On Monday, December 15, 2014 at 11:51:41 AM UTC+1, Jerome Lacoste wrote: > > Hello, > > I am making a pass at the xcode-plugin these days. I am going through the > pull requests and issues and trying to put a bit of order in the plugin. > > One particular issue is the management of keychains, which can be done in > different ways. > > Right now we have: > 1. global keychains > 2. job keychains > 3. developerProfile loading (into custom keychains) > > I really like the developerProfile one. They fit well in the jenkins > credentials mechanism. > > > One issue with keychains are that they need to be unlocked / relocked. > Right now there are several pull requests ( > https://github.com/jenkinsci/xcode-plugin/pull/47, > https://github.com/jenkinsci/xcode-plugin/pull/49) that want to provide a > way for the user to specify a lock timeout (or remove it altogether). Which > can be problematic if the user specifies a too short timeout. > > A better way IMHO would be to relock automatically the keychain once not > needed (at least for those we know aren't shared simultaneously by multiple > jobs). That really sounds like a BuildWrapper to me. > > Koshuke, is this what you had in mind when adding the: > * TODO: destroy identity in the end. > > https://github.com/jenkinsci/xcode-plugin/blob/master/src/main/java/au/com/rayh/DeveloperProfileLoader.java#L33 > > Has anyone tip on how could this be implemented in a nice way ? (I looked > a bit at the Lock and Latches plugin). > > > > Another issue is that the global and job keychain mechanisms have several > issues: > * they store passwords in plaintext. So that's not good. > * also their they require configuration to be done before hand on all > machines. Not practical for slaves setup > * finally I suspect that the granularity of only having global or job > keychains make them not very useful in the case of having servers with > compartmented teams > > And there are probably other problems I don't know of. I am almost in > favor of deprecating this mechanism and not supporting them anymore and let > people use custom scripts to extend this functionality instead. Any > feedback on this idea ? >
Has anyone else some input on the xcode plugin and keychain management ? Cheers, Jerome -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/5da94373-440c-4fb3-97d7-8c16ad27e4ac%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
