新版本svn使用gpg-agent存储密码

问题

自从开始使用debian11(debian是我最喜欢的linux发行版)，应该是subversion版本的升级，导致不可以存储明文的密码，导致每次都要输入密码，很恼人。

Debian版本

➜  .gnupg lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 11 (bullseye)
Release:        11
Codename:       bullseye
➜  .gnupg

subversion

svn install

当然你在配置svn之前已经安装了svn（subversion）

sudo apt install subversion

Debian11对应的svn版本如下

➜ .gnupg svn --version
svn, version 1.14.1 (r1886195)
compiled Apr 5 2022, 23:23:59 on x86_64-pc-linux-gnu

Copyright (C) 2021 The Apache Software Foundation.
This software consists of contributions made by many people;
see the NOTICE file for more information.
Subversion is open source software, see http://subversion.apache.org/

The following repository access (RA) modules are available:

* ra_svn : Module for accessing a repository using the svn network protocol.
- with Cyrus SASL authentication
- handles 'svn' scheme
* ra_local : Module for accessing a repository on local disk.
- handles 'file' scheme
* ra_serf : Module for accessing a repository via WebDAV protocol using serf.
- using serf 1.3.9 (compiled with 1.3.9)
- handles 'http' scheme
- handles 'https' scheme

The following authentication credential caches are available:

* Gnome Keyring
* GPG-Agent
* KWallet (KDE)

➜ .gnupg

svn config

svn支持对每个用户使用不同的配置，于是相应的配置在如下目录:

$HOME/.subversion

~/.subversion/config (no need change)

[auth]
### Set password stores used by Subversion. They should be
### delimited by spaces or commas. The order of values determines
### the order in which password stores are used.
### Valid password stores:
###   gnome-keyring        (Unix-like systems)
###   kwallet              (Unix-like systems)
###   gpg-agent            (Unix-like systems)
###   keychain             (Mac OS X)
###   windows-cryptoapi    (Windows)
# password-stores = gpg-agent,gnome-keyring,kwallet
### To disable all password stores, use an empty list:
# password-stores =

gpg-agent

新版本的svn默认支持gpg-agent，那么问题演变成配置这个工具。

gpg-agent install

apt install gpg-agent
➜  ~ gpg-agent --version
gpg-agent (GnuPG) 2.2.27
libgcrypt 1.8.8
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
➜  ~

gpg-agent config

添加下边两个环境变量到 ~/.zshrc 或者 ~/.bashrc，依据使用的shell类型

export GPG_TTY=$(tty)
export GPG_AGENT_INFO=`gpgconf --list-dirs agent-socket | tr -d '\n' && echo -n ::`

svn会缓冲auth的东西到~/.subversion/auth，为了使用gpg-agent，将老的东西删除
rm -rf ~/.subversion/auth
然后是当前的配置生效
source ~/.zshrc

当第一次登录svn需要输入密码，之后密码会cache住直到失效，可以更改其配置。

gpg-agent.conf

gpg-agent本身有配置，可以配置密码失效时间这个文件在，默认这个文件不存在，在对应的目录创建一个就可以了。
~/.gnupg/gpg-agent.conf

• default-cache-ttl默认密码失效时间是600s，每次重新访问svn，就会将计时器重置。
  意味着如果600s之内有svn访问记录，那么就不用再次输入密码，如果超过600s没有使用svn，就需要重新输入密码
• max-cache-ttl默认最大有效时间是7200s，不管上边的是不是在600s之内重新使用过svn，到两个小时之后都需要重新输入密码。

下边可以重新设置参数，当然还有其他参数，设置完成之后要重新启动gpg-agent。
gpg-connect-agent reloadagent /bye

# ╔═══════════════════════════════════════════════════════════════════════════╗
# ║ gpg-agent configuration (~/.gnupg/gpg-agent.conf)                         ║
# ║                                                                           ║
# ║ Note:                                                                     ║
# ║ After changing the configuration, reload the agent:                       ║
# ║   $ gpg-connect-agent reloadagent /bye                                    ║
# ╚═══════════════════════════════════════════════════════════════════════════╝


# Time a cache entry is valid (in seconds) default: 600
# Each time a cache entry is accessed, the entry's timer is reset
default-cache-ttl 172800

# Set the maximum time a cache entry is valid to n seconds.
# After this time a cache entry will be expired even if it has been accessed recently.
# The default is 2 hours (7200 seconds).
max-cache-ttl 604800