On 06/06/14 12:05, Philip Martin wrote:
Number Cruncher <number.crunc...@ntlworld.com> writes:
I'm running a Subversion 1.8.9 build for Fedora 20 and have been
struggling for a day to get Subversion to save my PKCS12 certificate
file password in any store. I've not had any problems with earlier
Subversion (e.g. running 1.6.18 on F16 with kwallet).
I've tried setting breakpoints on svn_auth_save_credentials but it
never seems to be called.
This is a regression introduced in 1.8. In 1.7 libsvn_ra_neon handled
the certificate decryption and would save a working passphrase. In 1.8
libsvn_ra_serf no longer handles the certificate decryption directly, it
now happens in serf, and there is no code for Subversion to save the
passphrase.
I've raised http://subversion.tigris.org/issues/show_bug.cgi?id=4509
Thanks; I thought I was going mad. Is building against neon still supported?
Given what you told me, I was able to find a workaround and manual
create the password store:
1) .subversion/config: [auth] section set to "password-stores = kwallet"
2) Run "kwalletmanager", open kwallet via "system tray"
3) Open default wallet and create new top-level "Subversion" folder
(alongside Form Data, Passwords)
4) Select "Passwords" within Subversion folder and create new one with
key "@" + path_to_p12, e.g. "@/home/nc/nc.p12"
5) Type in password into kwallet for this key
Watch where svn is trying to retrieve the data from "strace -e
trace=lstat svn ls http://...."; e.g. reveals
/home/nc/.subversion/auth/svn.ssl.client-passphrase/345983d745d98273c095e872a09"
Populate this "345983d745d98273c095e872a09" file with e.g.:
K 15
svn:realmstring
V 45
/home/nc/nc.p12
END
This might help someone in the meantime. Note that my username is
derived from the certificate common name, otherwise I think you need
"Username@" as the password key.
Simon
