Blog
Categories
- Default/Other
- Computers
- Friends
- Family
- Blog Code
- Website
- Programming
- Open source
- Scouts
- School/Educational
- Math
- Athletics
- Journal
- Quasi-philosophic ramblings
- Site news
- Informational
- Quotes
Using gnome-keyring to store SVN password on an Ubuntu server
I've been installing a bunch of new VMs recently, so I've been coming across various problems and changes in the way Linux works since last time I was doing a bunch of configuration.
One change is that Subversion has apparently decided that storing passwords unencrypted was a bad idea. (Who'd have thought, right?)
These days, if you try to perform an operation that want to cache your credentials, you'll get something like:
alex@olinda ~ [14:39] $ svn switch --relocate https://svn.dehnert.arctic.org/ https://svn.dehnerts.com/ Authentication realm: <https://svn.dehnerts.com:443> alex's subversion repositories Password for 'alex': ----------------------------------------------------------------------- ATTENTION! Your password for authentication realm: <https://svn.dehnerts.com:443> alex's subversion repositories can only be stored to disk unencrypted! You are advised to configure your system so that Subversion can store passwords encrypted, if possible. See the documentation for details. You can avoid future appearances of this warning by setting the value of the 'store-plaintext-passwords' option to either 'yes' or 'no' in '/home/alex/.subversion/servers'. ----------------------------------------------------------------------- Store password unencrypted (yes/no)?
While I had been okay with storing my password (I don't use it for anything else, and it isn't like my repository stores anything interesting...), this seemed like functionality worth pursuing.
There are two main steps to setting this up. First, you'll need to enable storing the password.
Edit your ~/.subversion/config and add:
[auth] ### Set password stores used by Subversion. They should be ### delimited by spaces or commas. The order of values determines ### the order in which password stores are used. ### Valid password stores: ### gnome-keyring (Unix-like systems) ### kwallet (Unix-like systems) ### keychain (Mac OS X) ### windows-cryptoapi (Windows) password-stores = gnome-keyring , kwallet
If you're like me, though, you're trying to do this on slightly-customized Ubuntu/JeOS install from python-vm-builder, which turns out not to have such software as gnome-keyring.
To do that, run:
aptitude install gnome-keyring # Install the daemon and some libraries aptitude search seahorse # GUI --- probably not needed
This took about 100MB total additional disk space --- non-negligible, but acceptable for a machine that is not trying to be particularly minimal.
In each session you'll need to connect to the keyrings: eval $(gnome-keyring-daemon --daemonize); export GNOME_KEYRING_SOCKET SSH_AUTH_SOCK GNOME_KEYRING_PID. Presumably adding that to .bashrc or something would be a good idea.
I believe you'll also need to add a keyring to store the password in. Run seahorse (after running the daemon, of course), and then go to File -> New... (Ctrl-N), select "Password Keyring", and then name it (I named it "login", which I think matches the default; other names may or may not work).
When you run Subversion, it'll ask you for keyring password. If you get the password right, it should just unlock the keyring. If you get it wrong, it'll give you a slightly confusing error message:
$ svn update Password for 'login' GNOME keyring: svn: OPTIONS of 'https://svn.dehnerts.com/svn/reponame': authorization failed: Could not authenticate to server: rejected Digest challenge (https://svn.dehnerts.com)
Anyway, hopefully that'll help someone. Let me know if you try this, and whether or not it helps.
Categories:
- Computers
- Informational