git-bz: avoid storing unencrypted passwords in gitconfig
Hi all, I recently shared an LXD container containing my Koha dev environment, and of course I forgot to remove my Bugzilla credentials from the git config... I immediately changed it, but for that not to happen again I searched for a way to not have to store unencrypted passwords for git-bz. The result is here https://github.com/jajm/git-bz/tree/git-credential It uses git-credential, so you can theoretically use any password manager you want, as long as you can write a git-credential helper for it (I use the builtin 'cache' helper, which stores passwords in memory) I thought it might interest some people here. For more information, see the commit message at https://github.com/jajm/git-bz/commit/efb06d8fe3033a83772d0294ab5f67c7f51eaf... -- Julian Maurice <julian.maurice@biblibre.com> BibLibre
Awesome! El mié., 17 de ene. de 2018 7:14 a. m., Julian Maurice < julian.maurice@biblibre.com> escribió:
Hi all,
I recently shared an LXD container containing my Koha dev environment, and of course I forgot to remove my Bugzilla credentials from the git config... I immediately changed it, but for that not to happen again I searched for a way to not have to store unencrypted passwords for git-bz.
The result is here https://github.com/jajm/git-bz/tree/git-credential
It uses git-credential, so you can theoretically use any password manager you want, as long as you can write a git-credential helper for it (I use the builtin 'cache' helper, which stores passwords in memory)
I thought it might interest some people here.
For more information, see the commit message at
https://github.com/jajm/git-bz/commit/efb06d8fe3033a83772d0294ab5f67c7f51eaf...
-- Julian Maurice <julian.maurice@biblibre.com> BibLibre _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
-- Tomás Cohen Arazi Theke Solutions (https://theke.io <http://theke.io/>) ✆ +54 9351 3513384 GPG: B2F3C15F
Deep approval, nice! Liz On 17/01/18 23:14, Julian Maurice wrote:
Hi all,
I recently shared an LXD container containing my Koha dev environment, and of course I forgot to remove my Bugzilla credentials from the git config... I immediately changed it, but for that not to happen again I searched for a way to not have to store unencrypted passwords for git-bz.
The result is here https://github.com/jajm/git-bz/tree/git-credential
It uses git-credential, so you can theoretically use any password manager you want, as long as you can write a git-credential helper for it (I use the builtin 'cache' helper, which stores passwords in memory)
I thought it might interest some people here.
For more information, see the commit message at https://github.com/jajm/git-bz/commit/efb06d8fe3033a83772d0294ab5f67c7f51eaf...
-- -- Liz Rea Catalyst.Net Limited Level 6, Catalyst House, 150 Willis Street, Wellington. P.O Box 11053, Manners Street, Wellington 6142 04 803 2265 GPG: B149 A443 6B01 7386 C2C7 F481 B6c2 A49D 3726 38B7
Hi all, could/should we add this to the wiki? https://wiki.koha-community.org/wiki/Git_bz_configuration And maybe kohadevbox? Katrin On 17.01.2018 21:30, Liz Rea wrote:
Deep approval, nice!
Liz
On 17/01/18 23:14, Julian Maurice wrote:
Hi all,
I recently shared an LXD container containing my Koha dev environment, and of course I forgot to remove my Bugzilla credentials from the git config... I immediately changed it, but for that not to happen again I searched for a way to not have to store unencrypted passwords for git-bz.
The result is here https://github.com/jajm/git-bz/tree/git-credential
It uses git-credential, so you can theoretically use any password manager you want, as long as you can write a git-credential helper for it (I use the builtin 'cache' helper, which stores passwords in memory)
I thought it might interest some people here.
For more information, see the commit message at https://github.com/jajm/git-bz/commit/efb06d8fe3033a83772d0294ab5f67c7f51eaf...
Hi, I added a small example in the wiki that uses the 'cache' helper. If someone is using another helper, it would be good to add it too. Le 03/02/2018 à 09:20, Katrin Fischer a écrit :
Hi all,
could/should we add this to the wiki? https://wiki.koha-community.org/wiki/Git_bz_configuration
And maybe kohadevbox?
Katrin
On 17.01.2018 21:30, Liz Rea wrote:
Deep approval, nice!
Liz
On 17/01/18 23:14, Julian Maurice wrote:
Hi all,
I recently shared an LXD container containing my Koha dev environment, and of course I forgot to remove my Bugzilla credentials from the git config... I immediately changed it, but for that not to happen again I searched for a way to not have to store unencrypted passwords for git-bz.
The result is here https://github.com/jajm/git-bz/tree/git-credential
It uses git-credential, so you can theoretically use any password manager you want, as long as you can write a git-credential helper for it (I use the builtin 'cache' helper, which stores passwords in memory)
I thought it might interest some people here.
For more information, see the commit message at https://github.com/jajm/git-bz/commit/efb06d8fe3033a83772d0294ab5f67c7f51eaf...
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
-- Julian Maurice <julian.maurice@biblibre.com> BibLibre
+1 Thx Julian! On 05.02.2018 16:45, Julian Maurice wrote:
Hi,
I added a small example in the wiki that uses the 'cache' helper. If someone is using another helper, it would be good to add it too.
Le 03/02/2018 à 09:20, Katrin Fischer a écrit :
Hi all,
could/should we add this to the wiki? https://wiki.koha-community.org/wiki/Git_bz_configuration
And maybe kohadevbox?
Katrin
On 17.01.2018 21:30, Liz Rea wrote:
Deep approval, nice!
Liz
On 17/01/18 23:14, Julian Maurice wrote:
Hi all,
I recently shared an LXD container containing my Koha dev environment, and of course I forgot to remove my Bugzilla credentials from the git config... I immediately changed it, but for that not to happen again I searched for a way to not have to store unencrypted passwords for git-bz.
The result is here https://github.com/jajm/git-bz/tree/git-credential
It uses git-credential, so you can theoretically use any password manager you want, as long as you can write a git-credential helper for it (I use the builtin 'cache' helper, which stores passwords in memory)
I thought it might interest some people here.
For more information, see the commit message at https://github.com/jajm/git-bz/commit/efb06d8fe3033a83772d0294ab5f67c7f51eaf...
Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
This issue has annoyed me for years, so this sounds pretty cool! I don't love the "cache" and "store" options... but it looks like there might be an alternative using libsecret or the gnome keyring. These alternatives can be found in separate packages or built from source it seems. On OpenSUSE, I just installed " git-credential-gnome-keyring". On Arch, they use libsecret: https://wiki.archlinux.org/index.php/GNOME/Keyring#Git_integration. It looks like the gnome keyring one is deprecated (https://stackoverflow.com/questions/36585496/error-when-using-git-credentia l-helper-with-gnome-keyring-as-sudo), so libsecret is probably the way to go. I've tried using /usr/lib/git/git-credential-gnome-keyring, but it doesn't seem to be working. Admittedly I'm just using a SSH session rather than a GUI session. I launched DBUS so I don't get errors but it's not saving credentials using "git credential approve". The "cache" option worked well though. David Cook Systems Librarian Prosentient Systems 72/330 Wattle St Ultimo, NSW 2007 Australia Office: 02 9212 0899 Direct: 02 8005 0595 -----Original Message----- From: koha-devel-bounces@lists.koha-community.org [mailto:koha-devel-bounces@lists.koha-community.org] On Behalf Of Julian Maurice Sent: Wednesday, 17 January 2018 9:14 PM To: koha-devel@lists.koha-community.org Subject: [Koha-devel] git-bz: avoid storing unencrypted passwords in gitconfig Hi all, I recently shared an LXD container containing my Koha dev environment, and of course I forgot to remove my Bugzilla credentials from the git config... I immediately changed it, but for that not to happen again I searched for a way to not have to store unencrypted passwords for git-bz. The result is here https://github.com/jajm/git-bz/tree/git-credential It uses git-credential, so you can theoretically use any password manager you want, as long as you can write a git-credential helper for it (I use the builtin 'cache' helper, which stores passwords in memory) I thought it might interest some people here. For more information, see the commit message at https://github.com/jajm/git-bz/commit/efb06d8fe3033a83772d0294ab5f67c7f51eaf 57 -- Julian Maurice <julian.maurice@biblibre.com> BibLibre _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
I tried libsecret with gnome-keyring, it worked the first time, but not the other ones infortunately... I get this error message: https://stackoverflow.com/questions/36585496/error-when-using-git-credential... If you know how to fix it, please share! :) Le 18/01/2018 à 02:14, David Cook a écrit :
This issue has annoyed me for years, so this sounds pretty cool!
I don't love the "cache" and "store" options... but it looks like there might be an alternative using libsecret or the gnome keyring. These alternatives can be found in separate packages or built from source it seems.
On OpenSUSE, I just installed " git-credential-gnome-keyring". On Arch, they use libsecret: https://wiki.archlinux.org/index.php/GNOME/Keyring#Git_integration.
It looks like the gnome keyring one is deprecated (https://stackoverflow.com/questions/36585496/error-when-using-git-credentia l-helper-with-gnome-keyring-as-sudo), so libsecret is probably the way to go.
I've tried using /usr/lib/git/git-credential-gnome-keyring, but it doesn't seem to be working. Admittedly I'm just using a SSH session rather than a GUI session. I launched DBUS so I don't get errors but it's not saving credentials using "git credential approve". The "cache" option worked well though.
David Cook Systems Librarian Prosentient Systems 72/330 Wattle St Ultimo, NSW 2007 Australia
Office: 02 9212 0899 Direct: 02 8005 0595
-----Original Message----- From: koha-devel-bounces@lists.koha-community.org [mailto:koha-devel-bounces@lists.koha-community.org] On Behalf Of Julian Maurice Sent: Wednesday, 17 January 2018 9:14 PM To: koha-devel@lists.koha-community.org Subject: [Koha-devel] git-bz: avoid storing unencrypted passwords in gitconfig
Hi all,
I recently shared an LXD container containing my Koha dev environment, and of course I forgot to remove my Bugzilla credentials from the git config... I immediately changed it, but for that not to happen again I searched for a way to not have to store unencrypted passwords for git-bz.
The result is here https://github.com/jajm/git-bz/tree/git-credential
It uses git-credential, so you can theoretically use any password manager you want, as long as you can write a git-credential helper for it (I use the builtin 'cache' helper, which stores passwords in memory)
I thought it might interest some people here.
For more information, see the commit message at https://github.com/jajm/git-bz/commit/efb06d8fe3033a83772d0294ab5f67c7f51eaf 57
-- Julian Maurice <julian.maurice@biblibre.com> BibLibre _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
-- Julian Maurice <julian.maurice@biblibre.com> BibLibre
That's cool, Julian! What version of Git are you using? The comments seem to suggest that might make a difference. I'm kind of curious to try git-credential-gnome-keyring, but... just not a priority at the moment. Overall, I'm super pleased about this though! David Cook Systems Librarian Prosentient Systems 72/330 Wattle St Ultimo, NSW 2007 Australia Office: 02 9212 0899 Direct: 02 8005 0595 -----Original Message----- From: Julian Maurice [mailto:julian.maurice@biblibre.com] Sent: Thursday, 18 January 2018 7:42 PM To: David Cook <dcook@prosentient.com.au>; koha-devel@lists.koha-community.org Subject: Re: [Koha-devel] git-bz: avoid storing unencrypted passwords in gitconfig I tried libsecret with gnome-keyring, it worked the first time, but not the other ones infortunately... I get this error message: https://stackoverflow.com/questions/36585496/error-when-using-git-credential... If you know how to fix it, please share! :) Le 18/01/2018 à 02:14, David Cook a écrit :
This issue has annoyed me for years, so this sounds pretty cool!
I don't love the "cache" and "store" options... but it looks like there might be an alternative using libsecret or the gnome keyring. These alternatives can be found in separate packages or built from source it seems.
On OpenSUSE, I just installed " git-credential-gnome-keyring". On Arch, they use libsecret: https://wiki.archlinux.org/index.php/GNOME/Keyring#Git_integration.
It looks like the gnome keyring one is deprecated (https://stackoverflow.com/questions/36585496/error-when-using-git-cre dentia l-helper-with-gnome-keyring-as-sudo), so libsecret is probably the way to go.
I've tried using /usr/lib/git/git-credential-gnome-keyring, but it doesn't seem to be working. Admittedly I'm just using a SSH session rather than a GUI session. I launched DBUS so I don't get errors but it's not saving credentials using "git credential approve". The "cache" option worked well though.
David Cook Systems Librarian Prosentient Systems 72/330 Wattle St Ultimo, NSW 2007 Australia
Office: 02 9212 0899 Direct: 02 8005 0595
-----Original Message----- From: koha-devel-bounces@lists.koha-community.org [mailto:koha-devel-bounces@lists.koha-community.org] On Behalf Of Julian Maurice Sent: Wednesday, 17 January 2018 9:14 PM To: koha-devel@lists.koha-community.org Subject: [Koha-devel] git-bz: avoid storing unencrypted passwords in gitconfig
Hi all,
I recently shared an LXD container containing my Koha dev environment, and of course I forgot to remove my Bugzilla credentials from the git config... I immediately changed it, but for that not to happen again I searched for a way to not have to store unencrypted passwords for git-bz.
The result is here https://github.com/jajm/git-bz/tree/git-credential
It uses git-credential, so you can theoretically use any password manager you want, as long as you can write a git-credential helper for it (I use the builtin 'cache' helper, which stores passwords in memory)
I thought it might interest some people here.
For more information, see the commit message at https://github.com/jajm/git-bz/commit/efb06d8fe3033a83772d0294ab5f67c7 f51eaf 57
-- Julian Maurice <julian.maurice@biblibre.com> BibLibre _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
-- Julian Maurice <julian.maurice@biblibre.com> BibLibre
Very long standing issues, good to see it fixed :) I have picked the commit for the apply_on_cascade branch of my github repo. Maybe we should make it (apply on cascade + use-git-credential) the default and push it to the community/master(or fishsoup) branch. By the way the fishsoup repo is 37 commits ahead from us :-/ http://git.fishsoup.net/cgit/git-bz/ On Wed, 17 Jan 2018 at 07:14 Julian Maurice <julian.maurice@biblibre.com> wrote:
Hi all,
I recently shared an LXD container containing my Koha dev environment, and of course I forgot to remove my Bugzilla credentials from the git config... I immediately changed it, but for that not to happen again I searched for a way to not have to store unencrypted passwords for git-bz.
The result is here https://github.com/jajm/git-bz/tree/git-credential
It uses git-credential, so you can theoretically use any password manager you want, as long as you can write a git-credential helper for it (I use the builtin 'cache' helper, which stores passwords in memory)
I thought it might interest some people here.
For more information, see the commit message at
https://github.com/jajm/git-bz/commit/efb06d8fe3033a83772d0294ab5f67c7f51eaf...
-- Julian Maurice <julian.maurice@biblibre.com> BibLibre _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
+1 for using master branch instead of fishsoup (or at least make fishsoup the default branch so we don't have to specify branch when cloning) I see that you did retrieve the "git-credential" commit on fishsoup branch (did you check that it continues to work for those that have password in their gitconfig ? I did, but another check would be good), but not the apply_on_cascade branch, why ? Also, I have a suggestion for git-bz for which I would like to hear other people opinion: I think we should use Github/Gitlab/... (whatever platform that makes easy for people to fork and create pull requests) and give push permission to anyone interested in reviewing pull requests. That suggestion also applies to our QA tools. I think that would ease and encourage improvements. Any thoughts ? Le 18/01/2018 à 19:38, Jonathan Druart a écrit :
Very long standing issues, good to see it fixed :) I have picked the commit for the apply_on_cascade branch of my github repo. Maybe we should make it (apply on cascade + use-git-credential) the default and push it to the community/master(or fishsoup) branch.
By the way the fishsoup repo is 37 commits ahead from us :-/ http://git.fishsoup.net/cgit/git-bz/
On Wed, 17 Jan 2018 at 07:14 Julian Maurice <julian.maurice@biblibre.com <mailto:julian.maurice@biblibre.com>> wrote:
Hi all,
I recently shared an LXD container containing my Koha dev environment, and of course I forgot to remove my Bugzilla credentials from the git config... I immediately changed it, but for that not to happen again I searched for a way to not have to store unencrypted passwords for git-bz.
The result is here https://github.com/jajm/git-bz/tree/git-credential
It uses git-credential, so you can theoretically use any password manager you want, as long as you can write a git-credential helper for it (I use the builtin 'cache' helper, which stores passwords in memory)
I thought it might interest some people here.
For more information, see the commit message at https://github.com/jajm/git-bz/commit/efb06d8fe3033a83772d0294ab5f67c7f51eaf...
-- Julian Maurice <julian.maurice@biblibre.com <mailto:julian.maurice@biblibre.com>> BibLibre _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org <mailto:Koha-devel@lists.koha-community.org> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
-- Julian Maurice <julian.maurice@biblibre.com> BibLibre
participants (6)
-
David Cook -
Jonathan Druart -
Julian Maurice -
Katrin Fischer -
Liz Rea -
Tomas Cohen Arazi