Synopsis
The requisite jobs of installing svn with keyring support and installing the
Collabnet keyring_tool application are already performed for our Linux servers.
1) Configure SVN client to use keyring:
1.1) Edit ~/.subversion/config
[auth]
password-stores = gnome-keyring
1.2) Edit ~/.subversion/servers
[global]
store-passwords = yes
store-plaintext-passwords = no
2) Create a keyring for your password. You will be prompted to create a new password to unlock the keyring; this may be anything you wish:
keyring_tool --create=svn
3) Set the new keyring as the default:
keyring_tool --setdef=svn
4) In .bash_profile or .bash_login (assuming you are using bash as your terminal)
if [ -e /usr/bin/gnome-keyring-daemon ]; then
if [ ! -z "`kill -0 $GNOME_KEYRING_PID 2>&1`" ]; then
# Create dbus transport link for SVN to talk to the keyring.
eval `dbus-launch --sh-syntax`
# Start the keyring daemon.
# The use of export here captures the GNOME_KEYRING_PID, GNOME_KEYRING_SOCK
# env values echoed out at startup.
export `/usr/bin/gnome-keyring-daemon`
fi
fi
5) In .bash_logout
# Kill the message bus established for SVN / Keyring communication
if [ ! -z "`kill -0 $DBUS_SESSION_BUS_PID 2>&1`" ]; then
kill $DBUS_SESSION_BUS_PID > /dev/null 2>&1
fi
# Kill the Gnome Keyring Daemon prior to logout.
if [ ! -z "`kill -0 $GNOME_KEYRING_PID 2>&1`" ]; then
kill $GNOME_KEYRING_PID > /dev/null 2>&1
fi
Background
I ran into a similar problem while trying to establish a hassle free way to ensure authorized user access to certain SVN repos at work. Basically we had to force credential checking every time a user accesses the server so even the svn update command would require authentication. Clearly plain text password storage was out so with a little research I came upon using the gnome-keyring as a way around harassing our user base with constant authentication requests while still keeping unauthorized users out of repositories they should not have access to view.
Much of our day to day work is done via ssh tunnels into a RedHat server w/o X support so I had to find a way around the X11 support. After some searching I managed to find the way around it here:
Source Material
http://support.wandisco.com/index.php?/Knowledgebase/Article/View/362/17/how-to-setup-encrypted-svn-password-storage-using-gnome-keyring-in-an-ssh-session
They key here is using the Collabnet keyring_tool to create a keyring without the gnome-keyring-manager client and establishing the dbus-launch yourself rather than letting SVN handle the setup. SVN uses DBUS to connect to the gnome-keyring-daemon and affect the overall authentication. By manually starting and tearing down the dbus session with -sh-syntax you avoid trying to connect to an X client on dbus startup. If you just start the gnome-keyring-daemon and attempt to use SVN it will still prompt you for your keyring password but then will prompt you for your SVN credentials as well. The dbus will fail when SVN tries to start it because of the lack of an X client; apparently SVN does not use any special flags when starting the dbus.
Second case is the case in my case. That (undocumented?)
--login
option is pretty useful, though I sure wouldn't want to keep my unhashed password in a script or put it on a command line. reading in unechoed mode from within a (non-shell-language) script that then passes that input to the spawned daemon would probably be a good way to do this. I should only have to start this process once per boot, so it makes sense to type in the password; I just need to be able to do it at the command line instead of via the GTK dialog. – intuited – 2010-05-14T21:25:57.8531err.. nevermind, it's documented by
gnome-keyring-daemon --help
. I just checked the manpage and /usr/share/doc. – intuited – 2010-05-14T22:32:34.2132@intuited: Well, then do something like this:
read -rsp "Password: " pass; echo -n "$pass" | gnome-keyring-daemon --login
in a script. – user1686 – 2010-05-15T10:55:46.420Actually yeah, that would work; I was forgetting that echo was a builtin. – intuited – 2010-05-15T18:52:57.520
In reply to old comment from @intuited:
gnome-keyring-daemon --help
gives me a good overview, butman gnome-keyring-daemon
just contains a short description on the program itself but to no arguments. – feeela – 2012-06-19T18:53:01.590