-
-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use gpg binary for signing and reading credentials from encrypted file #311
Conversation
@@ -59,13 +64,82 @@ | |||
:password password | |||
:non-proxy-hosts (get-non-proxy-hosts)})))) | |||
|
|||
(defn ^{:boot/from :technomancy/leiningen} boot-home |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this available somewhere already? App
is at least reading the env variable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once #317 is merged, boot.App/bootdir
should probably be used.
This is alternative to #274 Btw. reading credentials a file or other sources could be provided as a separate library, but I think deploy repositories should be separated in any case. |
Ah, I almost forgot. There's a reason why it would be preferred to have support for reading credentials from file in Boot itself. With a plugin the use would look something like: (set-env! :dependencies '[[deraen/boot-contrib-gpg "0.1.0-SNAPSHOT"]])
(require '[deraen.boot-contrib-gpg :refer [set-repositories! push-gpg]])
(set-repositories! [["my.datomic.com" {:url "https://my.datomic.com/repo"
:creds :gpg}]])
(set-env! :dependencies '[rest of dependencies, including stuff from private repos]) It's quite verbose because the plugin has to be added before adding other dependencies. |
|
Looks like it would be possible to extend Bouncy Castles PGP library with PassphraseLoader which would retrieve key from gpg-agent: https://github.com/kohsuke/pgp-maven-plugin/blob/master/src/main/java/org/kohsuke/maven/pgp/loaders/GpgAgentPassPhraseLoader.java Would only work for Unix systems but Windows users could anyway use the task options. |
This should now support all existing options, though @danielsz What was the use case for providing GPG options through environment variables in another PR? Should I implement that also, or is using gpg binary enough? |
@Deraen Off the top of my head, the environment variables are redundant if gpg-agent is used, because it knows who the user is, what the signing key is, etc... |
Rebased and updated to use |
And squashed. |
Copied the implementation from Leiningen. - Deploy repository options can be set using push task option. - Deprecate gpg-keyring option
Use gpg binary for signing and reading credentials from encrypted file
Copied the implementation from Leiningen.
:deploy-repositories
env property. This is because it'sprobable that credentials between repositories differ for read and
deploy.
Needs still some polishing.