Subversion and the GNOME Keyring


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Subversion and the GNOME Keyring
# 1  
Old 04-11-2011
Java Subversion and the GNOME Keyring

The reason I'm posting this message is because I've written a Korn shell script that will be of use to those people who use the Subversion client on Linux or Solaris and would like their passwords to be encrypted. I realise this isn't strictly a question or matter concerning shell scripts, but as this is a very useful script I couldn't think of anywhere better to post it so that the wider community can make use of it.

I wrote it in Korn shell because I needed something up and running quickly. If someone else would prefer it written an A. N. Other favourite language (perl, python, ruby, prose, you name it), please feel free to write a port.

For a background of the task at hand, see http://technicalprose.blogspot.com/2...e-keyring.html. What the attached script will do is act as a wrapper for the 'svn' tool, starting the 'gnome-keyring-daemon' on your behalf and managing the set-up of the keyring. This is needed on servers where the GNOME Desktop is not installed. Using this script and the process I've documented below will save you hours of pain (the pain I've already had to go through).

Initial Set-up

Steps to get this working if your login shell is bash:
  1. Install CollabNet Subversion v1.6.x or later client on Linux or Solaris (I've tested this on v1.6.16), which has built-in GNOME Keyring support.
  2. Install the GNOME Keyring daemon (e.g. gnome-keyring RPM on Red Hat, on Solaris this requires the SUNWgnome-base-libs and SUNWgnome-libspackages only, you can safely ignore the other dependencies).
  3. Install the attached wrapper script as /opt/CollabNet_Subversion/bin/svn_wrapper.
  4. Add the following line to your ~/.bash_login and ~/.bashrc files which will set-up an 'svn' alias so that the wrapper script is called instead:
    [ -x /opt/CollabNet_Subversion/bin/svn_wrapper ] && alias svn=/opt/CollabNet_Subversion/bin/svn_wrapper
  5. Add the following line to your ~/.bash_logout file, which will kill the GNOME Keyring daemon on exit if you have no further login sessions:
    [ -x /opt/CollabNet_Subversion/bin/svn_wrapper ] && /opt/CollabNet_Subversion/bin/svn_wrapper --gkd-logout
  6. Logout/login again to pick up the changes to your login script.
  7. Run svn --gkd-help to confirm that the wrapper script is being called. This will also display further details about the wrapper script that is of use.
  8. Edit ~/.subversion/config and set the following parameter in the [auth] section:
    password-stores = gnome-keyring
  9. Edit ~/.subversion/servers and set the following parameters in the [global] section:
    store-passwords = yes
    store-plaintext-passwords = no
  10. To remove any previously cached plain-text passwords and cache your encrypted password, run svn --gkd-clear followed by svn up in a checked-out folder.
When you invoke the 'svn up' command above, if the GNOME Keyring Daemon is not already running, it will be started by the wrapper script. You'll be prompted for the GNOME Keyring password. If this is the first time you've run the daemon, pick any password. This password is used to encrypt the keyring, and you'll be prompted for it once per session. A session lasts as long as you have a login on that server (as reported by the UNIX 'w' command).

Note that the wrapper script actually sets up one keyring per OS platform, so if you run 'svn' on both Linux and Solaris clients and automount your home directories between the two, there will be a keyring called 'svn_linux' and one called 'svn_sunos' in ~/.gnome2/keyrings. This is required to work around an incompatibility between keyrings on different platforms, as each platform provides its own version of the GNOME Keyring. This could be mitigated by compiling the same version of the GNOME Keyring for each platform you wish to support, although I've not tested that.

When Your Password Changes

If the password cached in the GNOME Keyring needs to be changed, run svn --gkd-clear followed by svn up in a checked-out folder. This will clear all passwords currently cached by the Subversion client, and then re-cache your new password.

Changing the Keyring Password

If you would like to change the password you are using to encrypt your GNOME Keyring, run rm ~/.gnome2/keyrings/svn* to delete the old 'svn' keyrings, then --gkd-clear followed by svn up in a checked-out folder.

I hope this script is of use to the wider community.

Best regards,
Mark Bannister.

Last edited by cambridge; 06-16-2011 at 11:11 AM.. Reason: Update link to blog article
These 3 Users Gave Thanks to cambridge For This Post:
# 2  
Old 05-20-2011
Amended with fix for >9 arguments

I've amended my original svn_wrapper script with a minor fix for handling greater than 9 arguments. Please find attached.

Best regards,
Mark Bannister.
These 4 Users Gave Thanks to cambridge For This Post:
# 3  
Old 09-08-2011
Modified script to test for proper configuration

Hi Mark,

Here's your script with the additional configuration test I mentioned on your blog.

Dennis
# 4  
Old 09-12-2011
Lightbulb

Quote:
Here's your script with the additional configuration test I mentioned on your blog.
Thanks Dennis. Although I am sure there are other ways of disabling the authentication cache if you're not using Subversion client default settings, e.g.
Code:
store-auth-creds = no

Rather than write in lots of checks and measures I assume my steps 2-10 occur immediately after step 1, i.e. you are using a default installation of the Subversion client and not one with a tinkered configuration Smilie
# 5  
Old 09-12-2011
Good point.

Nonetheless since I would imagine that others, like me, might want to start using your very useful script after having used the svn client for a while, it is probably good that this exchange has resulted in your assumption being explicitly stated. It might save others the hours I spent trying to get the keyring working. Smilie

Thanks again for a very well-written script!

Dennis
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Backup & restore Gnome Desktop and all settings in Gnome

Hi I'm looking for scripts to backup & restore Gnome Desktop and all settings in Gnome. (0 Replies)
Discussion started by: ccc
0 Replies

2. Web Development

About Apache Subversion

Hi all, I have a trouble with this, the web server include a website and also config as apache subversion, this server crashed and i moved the HDD to another machine, i started all the services and the subversion worked fine, but when i access to the website, this message appear A username and... (0 Replies)
Discussion started by: kidzer0
0 Replies

3. Linux

KDevelop And Subversion

Hi How I Can Configure KDevelop to Use A Subversion on Local Network System. When I Want to Create New Project, I See A Error With This Message: "Fail to create project directories on repository" What is My Problem??? Help Me Please!!! My KDevelop Version is: 3.0.5 My Subversion is: 1.5.0 ... (0 Replies)
Discussion started by: hotjava
0 Replies

4. HP-UX

Binaries/Depot for Subversion 1.4.3 for HP/UX 11.11

Could anyone help me out by providing binaries/depot for subversion 1.4.3? The hpux version is: HP-UX myhappybox B.11.11 U 9000/800 I am having trouble compiling the sources for hpux, the provided dependancies are extracted, but it continually falls over. We have previously had svn... (3 Replies)
Discussion started by: spud
3 Replies

5. Solaris

subversion installation problem

Hi all- I'm stuck on a problem here, trying to compile subversion 1.0.5 on a sunfire 2000. I grabbed the binaries, added the packages, and figured I was to go. When I ran the configure script, I got the following error message: checking for gcc... no checking for cc... cc checking for... (2 Replies)
Discussion started by: ECBROWN
2 Replies

6. Solaris

Looking for a subversion GUI for Solaris 9

If available. Didn't see any on the tigris website. Don't have the programming experience to create one. Any third party software would do, too. Client isn't command line friendly. (1 Reply)
Discussion started by: ECBROWN
1 Replies

7. Linux

Subversion

Anyone familiar with it? I'm aware it's a new CVS. I've been over to the tigris website, and am considering getting a copy to play with on my Sparc Ultra II Ent. Box. Thanks in advance. Eric (4 Replies)
Discussion started by: ECBROWN
4 Replies
Login or Register to Ask a Question