diff options
author | Alyssa Ross <hi@alyssa.is> | 2021-03-29 14:21:22 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2021-03-29 18:22:30 +0000 |
commit | 8164ee76c363a572b888c2bce5015aa05ef6b37e (patch) | |
tree | d3975488c38b0220044514d567be7ce8c0c4f66b /overlays | |
parent | be250ee4130940d1a86aea97ec586893f1bbcb12 (diff) | |
download | nixlib-8164ee76c363a572b888c2bce5015aa05ef6b37e.tar nixlib-8164ee76c363a572b888c2bce5015aa05ef6b37e.tar.gz nixlib-8164ee76c363a572b888c2bce5015aa05ef6b37e.tar.bz2 nixlib-8164ee76c363a572b888c2bce5015aa05ef6b37e.tar.lz nixlib-8164ee76c363a572b888c2bce5015aa05ef6b37e.tar.xz nixlib-8164ee76c363a572b888c2bce5015aa05ef6b37e.tar.zst nixlib-8164ee76c363a572b888c2bce5015aa05ef6b37e.zip |
patches/gh: support reading auth tokens from fds
Diffstat (limited to 'overlays')
-rw-r--r-- | overlays/patches/default.nix | 2 | ||||
-rw-r--r-- | overlays/patches/gh/Support-reading-auth-token-from-file-descriptor.patch | 76 | ||||
-rw-r--r-- | overlays/patches/gh/default.nix | 9 |
3 files changed, 87 insertions, 0 deletions
diff --git a/overlays/patches/default.nix b/overlays/patches/default.nix index 1fd87159ee17..b7c2f7b7f6bd 100644 --- a/overlays/patches/default.nix +++ b/overlays/patches/default.nix @@ -16,6 +16,8 @@ self: super: { llvmPackages = self.llvmPackages_latest; }; + gh = self.callPackage ./gh { inherit (super) gh; }; + gnupg = self.callPackage ./gnupg { inherit (super) gnupg; }; public-inbox = self.callPackage ./public-inbox { diff --git a/overlays/patches/gh/Support-reading-auth-token-from-file-descriptor.patch b/overlays/patches/gh/Support-reading-auth-token-from-file-descriptor.patch new file mode 100644 index 000000000000..36544ed7fdb3 --- /dev/null +++ b/overlays/patches/gh/Support-reading-auth-token-from-file-descriptor.patch @@ -0,0 +1,76 @@ +From 195e1f1f08e2aa92bcdbfba5848d732a2147ccd1 Mon Sep 17 00:00:00 2001 +From: Alyssa Ross <hi@alyssa.is> +Date: Mon, 29 Mar 2021 14:12:17 +0000 +Subject: [PATCH] Support reading auth token from file descriptor + +This is a quick hack: + +* It would make more sense to use a command line argument than an + environment variable, because there's not really any sense + propagating this to children. +* `gh auth status' doesn't work. +--- + internal/config/from_env.go | 26 +++++++++++++++++++++++++- + 1 file changed, 25 insertions(+), 1 deletion(-) + +diff --git a/internal/config/from_env.go b/internal/config/from_env.go +index 7b2853bd..4d4734e1 100644 +--- a/internal/config/from_env.go ++++ b/internal/config/from_env.go +@@ -2,12 +2,15 @@ package config + + import ( + "fmt" ++ "io" + "os" ++ "strconv" + + "github.com/cli/cli/internal/ghinstance" + ) + + const ( ++ GH_TOKEN_FD = "GH_TOKEN_FD" + GH_TOKEN = "GH_TOKEN" + GITHUB_TOKEN = "GITHUB_TOKEN" + GH_ENTERPRISE_TOKEN = "GH_ENTERPRISE_TOKEN" +@@ -71,7 +74,27 @@ func (c *envConfig) CheckWriteable(hostname, key string) error { + return c.Config.CheckWriteable(hostname, key) + } + ++var tokenFromFd string ++ + func AuthTokenFromEnv(hostname string) (string, string) { ++ if tokenFromFd != "" { ++ return tokenFromFd, GH_TOKEN_FD ++ } ++ ++ if fd := os.Getenv(GH_TOKEN_FD); fd != "" { ++ if fd, err := strconv.ParseUint(fd, 10, 32); err == nil { ++ bytes := make([]byte, 40) ++ f := os.NewFile(uintptr(fd), "token") ++ defer f.Close() ++ if _, err := io.ReadFull(f, bytes); err == nil { ++ tokenFromFd = string(bytes) ++ return tokenFromFd, GH_TOKEN_FD ++ } ++ } ++ ++ return "", GH_TOKEN_FD ++ } ++ + if ghinstance.IsEnterprise(hostname) { + if token := os.Getenv(GH_ENTERPRISE_TOKEN); token != "" { + return token, GH_ENTERPRISE_TOKEN +@@ -88,7 +111,8 @@ func AuthTokenFromEnv(hostname string) (string, string) { + } + + func AuthTokenProvidedFromEnv() bool { +- return os.Getenv(GH_ENTERPRISE_TOKEN) != "" || ++ return os.Getenv(GH_TOKEN_FD) != "" || ++ os.Getenv(GH_ENTERPRISE_TOKEN) != "" || + os.Getenv(GITHUB_ENTERPRISE_TOKEN) != "" || + os.Getenv(GH_TOKEN) != "" || + os.Getenv(GITHUB_TOKEN) != "" +-- +2.30.0 + diff --git a/overlays/patches/gh/default.nix b/overlays/patches/gh/default.nix new file mode 100644 index 000000000000..e4e3548ab5cf --- /dev/null +++ b/overlays/patches/gh/default.nix @@ -0,0 +1,9 @@ +{ gh, ... } @ args: + +(gh.override (builtins.removeAttrs args [ "gh" ])).overrideGoAttrs ( + { patches ? [], ... }: { + patches = patches ++ [ + ./Support-reading-auth-token-from-file-descriptor.patch + ]; + } +) |