I’ve taken the plunge and am in the middle of switching from Subversion to Mercurial for revision control. Subversion has served me relatively faithfully for many years (I’ve even championed/led the adoption of subversion at two companies I’ve worked for in the past) but some of the warts and shortcomings were beginning to annoy me (. directories everywhere for example). Dave Dribin’s series of posts about the Mercurial DVCS software piqued my interest and I was soon switching repositories to hg.
One feature that added recently that hg lacked was the ability to store repository passwords in the Mac OS X keychain. In fact mercurial lacks the ability to store a repository password anywhere other than in the url used to access the repository (i.e. http://user:password@example.com/path). I think this is a bit of security flaw. The password is stored as plain text within the repository config file (’.hg/hgrc’) file.
Fortunately Mercurial provides a simple interface for extension modules. After a little bit of hacking I was able to write an hg extension that stores and retrieves the password from the keychain. I’ve put the code online for anyone to use. hgkeychain:
And yes the source code is currently hosted in a Subversion repository :-) I did mention I’m in the middle of transitioning to Mercurial didn’t I?
5 responses so far ↓
1 keramida // Feb 13, 2008 at 6:02 pm
This seems like an extension that would be very useful to have in the main Mercurial distribution. Can we hope to lure you into submitting it to `mercurial-devel (at) selenic.com’ as a patch?
Cheers,
Giorgos
2 schwa // Feb 13, 2008 at 8:07 pm
Giorgos, yeah I would love it to be part of the distribution however:
1 It disables Mercurial’s demandimport module. I couldn’t get demandimport to work with my imports. And after a quick google I found it easier to disable the module than to fix things. Hopefully an hg expert can help me with this.
2 it uses a Mac OS specific compiled C module.
3 It monkey patches mercurial to override the password manager. I had to do this because I couldn’t see how to access the password manager legitimately.
I don’t think this extension is suitable to be included with mercurial. But I will look into the idea of creating a patch that will provide this functionality in a less hacky manner.
3 TeemuAP // Feb 14, 2008 at 5:46 am
One thing I toyed around with: adding bonjour to ‘hg serve’. That way guys around the table can find and access each other’s repos without bothering with IPs/ports.
Not knowing python I did not end up with anything publishable, just a ruby wrapper.
4 Hacking » Blog Archive » Making Mercurial use the Mac OS X Keychain // Feb 14, 2008 at 7:09 am
[...] Read the rest of this great post here [...]
5 schwa // Feb 14, 2008 at 10:44 am
@TeemuAP, yeah that might be interesting. The guys at turbogears do the same for their built-in server. I think they do it just by spawning the “dns-sd” tool. That should be relatively easy I’d imagine. Of course that would be Mac OS X only (again).