[Distutils] Add optional password_command .pypirc value

Matt Behrens askedrelic at gmail.com
Fri Mar 8 08:40:48 CET 2013


After doing some research tonight on storing/accessing passwords in the OSX Keychain (http://asktherelic.com/2013/03/07/storing-command-line-passwords-in-keychain/), I was curious why the .pypirc doesn't support something like this when asking for the password during 'upload', to not have your pypi password in plaintext on your system.

As far as I can see from the source, the password is read straight from the .pypirc config:

https://bitbucket.org/tarek/distribute/src/188dcdb7f0873f1b382e8bde65377c5f43266f9f/setuptools/command/upload.py?at=default#cl-66

and fails if the password value doesn't exist:

https://bitbucket.org/tarek/distribute/issue/291/allow-password-to-be-omitted-from-pypirc

I'm curious about implementing:

1. a password_command to support integration with external password  tools (1password, keychain, keyring python lib)

The implementation from the program I am trying to emulate, pianobar, is here: https://github.com/PromyLOPh/pianobar/blob/master/src/main.c#L135 just a /bin/sh for nix/osx. Could run cmd.exe for windows cross-platform compatibility.
 
2. better notification to the user about trying to upload with an empty password or using get_pass if empty password

The only other reference to something like this is from several years ago here: http://bugs.python.org/issue4394

Does this seem like it's worth making a patch for? 

-- 
Matt Behrens

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130307/69b8ae44/attachment.html>


More information about the Distutils-SIG mailing list