From: Ryan Kelly on
On Thu, 2010-08-05 at 12:58 +0100, Chris Withers wrote:
> Jean-Michel Pichavant wrote:
> > You did not redirect stdin, so it is expected you can still read input
> > from the console.
>
> Okay, so if I definitely wanted no input, what should I pass as the
> stdin parameter to the POpen constructor?

The cross-platform equivalent of /dev/null:

Popen(...,stdin=open(os.devnull,"r")...)

> > And it looks like svn is writting the credentials
> > prompt on stderr.
>
> ...which, as you can see from the code I posted, is piped to STDOUT,
> which is then PIPE'd through to the calling python so that
> communicate()'s return value will contain the output.
>
> As I explained, I can't reproduce this by replacing svn with a simple
> python script that writes to stderr. So, what is svn doing?

Many programs prompt for auth credentials on the controlling tty instead
of standard input/output. I believe SSH also does this, which suggests
that it's considered more secure. No idea why, but I trust the authors
of SSH to know their stuff in this regard.


Cheers,

Ryan
--
Ryan Kelly
http://www.rfk.id.au | This message is digitally signed. Please visit
ryan(a)rfk.id.au | http://www.rfk.id.au/ramblings/gpg/ for details


From: Wolfgang Rohdewald on
On Donnerstag 05 August 2010, Chris Withers wrote:
> But why only the request for auth credentials?

for security reasons I suppose - make sure a human enters
the password

--
Wolfgang
From: Chris Withers on
Wolfgang Rohdewald wrote:
> On Donnerstag 05 August 2010, Chris Withers wrote:
>> But why only the request for auth credentials?
>
> for security reasons I suppose - make sure a human enters
> the password

Well yes, but what if you actually want to script it?

Chris

--
Simplistix - Content Management, Batch Processing & Python Consulting
- http://www.simplistix.co.uk
From: Grant Edwards on
On 2010-08-05, Chris Withers <chris(a)simplistix.co.uk> wrote:
> Wolfgang Rohdewald wrote:
>> On Donnerstag 05 August 2010, Chris Withers wrote:
>>> But why only the request for auth credentials?
>>
>> for security reasons I suppose - make sure a human enters
>> the password
>
> Well yes, but what if you actually want to script it?

Scripting passwords is considered a huge security hole, so people who
care about security try to prevent it by doing things like reading
passwords from /dev/tty instead of stdin.

--
Grant Edwards grant.b.edwards Yow! I want my nose in
at lights!
gmail.com
From: Jean-Michel Pichavant on
Chris Withers wrote:
> Jean-Michel Pichavant wrote:
>> You did not redirect stdin, so it is expected you can still read
>> input from the console.
>
> Okay, so if I definitely wanted no input, what should I pass as the
> stdin parameter to the POpen constructor?
You do want an input don't you ? 'cause there is a password to enter.

from subprocess doc page:
"Note that if you want to send data to the process´┐Żs stdin, you need to
create the Popen object with stdin=PIPE."
>
>> And it looks like svn is writting the credentials prompt on stderr.
>
> ...which, as you can see from the code I posted, is piped to STDOUT,
> which is then PIPE'd through to the calling python so that
> communicate()'s return value will contain the output.
>
> As I explained, I can't reproduce this by replacing svn with a simple
> python script that writes to stderr. So, what is svn doing?
You're right, then that means than svn is writing credentials neither on
stdout nor stderr.

>
>> You may want to look at http://pysvn.tigris.org/docs/pysvn.html though.
>
> Yeah, we were using that, but found it excruciatingly painful due to
> its dependency on a subversion source install due to its c extension.
I can't argue with that.
>
> cheers,
>
> Chris
>

If you want to scriptly interract with svn or anything else, you may
look at the pexpect module.

JM