I’m currently using the file command to download dependencies from a server that does not allow anonymous access. On Jenkins, I was able to add credentials and access via environment variables to set them in the command. However, this is not desirable for end users to put credentials in plain text on their system, either in environment variables or a netrc file.
Desired behavior would be a new option for file https://cmake.org/cmake/help/v3.17/command/file.html#transfer to prompt. On the command line, it would just prompt; via the gui, it would pop up a dialog requesting credentials.
There are many contexts in which CMake can be running for which interaction is not available. For example, IDEs and scripts can run
cmake with pipes not attached to a tty. CMake may also be re-run internally by the generated build system when
CMakeLists.txt files change. There may not even be a terminal available in such cases. This is not something we can make well-defined.
Ok, thanks for the reply.
How about adding support for the OS credential store? Each OS should have a keystore, and as an example, this Pyhon module has support for the native store on each OS. (I know this isn’t directly applicable, but just an example of what I was thinking could be done)
Ideally, I’d like to store the credentials in the OS store, and just provide the name of the site or system, and have cmake pull the credentials from the store. This way, you can pull credentials from the system without having to have them saved in plain text on the system. This would bypass the need for a prompt.
Yes, I think using the OS credential store would be reasonable.
One problem is knowing when credentials will be needed so we can look them up and hand them to curl. An explicit option may be needed for this.
Alternatively, I think curl does support the Windows credential store for some authentication schemes. One could ask upstream curl about the possibility of supporting OS credential stores in general.
I think it would be nice to have an option to specify to pull credentials from the OS store as part of a download request, instead of USERPWD or NETRC. However, it would also be nice if it were it’s own command, such that credentials pulled from the store could be used with any function or external command that requires credentials.