Login | Register
My pages Projects Community openCollabNet

Discussions > dev > Re: 1.2.2 release in the near future

fsvs
Discussion topic

Back to topic list

Re: 1.2.2 release in the near future

Author tekknokra
Full name Gunnar Thielebein
Date 2010-02-13 04:13:49 PST
Message Morning Phil,

P.Marek wrote:
> Hello Gunnar!
>
> On Friday 12 February 2010 Gunnar Thielebein wrote:
>> Thanks for the fast answer. A small update of mine.
>> The issue with servers file was because I put it in the wrong folder, blame
>> on me.
> No problem, the important thing is that it works.
>
>> But at least I solved for the caching of the credentials.
>>
>> The solution is to create the folder via svn_config_ensure,
>> somewhere before svn_cmdline_setup_auth_baton.
> Fine, can you commit that?

Committed with [2426].

>
>> Credentials should be stored userwise so we reuse svn's user path in
>> svn_cmdline_setup_auth_baton. I hope thats OK for fsvs in all remote access
>> scenarios.
> Do I understand you correctly that you want to use $HOME/... as config_dir?

No, the config_dir should always be in /etc, /etc/fsvs or whatever you configure
it for. All global settings for ssl/ssh-svn access should be stored in the
servers file in subfolder /svn, e.g.

> [groups]
> fsvs = fsvs.agile-admin.net
> [fsvs]
> ssl-client-cert-file = /home/gthielebein/newcert.p12
> ssl-client-cert-password = test123
> [global]
> ssl-authority-files = /etc/ssl/default/cacert.pem

You can also store global credentials (also a global username) here if you want
that. The servers file is very flexible.

If credentials information is not in the global servers file the user will be
asked for credentials.
This information is now finally stored userwise in ~/.subversion if the global
settings in servers file allow that:

> store-passwords=yes
> store-plaintext-passwords=yes
> store-auth-creds=yes
> store-ssl-client-cert-pp=yes
> store-ssl-client-cer​t-pp-plaintext=yes

What svn and now also fsvs creates looks like that:

> ls ~/.subversion/auth/
> svn.simple svn.ssl.client-passphrase svn.ssl.server svn.username

Only caveat i've seen by now is that with the use of sudo the folder in home is
created with root privileges so when using the normal svn client this folder
will only be accessible by root. One option is to switch from ~/.subversion to
~/.fsvs to keep the configuration seperate. Other would be suid to the SUDO_USER
when creating the folders.
Btw. do you know about problems when creating files in nfs-based homefolders
with uid 0?

Cheers,
Gunnar


>
>
>> Thats only this small change in racallback.c, line 47:
>>> cfg = apr_hash_get(cfg_hash, SVN_CONFIG_CATEGORY_CONFIG,
>>> APR_HASH_KEY_STRING);
>>>
>>> /* get svn's user configuration path */
>>> STOPIF_SVNERR( svn_config_get_user_​config_path, (&cfg_usr_path, NULL,
>>> NULL, pool ) );
>>>
>>> /* make sure that folders for storing authentications credentials are
>>> created */ STOPIF_SVNERR( svn_config_ensure, (cfg_usr_path, pool));
>>>
>>> /* Set up Authentication stuff. */
>>> STOPIF_SVNERR( svn_cmdline_setup_auth_baton,
>>> (&cb__cb_table.auth_baton,
>>> !(isatty(STDIN_FILENO) && isatty(STDOUT_FILENO)),
>>> opt__get_int(OPT__AUTHOR) ?
>>> opt__get_string(OPT__AUTHOR) : NULL,
>>> NULL, /* Password */
>>> cfg_usr_path,
>>> 0, /* no_auth_cache */
>>> cfg,
>>> NULL, /* cancel function */
>>> NULL, /* cancel baton */
>>> pool)
>>> );
>> The servers file is still globally stored and used via the conf_dir option
>> (or not) in the hlp__get_svn_config.
> So both directories are used, a global one and a per-user?
>
>> What do you think, can we go with this?
> Very likely.
>
> Please commit what you have, so that I can take a look at that.
>
>
> Thank you!
>
>
> Regards,
>
> Phil
>

« Previous message in topic | 15 of 16 | Next message in topic »

Messages

Show all messages in topic

1.2.2 release in the near future pmarek P.Marek 2010-01-30 12:50:26 PST
     Re: 1.2.2 release in the near future tekknokra Gunnar Thielebein 2010-02-04 03:54:19 PST
         Re: 1.2.2 release in the near future pmarek P.Marek 2010-02-04 05:37:43 PST
             Re: 1.2.2 release in the near future pmarek P.Marek 2010-02-04 06:27:31 PST
                 Re: 1.2.2 release in the near future tekknokra Gunnar Thielebein 2010-02-04 08:16:14 PST
                     dpkg/dist-upgrade versioning pmarek P.Marek 2010-02-04 23:34:56 PST
             Re: 1.2.2 release in the near future tekknokra Gunnar Thielebein 2010-02-04 08:34:43 PST
                 Re: 1.2.2 release in the near future pmarek P.Marek 2010-02-04 23:29:58 PST
                     Re: 1.2.2 release in the near future tekknokra Gunnar Thielebein 2010-02-10 10:15:47 PST
                         Re: 1.2.2 release in the near future pmarek P.Marek 2010-02-10 22:17:25 PST
                             Re: 1.2.2 release in the near future tekknokra Gunnar Thielebein 2010-02-12 05:09:34 PST
                                 Re: 1.2.2 release in the near future pmarek P.Marek 2010-02-12 08:30:49 PST
                                     Re: 1.2.2 release in the near future tekknokra Gunnar Thielebein 2010-02-12 11:20:42 PST
                                         Re: 1.2.2 release in the near future pmarek P.Marek 2010-02-13 00:50:01 PST
                                             Re: 1.2.2 release in the near future tekknokra Gunnar Thielebein 2010-02-13 04:13:49 PST
                                                 Re: 1.2.2 release in the near future pmarek P.Marek 2010-02-13 04:50:17 PST
Messages per page: