install marc_stream_importer.pl in /openils/bin by default

* At startup, the script should prompt the user to enter the password of the running user so it's not necessary to set the password via command line parameter.

* We also need oils_header.pl installed into /openils/bin by default. (Or, alternatively, a new Perl mod that is installed with the other Evergreen Perl mods and implements the same/similar functions)

> * At startup, the script should prompt the user to enter the
> password of the running user so it's not necessary to set the
> password via command line parameter.

Good idea, but note that the command line parameter is still needed as an alternative to entering the password, as otherwise it would be difficult to have Evergreen services start up fully automatically upon boot. Would be a good idea to double check whether the password gets masked in a process listing.

A bonus project (which probably should be the topic of a separate bug) would be to create a way for command-line scripts that need to authenticate as staff users to do so securely without requiring that the admin password be entered in configuration files or boot scripts. On the other hand, since if you have shell access to an Evergreen server as the opensrf user, you also have the full database connection information, that may be overkill.

I can say that passwords do not get masked in process listings. This is why the man page of almost every program that allows a user to enter a password on the command line suggest that you don't do that.

One an Evergreen server, this should be less of a concern given adequate firewall protection. Hopefully, you are not allowing other users to log in to the same machine and run their own processes. In a hosted environment, though, the user may not have enough control of the system to guarantee the privacy of command line options. There is always a trade off between security and convenience.

> I can say that passwords do not get masked in process listings.
> This is why the man page of almost every program that allows a
> user to enter a password on the command line suggest that you don't do that.

To be clear, I was not implying that this would happen automatically; marc_stream_importer.pl would have to munge its process title.

Better might be storing the credentials in the configuration file; that at least could be made 0600 opensrf.

A WIP is available in the user/gmcharlt/lp741788_wip branch of the Evergreen working repository.

Tagging towards 2.next to rescue it from limbo. Small change, should be something that can be finished...

Hello, I've tried rebasing this patch to master and tested it a little bit. There were quite a few changes to the marc_stream_editor since Galen created his patch.

The install bits look like they worked.
oils_header.pl and marc_stream_importer.pl were installed in the bin dir.
marc_stream_importer.conf.example was installed in the conf dir.

I'm not able to test the functionality of the marc_stream_importer.pl script, but it appears to not have syntax errors. I can view the built in help screens.

I would agree that storing the credentials in the config file would be best, to prevent an upgrade from wiping out edits made to the script.

The script now looks for /openils/conf/marc_stream_importer.conf as the default location for the config file, instead of in /openils/bin, which could cause it to fail after and upgrade for the sites using the old default behavior.

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/stompro/lp741788_install_marc_stream_importer

I've revived this and pushed a rebased branch that includes release notes to

working/user/gmcharlt/lp741788_install_marc_stream_importer_rebase
https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/gmcharlt/lp741788_install_marc_stream_importer_rebase

Since the only change was the rebase and adding release notes, I've retained Josh's signoff. This patch does not change how passwords are managed.

I've opened bug 1830757 for the configuration file wishlist item.

Works for me! I've pushed to master.

Thanks Galen and Josh!