当需要 http 授权时,如何通过 Fabric 发起的 ssh 连接克隆 Mercurial 存储库?
我第一次尝试使用 Fabric,到目前为止我真的很喜欢它,但在我的部署脚本中的某个时刻,我想克隆一个 Mercurial 存储库。当我到达这一点时,我收到一个错误:
错误:中止:需要 http 授权
我的存储库需要 http 授权,并且 Fabric 不会提示我输入用户名和密码。我可以通过更改我的存储库地址来解决这个问题:
到:
但由于各种原因,我不想这样做路线。 还有其他方法可以绕过这个问题吗?
I'm attempting to use fabric for the first time and I really like it so far, but at a certain point in my deployment script I want to clone a mercurial repository. When I get to that point I get an error:
err: abort: http authorization required
My repository requires http authorization and fabric doesn't prompt me for the user and password. I can get around this by changing my repository address from:
to:
But for various reasons I would prefer not to go this route.
Are there any other ways in which I could bypass this problem?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这里有四个选项,具有不同的安全权衡,并且需要不同数量的系统管理魔力:
使用较新的 Mercurial,您可以将密码放在本地用户的
.hgrc< 的[auth]部分中/代码> 文件。密码仍将以明文形式存储在磁盘上,但至少不在 URL 中或者
您可以在本地设置一个 HTTP 代理,该代理在本地显示为无身份验证,并在与远程通信时为您进行身份验证。
或者
如果您能够更改托管服务器上的配置,您可以将其(Apache?)设置为从本地主机访问时不需要用户/密码,然后使用 SSH 隧道使本地机器在访问服务器时看起来像是来自本地主机:
然后让 Fabric 连接到
http://localhost:8080/repository或者
较新的 Mercurial 支持客户端证书身份验证,因此您可以配置 Apache 以将其视为授权/身份验证,然后调整本地 hg 以提供证书。
Here are four options with various security trade-offs and requiring various amounts of sys admin mojo:
With newer mercurial's you could put the password in the
[auth]section of the local user's.hgrcfile. The password will still be on disk in plaintext, but at least not in the URLOr
You could locally set up a HTTP proxy that presents as no-auth locally and does the auth for you when communicating with remote.
Or
Of you're able to alter configuration on the hosting server you could set it (Apache?) to not require a user/pass when accessed from localhost, and then use a SSH tunnel to make the local machine look like it's coming from localhost when it access the server:
and then have fabric connect to
http://localhost:8080/repositoryOr
Newer mercurial's support client side certificates for authentication, so you could configure your Apache to honor those as authorization/authentcation and then tweak your local hg to provide the certificate.
根据您的 fabfile,您也许能够重新构建问题。您可以在本地系统上执行 Mercurial 命令,然后将您使用 Fabric 构建的工件发送出去,而不是在远程系统上进行 hg 克隆。
具体来说,您可以使用 Fabric 的 local() 命令克隆 Mercurial 存储库,并运行“hg archive”命令来准备 tarball。然后,您可以使用 Fabrics put() 上传该 tarball,并使用 Fabrics run() 将其解压到正确的位置。
克隆、打包、放置的代码片段可能类似于以下内容:
Depending on your fabfile, you might be able to reframe the problem. Instead of doing a hg clone on the remote system you could do your mercurial commands on your local system, and then ship the artifact you've constructed across with fabric.
Specifically, you could clone the mercurial repository by using fabric's local() commands, and run a 'hg archive' command to prepare a tarball. Then you can use fabrics put() to upload that tarball, and fabrics run() to unpack it in the correct location.
A code snippet for the clone, pack, put might look a bit like the following: