[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserv + ssh + ldap

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Mon, 2 Aug 2010 08:22:01 -0400

On Sun, Aug 1, 2010 at 1:37 PM, Mark Phippard <markphip_at_gmail.com> wrote:
> On Sun, Aug 1, 2010 at 12:59 PM, Nico Kadel-Garcia <nkadel_at_gmail.com> wrote:
>>> AFAIK it's possible to run gnome-keyring without X.
>> It's painful. Take a glance at
>> http://superuser.com/questions/141036/use-of-gnome-keyring-daemon-without-x,
>> which documents manually editing /etc/pam.d/ login settings. It's also
>> heavily dependent on X libraries.
> Subversion and GNOME keyring work well without X.  In your login
> script you just want:
> $ export `gnome-keyring-daemon`

Good, but ouch. Let's try adding a bit of rigor, shall we? First,
before running such a daemon, always check that it actually exists,
where you expect it to exist. Running random commands that will handle
passwords which may have been replaced by who knows what somehwere in
your $PATH is always a bad idea. So let's use this instead:

    if [ -x /usr/bin/gnome-keyring-daemon ]; then
        export `gnome-keyring-daemon`

And .login is not universal. .bash_profile, for example, is more
effective for most bash users. But I take the idea.

Last, it doesn't store the settings for your existing keyrings
anywhere so you don't wind up creating one every time you log in. This
sort of setting is stored for SSH keys by tools like the Perl script
'keychain': I'm not sure there's one like it for the
gnome-keyring-daemon. So it's reasonable, but resource consumptive if
you run multiple logins to the same host, and will tend to clutter
/tmp/. That's serviceable, so I'll actually try that out this week.

> Subversion will prompt you for password to unlock the keyring when it
> is locked.  In logout script you want:

Nothing personal, but you seem to be casually slapping things into
your configuration scripts with uncertain provenance. The resulting
errors are begging to cause issues in multiplatform environments. Try
something like this instead


And for bash users, it goes in .bash_logout.

> One problem is that GNOME does not provide any CLI for working with
> the keyring.  CollabNet created a keyring_tool that lets you do this.
> It is packaged in the RPM we provide for Linux.

Good! Is there some reason it's not in the main Subversion codeline?
Or in a forked off product?
Received on 2010-08-02 14:22:43 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.