Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 23327 - fetching URIs with passwords
Summary: fetching URIs with passwords
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Core (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Portage team
Depends on:
Reported: 2003-06-23 09:19 UTC by Chris Bainbridge (RETIRED)
Modified: 2005-02-27 22:36 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Chris Bainbridge (RETIRED) gentoo-dev 2003-06-23 09:19:03 UTC
There is no general mechanism for querying the user for a password from an ebuild 
before file download. If a password is entered into the URI string, or entered as an 
environment variable eg. SRC_URI="ftp://${USER}:${PASS}" 
then the username and password get cached in /var/cache/edb/dep/group/package 
the first time ebuild fetch is run. This is bad from a security point of view, and means 
that you can't change the password later without explicitly rm'ing the dep cache files.
Comment 1 SpanKY gentoo-dev 2003-06-23 10:25:37 UTC
you can modify the FETCHCOMMAND to pass params to wget (like username/pw) ...

but i cant think of any package that currently exists that needs this kind of
support ... anything that requires a user/pass (like bitkeeper) also require you
to register first ... and then they would be really made if we gave out said URL
in our ebuilds ...
Comment 2 Chris Bainbridge (RETIRED) gentoo-dev 2003-06-23 11:20:48 UTC
I didn't know that. How? I tried FETCHCOMMAND="echo" in the ebuild but it did 
nothing. I've also tried using a dyn_fetch() {} function that I saw in another ebuild but 
it doesn't seem to do anything. 
The packages that I have are commercial ASIC design software, the company gives 
sysadmins accounts on the ftp site to download from. I only know of one other 
gentoo user doing this kind of thing so you're right that it probably isn't a widely 
used feature, but it would still be nice if I could get it to work :) 
Comment 3 SpanKY gentoo-dev 2003-06-23 15:15:14 UTC
what if you use FETCHCOMMAND in /etc/make.conf ? 
Comment 4 Chris Bainbridge (RETIRED) gentoo-dev 2003-06-23 16:53:24 UTC
Ah I see, but theres no way to modify that from inside the ebuild.. 
Comment 5 Nicholas Jones (RETIRED) gentoo-dev 2003-06-29 17:01:44 UTC
Current policy is RESTRICT=nofetch, and you download it yourself.

Will consider options.
Comment 6 Brian Harring gentoo-dev 2004-07-16 01:19:50 UTC
Nick, status on this?  Been just over a year :)
Comment 7 Brian Harring gentoo-dev 2005-02-27 22:36:59 UTC
Slapping this shut; if the src_uri exposes a password, it exposes a passwd.  So does the ebuild...
Re: grabbing a password from users, well, pkg processing _should_ be entirely non-interactive, so that's a no no.
Besides, as nick said, RESTICT="fetch" works fine.