[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Running svnsync from post-commit hook

From: Marc Girod <mgirod_at_iona.com>
Date: 2007-08-28 14:18:39 CEST

Thanks again Joshua,

"Joshua Oreman" <oremanj@gmail.com> writes:

> Sorry if I wasn't clear on that - I meant you need to give them
> access from their account on the svn server to the replication
> machine.

You were quite clear: I was not, but I had understood.

I'd like to avoid that.
Or I'd have to create a really dedicated account, which I didn't do
(reused one which is used for other things...).

Also, we do have problems with Tortoise users on Windows, relating to
svn+ssh, and the settings for PuTTY...

> Just thought of something you could use to make this more secure,
> too: add a command= field to the line in authorized_keys, so the
> user can only run svnserve -t.

Thanks. I didn't know of this trick either.
Amazing that one cannot find it in the ssh man pages... 'lesser known
fact' huh... That's an other phrase for 'undocumented feature', isn't
it? OK... it is in
  http://www.oreilly.com/catalog/sshtdg/chapter/ch11.html
....

> There's documentation about how to do that in the svn book.

Found it:

http://svnbook.red-bean.com/nightly/en/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshauth

> There are four access methods to a Subversion repository. file://
> won't work for your case, because the developers aren't all on the
> same machine. svn+ssh:// (tunneled svnserve) is what you're using
> now. It's also possible to set up subversion to go through http://
> or https:// (which involves configuring Apache appropriately) or to
> use the custom svn:// protocol, which involves running an svnserve
> process as daemon on your repository server. Documentation about
> the specifics of all of these is in the svn book.

I thought I knew all of this, but the devil is in the details.
Besides, I have a good memory: I forget fast.

But for http, I'd have to spell the password in clear, and I want to
avoid that.

I have to re-examine the svnserve options.

> Since you already have significant infrastructure set up, an access
> method switch might not be the best idea - each user would have to
> run svn switch --relocate whatever://repo.server/new/path in all
> their working copies.

If they'd have to do it once, this would even be acceptable.
Anyway, I don't think this should be needed.

One more question: at what point did I depart from the most basic main
stream setup for mirroring, or how to explain that these instructions
are not found (easily) in the documentation?

I mean now, in or from:
  http://svnbook.red-bean.com/nightly/en/svn.reposadmin.maint.html#svn.reposadmin.maint.replication

Or wouldn't you agree it is missing there?

Thanks again,
Marc

----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Aug 28 14:18:29 2007

This is an archived mail posted to the Subversion Users mailing list.