[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[RFC/PATCH] Env expansion in config files

From: Andrew Snare <ajs_at_pigpond.com>
Date: 2003-12-26 21:55:18 CET

Hi All,

With digest authentication currently broken for repositories due to a
problem with Apache's authentication of subrequests, I recently switched
to using basic authentication over SSL.

While trying to configure Subversion to accept my private CA, I
encountered a problem whereby my .subversion configuration files
are shared across several machines but my home directory is not
always the same. This means that the ssl-authority-files and
ssl-client-cert-file configuration directives are useless for me.
While originally I hoped that relative paths may be treated relative
to the configuration file, this turns out not to be the case: the
values get passed as-is to neon, which in turn simply uses fopen()
on the path provided.

It would appear that Neon/OpenSSL don't provide any way to specify
where the 'trusted' paths can appear; the location of OpenSSL's
"system" certs are fixed at compile time.

This got me thinking, and it occurred that env-variable expansion
in the configuration file would solve the problem.

The ConfigParser module from python doesn't support this feature,
so there is no obvious guidance in terms of syntax. However, I
imagine something like Unix-shell expansion is unambiguous, relatively
simple and should not break many existing configuration files.

Since the parser (in config_file.c) is fairly simple, I've created
the attached patch which implements the following rules:

 * Expansion is of the form ${ENV} where ENV is the name of the
   environment variable being inserted.
 * A non-existent environment variable expands as nothing (it's
   not an error).
 * To insert a $ symbol, $$ is used. I think that this is preferable
   to ignoring $ if it's not followed by a { since then something
   even fancier would be required for the corner case where a ${
   sequence is wanted.
 * Anything other use of $ is an error (which will ensure that most
   existing files which use $ are not silently interpreted incorrectly).

Comments, etc, would be welcome.

 - Andrew

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Fri Dec 26 21:55:55 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.