Re: [PATCH 1/2] Add password parameter to git svn commands and use it when provided instead of defaulting to end-user prompt

2013-10-21 Thread arnaud brejeon 
I played with GIT_ASKPASS and managed to get a fully automated behavior without 
any user prompt.
I guess that the patches are not necessary as we can provide the same , it is 
just less straightforward than direct parameters but I understand the security 
concerns.

I dont know if you plan to keep GIT_ASKPASS as is, but this environment 
variable is not mentioned on git svn documentation and I guess just a few 
people know about it. Moreover, the name is misleading as it handles all the 
prompts, not only the password one.

Arnaud

Le 15 oct. 2013 à 01:35, Eric Wong normalper...@yhbt.net a écrit :

 Jeff King p...@peff.net wrote:
 On Mon, Oct 14, 2013 at 06:40:05PM +, Eric Wong wrote:
 
 arnaud.brej...@gmail.com wrote:
 
 Signed-off-by: Arnaud Brejeon arnaud.brejeon at gmail.com
 
 Thanks.
 
 Can you say a little more about the context?  Do you run a script that
 wants to pass a password to 'git svn', do you type it each time on the
 command line, or something else?  Is it ok that the password would
 show up in ps output?  Would the platform's keyring or netrc be
 usable here, or is there something in the context that avoids that?
 
 I think using keyring or netrc is more appropriate.  Having a password
 on the command-line and visible to all via ps doesn't seem like
 something git should support.
 
 Agreed. We have ready-made git-credential helpers to handle this exact
 problem. We would need to convert SVN::Prompt to use git-credential
 rather than prompting itself, though. One of the things that held me
 back from writing such a patch is that I thought libsvn already handled
 things like keychain integration, and it was better for git-svn to be
 more svn-like than git-like in its access of SVN repos.
 
 Are those already supported out of the box by libsvn? If git's
 credential helpers are significantly more featureful, it might be worth
 converting, but if not, I think it makes sense to stay with svn's
 existing code.
 
 I looks like this patch was forgotten once again:
 
 http://mid.gmane.org/1371573490-21973-1-git-send-email-matth...@stdin.nl
 
 Matthijs: can you add a Signed-off-by for your patch?  I'm inclined to
 push it to Junio as-is since it looks reasonable.
 I admit I don't know SVN callbacks anymore well enough and don't have
 time to test with GNOME.

--
To unsubscribe from this list: send the line unsubscribe git in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/2] Add password parameter to git svn commands and use it when provided instead of defaulting to end-user prompt

2013-10-15 Thread arnaud brejeon 

Le 15 oct. 2013 à 01:35, Eric Wong normalper...@yhbt.net a écrit :

 Jeff King p...@peff.net wrote:
 On Mon, Oct 14, 2013 at 06:40:05PM +, Eric Wong wrote:
 
 arnaud.brej...@gmail.com wrote:
 
 Signed-off-by: Arnaud Brejeon arnaud.brejeon at gmail.com
 
 Thanks.
 
 Can you say a little more about the context?  Do you run a script that
 wants to pass a password to 'git svn', do you type it each time on the
 command line, or something else?  Is it ok that the password would
 show up in ps output?  Would the platform's keyring or netrc be
 usable here, or is there something in the context that avoids that?
 
 I think using keyring or netrc is more appropriate.  Having a password
 on the command-line and visible to all via ps doesn't seem like
 something git should support.
 
 Agreed. We have ready-made git-credential helpers to handle this exact
 problem. We would need to convert SVN::Prompt to use git-credential
 rather than prompting itself, though. One of the things that held me
 back from writing such a patch is that I thought libsvn already handled
 things like keychain integration, and it was better for git-svn to be
 more svn-like than git-like in its access of SVN repos.
 
 Are those already supported out of the box by libsvn? If git's
 credential helpers are significantly more featureful, it might be worth
 converting, but if not, I think it makes sense to stay with svn's
 existing code.
 
 I looks like this patch was forgotten once again:
 
 http://mid.gmane.org/1371573490-21973-1-git-send-email-matth...@stdin.nl
 
 Matthijs: can you add a Signed-off-by for your patch?  I'm inclined to
 push it to Junio as-is since it looks reasonable.
 I admit I don't know SVN callbacks anymore well enough and don't have
 time to test with GNOME.

I wanted to provide some contexts, I should have done before.
I want to use git svn in some scripts that are launched un-attended. As my SVN 
server requires a password, I need to provide it but it can not be at user 
prompt.
This is why I wanted to add the password parameter that is available in svn CLI.

I understand the concern regarding the fact that the password can be retrieved 
through ps.
You are right, it would be better to be able to use git-credential or libsvn 
solution for this purpose.

Arnaud

--
To unsubscribe from this list: send the line unsubscribe git in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/2] Add SVN trust-server-cert parameter to git svn to accept SSL server certificates from unknwon authorities without prompting

2013-10-12 Thread arnaud . brejeon 
From: arnaudbrejeon arnaud.brej...@gmail.com

Signed-off-by: Arnaud Brejeon arnaud.brejeon at gmail.com
---
 git-svn.perl   |1 +
 perl/Git/SVN/Prompt.pm |9 -
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/git-svn.perl b/git-svn.perl
index 07f0a6c..3dfd4d3 100755
--- a/git-svn.perl
+++ b/git-svn.perl
@@ -124,6 +124,7 @@ $Git::SVN::Fetcher::_placeholder_filename = .gitignore;
 $_q ||= 0;
 my %remote_opts = ( 'username=s' = \$Git::SVN::Prompt::_username,
 'password=s' = \$Git::SVN::Prompt::_password,
+'trust-server-cert' = 
\$Git::SVN::Prompt::_trust_server_cert,
 'config-dir=s' = \$Git::SVN::Ra::config_dir,
 'no-auth-cache' = \$Git::SVN::Prompt::_no_auth_cache,
 'ignore-paths=s' = \$Git::SVN::Fetcher::_ignore_regex,
diff --git a/perl/Git/SVN/Prompt.pm b/perl/Git/SVN/Prompt.pm
index a94a847..71459ad 100644
--- a/perl/Git/SVN/Prompt.pm
+++ b/perl/Git/SVN/Prompt.pm
@@ -2,7 +2,7 @@ package Git::SVN::Prompt;
 use strict;
 use warnings;
 require SVN::Core;
-use vars qw/$_no_auth_cache $_username $_password/;
+use vars qw/$_no_auth_cache $_username $_password $_trust_server_cert/;
 
 sub simple {
my ($cred, $realm, $default_username, $may_save, $pool) = @_;
@@ -32,6 +32,13 @@ sub simple {
 sub ssl_server_trust {
my ($cred, $realm, $failures, $cert_info, $may_save, $pool) = @_;
$may_save = undef if $_no_auth_cache;
+
+   if ( defined $_trust_server_cert)
+   {
+   $cred-may_save($may_save); 
+   return $SVN::_Core::SVN_NO_ERROR;
+   }
+   
print STDERR Error validating server certificate for '$realm':\n;
{
no warnings 'once';
-- 
1.7.10.2 (Apple Git-33)

--
To unsubscribe from this list: send the line unsubscribe git in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html