Login | Register
My pages Projects Community openCollabNet

Discussions > users > issue with username in http(s)-svn commit

fsvs
Discussion topic

Hide all messages in topic

All messages in topic

Re: issue with username in http(s)-svn commit

Author pmarek
Full name P.Marek
Date 2008-06-11 10:11:14 PDT
Message On Tuesday 10 June 2008 Gunnar Thielebein wrote:
> In general it would be a good idea to choose the user on commandline if
> sudo is not possible or if only one administrator account is in place
> e.g. on SAN/NAS-devices with an embedded linux.
> Our admin-policy is based on using ssh/sudo so its forced to have the
> accounts of the admins on every box where we rollout fsvs.
r1739.


--
Versioning your /etc, /home or even your whole installation?
             Try fsvs (fsvs.tigris.org)!

Re: issue with username in http(s)-svn commit

Author tekknokrat
Full name Gunnar Thielebein
Date 2008-06-10 08:56:54 PDT
Message Philipp Marek wrote:
> Hello Gunnar!
>
>
>> Today I tried to reproduced the issue with username in a pbuilder-chroot
>> ubuntu- edgy environment.
>> It asked correctly for the username when I only hit Return for 2 times,
>> exactly like the svn-client.
>>
>> I need to test this on the edgy box where this behaviour occurred, when
>> i am in office again.
>> Subversion wasn't installed there before. After installing the svn
>> client and doing svn ls the auth credentials where gathered correctly
>> from fsvs.
>>
> Well, tell me when you know specifics.
>
> ...
>
>> That sounds even more flexible than a "user" option!
>> Will the value also be used if exporting the FSVS_AUTHOR env via
>> .profile or doing something like
>> "FSVS_AUTHOR=somename fsvs commit"?
>>
> Yes, any way of getting that to fsvs would work - "-o author=xxx" too.
>
> Do you still have need for that after Sheldon's tip?
>
>
>
If this would also work on the box where we had the initial problems I
think theres
no need.

In general it would be a good idea to choose the user on commandline if
sudo is not possible or if only one administrator account is in place
e.g. on SAN/NAS-devices with an embedded linux.
Our admin-policy is based on using ssh/sudo so its forced to have the
accounts of the admins on every box where we rollout fsvs.

Gunnar
> Regards,
>
> Phil
>
>
>

Re: issue with username in http(s)-svn commit

Author pmarek
Full name P.Marek
Date 2008-06-08 22:38:32 PDT
Message Hello Gunnar!

> Today I tried to reproduced the issue with username in a pbuilder-chroot
> ubuntu- edgy environment.
> It asked correctly for the username when I only hit Return for 2 times,
> exactly like the svn-client.
>
> I need to test this on the edgy box where this behaviour occurred, when
> i am in office again.
> Subversion wasn't installed there before. After installing the svn
> client and doing svn ls the auth credentials where gathered correctly
> from fsvs.
Well, tell me when you know specifics.

...
> That sounds even more flexible than a "user" option!
> Will the value also be used if exporting the FSVS_AUTHOR env via
> .profile or doing something like
> "FSVS_AUTHOR=somename fsvs commit"?
Yes, any way of getting that to fsvs would work - "-o author=xxx" too.

Do you still have need for that after Sheldon's tip?


Regards,

Phil


--
Versioning your /etc, /home or even your whole installation?
             Try fsvs (fsvs.tigris.org)!

Re: issue with username in http(s)-svn commit

Author tekknokrat
Full name Gunnar Thielebein
Date 2008-06-08 10:28:47 PDT
Message Hi Philipp,

> Could you do a "fsvs up -d" and "strace fsvs up" of empty updates, ie. where
> nothing gets fetched? Maybe I find a hint where to look there.

Today I tried to reproduced the issue with username in a pbuilder-chroot
ubuntu- edgy environment.
It asked correctly for the username when I only hit Return for 2 times,
exactly like the svn-client.

I need to test this on the edgy box where this behaviour occurred, when
i am in office again.
Subversion wasn't installed there before. After installing the svn
client and doing svn ls the auth credentials where gathered correctly
from fsvs.

> IIUYC that should be used for the "svn:author" value? I'm not sure whether the
> subversion libraries allow to use *any* value (or restrict to the username,
> or the remote user...), but we can try.
>
>
> How about I make that configurable?
> - Either you use environment variables on your authorized_keys:
> environment="FSVS_AU​THOR=some_user" ssh-rsa ...
> - Or, if that is not specified, it could be taken from /etc/fsvs/config as
> author=some_user
>
>
> Then I could add the special case that a '$' as first character means get
> value from the environment; then /etc/fsvs/config could read
> author=$SUDO_USER
> If the ssh key is used, the environment variable FSVS_AUTHOR is used; else
> $SUDO_USER is taken.
>
>
> How about that?
>
>
That sounds even more flexible than a "user" option!
Will the value also be used if exporting the FSVS_AUTHOR env via
.profile or doing something like
"FSVS_AUTHOR=somename fsvs commit"?

> [ PS: Yes, Marek is a polish name ... but it's my surname :-]
>
>
I am sorry that I mixed up you first and your surname. I think it was
something with friday :-)

Best Wishes,
Gunnar

Re: issue with username in http(s)-svn commit

Author Sheldon Hearn <sheldonh at starjuice dot net>
Full name Sheldon Hearn <sheldonh at starjuice dot net>
Date 2008-06-06 11:13:12 PDT
Message -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 06 June 2008 19:30:55 Philipp Marek wrote:
> But that was as a user, not as root (which sudo switches too), right?
> I'm not sure what happens.
> If I do
>         sudo bash -c set | grep HOME

By default, sudo doesn't adjust HOME but does adjust LOGNAME.

To have it play nicely with svk, fsvs and friends, we usually put this
in /etc/sudoers:

Defaults env_reset
Defaults>root always_set_home, !set_logname

Ciao,
Sheldon.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFISX44pGJX8XSg​as0RAhwbAKCWpaq4XuJv​undGdaJMsQMZq8XibACf​agwV
PqYNd4b2XLy2u4tbnlSVGvw=
=AuqZ
-----END PGP SIGNATURE-----

Re: issue with username in http(s)-svn commit

Author pmarek
Full name P.Marek
Date 2008-06-06 10:30:55 PDT
Message Hello Gunnar!

On Friday 06 June 2008 Gunnar Thielebein wrote:
> I have an issue when using sudo with fsvs in environments where we don't
> have the svn-client installed. We do a userbased auth before committing
> via an http-url.
>
> The error message is this:
> > (R)eject or accept (t)emporarily? t
> > Authentication realm: <https://*********:443
> > <https://svn.tpip.net​:443>> SVN - Repository
> > Password for 'root':
> >
> > An error occurred: RA layer request failed (175002)
> > in ci__work: svn_ra_get_commit_editor: OPTIONS request failed on
> > '/repos/tp/OPS/********/office'
>
> Where it does ask for a password I only hit return.
>
> When we installed svn and did "svn ls" with the same url it asked for
> username and saved the credentials.
But that was as a user, not as root (which sudo switches too), right?
I'm not sure what happens.
If I do
    sudo bash -c set | grep HOME
I still get the user-home; so the subversion-libraries should take the stored
authentication information.

Maybe it gets rejected because it has a different owner?


Could you do a "fsvs up -d" and "strace fsvs up" of empty updates, ie. where
nothing gets fetched? Maybe I find a hint where to look there.


> I would also like to propose to set a -u or -l parameter for specifying
> the user when committing via fsvs. This would ease the user handling in
> environments where you have different admins working with only one
> (root) account.
Yes ... that's maybe necessary.

IIUYC that should be used for the "svn:author" value? I'm not sure whether the
subversion libraries allow to use *any* value (or restrict to the username,
or the remote user...), but we can try.


How about I make that configurable?
- Either you use environment variables on your authorized_keys:
    environment="FSVS_AU​THOR=some_user" ssh-rsa ...
- Or, if that is not specified, it could be taken from /etc/fsvs/config as
    author=some_user

Then I could add the special case that a '$' as first character means get
value from the environment; then /etc/fsvs/config could read
    author=$SUDO_USER
If the ssh key is used, the environment variable FSVS_AUTHOR is used; else
$SUDO_USER is taken.


How about that?


Regards,

Phil


[ PS: Yes, Marek is a polish name ... but it's my surname :-]

--
Versioning your /etc, /home or even your whole installation?
             Try fsvs (fsvs.tigris.org)!

issue with username in http(s)-svn commit

Author tekknokrat
Full name Gunnar Thielebein
Date 2008-06-06 08:52:19 PDT
Message Hi Marek,

We are beginning to rollout fsvs on some of our office debian and ubutu
servers for getting an audit about configuration changes mostly done by
our admins.
Currently we are using the packages of debian sid 1.1.14-1. I did a
backport of the package for an old ubuntu distribution (edgy) because we
need it for zimbra.

I have an issue when using sudo with fsvs in environments where we don't
have the svn-client installed. We do a userbased auth before committing
via an http-url.

The error message is this:

> (R)eject or accept (t)emporarily? t
> Authentication realm: <https://*********:443
> <https://svn.tpip.net​:443>> SVN - Repository
> Password for 'root':
>
>
> An error occurred: RA layer request failed (175002)
> in ci__work: svn_ra_get_commit_editor: OPTIONS request failed on
> '/repos/tp/OPS/********/office'
Where it does ask for a password I only hit return.

When we installed svn and did "svn ls" with the same url it asked for
username and saved the credentials.

I would also like to propose to set a -u or -l parameter for specifying
the user when committing via fsvs. This would ease the user handling in
environments where you have different admins working with only one
(root) account.

Best Regards,
Gunnar
Messages per page: