-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tracking Issue for credential-process RFC 2730 #8933
Comments
Also see the discussion in https://internals.rust-lang.org/t/securing-cargo-publishing-credentials/14050 |
There's still a lot of unanswered questions in this tracking issue. But to make it clear basic functionality from the RFC is implemented and available for testing. The questions are all about comparatively small details. |
I have posted a proposal to stabilize just the |
#12334 has been merged which is a redesign of this feature. It should land in nightly within the next week. |
cargo-credential: reset stdin & stdout to the Console Credential providers run with stdin and stdout piped to Cargo to communicate. This makes it more difficult for providers to do anything interactive. The current workaround is for a provider to use the `cargo_credential::tty()` function when reading from the console by re-opening stdin using `/dev/tty` or `CONIN$`. This PR makes the credential provider to re-attach itself to the current console so that reading from stdin and writing to stdout "just works" when inside the `perform` method of the provider. stderr is unaffected since it's not redirected by Cargo. Only the `cargo-credential` crate is changed. No changes are needed to Cargo. cc #8933
login: allow passing additional args to provider As part of moving asymmetric token support to a credential provider in #12334, support for passing `--key-subject` to `cargo login` was removed. This change allows passing additional arguments to credential providers when running `cargo login`. For example: `cargo login -- --key-subject foo`. The asymmetric token provider (`cargo:paseto`) is updated to take advantage of this and re-enables setting `--key-subject` from `cargo login`. r? `@Eh2406` cc #8933
login: allow passing additional args to provider As part of moving asymmetric token support to a credential provider in #12334, support for passing `--key-subject` to `cargo login` was removed. This change allows passing additional arguments to credential providers when running `cargo login`. For example: `cargo login -- --key-subject foo`. The asymmetric token provider (`cargo:paseto`) is updated to take advantage of this and re-enables setting `--key-subject` from `cargo login`. r? `@Eh2406` cc #8933
@ehuss should this issue be closed, then? |
I'm not sure I understand the question, why would this be closed? This is still tracking the credential-process feature. Its design has changed some, but it is still an unstable feature we are tracking. |
@ehuss 🤦🏻 Sorry, I forgot that just because it's implemented doesn't mean it's stabilized. |
Checklist in this issue updated |
Hi, |
Yes, that's covered by the I'll be posting a stabilization PR for both |
Stabilize
|
Team member @arlosi has proposed to merge this. The next step is review by the rest of the tagged team members: Concerns:
Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! See this document for info about what commands tagged team members can give me. |
Initially, I was concerned about allowing a plugin to be used multiple times with different configurations. This mostly came up as a theoretical because I was thinking or process plugins for per-user cache where that might be of more interest. Arlo pointed me to the fact that CLI flags can be used for this which I had forgotten about and overlooked it when I went back over the docs. |
@rfcbot concern future-compatibility Built-in providers start with EDIT: Do we care enough about this vs taking the risk of breaking people? Allowing this intentionally allows polyfills. |
We could reserve the
OTOH there may be a reason I'm not currently thinking of why we need to reserve something that we know can't be user-defined, and the current proposal does not allow for that. |
We also consider shadowing fine for built-in subcommands, aliases, and third-party subcommands though we provide warnings when it happens: https://github.com/rust-lang/cargo/blob/master/src/bin/cargo/cli.rs#L258 Maybe that is the route we should go with using that as our precedence. |
fix: emit a warning for `credential-alias` shadowing ### What does this PR try to resolve? If a `credential-alias` shadows a built-in provider the user could be confused about which provider is being used. ### How should we review this PR? See the test to see what the warning looks like. r? `@epage` who listed this as a concern on the FCP in #8933
🔔 This is now entering its final comment period, as per the review above. 🔔 |
Will this be in the beta on October 5th and available in the stable channel on November 16th? |
Yes, that is the plan and so far we are still on schedule for it. |
Stabilizing this without making |
Summary
RFC: rust-lang/rfcs#2730Area: credential provider for storing and retreiving credentials
Implementation: #8934
Documentation: https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#credential-process
Issues: A-credential-provider
This feature provides a configuration option to specify a process to fetch a token to authenticate with a registry.
Unresolved issues
cargo:macos-keychain
part of the cargo binary improves security here, since only the Cargo binary is accessing the Keychain. If we get Cargo signed by Apple, then it would be further improved.login
API be changed? Providers that need to be interactive need to be able to read from stdin.stdin
from/dev/tty
or$CONIN
cargo login
that would be sent to the provider? E.g.cargo login -- --extra-arg-for-provider
cargo:basic
:cargo:token-from-stdout
fn main
so it can be published separately).-Z
flag forcargo:paseto
.cargo-credential-1password
to crates.iocargo-credential
could grow a few independent tests on its own so we could test just the library with an older rust? Add MSRV validation GitHub Action for cargo-credential #12623cargo
s to fail. There is a version field when we need to do breaking changes, but we need tests that are actually verifying that is working. cargo-credential: change serialization of cache expiration #12622cargo-credential
v0.4
to crates.iocargo-credential-1password
v0.4
to crates.ioAbout tracking issues
Tracking issues are used to record the overall progress of implementation.
They are also used as hubs connecting to other relevant issues, e.g., bugs or open design questions.
A tracking issue is however not meant for large scale discussion, questions, or bug reports about a feature.
Instead, open a dedicated issue for the specific matter and add the relevant feature gate label.
The text was updated successfully, but these errors were encountered: