Re: auto-props does not work on copied files
Thanks for your answer. Now I understand my mistake ;) W dniu 2010-12-29 20:50, David Weintraub pisze: On Wed, Dec 29, 2010 at 12:01 PM, Leszek Porębski wrote: Hi! I have the Revision auto-property set on files. It works pretty fine until you copy a file (etc. by branching it's project). After this adding $Rev$ to its content has no effect. Did the original file have that property on it? When you make a branch via "svn cp", all properties attached to the file are copied over to the branch too. If the original file didn't have the property on it, the version on the branch won't either. Autoproperties are only added with a "svn add" or a "svn import", so it won't automatically add properties when you branch.
Re: svnadmin create and not being method agnostic
On Wed, Dec 29, 2010 at 09:03:16AM -0800, Philip Prindeville wrote: > On 12/29/10 8:34 AM, Nico Kadel-Garcia wrote: > >On Wed, Dec 29, 2010 at 11:01 AM, Stefan Sperling wrote: > >>The initial concern raised in this thread was that there might exist > >>a hypothetical exploit of svnserve. I'm not sure if Philip was concerned > >>primarily about unauthorised access to repositories due to such an > >>exploit, or access to the server system itself. In the latter case, > >>your proposed change wouldn't make any difference. > >That's unclear, I agree. I've taken it in a slightly different > >direction, trying to address his concerns. > > So my concern is this: I want to be able to easily, clearly, and with > high confidence set up SVN to *only* work via Apache, and no other > way. And I think that it's not unreasonable for the admin to be able > to tell "svnadmin create" which access method he plans on using. That was clear from the beginning. However, you motivation for wanting this is still unclear to me. Is it because you're afraid of an svnserve exploit that would grant someone else access to your system? Is it because you're afraid of an svnserve exploit that would grant someone else access to your repositories? Or is it something other than any of the above? > Blaming the admin on software that's poorly designed and doesn't > follow the most obvious of principles (the Principle of Least > Astonishment being amongst them) is a cop out. I can also argue with the Principle of least astonishment: So say we've added a new svnadmin option --dont-create-svnserve-config, and we've made svnserve skip repositories which don't have an svnserve.conf file within them (putting aside the still unsolved problem of what svnserve should do when run with a single global config file). Now, from your point of view the problem is probably solved. However, it doesn't end there for me. As a developer I need to consider more use cases than those of just one user. What if the user later decides to use svnserve instead of apache? How would the principle of least astonishment be applied then? Do we tell those users to copy svnserve.conf from another repository? Do we add a new option --create-svnserve-config to svnadmin as well? What if the user now wants to prevent apache httpd from accessing one particular repository, but still access some others? You may conveniently argue that you don't care about this problem because it doesn't concern you. But Subversion developers cannot just add options and functionality without considering the overall use of those features for *all* Subversion users. The tool needs to be general. Because of this, in your case, I would prefer if you simply wrote a simple wrapper script to create your repositories, instead of us adding a new feature to svnadmin: create-svn-repos.sh: #!/bin/sh svnadmin create $1 rm -f $1/conf/svnserve.conf > Admins today have to be competent in operating a few hundred different > subsystems. Let's cut them some slack. IMO automation is a very good way of capturing this complexity. The script above is one way of automating repository creation to address your desire. I would go as far as recommending to take a look at puppet, a flexible large scale automation system for system administrators, to control your Subversion setup and create your repositories. This way you can take care of a lot of special requirements in an automated fashion. Everyone has special requirements, which is of course fine, but everyone also has *different* special requirements. > I'm a dev, I don't even do admin regularly, but this fell upon me > because we're short-handed right now. > > And I can say, as an admin a decade ago, that software that is simple > and clear to setup and operate is a joy in an otherwise largely > thankless job (since people only talk to you when things are broken, > not when they work correctly). I may be biased but I don't think a core Subversion setup is particularly complex to set up. It gets a lot more complex if you integrate Subversion with existing infrastructure and other tools. But there is not much Subversion's developers can do to help people with this, other than making sure that Subversion's solutions are as general, flexible, and scriptable as possible. > >The common approach *is* to use an unprivileged user. But see above: > >the locking out of non-designated users from read or write access to > >Subversion repositories is under-documented. > > > >Setting up repositories to do this for two users, such as "apache" and > >"svn", is even more fun and creates its own security overlap issues. > >Coupled with the "svnadmin hotcopy" lack of preservation of group > >permissions or sgid bits, and it's even more adventuresome. > > Yes, exactly. This is what I'm concerned about: lack of more > visible/obvious separation between what enables Apache and what > enables svnserve. I agree that the book could be improved here. One issue is that th
Re: svnadmin create and not being method agnostic
On Thu, Dec 30, 2010 at 03:29:11PM +0100, Stefan Sperling wrote: > create-svn-repos.sh: > #!/bin/sh > svnadmin create $1 > rm -f $1/conf/svnserve.conf Of course, you would also need to delete svnserve from the system and somehow make sure that no local user can compile their own svnserve binary or copy one from another system. Stefan
RE: svnadmin create and not being method agnostic
> I can also argue with the Principle of least astonishment: > > So say we've added a new svnadmin option --dont-create-svnserve- > config, > and we've made svnserve skip repositories which don't have an > svnserve.conf file within them (putting aside the still unsolved > problem > of what svnserve should do when run with a single global config > file). Well, the next complaint would be... that should be the default since if I run svnadmin create I don't "know" I need to use that option. It all comes back to, imnsho, people expect to be able to use complex software without spending even a small amount of time reading documentation and understanding how stuff works. Is there really that much overhead in deleting the binary and insuring the correct permissions are used on the repository folders to "keep the honest, honest?" After all, any one with root/administrator access is able to bypass anything you've done anyway. It rather see the devs working on 1.7 WC features like a real "branch" command, performance, etc, rather than adding a config option that nobody will use. Also, if you want a more "secure" version of subversion package up your own binaries that don't include svnserve... let the svn dev's work on the stuff that we can't do with 3 or 4 lines of a batch/command file. BOb
howto replace a file with a symbolic link (without obstruct error)
Hi, I searched google, I search the subversion doc (here I searched "obstruct" and found only a python sample). So my question (subversion.apache.org is just down, so I couldnt look at the faq): I have 2 files which are version controled: a.txt b.txt The result I want to get is: a.txt -> b.txt b.txt One possibility is: svn rm a.txt svn ci -m " removed a" ln -s b.txt a.txt svn add a.txt svn ci -m "added a as symlink" I also tried: svn rm a.txt ln -s b.txt a.txt svn ci -m "replaced with as symlink" But this does not work, I get an error "obstructed ..." svn stat tells me the file has a status "~" Stragely I got with rapidsvn a file status "R", but at the commandline I didnt figure out how to get this. Question: what is the "should-be" way of doing such a replacement ... it would be nice to put this in the official doc, so a lot of developers could save time posting in a lot of forums Im a little bit frustrated,sorry. But anyway, wish you a happy new year :-) Anton
Re: svnadmin create and not being method agnostic
On Thu, Dec 30, 2010 at 03:32:01PM +0100, Stefan Sperling wrote: > On Thu, Dec 30, 2010 at 03:29:11PM +0100, Stefan Sperling wrote: > > create-svn-repos.sh: > > #!/bin/sh > > svnadmin create $1 > > rm -f $1/conf/svnserve.conf > > Of course, you would also need to delete svnserve from the system > and somehow make sure that no local user can compile their own > svnserve binary or copy one from another system. An even better solution would be to make sure that no normal user on the system has read access to any of the repositories. Well, I guess there are many ways to achieve this, and some caveats. It would be nice if the outcome of this thread was a document detailing requirements and solutions for a secure, apache-only subversion setup on a unix system. Employing standard security tricks like a non-privileged user jailed in a chroot would be a plus. Does someone have the time and energy to put something like this together? I would be glad to do review, and help if necessary. We could then refer to it from the book or even integrate it in the book in part or in whole if the author gives permission to license them under the Creative Commons Attribution License v2.0. A similar document for svnserve would also be interesting. Oh, and if someone has the knowledge of how to do something like this on Windows (if that can be considered "secure" in the first place), that would also be interesting. But I'm afraid I wouldn't be able to help with that. Stefan
RE: svnadmin create and not being method agnostic
> Windows (if that can be considered "secure" in the first > place), > that would also be interesting. But I'm afraid I wouldn't be able > to help with that. Why all the hate? :) Suffice to say, windows servers (these days) are only as secure as the admin makes it. I guess that applies to *Nix servers too. BOb
Re: svnadmin create and not being method agnostic
Stefan Sperling wrote on Thu, Dec 30, 2010 at 15:48:16 +0100: > On Thu, Dec 30, 2010 at 03:32:01PM +0100, Stefan Sperling wrote: > > On Thu, Dec 30, 2010 at 03:29:11PM +0100, Stefan Sperling wrote: > > > create-svn-repos.sh: > > > #!/bin/sh > > > svnadmin create $1 > > > rm -f $1/conf/svnserve.conf > > > > Of course, you would also need to delete svnserve from the system > > and somehow make sure that no local user can compile their own > > svnserve binary or copy one from another system. > > An even better solution would be to make sure that no normal user > on the system has read access to any of the repositories. > > Well, I guess there are many ways to achieve this, and some caveats. > > It would be nice if the outcome of this thread was a document detailing > requirements and solutions for a secure, apache-only subversion setup > on a unix system. Patch the kernel and sshd to look for ra_svn greeting being on every new network socket and ssh command? Anyway: what is the attack being prevented here? I gather that for some reason just saying "The admin won't install svnserve" isn't good enough. > Employing standard security tricks like a non-privileged > user jailed in a chroot would be a plus. > Does someone have the time and energy to put something like this together? > I would be glad to do review, and help if necessary. > > We could then refer to it from the book or even integrate it in the book > in part or in whole if the author gives permission to license them > under the Creative Commons Attribution License v2.0. > > A similar document for svnserve would also be interesting. > > Oh, and if someone has the knowledge of how to do something like > this on Windows (if that can be considered "secure" in the first place), > that would also be interesting. But I'm afraid I wouldn't be able to > help with that. > > Stefan
Re: svnadmin create and not being method agnostic
On Thu, Dec 30, 2010 at 05:02:55PM +0200, Daniel Shahaf wrote: > Stefan Sperling wrote on Thu, Dec 30, 2010 at 15:48:16 +0100: > > It would be nice if the outcome of this thread was a document detailing > > requirements and solutions for a secure, apache-only subversion setup > > on a unix system. > > Patch the kernel and sshd to look for ra_svn greeting being on every new > network socket and ssh command? Heh. No way, having the kernel peep into packets like that would be a severe layering violation! :) > Anyway: what is the attack being prevented here? I gather that for some > reason just saying "The admin won't install svnserve" isn't good enough. Yes, that's why any such document should detail requirements. It should be clear what is being protected, and why. It should also be clear what is not being protected, and why. Stefan
Re: File Obstructed by Symbolic Link Prevents Submitting Unrelated Changelists
Nick wrote on Tue, Dec 21, 2010 at 12:00:47 -0500: > On Tue, 2010-12-21 at 11:59 +0200, Daniel Shahaf wrote: > > I've updated some > > fields, and I'll try to get around to look at it in more detail some > > time. > > I appreciate it, thanks! Sendingsubversion/libsvn_client/commit_util.c Sendingsubversion/tests/cmdline/special_tests.py Transmitting file data .. Committed revision 1053984. Enjoy, Daniel
Re: File Obstructed by Symbolic Link Prevents Submitting Unrelated Changelists
On Thu, 2010-12-30 at 21:42 +0200, Daniel Shahaf wrote: > Nick wrote on Tue, Dec 21, 2010 at 12:00:47 -0500: > > On Tue, 2010-12-21 at 11:59 +0200, Daniel Shahaf wrote: > > > I've updated some > > > fields, and I'll try to get around to look at it in more detail some > > > time. > > > > I appreciate it, thanks! > > Sendingsubversion/libsvn_client/commit_util.c > Sendingsubversion/tests/cmdline/special_tests.py > Transmitting file data .. > Committed revision 1053984. Awesome, thanks! Any idea which release this will make it into?
Re: File Obstructed by Symbolic Link Prevents Submitting Unrelated Changelists
Nick wrote on Thu, Dec 30, 2010 at 15:44:52 -0500: > On Thu, 2010-12-30 at 21:42 +0200, Daniel Shahaf wrote: > > > Nick wrote on Tue, Dec 21, 2010 at 12:00:47 -0500: > > > On Tue, 2010-12-21 at 11:59 +0200, Daniel Shahaf wrote: > > > > I've updated some > > > > fields, and I'll try to get around to look at it in more detail some > > > > time. > > > > > > I appreciate it, thanks! > > > > Sendingsubversion/libsvn_client/commit_util.c > > Sendingsubversion/tests/cmdline/special_tests.py > > Transmitting file data .. > > Committed revision 1053984. > > > Awesome, thanks! Any idea which release this will make it into? > 1.7.0. It may also make it into a 1.6.x: I've nominated it for backport, and now it needs three +1 votes by full committers. (I haven't voted yet.)
Re: File Obstructed by Symbolic Link Prevents Submitting Unrelated Changelists
On Thu, 2010-12-30 at 22:44 +0200, Daniel Shahaf wrote: > > Awesome, thanks! Any idea which release this will make it into? > > > > 1.7.0. > > It may also make it into a 1.6.x: I've nominated it for backport, and > now it needs three +1 votes by full committers. > > (I haven't voted yet.) While it would be great to have this fix in the next 1.6.x, I've dealt w/ this behavior for over a year, so obviously it's not critical. I really appreciate your prompt attention to this--thanks again Daniel! Best regards, Nick
Re: howto replace a file with a symbolic link (without obstruct error)
On Thu, 2010-12-30 at 15:48 +0100, anton wrote: > Hi, > > I searched google, I search the subversion doc > (here I searched "obstruct" and found only a python sample). > > So my question (subversion.apache.org is just down, so I couldnt > look at the faq): > > I have 2 files which are version controled: > > a.txt > b.txt > > The result I want to get is: > > a.txt -> b.txt > b.txt > > One possibility is: > > svn rm a.txt > svn ci -m " removed a" > ln -s b.txt a.txt > svn add a.txt > svn ci -m "added a as symlink" > > I also tried: > > svn rm a.txt > ln -s b.txt a.txt > svn ci -m "replaced with as symlink" > > But this does not work, I get an error "obstructed ..." > svn stat tells me the file has a status "~" > > Stragely I got with rapidsvn a file status "R", but at the commandline > I didnt figure out how to get this. > > Question: > > what is the "should-be" way of doing such a replacement > > ... it would be nice to put this in the official doc, > so a lot of developers could save time posting in a lot of forums > > Im a little bit frustrated,sorry. > > But anyway, wish you a happy new year :-) > > Anton I've been bumping into this same situation recently and would also like to hear how best to handle it. Nick
Re: howto replace a file with a symbolic link (without obstruct error)
Nick wrote on Thu, Dec 30, 2010 at 15:54:54 -0500: > On Thu, 2010-12-30 at 15:48 +0100, anton wrote: > > Hi, > > > > I searched google, I search the subversion doc > > (here I searched "obstruct" and found only a python sample). > > > > So my question (subversion.apache.org is just down, so I couldnt > > look at the faq): > > > > I have 2 files which are version controled: > > > > a.txt > > b.txt > > > > The result I want to get is: > > > > a.txt -> b.txt > > b.txt > > > > One possibility is: > > > > svn rm a.txt > > svn ci -m " removed a" > > ln -s b.txt a.txt > > svn add a.txt > > svn ci -m "added a as symlink" > > > > I also tried: > > > > svn rm a.txt > > ln -s b.txt a.txt At this point you need to: svn add a.txt > > svn ci -m "replaced with as symlink" > > You could have tried 'svn ci a.txt' here. (with an explicit target) > > But this does not work, I get an error "obstructed ..." > > svn stat tells me the file has a status "~" > > > > Stragely I got with rapidsvn a file status "R", but at the commandline > > I didnt figure out how to get this. > > > > Question: > > > > what is the "should-be" way of doing such a replacement > > > > ... it would be nice to put this in the official doc, > > so a lot of developers could save time posting in a lot of forums > > > > Im a little bit frustrated,sorry. > > > > But anyway, wish you a happy new year :-) > > > > Anton > > I've been bumping into this same situation recently and would also like > to hear how best to handle it. > > Nick > >
"svnadmin load" a huge file
Colleagues, I have a CVS repository sized 54M with 17751 files. "cvs2svn --dumpfile" produces a dump sized 13G. svnadmin cannot load this dump aborting with an out of memory condition on a FreeBSD 8.1-RELEASE box with 1G of RAM and 2.5G of swap. I really need to convert this repository to SVN. What should i do? Any advice is appreciated. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru
