Subversion HTTPS password caching using GPG-Agent?
This thread seems to give a hint: https://groups.google.com/forum/#!topic/subversion_users/WS8Cr7mAovQ
I'm running Xfce on Ubuntu, and I had the same problem. Apparently, the reason is that the $GPG_AGENT_INFO
environment variable is not set. Manually running the /etc/X11/Xsession.d/90gpg-agent script (which sets this variable) did help me.
I finally found a solution to my problem by looking into it once more, starting from the suggestion of Roman above. The comments of the find_gpg_agent_socket
function in the Subversion client's GPG-Agent authentication source code indeed explain:
$GPG_AGENT_INFO
takes precedence, if set, otherwise$GNUPGHOME
will be used.(...)
For reference
GPG_AGENT_INFO
consists of 3 : separated fields. The path to the socket, the pid of the gpg-agent process and finally the version of the protocol the agent talks.
The path to the GPG-Agent socket can easily be found by calling gpgconf --list-dirs agent-socket
on the command line. The other two segments of the $GPG_AGENT_INFO
variable are not used by the Subversion client, and should thus not necessarily be set.
I have therefore added the following code at the end of my .profile
file:
export GPG_TTY=$(tty)
export GPG_AGENT_INFO=`gpgconf --list-dirs agent-socket | tr -d '\n' && echo -n ::`
This sets the $GPG_TTY
variable to the current terminal, and the $GPG_AGENT_INFO
variable to the GPG-Agent socket, followed by two colon characters (i.e., the format expected by the Subversion source code).
Subversion seems to cache the repositories' authentication settings in ~/.subversion/auth
, so I found it necessary to clear that directory before GPG-Agent would be used correctly:
rm -rf ~/.subversion/auth
After starting a new session, you should be able to verify that the $GPG_AGENT_INFO
variable is set correctly: echo $GPG_AGENT_INFO
should output something like /run/user/1000/gnupg/S.gpg-agent::
(where 1000
is the uid of the current user).
When performing a Subversion command, for example svn up
, your password will be prompted the first time:
Updating '.':
Enter your Subversion password for <https://example.com:443> Subversion Repository
Password for 'username': :
At revision 123.
When performing a second Subversion command for the same repository for some time afterwards, Subversion should use the password cached by GPG-Agent:
Updating '.':
At revision 123.
Edit: I have the impression that, when using a repository for the first time (i.e., when it is not yet present in Subversion's cache), the password is only correctly saved by GPG-Agent after entering it twice.