[jira] [Commented] (MYNEWT-805) Better support for private repos

Fri, 18 Aug 2017 15:12:33 -0700 

    [ 
https://issues.apache.org/jira/browse/MYNEWT-805?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16133691#comment-16133691
 ] 

ASF subversion and git services commented on MYNEWT-805:
--------------------------------------------------------

Commit 82f23fe5b88f71fcad3b69b5aabdf163f618a5d6 in mynewt-newt's branch 
refs/heads/master from [~ccollins476]
[ https://gitbox.apache.org/repos/asf?p=mynewt-newt.git;h=82f23fe ]

newt - Fix handling of private github repos.

MYNEWT-804 Access to private repos using personal access tokens is broken
MYNEWT-805 Better support for private repos

The current handling of private github repos is broken in a few ways:

1. Only used for retrieval of repository.yml; manual login+password
   entry required for cloning.
2. Authentication tokens were handled incorrectly.  These should be
   handled just like passwords.

This commit provides the following fixes:

1. Use configured login and password for cloning as well as
   repository.yml retrieval.
2. Remove 'token' configuration item ('password' works for tokens as
   well).
3. Add 'password_env' configuration item.  This specifies the name of an
   environment variable containing the password for the private repo.
   This setting is only used if 'password' is empty.


> Better support for private repos
> --------------------------------
>
>                 Key: MYNEWT-805
>                 URL: https://issues.apache.org/jira/browse/MYNEWT-805
>             Project: Mynewt
>          Issue Type: Improvement
>      Security Level: Public(Viewable by anyone) 
>          Components: Newt
>            Reporter: Todd Mitton
>            Assignee: Todd Mitton
>            Priority: Minor
>
> A password or personal access token must be specified in project.yml for 
> `newt install` to access a private repo. This makes it hard to use private 
> repos in automated environments because it would require checking in the 
> clear text password/token.
> We should add support for getting the password/token from an env variables.  
> CI systems like jenkins, travis, etc. securely store secrets and make them 
> available to builds through env variables.
> Even better then env variables is to use ssh instead of https. Private repos 
> can be accessed via ssh, and newt can simply use the local ssh agent when 
> accessing the private repo.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to