问题
I'm in the middle of trying to get mercurial working on a windows build server and am having issues. I went to the trouble of setting up the mercurial keychain (I had to install tortoisehg), and it works on a per-user basis.
The problem is that I'm using Bamboo to run the builds, and it runs as an NT service owned by SYSTEM. Thus, any time it tries to do anything with hg, it gets prompted for a password.
Obviously, I could put the password into a config file, but I want to avoid a plaintext password just sitting around.
As far as I can tell, there are two ways of attacking this problem. Neither of which I know how to do:
- Make the mercurial keychain global, rather than per-user. This may not even be possible.
- Somehow log in as the SYSTEM user and do a few mercurial commands with it, so that its keychain gets seeded with the user/password information.
- Something completely different...?
Thanks in advance for any insights you might have!
-Ben
回答1:
I realize you've already found a solution, but in case future Googlers wind up here, I'll post what I did.
First, you can have the bamboo service run as any user you want. I needed it to run as a normal user so that some of the registry entries that my compiler needs were available. To set the user for the bamboo service, you need to edit the wrapper.conf (C:\Program Files\Bamboo\conf\wrapper.conf on a normal install.) Obviously, before editing this, you'll need to uninstall the existing service if it is installed.
The easiest way to set the login account is by adding this to the bottom of the file
wrapper.ntservice.account=domain\username
wrapper.ntservice.password=s3cr3t.p@ssw0rd
Obviously, you may not want your login password in a plain text file. There are several ways around this, so I'll just point you to: http://wrapper.tanukisoftware.com/doc/english/props-nt.html . wrapper.ntservice.password.prompt may be of particular interest.
If you use ssh for Mercurial, there is another option: you can set your ssh command in a Mercurial.ini. For the build server, I set most of these commands for the entire system at once by configuring them in a file in C:\Program Files\TortoiseHg\hgrc.d . I have a line that looks like:
ssh=TortoisePlink.exe -batch -i "C:/Users/autobuilder/hgPrivKey.ppk" -l autobuilder
For me, autobuilder is the normal user that things run as. The hgPrivKey.ppk is a private key file created with PuttyGen. I have the public key in the authorized_keys file on the server.
Hopefully, these suggestions will get somebody on the right track.
回答2:
I ended up having to revert the bamboo remote agent from a NT service back down to a regular old process running under a normal user. This obviously comes with its own set of gotchas as far as management of the server goes, but it will have to do for now. I'll mark this as the answer in a day or so unless someone comes up with something better.
来源:https://stackoverflow.com/questions/7590200/windows-mercurial-global-keychain