[Buildbot-devel] authenicated SVN checkouts..

Stephen Davis buildbot at soundgeek.org
Wed Jun 28 18:38:09 UTC 2006


As Charles says, any user/pass combo you pass on the command line  
will be shown on the status page.  It will also be shown in the  
master's logs and maybe in the slave's process listing.  If you're  
concerned about security, your best bet is to use subversion's local  
auth caching (On Windows XP, the auth cache files are encrypted. For  
subversion 1.4 on Mac OS X, the passwords will be stored in the  
Keychain).  Any other approach requires you to know every place where  
the build master or slave might store the patched user/pass in  
plaintext somewhere.

Using "--non-interactive" as a global option to the SVN step should  
make the build fail the first time, as you would want -- especially  
for first time users.

IMO, a patch to the SVN step to always pass "--non-interactive" is a  
better direction to take.  As noted, you can do this yourself in your  
build step right now.

stephen

On Jun 28, 2006, at 7:45 AM, Charles Hardin wrote:

> When passing the username and password, you might want to consider  
> adding a patch that doesn't display the full command line  
> arguements on the status page...
>
> The following patch is part of a more complex custom patch, so I  
> just included the parts for the header display - this hasn't been  
> tested as a standalone patch, so apologize if it doesn't work  
> correctly, but hopefully can be used as a base if you want to hide  
> the headers...
>
>
> diff -Nuar buildbot-0.7.2-orig/buildbot/process/step.py  
> buildbot-0.7.2-p4/buildbot/process/step.py
> --- buildbot-0.7.2-orig/buildbot/process/step.py        2006-06-19  
> 15:18:26.000000000 -0700
> +++ buildbot-0.7.2-p4/buildbot/process/step.py  2006-06-19  
> 14:59:51.000000000 -0700
> @@ -1,6 +1,7 @@
>  # -*- test-case-name: buildbot.test.test_steps -*-
>
>  import time, random, types, re, warnings
> +from types import ListType, StringType
>  from email.Utils import formatdate
>
>  from twisted.internet import reactor, defer, error
> @@ -267,6 +268,10 @@
>          if update.has_key('stderr'):
>              self.addStderr(update['stderr'])
>          if update.has_key('header'):
> +            if self.args.has_key('display'):
> +                if self.args['display'] is False:
> +                    log.msg("Filtered header: %s" % update['header'])
> +                    return
>              self.addHeader(update['header'])
>          if update.has_key('rc'):
>              rc = self.rc = update['rc']
> @@ -290,7 +295,7 @@
>
>      def __init__(self, workdir, command, env=None,
>                   want_stdout=1, want_stderr=1,
> -                 timeout=20*60, **kwargs):
> +                 timeout=20*60, display=True, **kwargs):
>          """
>          @type  workdir: string
>          @param workdir: directory where the command ought to run,
> @@ -341,11 +346,19 @@
>                  'want_stdout': want_stdout,
>                  'want_stderr': want_stderr,
>                  'timeout': timeout,
> +                'display': display,
>                  }
>          LoggedRemoteCommand.__init__(self, "shell", args)
>
>      def start(self):
> @@ -691,6 +704,7 @@
>      descriptionDone = None # alternate description when the step  
> is complete
>      command = None # set this to a command, or set in kwargs
>      progressMetrics = ['output']
> +    display = True
>
>      parms = BuildStep.parms + [
>          'description',
> diff -Nuar buildbot-0.7.2-orig/buildbot/test/test_steps.py  
> buildbot-0.7.2-p4/buildbot/test/test_steps.py
> --- buildbot-0.7.2-orig/buildbot/test/test_steps.py     2005-10-26  
> 13:22:50.000000000 -0700
> +++ buildbot-0.7.2-p4/buildbot/test/test_steps.py       2006-06-19  
> 15:13:34.000000000 -0700
> @@ -114,12 +114,17 @@
>          expectedEvents.append(["callRemote", "startCommand",
>                                 (rc, "3",
>                                 "shell",
> -                                {'command': "argle bargle",
> -                                 'workdir': "murkle",
> -                                 'want_stdout': 1,
> -                                 'want_stderr': 1,
> -                                 'timeout': 10,
> -                                 'env': None}) ] )
> +                               {'display': True,
> +                                'command': "argle bargle",
> +                                'workdir': "murkle",
> +                                'want_stdout': 1,
> +                                'want_stderr': 1,
> +                                'timeout': 10,
> +                                'env': None}) ] )
>          self.assertEqual(self.remote.events, expectedEvents)
>
>          # we could do self.remote.deferred.errback(UnknownCommand)  
> here. We
>
>
>
> -----Original Message-----
> From: buildbot-devel-bounces at lists.sourceforge.net on behalf of  
> Julien Gilli
> Sent: Wed 6/28/2006 7:27 AM
> To: Michael March
> Cc: buildbot-devel at lists.sourceforge.net
> Subject: Re: [Buildbot-devel] authenicated SVN checkouts..
>
> Hello,
>
> On 6/28/06, Michael March <mmarch at gmail.com> wrote:
>>
>> I (and I think this list) would *love* to see the patch.
>>
>> Here it is. It should apply on buildbot 0.7.3 fine. It may  
>> contains some
> indentations issues, and it has been generated on Windows. Please,  
> let me
> know if you need anymore information.
>
> Best regards,
> -- 
> Julien Gilli
>
>
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Buildbot-devel mailing list
> Buildbot-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/buildbot-devel





More information about the devel mailing list