freshlybakedca.ke
Git fork
git-credential-netrc: accept gpg option
git-credential-netrc was hardcoded to decrypt with 'gpg' regardless of
the gpg.program option. This is a problem on distributions like Debian
that call modern GnuPG something else, like 'gpg2'.
Set the command according to these settings in descending precedence
1. the git-credential-netrc command -g|--gpg option
2. the git gpg.program configuration option
3. the default: 'gpg'
For conformance with Documentation/CodingGuidelines
- use Git.pm for repository and global option queries
- document -g|--gpg command option in command usage
- test repository & command options
- write documentation placeholders according to main standards
Signed-off-by: Luis Marsano <luis.marsano@gmail.com>
Acked-by: Ted Zlatanov <tzz@lifelogs.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
authored by
Luis Marsano
and committed by
Junio C Hamano
786ef50a
f07eeed1
+38
-20
contrib/credential/netrc/git-credential-netrc
+38
-20
contrib/credential/netrc/git-credential-netrc
···
2
2
3
3
use strict;
4
4
use warnings;
5
+
use autodie;
5
6
6
7
use Getopt::Long;
7
8
use File::Basename;
9
+
use Git;
8
10
9
-
my $VERSION = "0.1";
11
+
my $VERSION = "0.2";
10
12
11
13
my %options = (
12
14
help => 0,
···
54
56
"insecure|k",
55
57
"verbose|v",
56
58
"file|f=s@",
59
+
'gpg|g:s',
57
60
);
58
61
59
62
if ($options{help}) {
···
62
65
63
66
print <<EOHIPPUS;
64
67
65
-
$0 [-f AUTHFILE1] [-f AUTHFILEN] [-d] [-v] [-k] get
68
+
$0 [(-f <authfile>)...] [-g <program>] [-d] [-v] [-k] get
66
69
67
70
Version $VERSION by tzz\@lifelogs.com. License: BSD.
68
71
69
72
Options:
70
73
71
-
-f|--file AUTHFILE : specify netrc-style files. Files with the .gpg extension
72
-
will be decrypted by GPG before parsing. Multiple -f
73
-
arguments are OK. They are processed in order, and the
74
-
first matching entry found is returned via the credential
75
-
helper protocol (see below).
74
+
-f|--file <authfile>: specify netrc-style files. Files with the .gpg
75
+
extension will be decrypted by GPG before parsing.
76
+
Multiple -f arguments are OK. They are processed in
77
+
order, and the first matching entry found is returned
78
+
via the credential helper protocol (see below).
76
79
77
-
When no -f option is given, .authinfo.gpg, .netrc.gpg,
78
-
.authinfo, and .netrc files in your home directory are used
79
-
in this order.
80
+
When no -f option is given, .authinfo.gpg, .netrc.gpg,
81
+
.authinfo, and .netrc files in your home directory are
82
+
used in this order.
80
83
81
-
-k|--insecure : ignore bad file ownership or permissions
84
+
-g|--gpg <program> : specify the program for GPG. By default, this is the
85
+
value of gpg.program in the git repository or global
86
+
option or gpg.
82
87
83
-
-d|--debug : turn on debugging (developer info)
88
+
-k|--insecure : ignore bad file ownership or permissions
84
89
85
-
-v|--verbose : be more verbose (show files and information found)
90
+
-d|--debug : turn on debugging (developer info)
91
+
92
+
-v|--verbose : be more verbose (show files and information found)
86
93
87
94
To enable this credential helper:
88
95
···
99
106
100
107
git config credential.helper '$shortname -f AUTHFILE -v'
101
108
102
-
Only "get" mode is supported by this credential helper. It opens every AUTHFILE
103
-
and looks for the first entry that matches the requested search criteria:
109
+
Only "get" mode is supported by this credential helper. It opens every
110
+
<authfile> and looks for the first entry that matches the requested search
111
+
criteria:
104
112
105
113
'port|protocol':
106
114
The protocol that will be used (e.g., https). (protocol=X)
···
120
128
protocol=https
121
129
username=tzz
122
130
123
-
this credential helper will look for the first entry in every AUTHFILE that
131
+
this credential helper will look for the first entry in every <authfile> that
124
132
matches
125
133
126
134
machine github.com port https login tzz
···
137
145
back to "protocol". Any redundant entry tokens (part of the original query) are
138
146
skipped.
139
147
140
-
Again, note that only the first matching entry from all the AUTHFILEs, processed
141
-
in the sequence given on the command line, is used.
148
+
Again, note that only the first matching entry from all the <authfile>s,
149
+
processed in the sequence given on the command line, is used.
142
150
143
151
Netrc/authinfo tokens can be quoted as 'STRING' or "STRING".
144
152
···
152
160
my $mode = shift @ARGV;
153
161
154
162
# Credentials must get a parameter, so die if it's missing.
155
-
die "Syntax: $0 [-f AUTHFILE1] [-f AUTHFILEN] [-d] get" unless defined $mode;
163
+
die "Syntax: $0 [(-f <authfile>)...] [-d] get" unless defined $mode;
156
164
157
165
# Only support 'get' mode; with any other unsupported ones we just exit.
158
166
exit 0 unless $mode eq 'get';
···
171
179
172
180
$files = $options{file} = [ map { glob $_ } @candidates ];
173
181
}
182
+
183
+
load_config(\%options);
174
184
175
185
my $query = read_credential_data_from_stdin();
176
186
···
233
243
234
244
my $io;
235
245
if ($gpgmode) {
236
-
my @cmd = (qw(gpg --decrypt), $file);
246
+
my @cmd = ($options{'gpg'}, qw(--decrypt), $file);
237
247
log_verbose("Using GPG to open $file: [@cmd]");
238
248
open $io, "-|", @cmd;
239
249
} else {
···
409
419
log_debug("FOUND: $git_token=$entry->{$git_token}");
410
420
printf "%s=%s\n", $git_token, $entry->{$git_token};
411
421
}
422
+
}
423
+
sub load_config {
424
+
# load settings from git config
425
+
my $options = shift;
426
+
# set from command argument, gpg.program option, or default to gpg
427
+
$options->{'gpg'} //= Git->repository()->config('gpg.program')
428
+
// 'gpg';
429
+
log_verbose("using $options{'gpg'} for GPG operations");
412
430
}
413
431
sub log_verbose {
414
432
return unless $options{verbose};
+1
-1
contrib/credential/netrc/t-git-credential-netrc.sh
+1
-1
contrib/credential/netrc/t-git-credential-netrc.sh
+2
contrib/credential/netrc/test.command-option-gpg
+2
contrib/credential/netrc/test.command-option-gpg
+2
contrib/credential/netrc/test.git-config-gpg
+2
contrib/credential/netrc/test.git-config-gpg
contrib/credential/netrc/test.netrc.gpg
contrib/credential/netrc/test.netrc.gpg
This is a binary file and will not be displayed.
+19
-3
contrib/credential/netrc/test.pl
+19
-3
contrib/credential/netrc/test.pl
···
9
9
use IPC::Open2;
10
10
11
11
BEGIN {
12
-
# t-git-credential-netrc.sh kicks off our testing, so we have to go from there.
12
+
# t-git-credential-netrc.sh kicks off our testing, so we have to go
13
+
# from there.
13
14
Test::More->builder->current_test(1);
14
15
Test::More->builder->no_ending(1);
15
16
}
16
17
17
18
my @global_credential_args = @ARGV;
18
19
my $scriptDir = dirname rel2abs $0;
19
-
my $netrc = catfile $scriptDir, 'test.netrc';
20
-
my $gcNetrc = catfile $scriptDir, 'git-credential-netrc';
20
+
my ($netrc, $netrcGpg, $gcNetrc) = map { catfile $scriptDir, $_; }
21
+
qw(test.netrc
22
+
test.netrc.gpg
23
+
git-credential-netrc);
21
24
local $ENV{PATH} = join ':'
22
25
, $scriptDir
23
26
, $ENV{PATH}
···
87
90
is($cred->{password}, 'bobwillknow', "Got correct 'host:port kills host' password");
88
91
is($cred->{username}, 'bob', "Got correct 'host:port kills host' username");
89
92
93
+
diag 'Testing netrc file decryption by git config gpg.program setting\n';
94
+
$cred = run_credential( ['-f', $netrcGpg, 'get']
95
+
, { host => 'git-config-gpg' }
96
+
);
97
+
98
+
ok(scalar keys %$cred == 2, 'Got keys decrypted by git config option');
99
+
100
+
diag 'Testing netrc file decryption by gpg option\n';
101
+
$cred = run_credential( ['-f', $netrcGpg, '-g', 'test.command-option-gpg', 'get']
102
+
, { host => 'command-option-gpg' }
103
+
);
104
+
105
+
ok(scalar keys %$cred == 2, 'Got keys decrypted by command option');
90
106
91
107
sub run_credential
92
108
{