You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@mynewt.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2017/08/18 22:12:00 UTC

[jira] [Commented] (MYNEWT-805) Better support for private repos

    [ https://issues.apache.org/jira/browse/MYNEWT-805?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16133691#comment-16133691 ] 

ASF subversion and git services commented on MYNEWT-805:
--------------------------------------------------------

Commit 82f23fe5b88f71fcad3b69b5aabdf163f618a5d6 in mynewt-newt's branch refs/heads/master from [~ccollins476]
[ https://gitbox.apache.org/repos/asf?p=mynewt-newt.git;h=82f23fe ]

newt - Fix handling of private github repos.

MYNEWT-804 Access to private repos using personal access tokens is broken
MYNEWT-805 Better support for private repos

The current handling of private github repos is broken in a few ways:

1. Only used for retrieval of repository.yml; manual login+password
   entry required for cloning.
2. Authentication tokens were handled incorrectly.  These should be
   handled just like passwords.

This commit provides the following fixes:

1. Use configured login and password for cloning as well as
   repository.yml retrieval.
2. Remove 'token' configuration item ('password' works for tokens as
   well).
3. Add 'password_env' configuration item.  This specifies the name of an
   environment variable containing the password for the private repo.
   This setting is only used if 'password' is empty.


> Better support for private repos
> --------------------------------
>
>                 Key: MYNEWT-805
>                 URL: https://issues.apache.org/jira/browse/MYNEWT-805
>             Project: Mynewt
>          Issue Type: Improvement
>      Security Level: Public(Viewable by anyone) 
>          Components: Newt
>            Reporter: Todd Mitton
>            Assignee: Todd Mitton
>            Priority: Minor
>
> A password or personal access token must be specified in project.yml for `newt install` to access a private repo. This makes it hard to use private repos in automated environments because it would require checking in the clear text password/token.
> We should add support for getting the password/token from an env variables.  CI systems like jenkins, travis, etc. securely store secrets and make them available to builds through env variables.
> Even better then env variables is to use ssh instead of https. Private repos can be accessed via ssh, and newt can simply use the local ssh agent when accessing the private repo.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)