/.hgrc`` and set

120

there all standard email and smtp properties, including ~~smtp~~

126

there all standard email and smtp properties, including SMTP

121

username, but without ~~smtp~~ password. For example:

127

username, but without SMTP password. For example:

122

128

123

::

129

::

124

130

125

[email]

131

[email]

126

method = smtp

132

method = smtp

127

from = Joe Doe <Joe.Doe@remote.com>

133

from = Joe Doe <Joe.Doe@remote.com>

128

134

129

[smtp]

135

[smtp]

130

host = smtp.gmail.com

136

host = smtp.gmail.com

131

port = 587

137

port = 587

132

username = JoeDoe@gmail.com

138

username = JoeDoe@gmail.com

133

tls = true

139

tls = true

134

140

135

Just as in case of HTTP, you ~~``must``~~ set username, but ~~``must not``~~

141

Just as in case of HTTP, you *must* set username, but *must not* set

136

~~set~~ password here to use the extension, in other cases it will revert

142

password here to use the extension, in other cases it will revert to

137

to the default behavior.

143

the default behavior.

138

144

139

Usage

145

Usage

140

=====

146

=====

141

147

142

Configure the repository as above, then just ``hg pull``, ``hg push``,

148

Configure the repository as above, then just ``hg pull``, ``hg push``,

143

etc. You should be asked for the password only once (per every

149

etc. You should be asked for the password only once (per every

144

username+remote_repository_url combination).

150

username+remote_repository_url combination).

145

151

146

Similarly, for email, configure as above and just ``hg email``.

152

Similarly, for email, configure as above and just ``hg email``.

147

Again, you will be asked for the password once (per every

153

Again, you will be asked for the password once (per every

148

username+email_server_name+email_server_port).

154

username+email_server_name+email_server_port).

149

155

150

Implementation details

156

Implementation details

151

======================

157

======================

152

158

153

The extension is monkey-patching the mercurial ``passwordmgr`` class

159

The extension is monkey-patching the mercurial ``passwordmgr`` class

154

to replace the find_user_password method. Detailed order of operations

160

to replace the find_user_password method. Detailed order of operations

155

is described in the comments inside the code.

161

is described in the comments inside `the code`_.

156

162

157

Development

163

Development

158

===========

164

===========

159

165

160

Development is tracked on BitBucket, see

166

Development is tracked on BitBucket, see

161

http://bitbucket.org/Mekk/mercurial_keyring/

167

http://bitbucket.org/Mekk/mercurial_keyring/

162

168

163

169

164

Additional notes

170

Additional notes

165

================

171

================

166

172

167

Information about this extension is also available

173

Information about this extension is also available

168

on Mercurial Wiki: http://mercurial.selenic.com/wiki/KeyringExtension

174

on Mercurial Wiki: http://mercurial.selenic.com/wiki/KeyringExtension

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

-            ; -*- mode: rst -*-
+            .. -*- mode: rst -*-
             =================
             mercurial_keyring
             =================
-            ``mercurial_keyring`` is a Mercurial_ extension to securely save HTTP
+            ``mercurial_keyring`` is a Mercurial_ extension used to securely save
-            and SMTP authentication passwords in password databases (Gnome
+            HTTP and SMTP authentication passwords in password databases (Gnome
             Keyring, KDE KWallet, OSXKeyChain, specific solutions for Win32 and
             command line). This extension uses and wraps services of the keyring_
             library.
             .. _keyring: http://pypi.python.org/pypi/keyring
             .. _Mercurial: http://mercurial.selenic.com
             How does it work
             ================
             The extension prompts for the password on the first pull/push (in case
             of HTTP) or first email (in case of SMTP), just like it is done by
-            default, but saves the given password (keyed by the combination of
+            default, but saves the password. On successive runs it checks for the
-            username and remote repository url - for HTTP - or smtp server
+            username in ``.hg/hgrc``, then for suitable password in the password
-            address - for SMTP) in the password database. On successive runs it
+            database, and uses those credentials (if found).
-            checks for the username in ``.hg/hgrc``, then for suitable password in
-            the password database, and uses those credentials (if found).
             In case password turns out to be incorrect (either because it was
             invalid, or because it was changed on the server) or missing it just
             prompts the user again.
+            Passwords are identified by the combination of username and remote
+            repository url (for HTTP) or username and smtp server address (for
+            SMTP), so they can be reused between repositories if they access
+            the same remote repository.
             Installation
             ============
             Prerequisites
             -------------
             Install the keyring_ library:
             ::
                 easy_install keyring
             (or ``pip keyring``). On Debian "Sid" the library can be also
             installed from the official archive (packages ``python-keyring``
             and either ``python-keyring-gnome`` or ``python-keyring-kwallet``).
             Extension installation
             ----------------------
             There are two possible ways of installing the extension: using PyPi package,
             or using individual file.
             To install as a package use ``easy_install``:
             ::
                 easy_install mercurial_keyring
-            and then configure ``~/.hgrc`` (or ``/etc/mercurial/hgrc``) so:
+            and then enable it in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``) using:
             ::
                 [extensions]
                 mercurial_keyring =
             To install using individual file, download the
-            ``mercurial_keyring.py``_ file, save it anywhere you like, and
+            `mercurial_keyring.py`_ file, save it anywhere you like, and
             put the following in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``):
             ::
                 [extensions]
                 hgext.mercurial_keyring = /path/to/mercurial_keyring.py
+            .. _the code:
+            .. _mercurial_keyring.py: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/mercurial_keyring.py
             Password backend configuration
             ==============================
             The library should usually pick the most appropriate password backend
             without configuration. Still, if necessary, it can be configured using
             ``~/keyringrc.cfg`` file (``keyringrc.cfg`` in the home directory of
             the current user). Refer to keyring_ docs for more details.
-            ''I considered handling similar options in hgrc, but decided that
+            *I considered handling similar options in hgrc, but decided that
             single user may use more than one keyring-based script. Still, I am
-            open to suggestions.''
+            open to suggestions.*
             Repository configuration (HTTP)
             ===============================
             Edit repository-local ``.hg/hgrc`` and save there the remote
             repository path and the username, but do not save the password. For
             example:
             ::
                 [paths]
                 myremote = https://my.server.com/hgrepo/someproject
                 [auth]
                 myremote.schemes = http https
                 myremote.prefix = my.server.com/hgrepo
                 myremote.username = mekk
             Simpler form with url-embedded name can also be used:
             ::
                 [paths]
                 bitbucket = https://User@bitbucket.org/User/project_name/
             Note: if both username and password are given in ``.hg/hgrc``,
             extension will use them without using the password database. If
             username is not given, extension will prompt for credentials every
             time, also without saving the password.
             Repository configuration (SMTP)
             ===============================
             Edit either repository-local ``.hg/hgrc``, or ``~/.hgrc`` and set
-            there all standard email and smtp properties, including smtp
+            there all standard email and smtp properties, including SMTP
-            username, but without smtp password. For example:
+            username, but without SMTP password. For example:
             ::
                 [email]
                 method = smtp
                 from = Joe Doe <Joe.Doe@remote.com>
                 [smtp]
                 host = smtp.gmail.com
                 port = 587
                 username = JoeDoe@gmail.com
                 tls = true
-            Just as in case of HTTP, you ``must`` set username, but ``must not``
+            Just as in case of HTTP, you *must* set username, but *must not* set
-            set password here to use the extension, in other cases it will revert
+            password here to use the extension, in other cases it will revert to
-            to the default behavior.
+            the default behavior.
             Usage
             =====
             Configure the repository as above, then just ``hg pull``, ``hg push``,
             etc.  You should be asked for the password only once (per every
             username+remote_repository_url combination).
             Similarly, for email, configure as above and just ``hg email``.
             Again, you will be asked for the password once (per every
             username+email_server_name+email_server_port).
             Implementation details
             ======================
             The extension is monkey-patching the mercurial ``passwordmgr`` class
             to replace the find_user_password method. Detailed order of operations
-            is described in the comments inside the code.
+            is described in the comments inside `the code`_.
             Development
             ===========
             Development is tracked on BitBucket, see
             http://bitbucket.org/Mekk/mercurial_keyring/
             Additional notes
             ================
             Information about this extension is also available
             on Mercurial Wiki: http://mercurial.selenic.com/wiki/KeyringExtension