Will Cargo prompt for username & password when fetching Git repo?

[bombless]

It seems that Cargo can only use .gitconfig for username & password when they are needed to fetch a dependency from Git repo.

To repeat, make a fresh crate and make a dependency to my repo:

[dependencies.a]
git = "https://git.assembla.com/a-test.git"
version = "0.1.*"

Cargo version cargo 0.0.1-pre-nightly (9404539 2015-02-09 20:54:26 +0000)

[alexcrichton]

Currently, no, but as you found in #1308 it is easy enough from a libgit2 perspective, this is just blocked on us having a method of accepting input on a terminal without echoing typing.

[alexcrichton]

Note that git2-rs does implement the credentials specification for git, however.

[bombless]

Okay.

Note that git2-rs does implement the credentials specification for git, however.

It will require Git to store password, though (git config --global credential.helper store). Password will be written at ~/.git-credentials, I'm not sure if it can be protected by ugo or ACL since Git need to read and write from it.

I heard from @retep998 that it's easy for Windows to support hiding password, so I tried to add Windows support for rpassword, but I think Cargo.toml cannot handle negative dependency as Rust do so I am afraid it will be invalid approach as long as termios cannot build on Windows. Maybe we could modify termios and make it contain nothing for unsupported platform, just like what rust-cocoa do. cc @conradkleinespel @dcuddeback

[conradkleinespel]

@bombless Thanks for mentioning rpassword. I've opened an issue about Windows support. I am glad to review PRs for it or discuss ideas.

[retep998]

I have made a Windows implementation for rpassword at conradkleinespel/rpassword#2

[dcuddeback]

I can make changes to the termios if necessary, but RFC 403 adds support to handle platform-specific dependencies, which I think is a better solution and is what @retep998 used in the above-mentioned PR.

[stale]

As there hasn't been any activity here in a while would someone (the author, a team member, or any interested party) be able to summarise the current state, perhaps making explicit:

• Is this still relevant?
• If so, what is blocking it?
• Is it known what could be done to help move this forward?

Thank you!

(The cargo team is currently evaluating the use of Stale bot, and using #6035 as the tracking issue to gather feedback.)

If you're reading this comment from the distant future, fear not if this was closed automatically. If you believe it's still an issue please leave a comment and a team member can reopen this issue. Opening a new issue is also acceptable!

[stale]

As I didn't see any updates in 30 days I'm going to close this. Please see the previous comment for more information!