credential: make gnome-secret built-in as cargo:libsecret

Author: arlosi

Cargo.lock

@@ -20,6 +20,7 @@ base64 = "0.21.2"
 bytesize = "1.2"
 cargo = { path = "" }
 cargo-credential = { version = "0.3.0", path = "credential/cargo-credential" }
+cargo-credential-gnome-secret = { version = "0.3.1", path = "credential/cargo-credential-gnome-secret" }
 cargo-credential-wincred = { version = "0.3.0", path = "credential/cargo-credential-wincred" }
 cargo-credential-macos-keychain = { version = "0.3.0", path = "credential/cargo-credential-macos-keychain" }
 cargo-platform = { path = "crates/cargo-platform", version = "0.1.4" }
@@ -123,6 +124,7 @@ base64.workspace = true
 bytesize.workspace = true
 cargo-platform.workspace = true
 cargo-credential.workspace = true
+cargo-credential-gnome-secret.workspace = true
 cargo-credential-macos-keychain.workspace = true
 cargo-credential-wincred.workspace = true
 cargo-util.workspace = true

Cargo.toml

@@ -0,0 +1,6 @@
+#[cfg(target_os = "linux")]
+mod libsecret;
+#[cfg(not(target_os = "linux"))]
+pub use cargo_credential::UnsupportedCredential as GnomeSecret;
+#[cfg(target_os = "linux")]
+pub use libsecret::GnomeSecret;

credential/cargo-credential-gnome-secret/src/lib.rs

@@ -1,12 +1,5 @@
 //! Cargo registry gnome libsecret credential process.
 
-#[cfg(target_os = "linux")]
-mod libsecret;
-#[cfg(not(target_os = "linux"))]
-use cargo_credential::UnsupportedCredential as GnomeSecret;
-#[cfg(target_os = "linux")]
-use libsecret::GnomeSecret;
-
 fn main() {
     cargo_credential::main(GnomeSecret);
 }

credential/cargo-credential-gnome-secret/src/main.rs

@@ -109,6 +109,7 @@ allow = [
     "MPL-2.0",
     "Unicode-DFS-2016",
     "CC0-1.0",
+    "ISC",
 ]
 # List of explicitly disallowed licenses
 # See https://spdx.org/licenses/ for list of possible licenses

deny.toml

@@ -451,6 +451,7 @@ fn credential_action(
             "cargo:token-from-stdout" => Box::new(BasicProcessCredential {}),
             "cargo:wincred" => Box::new(cargo_credential_wincred::WindowsCredential {}),
             "cargo:macos-keychain" => Box::new(cargo_credential_macos_keychain::MacKeychain {}),
+            "cargo:libsecret" => Box::new(cargo_credential_gnome_secret::GnomeSecret {}),
             process => Box::new(CredentialProcessCredential::new(process)),
         };
         config.shell().verbose(|c| {

src/cargo/util/auth/mod.rs

@@ -1094,6 +1094,7 @@ executed within the Cargo process. They are identified with the `cargo:` prefix.
 * `cargo:token` - Uses Cargo's config and `credentials.toml` to store the token (default).
 * `cargo:wincred` - Uses the Windows Credential Manager to store the token.
 * `cargo:macos-keychain` - Uses the macOS Keychain to store the token.
+* `cargo:libsecret` - Uses [libsecret](https://wiki.gnome.org/Projects/Libsecret) to store tokens on Linux systems.
 * `cargo:token-from-stdout <command>` - Launch a subprocess that returns a token
   on stdout. Newlines will be trimmed. The process inherits the user's stdin and stderr.
   It should exit 0 on success, and nonzero on error.
@@ -1130,20 +1131,6 @@ In the config, add it to `global-credential-providers`:
 global-credential-providers = ["cargo-credential-1password"]
 ```
 
-A wrapper is available for GNOME
-[libsecret](https://wiki.gnome.org/Projects/Libsecret) to store tokens on
-Linux systems. Due to build limitations, this wrapper is not available as a
-pre-compiled binary. This can be built and installed manually. First, install
-libsecret using your system package manager (for example, `sudo apt install
-libsecret-1-dev`). Then build and install the wrapper with `cargo install
-cargo-credential-gnome-secret`.
-In the config, use a path to the binary like this:
-
-```toml
-[registry]
-global-credential-providers = ["cargo-credential-gnome-secret"]
-```
-
 #### JSON Interface
 When using an external credential provider, Cargo communicates with the credential
 provider using stdin/stdout messages passed as a single line of JSON.