Show More
| Name | Size | Modified | Last Commit | Author |
|---|---|---|---|---|
| .hgignore | Loading ... | |||
| .hgtags | Loading ... | |||
| README.txt | Loading ... | |||
| mercurial_keyring.py | Loading ... | |||
| setup.py | Loading ... | |||
.. -*- mode: rst -*-
=================
mercurial_keyring
=================
``mercurial_keyring`` is a Mercurial_ extension used to securely save
HTTP and SMTP authentication passwords in password databases (Gnome
Keyring, KDE KWallet, OSXKeyChain, specific solutions for Win32 and
command line). This extension uses and wraps services of the keyring_
library.
.. _keyring: http://pypi.python.org/pypi/keyring
.. _Mercurial: http://mercurial.selenic.com
How does it work
================
The extension prompts for the password on the first pull/push (in case
of HTTP) or first email (in case of SMTP), just like it is done by
default, but saves the password. On successive runs it checks for the
username in ``.hg/hgrc``, then for suitable password in the password
database, and uses those credentials (if found).
In case password turns out to be incorrect (either because it was
invalid, or because it was changed on the server) or missing it just
prompts the user again.
Passwords are identified by the combination of username and remote
address, so they can be reused between repositories if they access the
same remote repository (or the same SMTP server).
Installation
============
Prerequisites
-------------
Install the keyring_ library:
::
easy_install keyring
(or ``pip keyring``). On Debian "Sid" the library can be also
installed from the official archive (packages ``python-keyring``
and either ``python-keyring-gnome`` or ``python-keyring-kwallet``).
Extension installation
----------------------
There are two possible ways of installing the extension: using PyPi package,
or using individual file.
To install as a package use ``easy_install``:
::
easy_install mercurial_keyring
and then enable it in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``) using:
::
[extensions]
mercurial_keyring =
To install using individual file, download the
`mercurial_keyring.py`_ file, save it anywhere you like, and
put the following in ``~/.hgrc`` (or ``/etc/mercurial/hgrc``):
::
[extensions]
hgext.mercurial_keyring = /path/to/mercurial_keyring.py
.. _the code:
.. _mercurial_keyring.py: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/mercurial_keyring.py
Password backend configuration
==============================
The library should usually pick the most appropriate password backend
without configuration. Still, if necessary, it can be configured using
``~/keyringrc.cfg`` file (``keyringrc.cfg`` in the home directory of
the current user). Refer to keyring_ docs for more details.
*I considered handling similar options in hgrc, but decided that
single user may use more than one keyring-based script. Still, I am
open to suggestions.*
Repository configuration (HTTP)
===============================
Edit repository-local ``.hg/hgrc`` and save there the remote
repository path and the username, but do not save the password. For
example:
::
[paths]
myremote = https://my.server.com/hgrepo/someproject
[auth]
myremote.schemes = http https
myremote.prefix = my.server.com/hgrepo
myremote.username = mekk
Simpler form with url-embedded name can also be used:
::
[paths]
bitbucket = https://User@bitbucket.org/User/project_name/
If prefix is specified, it is used to identify the password (so all
repositories with the same prefix and the same username will share the
same password). Otherwise full repository URL is used for this
purpose.
Note: if both username and password are given in ``.hg/hgrc``,
extension will use them without using the password database. If
username is not given, extension will prompt for credentials every
time, also without saving the password.
Repository configuration (SMTP)
===============================
Edit either repository-local ``.hg/hgrc``, or ``~/.hgrc`` and set
there all standard email and smtp properties, including SMTP
username, but without SMTP password. For example:
::
[email]
method = smtp
from = Joe Doe <Joe.Doe@remote.com>
[smtp]
host = smtp.gmail.com
port = 587
username = JoeDoe@gmail.com
tls = true
Just as in case of HTTP, you *must* set username, but *must not* set
password here to use the extension, in other cases it will revert to
the default behavior.
Usage
=====
Configure the repository as above, then just ``hg pull``, ``hg push``,
etc. You should be asked for the password only once (per every
username and remote repository prefix or url combination).
Similarly, for email, configure as above and just ``hg email``.
Again, you will be asked for the password once (per every username and
email server address combination).
Implementation details
======================
The extension is monkey-patching the mercurial ``passwordmgr`` class
to replace the find_user_password method. Detailed order of operations
is described in the comments inside `the code`_.
Development
===========
Development is tracked on BitBucket, see
http://bitbucket.org/Mekk/mercurial_keyring/
Additional notes
================
Information about this extension is also available
on Mercurial Wiki: http://mercurial.selenic.com/wiki/KeyringExtension