On Mon, 08 Oct 2007, David Glasser wrote:
> On 10/8/07, Thomas Quinot <email@example.com> wrote:
> > We have come across an issue trying to use svnsync to synchronize
> > a repository where the user doing the syncrhonization has read
> > permissions on some selected subtrees of the repository, but not on the
> > repository root or top-level trunk.
> > To reproduce:
> > 1. set up master repo
> > 2. load attached dump
> > 3. configure access control
> > [/]
> > *=
> > [/trunk/module]
> > *=r
> > 4. check that the access control is properly enforced
> > svn ls svn+ssh://localhost/path/to/master
> > --> svn: Authorization failed
> > svn ls svn+ssh://localhost/path/to/master/trunk/module
> > --> README
> > 5. set up slave repo
> > $ svnsync init file:///path/to/slave svn+ssh://localhost/path/to/master
> > --> Copied properties for revision 0.
> > 6. launch sync
> > $ svnsync sync file:///path/to/slave svn+ssh://localhost/path/to/master
> > --> svnsync hangs because it fails to execute the open-dir operation
> > on non-existent directory 'trunk' (because it never saw the
> > directory creating operation, having no visibility on it)
> > Proposed fix is for svnsync to create any directory that does not exist
> > at the time it tries to open it. Diff attached, which seems to work
> > correctly on my setup.
> This does seem like a bug.
Yeah. Almost seems like we need depth-level access controls, though...
The authz code is working as intended, but not how users are going to
want it to.
Thomas, mind filing an issue describing the problem, and referencing this
discussion for thoughts on possible solutions?
> However, I'm not sure --- should this be fixed at the tool level in
> svnsync or at the repos level in svn_repos_replay?
Between those two, replay.
Received on Mon Oct 8 21:16:12 2007
- application/pgp-signature attachment: stored