[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Students' Project seeks help

From: Philip Martin <philip.martin_at_wandisco.com>
Date: Mon, 25 Jul 2011 14:58:12 +0100

Jan Peters <peters.jan.r_at_googlemail.com> writes:

> we are a follow-up project to a student's group at Ruhr-University
> Bochum, Germany, which tried to integrate a functionality into
> Subversion to allow users to encrypt all their data on the
> client-side, before committing and to decrpyt while updating.
>
> To achieve this we have found a spot in your project, where we can
> encrypt data right after checksums are computed and right before the
> file is transmitted to the server, by simply altering a stream (and
> its read-function).

That doesn't sound right. A Subversion client sends both data and a
checksum to the server, so you need to enrypt before calculating the
checksum. Are you calculating the checksum of the encrypted data? Are
you storing it on the client side? As well as, or instead of, the
decrpyted checksum?

> Likewise we need a good way to decrypt data in an update-process right
> after it is received from the server (or whichever ra-method is used),
> but before checksums are calculated and the file is written to its
> local path or databases. Yet the code of the update functionality is
> by far harder to comprehend.
>
> To me personally it looks like the svn_ra_do_update2 fetches the data
> from the server (or whatever method is used here) but does not apply
> changes to the working copy yet. Since we do not want to change
> anything about the ra modules themselves we omitted this part when
> checking.
>
> Concerning svn_wc_crawl_revisions5 and svn_wc_crawl_revisions2 it says
> "After all revisions are reported, /reporter->finish_report()/ is
> called, which immediately causes the RA layer to update the working
> copy. Thus the return value may very well reflect the result of the
> update!" here
> http://subversion.sourcearchive.com/lines/1.4.4dfsg1/svn__wc_8h_9aacdf613889a86c23af70544103132a.html#9aacdf613889a86c23af70544103132a.
> I don't actually see where this is done. But I must assume that actual
> changes to the local files and database are done here.
>
> Since we do not want or (hopefully) need to change anything about data
> transmission, I am hoping that you could give us a hint as to where to
> look for a place to alter data right after it is received from the
> server. We want to do this as early in the process as possible since
> we don't want worry to much about checksums and stuff stored in the
> local database, if not necessary.
>
> Basically we want to implement a see-through layer. The server just
> knows about the encrypted files, the client only knows about the
> plain-text. This way only inhibiting one essential svn functionality,
> the one that allows only partial transmittion of files.

A Subversion server will calculate/store/transmit/receive diffs of
binary files such as encrypted data.

You might like to look at svn:eol-style=native on Windows. That is
similar to an "encryption" layer where the file in the repository is
stored with \n line-endings and in the working copy with \r\n line
endings. The conversion between the two happens transparently.

-- 
uberSVN: Apache Subversion Made Easy
http://www.uberSVN.com
Received on 2011-07-25 15:58:53 CEST

This is an archived mail posted to the Subversion Dev mailing list.