[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: How to use GNOME keyring with Subversion

From: Mark Phippard <markphip_at_gmail.com>
Date: Tue, 19 Jan 2010 11:02:32 -0500

On Tue, Jan 19, 2010 at 10:54 AM, Giulio Troccoli
<Giulio.Troccoli_at_uk.linedata.com>

> The first problem is that the first time (after clearing the stored credentials in .subversion)
> I'm asked for the Subversion password a pop-up window appears asking me for the
> password for the keyring. This is correct, but not all my users use an xterm session,
> some use a simple telnet and this doesn't work of course. Is there a way to have the
> keyring manager ask for the password without tryint and opening a new window?

When you login to a GNOME desktop, the keyring manager is started
automatically and you get the GUI prompt to unlock it when needed. If
just using an xterm then you need to run export `gnome-keyring-daemon`
when you login so that the keyring daemon is running in the
background. The SVN client will prompt at the command line to unlock
it.

> Another problem is the keyring. Again, I'm not an expert, but where is the keyring
> password stored? The one that I am asked in the step described above? I guess it's
> encrypted, but doesn't it need another key to decrypt it? I'm missing something obviously,
> becuase this can go on forever but clearly doesn't.

When you login via GUI I believe there is a default session keyring
that is encrypted with your main credentials. Other than that, yes
when you create a keyring you must give it a password and it uses that
password to encrypt everything. You have to supply that password to
unlock the keyring. Subversion will prompt at command line to unlock
a locked keyring.

> I know that with keyring manager I can create different keyrings. Is it worth creating a
> specific one for Subversion? If so, how do I tell Subversion to use that specific keyring?

Subversion always uses whatever keyring is set as the default.

> Finally, the keyring daemon. It seems there must be one running per user, rather than per
> system. Is that correct? Do I have to run export `gnome-keyring-daemon` everytime a
> user logs in?

Yes, every user has to run it.

You should also see this blog post and the comments:

http://blogs.open.collab.net/svn/2009/07/subversion-16-security-improvements.html

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
Received on 2010-01-19 17:03:10 CET

This is an archived mail posted to the Subversion Users mailing list.