would like a reasonably safe way of including https user:password data in chroot_sources/*chroot

Bug #637626 reported by Al Stone on 2010-09-13
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
live-build (Ubuntu)
Wishlist
Unassigned

Bug Description

Binary package hint: live-helper

This may not be the best way to do this but I've attached a patch to the current lucid source that works for me.

The basic problem is in chroot_sources/*.chroot, if I wish to use a PPA, I need to provide a user:password combination for the https entries. I'd really rather not leave those values in that file -- which I may have to share with others. It's not really very secure.

What the attached patch does is allow me to put entries in a $HOME/.live-helper file that I can keep separate and protect, and keep strings in the chroot_sources/*.chroot file that will be replaced during lh build with the proper user name and password. I can now share the chroot_sources/*.chroot file without exposing my password to the PPA, different users can use their own user names and passwords, and there is no effect on those not using the https transport.

Colin Watson (cjwatson) on 2011-05-23
affects: live-helper (Ubuntu) → live-build (Ubuntu)
Changed in live-build (Ubuntu):
importance: Undecided → Wishlist
status: New → Triaged
tags: added: patch
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers