-----BEGIN PGP SIGNED MESSAGE-----
Oded Arbel wrote:
> I'm trying to use Subversion over ssh. I've installed subversion from
> Mandriva RPMs, which by default have the repositories
> under /var/lib/svn/repositories - which is ok for me, and I got it
> working fine using svnserve under xinetd (svn:// urls)
> The problem is that when using svn+ssh:// urls the setup is much more
> complicated. specifically, if I want to use anything other then the
> hardcoded 'svnserve -t', then according to the FAQ I have to setup all
> kind of SSH keys on the client side.
> I have some problems with that setup -
> *) having a central configuration location is better then needing to
> configure for each user.
> *) I rather not trust my users not to mess up their configurations (by
> mistake or on purpose).
> *) its a bother to setup for each user.
> I was thinking of using the SSH2 subsystem mechanism instead of relying
> on the client to call the command correctly. On the face of it its very
> simple - I've setup a simple bash script to call svnserve with the
> parameters I want to use (tunnel and virtual root for example). Then I
> add a subsystem line to the sshd_config file which calls that script
> for the svnserve subsystem. Then all I have to do is make sure that
> clients use
> ssh -s <user>@<host> svnserve
> instead of
> ssh <user>@<host> 'svnserve -t'
> Unfortunately there is no configuration to override the command used
> over the tunnel (unless I go the way of the specially crafted keys -
> which I didn't want to use in the first place), unlike the tunnel setup
> which can be overriden.
> So I've setup a patch to libsvn_ra_svn/client.c, to basically remove the
> '-t' parameter, so the command is just 'svnserve' (this is just for
> testing, I'm not suggesting that this is included in the current
> trunk), and then I can checkout using this command:
> SVN_SSH="ssh -s" svn co svn+ssh://user@host/myproject/trunk
> and it gets to use my keys for auth, and I get virtual roots.
> its not entirely what I wanted to get as I want 0 effort on the side of
> the client with full flexibility on the server, and currently the
> client is required to define SVN_SSH (and patch the subversion client),
> but I wanted your opinion on that, if you please ?
In an ideal world, yes, subsystems are a good fit for svn+ssh.
In the real world, compatibility concerns pretty much rule them out:
* We don't want to require SSH2
* Even if we did, can we rely on every ssh client implementing the same
command line syntax for them?
As a practical matter, I think what we need to do is to design an
/etc/subversion.conf config file.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
-----END PGP SIGNATURE-----
To unsubscribe, e-mail: email@example.com
For additional commands, e-mail: firstname.lastname@example.org
Received on Thu Mar 9 01:35:06 2006