0

I need a script that updates my copy of a repository. When I type "svn up" I usually am forced to enter a password, how do I automate the password entry?

What I've tried:

import pexpect, sys, re

pexpect.run("svn cleanup")

child = pexpect.spawn('svn up')
child.logfile = sys.stdout

child.expect("Enter passphrase for key \'/home/rcompton/.ssh/id_rsa\':")

child.sendline("majorSecurityBreach")

matchanything = re.compile('.*', re.DOTALL)

child.expect(matchanything)

child.close()

But it does not seem to be updating.

edit: If it matters, I can get my repository to update with child.interact()

import pexpect, sys, re

pexpect.run("svn cleanup")

child = pexpect.spawn('svn up')
child.logfile = sys.stdout

i = child.expect("Enter passphrase for key \'/home/rcompton/.ssh/id_rsa\':")

child.interact()

allows me to enter my password and starts updating. However, I end up with an error anyway.

-bash-3.2$ python2.7 exRepUpdate.py 
Enter passphrase for key '/home/rcompton/.ssh/id_rsa':  

At revision 4386.
At revision 4386.
Traceback (most recent call last):
  File "exRepUpdate.py", line 13, in <module>
    child.interact()
  File "build/bdist.linux-x86_64/egg/pexpect.py", line 1497, in interact
  File "build/bdist.linux-x86_64/egg/pexpect.py", line 1525, in __interact_copy
  File "build/bdist.linux-x86_64/egg/pexpect.py", line 1515, in __interact_read
OSError: [Errno 5] Input/output error

edit: Alright I found a way around plaintext password entry. An important detail I left out (which, honestly, I didn't think I'd need since this seemed like it would be an easy problem) is that I had to send a public key to our IT dept. when I first got access to the repo. Avoiding the password entry with in the ssh+svn that I'm dealing with can be done with ssh-agent. This link: http://mah.everybody.org/docs/ssh gives an easy overview. The solution Joseph M. Reagle by way of Daniel Starin only requires I enter my password one time ever, on login, allowing me to execute my script each night despite the password entry.

inspectorG4dget
  • 110,290
  • 27
  • 149
  • 241
dranxo
  • 3,348
  • 4
  • 35
  • 48
  • Over what protocol are you authenticating with svn? – Eric Jan 02 '13 at 22:14
  • Judging from ssh key password prompt - via ssh ;) – favoretti Jan 02 '13 at 22:16
  • 1
    I'm using the svn+ssh:// protocol. – dranxo Jan 02 '13 at 22:22
  • Is there a reason you're using `pexpect` to drive the `svn` command line, instead of using [`pysvn`](http://pysvn.tigris.org)? – abarnert Jan 02 '13 at 22:44
  • Secondly, is there a reason you want to embed the ssh key's passphrase in plain text into your script, instead of, say, creating a key with no passphrase, or using `authorized_keys`, or some other mechanism that avoids this? – abarnert Jan 02 '13 at 22:45
  • Finally, what exactly _does_ happen when "it does not seem to be updating". Have you printed a log of inputs and outputs to see where it loses track or gets hung up? Or are you hoping to just guess what should happen, guess what's not happening, and guess how to fix it? – abarnert Jan 02 '13 at 22:46
  • I've never heard of pysvn until that comment, thanks. – dranxo Jan 02 '13 at 22:50
  • I want to do this as easily as possible, all the examples I saw used a plaintext password. I'm completely new to pexpect and expect. – dranxo Jan 02 '13 at 22:51
  • My understanding is that child.logfile = sys.stdout would give me log information. It prints out the password prompt and the password I give it, nothing else. – dranxo Jan 02 '13 at 22:52
  • 1
    Don't automate password entry, set up your ssh account for password-less access with a private key. It will allow `svn` to update without bothering you. See the docs for your ssh client. – alexis Jan 02 '13 at 23:00
  • @alexis is this possible without root permission? I only have read access to the directory I need to update each night. – dranxo Jan 02 '13 at 23:09
  • You don't need root permission, but you do need to be able to store the other half of your key on the server (in `~/.ssh/`, if on a unix system; read the docs). If you really only have read access, you're stuck with passwords. – alexis Jan 02 '13 at 23:13
  • @alexis I only have read access and am thus stuck with passwords, which is why I want to automate the password entry. – dranxo Jan 02 '13 at 23:16
  • You can use ssh-agent to type your key password less. See: http://linux.die.net/man/1/ssh-add – Rafał Rawicki Jan 02 '13 at 23:43
  • 1
    @alexis: he is automating password entry for ssh key, not for svn, passwordless ssh keys are evil and should never be used, really. – favoretti Jan 03 '13 at 00:29
  • @RafałRawicki Thanks, I did eventually get this to work. The password entry problem remains unsolved, but I am able to run my scripts now, this link did it: http://mah.everybody.org/docs/ssh – dranxo Jan 03 '13 at 00:36
  • @RafałRawicki ssh-agent worked great. If you want to change the comment to an answer I'll mark it as correct. – dranxo Feb 05 '13 at 06:13

2 Answers2

1

If you don't want to type password many times, but still have a secure solution you can use ssh-agent to keep your key passphrases for a while. If you use your default private key simply type ssh-add and give your passphrase when asked.

More details on ssh-add command usage are here: linux.die.net/man/1/ssh-add

Rafał Rawicki
  • 22,324
  • 5
  • 59
  • 79
0

You should really just use ssh with public keys.

In the absence of that, you can simply create a new file in ~/.subversion/auth/svn.simple/ with the contents:

K 8
passtype
V 6
simple
K 999
password
V 7
password_goes_here
K 15
svn:realmstring
V 999
<url> real_identifier
K 8
username
V 999
username_goes_here
END

The 999 numbers are the length of the next line (minus \n). The filename should be the MD5 sum of the realm string.

phihag
  • 278,196
  • 72
  • 453
  • 469