Accessing private GitHub repos via HTTPS URLs is a matter of adding a Authorization: Basic <user:password, but base64-encoded>
header to the request sent by `net/git-checkout`, where "password" is a GitHub personal access token. (I temporarily added a hardwired line in `http-request-headers` in `net/git-checkout` to check that it works with my GitHub account.) I'm not sure where to add a username+password configuration for `raco pkg`. Maybe `net/git-checkout` should look in a particular file. Maybe `git-checkout` should take a username and password as arguments, and `raco pkg` should get them from somewhere. If this seems like the right direction to you, I'd be happy to see a pull request that implements whatever configuration approach you think is appropriate. You'd need to have some local configuration to access a private repo through HTTPS, but that doesn't seem like a problem to me (i.e., similar to local DNS or package-catalog configuration). Nothing would prevent you from registering an HTTPS package source with the main package catalog, but it would show up as "install fails" at best; using a private catalog seems clearly better for private packages. At Fri, 17 Jun 2016 10:29:56 -0700, Alexis King wrote: > I have been looking for a way to use Racket at work, and we’ve found > a couple places where it might be useful for documentation or > tooling. As part of this, it would be very nice to keep our source > code private, but it would still be helpful to make use of the > package manager to handle dependency resolution. We explored creating > a custom catalog that would contain our packages, which has worked > reasonably well, but the Racket package system does not appear to > be capable of fetching packages backed by private repositories. > > Glancing over the git protocol documentation and interacting with > a private repository via HTTP client, implementing this on the > technical side doesn’t look too difficult. GitHub uses the “smart” > HTTP protocol as documented here[1], and authorization is done using > HTTP Basic Authentication. Implementing this without using libgit > or the git CLI might be a little difficult, but distributing libgit > would not be hard if it ended up being a problem. > > The trickier issue is the social side, as well as the user interface. > How would git credentials be provided to the package manager so > that it could actually access these packages? More importantly, is > it actually okay for the success of package installation to be > dependent on some configuration that lives on a user’s local machine? > If these sorts of packages were uploaded to the main package catalog, > what would be the policy for handling them? > > Ultimately, I think it’s important for the package manager to support > private package distribution mechanisms for me to be able to > comfortably adopt Racket in a corporate setting, so I think having > some solution to this problem that does not involve out-of-band > trickery would be nice. I’m just not sure what that solution might > look like or how it would mesh with the current, open-source centric > package management strategies. I’m curious about how other people > feel about these issues. > > Thanks, > Alexis > > [1]: https://git-scm.com/book/en/v2/Git-Internals-Transfer-Protocols > > -- > You received this message because you are subscribed to the Google Groups > "Racket Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/racket-dev/367855D6-5D7E-4772-8240-1699B2AF13 > 42%40gmail.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Racket Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/racket-dev/576478da.0b1c620a.9448d.2ec5SMTPIN_ADDED_MISSING%40gmr-mx.google.com. For more options, visit https://groups.google.com/d/optout.
