Subversion 1.14.2 on Linux how to enable plaintext password store?

2023-11-30 Thread Bo Berglund
When I installed subversion on a Raspberry Pi4B and checked the installed
version afterwards it printed this:

$ svn --version
svn, version 1.14.2 (r1899510)
   compiled Nov 12 2022, 20:30:30 on arm-unknown-linux-gnueabihf

Copyright (C) 2022 The Apache Software Foundation.
This software consists of contributions made by many people;
see the NOTICE file for more information.
Subversion is open source software, see http://subversion.apache.org/

< cut >

The following authentication credential caches are available:

* Plaintext cache in /home/bosse/.subversion
* Gnome Keyring
* GPG-Agent
* KWallet (KDE)

I have had a lot of problems with password caching for a number of years since I
am working on these devices mainly on the command line via ssh and when I issue
a svn command against a server on our LAN what happens is that svn pops up a
password entry dialog on the (invisible) **GUI screen**!
And the operation started on the command line fails...

It was not always so but some svn update changed the way svn operates

Now I see the banner above where it looks like it is again available:

* Plaintext cache in /home/bosse/.subversion

The problem is that in the config file there is no example of the syntax for
enabling this

So my question here is:
How do I enable the plaintext cache in svn client version 1.14.2 on a Raspberry
Pi4B running Pi-OS?


-- 
Bo Berglund
Developer in Sweden



Re: Subversion 1.14.2 on Linux how to enable plaintext password store?

2023-11-30 Thread Nathan Hartman
On Thu, Nov 30, 2023 at 6:43 PM Bo Berglund  wrote:
>
> When I installed subversion on a Raspberry Pi4B and checked the installed
> version afterwards it printed this:
>
> $ svn --version
> svn, version 1.14.2 (r1899510)
>compiled Nov 12 2022, 20:30:30 on arm-unknown-linux-gnueabihf
>
> Copyright (C) 2022 The Apache Software Foundation.
> This software consists of contributions made by many people;
> see the NOTICE file for more information.
> Subversion is open source software, see http://subversion.apache.org/
>
> < cut >
>
> The following authentication credential caches are available:
>
> * Plaintext cache in /home/bosse/.subversion
> * Gnome Keyring
> * GPG-Agent
> * KWallet (KDE)
>
> I have had a lot of problems with password caching for a number of years 
> since I
> am working on these devices mainly on the command line via ssh and when I 
> issue
> a svn command against a server on our LAN what happens is that svn pops up a
> password entry dialog on the (invisible) **GUI screen**!
> And the operation started on the command line fails...
>
> It was not always so but some svn update changed the way svn operates
>
> Now I see the banner above where it looks like it is again available:
>
> * Plaintext cache in /home/bosse/.subversion
>
> The problem is that in the config file there is no example of the syntax for
> enabling this
>
> So my question here is:
> How do I enable the plaintext cache in svn client version 1.14.2 on a 
> Raspberry
> Pi4B running Pi-OS?
>
>
> --
> Bo Berglund
> Developer in Sweden


In the user's home directory, there should be a subdirectory called
.subversion which contains a file called config. In that file, there
is a section called [auth] which contains a setting called
"password-stores". It might be commented, or it might say something
like "password-stores = gpg-agent,gnome-keyring,kwallet". This setting
determines the order in which the different password stores
(credential caches) are used. You could set this to "password-stores =
plaintext". Make sure you don't have "store-passwords = no" or
"store-plaintext-passwords = no". I think this will solve the issue --
though note that if the password has not been saved to the plaintext
cache yet, the SVN client should prompt for it once, and then prompt
whether you accept the risk to save it in the plaintext cache. This
should take place on the command line, so I think you won't have the
issue with the inaccessible GUI dialog box on the remote machine. Once
saved, it shouldn't prompt for it anymore.

Note: In addition to the user's ~/.subversion/config file I mentioned
above, there is also a systemwide /etc/subversion/config. If changes
in the user-level file don't appear to work, check the systemwide one
as well.

Hope this helps,
Nathan


Re: Subversion 1.14.2 on Linux how to enable plaintext password store?

2023-11-30 Thread Bo Berglund
On Fri, 1 Dec 2023 00:55:30 -0500, Nathan Hartman 
wrote:

>On Thu, Nov 30, 2023 at 6:43?PM Bo Berglund  wrote:
>>
>> When I installed subversion on a Raspberry Pi4B and checked the installed
>> version afterwards it printed this:
>>
>> $ svn --version
>> svn, version 1.14.2 (r1899510)
>>compiled Nov 12 2022, 20:30:30 on arm-unknown-linux-gnueabihf
>>
>> Copyright (C) 2022 The Apache Software Foundation.
>> This software consists of contributions made by many people;
>> see the NOTICE file for more information.
>> Subversion is open source software, see http://subversion.apache.org/
>>
>> < cut >
>>
>> The following authentication credential caches are available:
>>
>> * Plaintext cache in /home/bosse/.subversion
>> * Gnome Keyring
>> * GPG-Agent
>> * KWallet (KDE)
>>
>> I have had a lot of problems with password caching for a number of years 
>> since I
>> am working on these devices mainly on the command line via ssh and when I 
>> issue
>> a svn command against a server on our LAN what happens is that svn pops up a
>> password entry dialog on the (invisible) **GUI screen**!
>> And the operation started on the command line fails...
>>
>> It was not always so but some svn update changed the way svn operates
>>
>> Now I see the banner above where it looks like it is again available:
>>
>> * Plaintext cache in /home/bosse/.subversion
>>
>> The problem is that in the config file there is no example of the syntax for
>> enabling this
>>
>> So my question here is:
>> How do I enable the plaintext cache in svn client version 1.14.2 on a 
>> Raspberry
>> Pi4B running Pi-OS?
>>
>>
>> --
>> Bo Berglund
>> Developer in Sweden
>
>
>In the user's home directory, there should be a subdirectory called
>.subversion which contains a file called config. In that file, there
>is a section called [auth] which contains a setting called
>"password-stores". It might be commented, or it might say something
>like "password-stores = gpg-agent,gnome-keyring,kwallet". This setting
>determines the order in which the different password stores
>(credential caches) are used. You could set this to "password-stores =
>plaintext". Make sure you don't have "store-passwords = no" or
>"store-plaintext-passwords = no". I think this will solve the issue --
>though note that if the password has not been saved to the plaintext
>cache yet, the SVN client should prompt for it once, and then prompt
>whether you accept the risk to save it in the plaintext cache. This
>should take place on the command line, so I think you won't have the
>issue with the inaccessible GUI dialog box on the remote machine. Once
>saved, it shouldn't prompt for it anymore.
>
>Note: In addition to the user's ~/.subversion/config file I mentioned
>above, there is also a systemwide /etc/subversion/config. If changes
>in the user-level file don't appear to work, check the systemwide one
>as well.
>
>Hope this helps,
>Nathan

This is the auth content of the user's config file (which is what I referred to
in my post):

### Section for authentication and authorization customizations.
[auth]
### Set password stores used by Subversion. They should be
### delimited by spaces or commas. The order of values determines
### the order in which password stores are used.
### Valid password stores:
###   gnome-keyring(Unix-like systems)
###   kwallet  (Unix-like systems)
###   gpg-agent(Unix-like systems)
###   keychain (Mac OS X)
###   windows-cryptoapi(Windows)
# password-stores = gpg-agent,gnome-keyring,kwallet
### To disable all password stores, use an empty list:
# password-stores =
###

... info stuff about Kwallet,PID, ssl ...

### The rest of the [auth] section in this file has been deprecated.
### Both 'store-passwords' and 'store-auth-creds' can now be
### specified in the 'servers' file in your config directory
### and are documented there. Anything specified in this section
### is overridden by settings specified in the 'servers' file.
# store-passwords = no
# store-auth-creds = no

So this is what I meant by missing plaintext...

And the system wide /etc/subversion/config is exactly the same as the user's
config file, diff returns nothing.

So the question remains if adding a setting like this will work:
password-stores =plaintext

given the text in the config file...

I have also looked in the servers file and am none the wiser...

What I really want is NOT to have my svn password stored in *unencrypted
plaintext*, just that it is stored on disk in a way that can be used by
subversion on the next connection so I don't have to type it in for every single
svn command! And it must work on the SSH command line!!!

I am fine with svn encrypting the password using whetever mechanism it wants so
long as the password handling DOES NOT require some action outside of the
command window where the svn command is entered. Popping up a GUI action windows
is totally counter-productive since it is invisible.

As it has been for some t