[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Logging repository accesses other than commits

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Fri, 1 Apr 2011 23:46:16 -0400

On Fri, Apr 1, 2011 at 10:09 PM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
> Doesn't 'svnserve --log-file' handle this?
>
> Clients run 'ssh $host svnserve -t' by default, so you'd have to make
> that invocation spawn an svnserve that has --log-file passed to it.  You
> could alter the svnserve in $PATH or use sshd configuration
> (ForceCommand and command="" directives) to achieve that.

Great. The "--log-file" option is not in the manual page. Time for a
bug report.

Modern versions of OpenSSH (such as the version 5 in RHEL 6 and
contemporary Debian releases) does not read your .bashrc for non-login
sessions. (This is actually standards compliant behavior, which
OpenSSH version 4 did not follow.) This makes stashing an svnserve
alias or $PATH setting unavailable going forward, and dependent on the
typically shared 'svn' user to have this set in their path for
svn+ssh.

ForceCommand looks like it will *break* ordinary svn+ssh, without
using the SSH_ORIGINAL_COMMAND environment variable. Interesting. It
would take fascinating parsing, and awkward configuration with managed
SSH keys, but it's vaguely feasible.

That looks...... really awkward to manage, and without any graceful
SSH key management tools for Subversion access, it becomes a alocal
and manually managed setup, and requires the manipulation of the SSH
daemon's sshd_config. That's not very modular.
Received on 2011-04-02 05:46:53 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.