Re: SVN authorization
> On Aug 6, 2015, at 9:44 AM, Rainer Müller wrote: > > Hello Craig, > > On 2015-08-06 14:52, Craig Treleaven wrote: >>> On Aug 5, 2015, at 11:20 PM, Mihai Moldovan wrote: >>> >>> On 06.08.2015 02:53 AM, Craig Treleaven wrote: I vaguely recall running an svn command to add MacPorts as a trusted server (or some-such) but I don’t recall the details. Could someone point me in the right direction? >>> >>> Refer to https://trac.macports.org/wiki/howto/SyncingWithSVN and >>> specifically to >>> Step 3 under "Configuration”. >> >> Thanks for the pointer. As I read the page, I only need to do the second >> part--storing the certificate file in >> [blah]/.subversion/auth/svn.ssl.server. However, trying to selfupdate, I >> still get: >> >> ---> Updating the ports tree >> Synchronizing local ports tree from file:///Users/craigtreleaven/mp/ports >> Updating '.': >> svn: E175002: Unable to connect to a repository at URL >> 'https://svn.macports.org/repository/macports/trunk/dports' >> svn: E175002: OPTIONS of >> 'https://svn.macports.org/repository/macports/trunk/dports': Server >> certificate verification failed: issuer is not trusted >> (https://svn.macports.org) >> Command failed: /usr/bin/svn update --non-interactive >> /Users/craigtreleaven/mp/ports >> Exit code: 1 >> >> >> I wonder if it is the ownership/permissions of the certificate file. The >> wiki page doesn’t say so, but I had to use ‘sudo’ to create the directory >> and write the certificate file to it. >> >> $ sudo ls -al /opt/local/var/macports/home/.subversion/auth/svn.ssl.server >> total 8 >> drwxr-xr-x 3 root admin 102 6 Aug 08:27 . >> drwx-- 6 root admin 204 5 Aug 20:19 .. >> -rw-r--r-- 1 root admin 1806 6 Aug 08:27 9368d05e066fecedad33aa815bbaf7cc > > Only root will be able to read this file (due to permissions on ".."). > MacPorts automatically runs the update command as the user owning the > Subversion working copy, so you need to configure it for that user. The > instructions in the wiki assume the ports tree will be owned by the > macports user. > >> Finally, I checked a backup of my 10.6 volume and I didn’t even have a >> '/opt/local/var/macports/home/.subversion/auth/svn.ssl.server’ directory? > > Back then, /usr/bin/svn was still able to verify SSL certificates for > HTTPS. Apple broke this with OS X 10.7 Lion and never fixed it. > /usr/bin/svn does not have any list of trusted authorities and > therefore always display this certificate warning requiring manual > acknowledgement to continue. > > Side note: if you install the subversion port and either curl-ca-bundle > or certsync, certificate verification for HTTPS should just work using > /opt/local/bin/svn. > > I prefer to keep the ports tree in my home directory, where I also keep > everything else I am working on. As MacPorts automatically switches to > the user owning the ports tree, this works just fine and also uses my > configuration of Subversion. But I need to ensure that the macports > user is able to read the Portfiles (and accompanying patches). My setup > is as follows: > > In my /opt/local/etc/macports/sources.conf I have the following entry: > file:///Users/raimue/src/macports/trunk/dports/ [default] > > The permissions on this path are the following, especially I need the > x-bit to allow any user to traverse through my home directory: > drwxr-xr-x6 rootadmin 204 Feb 21 21:32 /Users > drwxr-xr-x+ 227 raimue staff 7718 Aug 6 15:26 /Users/raimue > 0: group:everyone deny delete > drwx--x--x 117 raimue staff 3978 Jul 27 10:54 /Users/raimue/src > drwxr-xr-x 23 raimue staff 782 Jun 7 13:03 /Users/raimue/src/macports > drwxr-xr-x+ 12 raimue staff 408 Mar 7 16:21 > /Users/raimue/src/macports/trunk > 0: group:everyone allow list,search,file_inherit,directory_inherit > drwxr-xr-x+ 52 raimue staff 1768 Aug 5 15:14 > /Users/raimue/src/macports/trunk/dports > 0: group:everyone allow list,search,file_inherit,directory_inherit > > These additional ACL entries make sure that the macports user is able > to read Portfiles in the ports tree (not sure why I have that one on > $HOME itself, is it default?). I could have made them less permissive, > but the tree should not contain anything private anyway. They ensure > that all newly created files get the correct permissions. Only when > moving files from somewhere else into the ports tree I need to be more > cautious and apply the ACL rules once again. > > The command to set these ACLs would be: > chmod -R +a "group:everyone allow > read,execute,list,search,file_inherit,directory_inherit" > > Hopefully that helps you with your own setup. Thanks Rainer! I installed subversion, logged out and back in to clear the hash, and then needed to run svn upgrade in my ports directory. That cleared the remaining hurdles and my tree is now updating! Thanks again. Craig ___ macports-de
Re: SVN authorization
Hello Craig, On 2015-08-06 14:52, Craig Treleaven wrote: >> On Aug 5, 2015, at 11:20 PM, Mihai Moldovan wrote: >> >> On 06.08.2015 02:53 AM, Craig Treleaven wrote: >>> I vaguely recall running an svn command to add MacPorts as a trusted server >>> (or some-such) but I don’t recall the details. >>> >>> Could someone point me in the right direction? >> >> Refer to https://trac.macports.org/wiki/howto/SyncingWithSVN and >> specifically to >> Step 3 under "Configuration”. > > Thanks for the pointer. As I read the page, I only need to do the second > part--storing the certificate file in [blah]/.subversion/auth/svn.ssl.server. > However, trying to selfupdate, I still get: > > ---> Updating the ports tree > Synchronizing local ports tree from file:///Users/craigtreleaven/mp/ports > Updating '.': > svn: E175002: Unable to connect to a repository at URL > 'https://svn.macports.org/repository/macports/trunk/dports' > svn: E175002: OPTIONS of > 'https://svn.macports.org/repository/macports/trunk/dports': Server > certificate verification failed: issuer is not trusted > (https://svn.macports.org) > Command failed: /usr/bin/svn update --non-interactive > /Users/craigtreleaven/mp/ports > Exit code: 1 > > > I wonder if it is the ownership/permissions of the certificate file. The > wiki page doesn’t say so, but I had to use ‘sudo’ to create the directory and > write the certificate file to it. > > $ sudo ls -al /opt/local/var/macports/home/.subversion/auth/svn.ssl.server > total 8 > drwxr-xr-x 3 root admin 102 6 Aug 08:27 . > drwx-- 6 root admin 204 5 Aug 20:19 .. > -rw-r--r-- 1 root admin 1806 6 Aug 08:27 9368d05e066fecedad33aa815bbaf7cc Only root will be able to read this file (due to permissions on ".."). MacPorts automatically runs the update command as the user owning the Subversion working copy, so you need to configure it for that user. The instructions in the wiki assume the ports tree will be owned by the macports user. > Finally, I checked a backup of my 10.6 volume and I didn’t even have a > '/opt/local/var/macports/home/.subversion/auth/svn.ssl.server’ directory? Back then, /usr/bin/svn was still able to verify SSL certificates for HTTPS. Apple broke this with OS X 10.7 Lion and never fixed it. /usr/bin/svn does not have any list of trusted authorities and therefore always display this certificate warning requiring manual acknowledgement to continue. Side note: if you install the subversion port and either curl-ca-bundle or certsync, certificate verification for HTTPS should just work using /opt/local/bin/svn. I prefer to keep the ports tree in my home directory, where I also keep everything else I am working on. As MacPorts automatically switches to the user owning the ports tree, this works just fine and also uses my configuration of Subversion. But I need to ensure that the macports user is able to read the Portfiles (and accompanying patches). My setup is as follows: In my /opt/local/etc/macports/sources.conf I have the following entry: file:///Users/raimue/src/macports/trunk/dports/ [default] The permissions on this path are the following, especially I need the x-bit to allow any user to traverse through my home directory: drwxr-xr-x6 rootadmin 204 Feb 21 21:32 /Users drwxr-xr-x+ 227 raimue staff 7718 Aug 6 15:26 /Users/raimue 0: group:everyone deny delete drwx--x--x 117 raimue staff 3978 Jul 27 10:54 /Users/raimue/src drwxr-xr-x 23 raimue staff 782 Jun 7 13:03 /Users/raimue/src/macports drwxr-xr-x+ 12 raimue staff 408 Mar 7 16:21 /Users/raimue/src/macports/trunk 0: group:everyone allow list,search,file_inherit,directory_inherit drwxr-xr-x+ 52 raimue staff 1768 Aug 5 15:14 /Users/raimue/src/macports/trunk/dports 0: group:everyone allow list,search,file_inherit,directory_inherit These additional ACL entries make sure that the macports user is able to read Portfiles in the ports tree (not sure why I have that one on $HOME itself, is it default?). I could have made them less permissive, but the tree should not contain anything private anyway. They ensure that all newly created files get the correct permissions. Only when moving files from somewhere else into the ports tree I need to be more cautious and apply the ACL rules once again. The command to set these ACLs would be: chmod -R +a "group:everyone allow read,execute,list,search,file_inherit,directory_inherit" Hopefully that helps you with your own setup. Rainer ___ macports-dev mailing list macports-dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-dev
Re: SVN authorization
> On Aug 5, 2015, at 11:20 PM, Mihai Moldovan wrote: > > On 06.08.2015 02:53 AM, Craig Treleaven wrote: >> I vaguely recall running an svn command to add MacPorts as a trusted server >> (or some-such) but I don’t recall the details. >> >> Could someone point me in the right direction? > > Refer to https://trac.macports.org/wiki/howto/SyncingWithSVN and specifically > to > Step 3 under "Configuration”. Thanks for the pointer. As I read the page, I only need to do the second part--storing the certificate file in [blah]/.subversion/auth/svn.ssl.server. However, trying to selfupdate, I still get: ---> Updating the ports tree Synchronizing local ports tree from file:///Users/craigtreleaven/mp/ports Updating '.': svn: E175002: Unable to connect to a repository at URL 'https://svn.macports.org/repository/macports/trunk/dports' svn: E175002: OPTIONS of 'https://svn.macports.org/repository/macports/trunk/dports': Server certificate verification failed: issuer is not trusted (https://svn.macports.org) Command failed: /usr/bin/svn update --non-interactive /Users/craigtreleaven/mp/ports Exit code: 1 I wonder if it is the ownership/permissions of the certificate file. The wiki page doesn’t say so, but I had to use ‘sudo’ to create the directory and write the certificate file to it. $ sudo ls -al /opt/local/var/macports/home/.subversion/auth/svn.ssl.server total 8 drwxr-xr-x 3 root admin 102 6 Aug 08:27 . drwx-- 6 root admin 204 5 Aug 20:19 .. -rw-r--r-- 1 root admin 1806 6 Aug 08:27 9368d05e066fecedad33aa815bbaf7cc Finally, I checked a backup of my 10.6 volume and I didn’t even have a '/opt/local/var/macports/home/.subversion/auth/svn.ssl.server’ directory? Craig ___ macports-dev mailing list macports-dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-dev
Re: SVN authorization
On 06.08.2015 02:53 AM, Craig Treleaven wrote: > I vaguely recall running an svn command to add MacPorts as a trusted server > (or some-such) but I don’t recall the details. > > Could someone point me in the right direction? Refer to https://trac.macports.org/wiki/howto/SyncingWithSVN and specifically to Step 3 under "Configuration". Mihai signature.asc Description: OpenPGP digital signature ___ macports-dev mailing list macports-dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-dev
SVN authorization
Hi: I migrated from 10.6 to 10.10 recently and I now want to do some work on the ports I maintain but I’ve run into a snag. Trying to run 'sudo port -v selfupdate’ results in: … ---> Updating the ports tree Synchronizing local ports tree from file:///Users/craigtreleaven/mp/ports Updating '.': svn: E175002: Unable to connect to a repository at URL 'https://svn.macports.org/repository/macports/trunk/dports' svn: E175002: OPTIONS of 'https://svn.macports.org/repository/macports/trunk/dports': Server certificate verification failed: issuer is not trusted (https://svn.macports.org) Command failed: /usr/bin/svn update --non-interactive /Users/craigtreleaven/mp/ports Exit code: 1 … I vaguely recall running an svn command to add MacPorts as a trusted server (or some-such) but I don’t recall the details. Could someone point me in the right direction? Thanks, Craig ___ macports-dev mailing list macports-dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-dev
