Windows Mercurial 全局钥匙串
我正在尝试让 Mercurial 在 Windows 构建服务器上工作,但遇到了问题。我不厌其烦地设置了 Mercurial 钥匙串(我必须安装 tortoisehg),并且它是针对每个用户运行的。
问题是我使用 Bamboo 来运行构建,并且它作为 SYSTEM 拥有的 NT 服务运行。因此,每当它尝试对 hg 执行任何操作时,都会提示输入密码。
显然,我可以将密码放入配置文件中,但我想避免明文密码只是闲置。
据我所知,有两种方法可以解决这个问题。我都不知道该怎么做:
- 使 Mercurial 钥匙串全局化,而不是针对每个用户。这甚至可能是不可能的。
- 以某种方式以 SYSTEM 用户身份登录并使用它执行一些 Mercurial 命令,以便其钥匙串获得用户/密码信息的种子。
- 完全不同的东西...?
预先感谢您可能有的任何见解!
-本
I'm in the middle of trying to get mercurial working on a windows build server and am having issues. I went to the trouble of setting up the mercurial keychain (I had to install tortoisehg), and it works on a per-user basis.
The problem is that I'm using Bamboo to run the builds, and it runs as an NT service owned by SYSTEM. Thus, any time it tries to do anything with hg, it gets prompted for a password.
Obviously, I could put the password into a config file, but I want to avoid a plaintext password just sitting around.
As far as I can tell, there are two ways of attacking this problem. Neither of which I know how to do:
- Make the mercurial keychain global, rather than per-user. This may not even be possible.
- Somehow log in as the SYSTEM user and do a few mercurial commands with it, so that its keychain gets seeded with the user/password information.
- Something completely different...?
Thanks in advance for any insights you might have!
-Ben
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我知道您已经找到了解决方案,但以防万一未来的 Google 员工来到这里,我会发布我所做的事情。
首先,您可以以任何您想要的用户身份运行bamboo 服务。我需要它以普通用户身份运行,以便我的编译器需要的一些注册表项可用。要设置bamboo 服务的用户,您需要编辑
wrapper.conf(正常安装时为C:\Program Files\Bamboo\conf\wrapper.conf)。 )显然,在编辑此内容之前,您需要卸载现有服务(如果已安装)。设置登录帐户的最简单方法是将其添加到文件底部
显然,您可能不希望登录密码位于纯文本文件中。有多种方法可以解决此问题,因此我将向您指出:http:// /wrapper.tanukisoftware.com/doc/english/props-nt.html 。
wrapper.ntservice.password.prompt可能特别令人感兴趣。如果您对 Mercurial 使用 ssh,还有另一种选择:您可以在 Mercurial.ini 中设置 ssh 命令。对于构建服务器,我通过在 C:\Program Files\TortoiseHg\hgrc.d 中的文件中配置它们来一次性为整个系统设置大部分命令。我有一行看起来像:
对于我来说,
autobuilder是事物运行的普通用户。 hgPrivKey.ppk 是使用 PuttyGen 创建的私钥文件。我在服务器上的authorized_keys 文件中有公钥。希望这些建议能让人们走上正轨。
I realize you've already found a solution, but in case future Googlers wind up here, I'll post what I did.
First, you can have the bamboo service run as any user you want. I needed it to run as a normal user so that some of the registry entries that my compiler needs were available. To set the user for the bamboo service, you need to edit the
wrapper.conf(C:\Program Files\Bamboo\conf\wrapper.confon a normal install.) Obviously, before editing this, you'll need to uninstall the existing service if it is installed.The easiest way to set the login account is by adding this to the bottom of the file
Obviously, you may not want your login password in a plain text file. There are several ways around this, so I'll just point you to: http://wrapper.tanukisoftware.com/doc/english/props-nt.html .
wrapper.ntservice.password.promptmay be of particular interest.If you use ssh for Mercurial, there is another option: you can set your ssh command in a Mercurial.ini. For the build server, I set most of these commands for the entire system at once by configuring them in a file in C:\Program Files\TortoiseHg\hgrc.d . I have a line that looks like:
For me,
autobuilderis the normal user that things run as. The hgPrivKey.ppk is a private key file created with PuttyGen. I have the public key in the authorized_keys file on the server.Hopefully, these suggestions will get somebody on the right track.
我最终不得不将竹子远程代理从 NT 服务恢复到在普通用户下运行的常规旧进程。就服务器的管理而言,这显然有其自己的一套陷阱,但目前必须这样做。除非有人想出更好的办法,否则我将在一天左右将其标记为答案。
I ended up having to revert the bamboo remote agent from a NT service back down to a regular old process running under a normal user. This obviously comes with its own set of gotchas as far as management of the server goes, but it will have to do for now. I'll mark this as the answer in a day or so unless someone comes up with something better.