This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 16dfdf6e Fetch passwords from secure storage on macOS
16dfdf6e is described below
commit 16dfdf6e095352a1b76ddd9e529b71df172cc22a
Author: Sebb <[email protected]>
AuthorDate: Thu Dec 22 23:46:49 2022 +0000
Fetch passwords from secure storage on macOS
---
Rakefile | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/Rakefile b/Rakefile
index f76108a4..296f61b7 100644
--- a/Rakefile
+++ b/Rakefile
@@ -374,18 +374,33 @@ end
LDAP_HTTPD_PATH = '../.ldap_httpd.tmp'
LDAP_WHIMSY_PATH = '../.ldap_whimsy.tmp'
+# Allow use of security database on macOS
+# Keychain needs to be set up with an application password
+# with the Account value of the user_dn
+def getpass(user_dn)
+ pw = $stdin.getpass("password for #{user_dn}: ")
+ return pw unless pw == '*'
+ if RbConfig::CONFIG["host_os"].start_with? 'darwin'
+ pw, status = Open3.capture2('security', 'find-generic-password', '-a',
user_dn, '-w')
+ raise "ERROR: problem running security: #{status}" unless status.success?
+ else
+ raise "ERROR: sorry, don't know how to get password from secure storage"
+ end
+ return pw.strip
+end
+
def ldap_init
$LOAD_PATH.unshift 'lib'
require 'io/console' # cannot prompt from container, so need to do this
upfront
require 'whimsy/asf/config'
whimsy_dn = ASF::Config.get(:whimsy_dn) or raise "ERROR: Must provide
whimsy_dn value in .whimsy"
- whimsy_pw = $stdin.getpass("password for #{whimsy_dn}: ")
+ whimsy_pw = getpass(whimsy_dn)
raise "ERROR: Password is required" unless whimsy_pw.size > 1
httpd_dn = ASF::Config.get(:httpd_dn)
if httpd_dn
- httpd_pw = $stdin.getpass("password for #{httpd_dn}: ")
+ httpd_pw = getpass(httpd_dn)
raise "ERROR: Password is required" unless httpd_pw.size > 1
else # default to whimsy credentials
httpd_dn = whimsy_dn
