1
0
mirror of https://github.com/openSUSE/osc.git synced 2024-11-15 00:36:11 +01:00
Commit Graph

292 Commits

Author SHA1 Message Date
5f912a8d7d conf: Display apiurl when asking for a username or a password 2023-04-11 11:25:24 +02:00
cf6e33a59b conf: If apiurl is not set in interactive_config_setup(), use apiurl from DEFAULTS 2023-04-11 11:11:25 +02:00
a25ea8d175 conf: Do not error out if oscrc is owned by another user 2023-04-03 08:59:25 +02:00
7c826dc605 conf: Fix a cut&paste error in setting 'disable_hdrmd5_check' config option
This set credentials_mgr_class to 'False', which caused
TransientCredentialsManager to ask for a password even when doing ssh auth.
2023-03-17 14:13:21 +01:00
0ad39a9ec9 build: New option 'disable_hdrmd5_check' to ignore hdrmd5 mismatches 2023-02-21 14:53:08 +01:00
2a9edeec5b conf: Change how api_host_options determine option types
The _integer_opts and _boolean_opts specify option types for both
global options as well as api_host_options
2023-02-21 14:42:30 +01:00
Dirk Müller
adb1a9b4ef mark boolean and integer_opts as private
It is unused elsewhere, and only used for unit-testing
2022-12-01 10:05:32 +01:00
7e67269b74 Replace 'if not <cond> in ...' with 'if <cond> not in ...' 2022-09-12 14:15:34 +02:00
fe59986e1c Run autopep8 to fix whitespace issues 2022-09-12 13:45:19 +02:00
b511be20ff Always import at the toplevel 2022-09-12 13:45:19 +02:00
ff63226c2f Properly test for None 2022-09-09 09:33:51 +02:00
b55384a914 Fix undefined variable in conf.apply_option_types() 2022-09-09 09:33:51 +02:00
a5b8729f2f Fix usage of super() 2022-09-09 09:33:51 +02:00
f8a8c9c91c Print user and apiurl when prompting for a password
It's not a good idea to send a password to a different server
than it belongs. Now the server identity is obvious.
2022-09-08 10:51:04 +02:00
3d8efe2d15 ssh auth: Avoid password prompt when using TransientCredentialsManager 2022-09-06 12:49:47 +02:00
ed5def96ba Remove deprecated 'plaintext_passwd' config option 2022-08-25 13:20:25 +02:00
41ceb4b5f8 Remove deprecated 'GnomeKeyringCredentialsManager' and related code 2022-08-25 13:20:25 +02:00
b306bf0b91 Convert defaults to their expected types
Fixes problems in reading conf values before the configuration
is fully initialized.
2022-08-22 15:08:49 +02:00
6cb7412749 Remove duplicated --debug and --verbose options
Additional changes:
* rename getbinaries --debug to --debuginfo to avoid conflicts
* switch conf['verbose'] from int to bool

The changes were needed because the new argparser behaves differently
and commands such as `osc ls` ran in verbose mode by default.
2022-08-12 10:06:00 +02:00
e469c2c184
Merge pull request #1041 from AdamMajer/master
Add support for project separator
2022-08-12 10:03:23 +02:00
229913a77f Clean imports up, drop python 2 fallbacks 2022-07-28 13:17:43 +02:00
0d701556f2 Warn when using HTTP connection. Make HTTPS the default.
It is possible to omit protocol in -A/--apiurl now,
because https:// is the default.
2022-07-27 11:15:21 +02:00
93bc0e4731 Switch http_request() to urllib3
Use connection pools for better performance.
Replace M2Crypto with cryptography and urllib3's ssl context.
2022-07-27 11:15:21 +02:00
4deaf2b9c3
Merge pull request #1077 from abitrolly/relconf
Fix failure to create config in current dir
2022-07-26 09:37:29 +02:00
Anatoli Babenia
6a9398a97b Fix failure to create config in current dir
This uses exception based protection from parallel execution
https://github.com/openSUSE/osc/pull/1077#discussion_r928976845
2022-07-26 09:04:15 +03:00
9786aafa51 Update list of considered file names for ssh key autodetection
The file names come from ssh(1) man page.
2022-07-25 17:54:43 +02:00
f83e9a23d5
Merge pull request #1074 from dmach/pr1049-v2
RFC: ssh: recognize gpg keys (yubikey usage)
2022-07-25 13:52:31 +02:00
a7e5e12c5a Allow users to prefer ssh key over password auth
If `sshkey` config option is set, then osc prefers it over password auth.
If `sshkey` config option is not set and the server supports both basic
and signature auth, basic auth is used and ssh key is NOT auto-detected.

Users who want to use ssh auth with ssh key auto-detection can now leave
the `pass` config option empty to trigger ssh key auto-detection.

The ssh-key autodetection picks the first key that matches:
- key loaded to ssh-agent (`ssh-add -l`) that has a public key in ~/.ssh
- ~/.ssh/{id_ed25519,id_rsa}

It is also recommended to use Obfuscated or Plaintext credentials manager.
Please be aware that storing passwords using these credentials managers
is unsafe, because they're stored in plain text on disk.

Example:

    [<apiurl>]
    user=<username>
    pass=
    # ssh key is auto-detected because `pass` is empty
    sshkey=
    credentials_mgr_class=osc.credentials.ObfuscatedConfigFileCredentialsManager
2022-07-22 08:20:44 +02:00
Martin Wilck
870d861b61 ssh: recognize gpg keys (yubikey usage)
When using ssh keys from gpg, there are no private key files on
disk. The public keys are available from "ssh-add -L". Conveniently,
users store the public keys in some ".pub" file under ~/.ssh
(see e.g. https://serverfault.com/questions/906871/force-the-use-of-a-gpg-key-as-an-ssh-key-for-a-given-server;
this is also necessary to use IdentityFile= in ssh itself).

Thus public key files can't be ignored any more in list_ssh_dir_keys().
"ssh-keygen -Y sign" works nicely with a public key file if the agent
has access to the private key.
2022-07-11 13:08:34 +02:00
Adam Majer
c4c2d2a933 Add project_separator to config file
This allows for arbitrary string to be used as a project
separator instead of restricting oneself to : or directory
structure.

Fixes: #1024
2022-07-04 15:05:05 +02:00
lethliel
d9e2d958c1 declare OscHTTPSignatureAuthHandler as a new-style class
remove illegal character in comment
2022-06-14 14:27:48 +02:00
dec6f7135d
Merge pull request #1043 from dirkmueller/download_url_quoting
Fix quoting of download urls
2022-06-02 13:28:59 +02:00
1715163166
Merge pull request #994 from dmach/update-sphinx-configuration
Update Sphinx configuration
2022-06-02 10:09:38 +02:00
1f8fc339de
ssh key authentification fixes
- do not crash when having binary files in ~/.ssh
- support also RSA key setups
2022-06-01 16:23:02 +02:00
Marco Strigl
c3d535c3b2
Merge pull request #1012 from adrianschroeter/obs_git
initial obs-git support
2022-05-24 11:39:45 +02:00
Michael Schroeder
badcfc283c Remove no longer used modules 2022-05-23 11:23:13 +02:00
Michael Schroeder
b8f76f7990 OscHTTPSignatureAuthHandler: try to guess ssh key from the keys added to ssh-agent
Based on a patch by Daniel Mach
2022-05-23 11:23:05 +02:00
Dirk Müller
b7ed6534eb
trailing whitespace cleanup 2022-05-20 12:00:44 +02:00
mls
0b826613d9
Integrate signature authentication in the OscHTTPAuthHandler 2022-05-06 16:30:15 +02:00
mls
99ba3719c7
Add support for the Signature authentication scheme
See https://tools.ietf.org/id/draft-cavage-http-signatures-12.html
2022-05-06 16:29:58 +02:00
c875ca2886
initial obs-git support
* init command is working inside of a git repository
* downloadassets command fetches references assets from build description
* checkout is cloning from git
2022-04-29 09:59:13 +02:00
mls
e47a265388
Allow to configure a ssh key in the config
We support a global key and a key specific to an apiurl.
2022-04-27 11:36:20 +02:00
mls
119ffd6027
Rename OscHTTPBasicAuthHandler to OscHTTPAuthHandler
We'll support more than one auth scheme in the future.
2022-04-27 11:36:20 +02:00
mls
38e3c4952f
Simplify bad auth retry workaround needed for old python versions
This changes the code back to retrying up to 5 times for old
python version 2.6.6-2.7.9. The complete backport of the basic auth
changes clutters up the code way to much for such a little gain.

(This basically reverts commit 326abe0c8b)
2022-04-27 11:36:08 +02:00
Marcus Huewe
90ccc84f95 Merge commit 'refs/pull/1022/head' of github.com:openSUSE/osc
Only ask for a password if it is really needed for authentication.
The new lazy password approach is much smarter than the old callable
hack. That's why we deprecate returning a callable from
AbstractCredentialsManager.get_password. The current compatibility code
for a callable will be removed in the near future.

Minor nitpick: actually it would have been "cleaner" to introduce a new
subclass like an AbstractLazyPasswordCredentialsManager that encapsulates
the lazy password behavior. Currently, if, for instance, a credentials
manager is always non-lazy it would just override get_password but still
inherits the abstract (and unused) _get_password method.
2022-04-11 15:27:14 +02:00
Michael Schroeder
784d330f20
Only prompt for a password if the server asks for it
In many cases the session cookie is already available, so there
is no need to ask for a password. To make this work with the
python authentication implementation, we add a small proxy object
for the password and only ask the credential manager if the
stringify method is called.

This approach also makes it possible to offer a non-password based
authorization type if the server allows multiple authentication
methods.
2022-04-11 11:46:08 +02:00
Marco Strigl
c1bec6901a
Merge pull request #950 from Firstyear/allow-download-source
Add support to manually override download url locations.
2022-04-07 11:06:13 +02:00
8a85789573 Set the first (highest prio) credentials manager as the default 2022-03-28 09:49:55 +02:00
88a8a0cdd8 Print credentials managers as a table 2022-03-24 11:02:01 +01:00
William Brown
299965fd69 Add support to manually override download url locations. 2022-03-17 09:48:57 +10:00