On Wed, Feb 10, 2021 at 7:31 PM HONTVÁRI Levente <hontv...@flyordie.com> wrote: > > I understand that 1.14 disables storing a password at compile time. > > How am I supposed to run a subversion command in non-interactive scripts > like a cron job on a headless server? > > Of course I can supply the password on the command line but that is > definitely a step backwards compared to the old way, which stored the > password in a file which was only readable by the current user.
Yes, since 1.12 (see [1]), or more specifically, there is a compile-time setting that prevents Subversion from writing passwords to disk in plaintext. However, if the passwords are already present on disk, Subversion will use them, regardless of this compile-time setting. There are various ways to solve your issue: As a workaround, you could save the password to disk yourself, and then Subversion will use it. To do this, you could use an older version of Subversion, or any reasonably recent version that has been built with the feature enabled, or, if that's not a viable option: Another way to get the password onto disk is discussed toward the end of the following email thread on our dev@ list, see [2] below. In that email thread, there is a (somewhat of a prototype) shell script (for zsh) to save passwords. If you want to use it, please note that there were a few corrections, so be sure to use the latest version. Make sure you understand what it does before you run it; there is an explanation in that email thread of what the script does. (If you feel like porting it to plain portable sh or have any other improvements for it, feel free to respond to that email thread, or start a new one...) Besides getting the password onto disk, there are other possibilities, such as finding a way to inject a secret into a script; this is mentioned in [3]. This issue is frustrating and we do get questions about it; what prevents us from returning to the old way is that there's another side of the community that will come at us with pitchforks and torches if we store passwords to disk in plaintext, so the current situation is a compromise. Feel free to email dev@ with any suggestions you might have on how this could be improved. References: [1] https://subversion.apache.org/docs/release-notes/1.12.html#client-server-improvements [2] https://lists.apache.org/thread.html/r0eef40236aeddd1db18bc7882454dd3b18bcd721d8fd8c9e21aca52a%40%3Cdev.subversion.apache.org%3E [3] https://lists.apache.org/thread.html/r223e0833b1c75005fdb01a9c117039765addb32232e5327ea3a5b5dc%40%3Cusers.subversion.apache.org%3E Nathan
