Bazaar

i want to run bzr update user pass, in cron job. with no bzr input from prompt. Possible? New feature?

Asked by bjornlu

My repo in on a diffrent server from my project. I want to update my demo project once an hour from my repo with a automated job.

But as far as i can see, bzr update ask for a password, i cant pass it along, or maybe i've missed that info.

if repo and checkout is on the same server it works but that cant be done. running over ssh.
Created it like this: bzr checkout --lightweight bzr+ssh://username@ip/path

Question information

Language:
English Edit question
Status:
Answered
For:
Bazaar Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
John A Meinel (jameinel) said : 		#1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

bjornlu wrote:
> New question #81884 on Bazaar:
> https://answers.launchpad.net/bzr/+question/81884
>
> My repo in on a diffrent server from my project. I want to update my demo project once an hour from my repo with a automated job.
>
> But as far as i can see, bzr update ask for a password, i cant pass it along, or maybe i've missed that info.
>
> if repo and checkout is on the same server it works but that cant be done. running over ssh.
> Created it like this: bzr checkout --lightweight bzr+ssh://username@ip/path
>
>

You could set up an ssh-key that doesn't require a password (either
because you also set up an ssh-agent to manage the key, or because you
set the ssh-key to be without a password.)

You might look at something like:
http://sial.org/howto/openssh/publickey-auth/

John
=:->

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkqhHyQACgkQJdeBCYSNAAOWUwCeOO9sI7EUM5InBeLkYUsAymao
ExUAn0bhvmjjWW2AR+hJFAnnyVvSnjFy
=QwhB
-----END PGP SIGNATURE-----

Revision history for this message
bjornlu (bjarne-l) said : 		#2

Ok, tnx. But this is not really an option for us, for security reasons, even though we only use bzr internally or over vpn. Hopefully there is another way to solve this.
/Bjarne

Revision history for this message
Martin Pool (mbp) said : 		#3

2009/9/7 bjornlu <email address hidden>:
> Question #81884 on Bazaar changed:
> https://answers.launchpad.net/bzr/+question/81884
>
>    Status: Answered => Open
>
> bjornlu is still having a problem:
> Ok, tnx. But this is not really an option for us, for security reasons, even though we only use bzr internally or over vpn. Hopefully there is another way to solve this.

Can we understand more about that? Having an ssh key with no
passphrase is no worse than putting the password in your script, and
in some ways better.

--
Martin <http://launchpad.net/~mbp/>

Revision history for this message
bjornlu (bjarne-l) said : 		#4

hm, as I understand it, the "user" bzr that can check out code, can be used from anyone's account. As it is now we can all update the code at the checkout place since only the user that created the checkout can update it.(easily)

The password in a script is only viewable by the server admin since its there the script runs from. That should be safe, or else nothing is safe.

Lets say someone plugs in a comp on our network and runs checkout as bzr user, he gets the ssh key automatically. just clone a mac address, connect a pc and checkout.

Just a thought of why i want to have a password on the user. but maybe i've missed something in the setup to make our work smoother, but this is the first time we've used baazar.

B.r. Bjarne

Revision history for this message
Martin Pool (mbp) said : 		#5

> Lets say someone plugs in a comp on our network and runs checkout as bzr user, he gets the ssh key automatically. just clone a mac address, connect a pc and checkout.

No, he won't. Create an ssh key specifically for this purpose, and make it viewable only by the people who can view or run the script.

Can you help with this problem?

Provide an answer of your own, or ask bjornlu for more information if necessary.

To post a message you must log in.