On 06/06/14 12:05, Philip Martin wrote:
> Number Cruncher <number.cruncher_at_ntlworld.com> writes:
>
>> I'm running a Subversion 1.8.9 build for Fedora 20 and have been
>> struggling for a day to get Subversion to save my PKCS12 certificate
>> file password in any store. I've not had any problems with earlier
>> Subversion (e.g. running 1.6.18 on F16 with kwallet).
>> I've tried setting breakpoints on svn_auth_save_credentials but it
>> never seems to be called.
> This is a regression introduced in 1.8. In 1.7 libsvn_ra_neon handled
> the certificate decryption and would save a working passphrase. In 1.8
> libsvn_ra_serf no longer handles the certificate decryption directly, it
> now happens in serf, and there is no code for Subversion to save the
> passphrase.
>
> I've raised http://subversion.tigris.org/issues/show_bug.cgi?id=4509
>
Thanks; I thought I was going mad. Is building against neon still supported?
Given what you told me, I was able to find a workaround and manual
create the password store:
1) .subversion/config: [auth] section set to "password-stores = kwallet"
2) Run "kwalletmanager", open kwallet via "system tray"
3) Open default wallet and create new top-level "Subversion" folder
(alongside Form Data, Passwords)
4) Select "Passwords" within Subversion folder and create new one with
key "@" + path_to_p12, e.g. "@/home/nc/nc.p12"
5) Type in password into kwallet for this key
Watch where svn is trying to retrieve the data from "strace -e
trace=lstat svn ls http://...." e.g. reveals
/home/nc/.subversion/auth/svn.ssl.client-passphrase/345983d745d98273c095e872a09"
Populate this "345983d745d98273c095e872a09" file with e.g.:
K 15
svn:realmstring
V 45
/home/nc/nc.p12
END
This might help someone in the meantime. Note that my username is
derived from the certificate common name, otherwise I think you need
"Username@" as the password key.
Simon
Received on 2014-06-06 14:51:42 CEST