Re: svn export bug in 1.6.13
Am Freitag, 29. Oktober 2010 schrieb Daniel Shahaf: http://subversion.tigris.org/issues/show_bug.cgi?id=3727 Chris Seawood wrote on Fri, Oct 29, 2010 at 10:04:17 -0700: Hi, our workflow currently does not work due to this bug. Is there a fixed 1.6.13 version in the repository we can check out to replace the broken 1.6.13? Or do you recommend that one goes back to 1.6.12? Chrsitoph
Re: svn export bug in 1.6.13
On Tue, Nov 09, 2010 at 10:37:02AM +0100, Christoph Bartoschek wrote: Am Freitag, 29. Oktober 2010 schrieb Daniel Shahaf: http://subversion.tigris.org/issues/show_bug.cgi?id=3727 Chris Seawood wrote on Fri, Oct 29, 2010 at 10:04:17 -0700: Hi, our workflow currently does not work due to this bug. Is there a fixed 1.6.13 version in the repository we can check out to replace the broken 1.6.13? Or do you recommend that one goes back to 1.6.12? The bug has been fixed in trunk. The fix has not been nominated for backport to 1.6.x yet but I will do so shortly. Until the fix appears in a new Subversion release, you can go back to 1.6.12. Alternatively, if you feel comfortable compiling svn yourself from source, you will be able to check out a branch from our repository that contains recent 1.6.x code (currently very close to 1.6.13) plus the fix. If you want to do that let me know and I'll send you the URL once it exists. Stefan
Re: svn export bug in 1.6.13
The bug has been fixed in trunk. The fix has not been nominated for backport to 1.6.x yet but I will do so shortly. Until the fix appears in a new Subversion release, you can go back to 1.6.12. Alternatively, if you feel comfortable compiling svn yourself from source, you will be able to check out a branch from our repository that contains recent 1.6.x code (currently very close to 1.6.13) plus the fix. If you want to do that let me know and I'll send you the URL once it exists. Yes, I would like to compile the recent 1.6.x code with the fix. Please send me the URL. Thanks Christoph
Re: SvnAnt: property prefix inconsistency
On Tue, Nov 9, 2010 at 06:24, Ludwig, Michael michael.lud...@delphi-mb.de wrote: SvnAnt tasks return information to the caller by setting various properties. The caller can have the library apply prefixes to these properties. There are inconsistencies in how prefixes are applied to these properties. SVNAnt is part of the Subclipse project and has its own set of mailing lists which may be better suited to your questions concerns. http://subclipse.tigris.org/ds/viewForums.do
SvnAnt: equivalent to svn list $repo_url ?
Using svn list svn://svnsrv/bla/blub, I can browse the repository. Can I do the equivalent using SvnAnt? http://subclipse.tigris.org/svnant.html The list (or ls) command is missing from the SvnAnt task list. The Svn selectors (like svnNormal/) are documented to work on filesets only. -- Michael Ludwig
Re: locking down access to a repository
On Tue, Nov 9, 2010 at 7:12 AM, Patricia A Moss pmo...@csc.com wrote: I think this is the correct mailing list for this question. I am LDAP authenticating against 2 domain controllers; in 2 different locations. I thought that I was locking down each repository to allow only users, included in a specific AD group, to have read/write access to a repository. I say supposedly because apparently the second part is not working. Right now, anyone can access any repository. Can someone lend a hand in figuring out what I have done wrong, or need to do? Here is what I have: I've configured my ldap aliases as follows: AuthnProviderAlias ldap ldap-FCGNET AuthLDAPBindDN FCGNET\svnuser AuthLDAPBindPassword x AuthLDAPURL ldap://xx.fcg.com:3268/DC=fcg,DC=com?samAccountName?sub? (objectCategory=person) /AuthnProviderAlias AuthnProviderAlias ldap ldap-VIET AuthLDAPBindDN CN=fcgvuser,OU=Service Accounts,OU=Users,OU=Production,DC =vdc,DC=csc,DC=com AuthLDAPBindPassword xxx AuthLDAPURL ldap://x.vdc.csc.com:3268/DC=vdc,DC=csc,DC=com?sa mAccountName?sub?(objectCategory=person) /AuthnProviderAlias Then in each, specific repositorry configuration file, I have the following: Location /FDCertifications dav svn SVNPath /disk01/home/FDCertifications AuthType Basic AuthBasicProvider ldap-FCGNET ldap-VIET AuthzLDAPAuthoritative off AuthName CSC Subversion Repository Require valid-user Require ldap-group CN=PRJ FDCertifications,OU=Europe,OU=Groups,DC=fcg,DC=com Require ldap-user pmoss /Location I thought the Require ldap-group line locked access down to allow only the users in the group access to the repo. That is not the case though. Everyone can access any repository; as long as they have an FCGNET account. I tried adding the AuthnProviderAlias lines to each config file, but I get an error because it only needs to be defined once. I tried removing the Require valid-user line; but that then doesn't allow any access. Have any clues what I am doing wrong? Thanks. PATI MOSS System Engineer Sr. Professional CSC First. LDAP (authentication) is only 1/2 of the big picture. You will still need configure authorization on the repo's themselves. These may be of assistance in configuring authorization (depending on your needs): http://svnbook.red-bean.com/nightly/en/svn-book.html#svn.serverconfig.httpd.authz http://svnbook.red-bean.com/nightly/en/svn-book.html#svn.serverconfig.pathbasedauthz Second, Its hard to help troubleshoot when you don't provide useful information or a direct question. Was there something you needed help with? I didnt see any questions other than Can someone lend a hand in figuring out what I have done wrong, or need to do? kind regards, OSG
Re: locking down access to a repository
Stefan Sperling s...@elego.de wrote on 11/09/2010 08:34:37 AM: I've configured my ldap aliases as follows: AuthnProviderAlias ldap ldap-FCGNET AuthLDAPBindDN FCGNET\svnuser AuthLDAPBindPassword x AuthLDAPURL ldap://xx.fcg.com:3268/DC=fcg,DC=com?samAccountName?sub? (objectCategory=person) /AuthnProviderAlias AuthnProviderAlias ldap ldap-VIET AuthLDAPBindDN CN=fcgvuser,OU=Service Accounts,OU=Users,OU=Production,DC =vdc,DC=csc,DC=com AuthLDAPBindPassword xxx AuthLDAPURL ldap://x.vdc.csc.com:3268/DC=vdc,DC=csc,DC=com?sa mAccountName?sub?(objectCategory=person) /AuthnProviderAlias Then in each, specific repositorry configuration file, I have the following: Location /FDCertifications dav svn SVNPath /disk01/home/FDCertifications AuthType Basic AuthBasicProvider ldap-FCGNET ldap-VIET AuthzLDAPAuthoritative off AuthName CSC Subversion Repository Require valid-user Require ldap-group CN=PRJ FDCertifications,OU=Europe,OU=Groups,DC=fcg,DC=com Require ldap-user pmoss /Location I don't think you want the Require valid-user line, since by default it uses ANY of the Require lines as matches. (And in your case valid-user matches all users so it doesn't care you are also specifying a group and an user.) Kevin R.
Re: locking down access to a repository
On Tue, Nov 09, 2010 at 08:12:44AM -0500, Patricia A Moss wrote: I think this is the correct mailing list for this question. I am LDAP authenticating against 2 domain controllers; in 2 different locations. I thought that I was locking down each repository to allow only users, included in a specific AD group, to have read/write access to a repository. I say supposedly because apparently the second part is not working. Right now, anyone can access any repository. Can someone lend a hand in figuring out what I have done wrong, or need to do? Here is what I have: I've configured my ldap aliases as follows: AuthnProviderAlias ldap ldap-FCGNET AuthLDAPBindDN FCGNET\svnuser AuthLDAPBindPassword x AuthLDAPURL ldap://xx.fcg.com:3268/DC=fcg,DC=com?samAccountName?sub? (objectCategory=person) /AuthnProviderAlias AuthnProviderAlias ldap ldap-VIET AuthLDAPBindDN CN=fcgvuser,OU=Service Accounts,OU=Users,OU=Production,DC =vdc,DC=csc,DC=com AuthLDAPBindPassword xxx AuthLDAPURL ldap://x.vdc.csc.com:3268/DC=vdc,DC=csc,DC=com?sa mAccountName?sub?(objectCategory=person) /AuthnProviderAlias Then in each, specific repositorry configuration file, I have the following: Location /FDCertifications dav svn SVNPath /disk01/home/FDCertifications AuthType Basic AuthBasicProvider ldap-FCGNET ldap-VIET AuthzLDAPAuthoritative off AuthName CSC Subversion Repository Require valid-user Require ldap-group CN=PRJ FDCertifications,OU=Europe,OU=Groups,DC=fcg,DC=com Require ldap-user pmoss /Location I thought the Require ldap-group line locked access down to allow only the users in the group access to the repo. That is not the case though. Everyone can access any repository; as long as they have an FCGNET account. I tried adding the AuthnProviderAlias lines to each config file, but I get an error because it only needs to be defined once. I tried removing the Require valid-user line; but that then doesn't allow any access. Have any clues what I am doing wrong? Thanks. I don't know a lot about apache auth configuration. But I think you want to configure LDAP auth separately for each repository location block. Within each block, use an LDAP URL that matches the specific group which should have access to this repository. Unfortunately, I cannot provide any example configuration files. But I've seen a configuration that worked as described above within a large enterprise just a couple weeks ago. So I know that it should work, given the right configuration. Hope this helps, and good luck, Stefan
Re: svn export bug in 1.6.13
Am Dienstag, 9. November 2010 schrieb Stefan Sperling: https://svn.apache.org/repos/asf/subversion/branches/1.6.x-issue3727 Please note that my fix hasn't been reviewed yet by other developers. If you encounter problems using this fix please let me know. Thanks, works for us as expected. Christoph
Re: locking down access to a repository
I don't know if I replied correctly the first time: First. LDAP (authentication) is only 1/2 of the big picture. You will still need configure authorization on the repo's themselves. I have done that. Each repo have it's own configuration file. That is this portion: Location /repository_name dav svn SVNPath /disk01/home/repository_name AuthType Basic AuthBasicProvider ldap-FCGNET ldap-VIET AuthzLDAPAuthoritative off AuthName CSC Subversion Repository Require valid-user Require ldap-group CN=AD Goup Name,OU=Europe,OU=Groups,DC=fcg,DC=com Require ldap-user pmoss /Location Second, Its hard to help troubleshoot when you don't provide useful information or a direct question. Was there something you needed help with? I didnt see any questions other than Can someone lend a hand in figuring out what I have done wrong, or need to do? 1. I need to be able to lock down each repository to allow only the users, within the associated AD group, to have access to the repository. 2. At the same time I need to be able to allow my, single, user account access to the repositories, without having to be added to every AD group. I have not done that successfully. Right now all users can access all repositories, What I have tried so far: I thought the Require ldap-group line locked access down to allow only the users in the group access to the repo. That is not the case. I tried adding the AuthnProviderAlias lines to each config file, but I get an error because it only needs to be defined once. So, I added the lines to the very first repository configuration file. I tried removing the Require valid-user line; but that then doesn't allow any access at all. PATI MOSS System Engineer Sr. Professional CSC 575 E. Swedesford Road, Suite 300, Wayne, PA 19464 GIS | p: 610.989.7105 | f: 610.989.7100 | pmo...@csc.com | www.csc.com This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. From: opensrcguru opensrcg...@gmail.com To: Patricia A Moss/USA/c...@csc Date: 11/09/2010 09:22 AM Subject: Re: locking down access to a repository On Tue, Nov 9, 2010 at 7:12 AM, Patricia A Moss pmo...@csc.com wrote: I think this is the correct mailing list for this question. I am LDAP authenticating against 2 domain controllers; in 2 different locations. I thought that I was locking down each repository to allow only users, included in a specific AD group, to have read/write access to a repository. I say supposedly because apparently the second part is not working. Right now, anyone can access any repository. Can someone lend a hand in figuring out what I have done wrong, or need to do? Here is what I have: I've configured my ldap aliases as follows: AuthnProviderAlias ldap ldap-FCGNET AuthLDAPBindDN FCGNET\svnuser AuthLDAPBindPassword x AuthLDAPURL ldap://xx.fcg.com:3268/DC=fcg,DC=com?samAccountName?sub? (objectCategory=person) /AuthnProviderAlias AuthnProviderAlias ldap ldap-VIET AuthLDAPBindDN CN=fcgvuser,OU=Service Accounts,OU=Users,OU=Production,DC =vdc,DC=csc,DC=com AuthLDAPBindPassword xxx AuthLDAPURL ldap://x.vdc.csc.com:3268/DC=vdc,DC=csc,DC=com?sa mAccountName?sub?(objectCategory=person) /AuthnProviderAlias Then in each, specific repositorry configuration file, I have the following: Location /FDCertifications dav svn SVNPath /disk01/home/FDCertifications AuthType Basic AuthBasicProvider ldap-FCGNET ldap-VIET AuthzLDAPAuthoritative off AuthName CSC Subversion Repository Require valid-user Require ldap-group CN=PRJ FDCertifications,OU=Europe,OU=Groups,DC=fcg,DC=com Require ldap-user pmoss /Location I thought the Require ldap-group line locked access down to allow only the users in the group access to the repo. That is not the case though. Everyone can access any repository; as long as they have an FCGNET account. I tried adding the AuthnProviderAlias lines to each config file, but I get an error because it only needs to be defined once. I tried removing the Require valid-user line; but that then doesn't allow any access. Have any clues what I am doing wrong? Thanks. PATI MOSS System Engineer Sr. Professional CSC First. LDAP (authentication) is only 1/2 of the big picture. You will still need configure authorization on the repo's themselves. These may be of assistance in configuring authorization (depending on your needs): http://svnbook.red-bean.com/nightly/en/svn-book.html#svn.serverconfig.httpd.authz http://svnbook.red-bean.com/nightly/en/svn-book.html#svn.serverconfig.pathbasedauthz Second, Its hard to help troubleshoot when you don't
RE: locking down access to a repository
But if I remove that line then no one can access the repository Most likely because something else in the configuration isn't quite right... I would suggest setting things up and testing with one LDAP server at a time to verify the configuration of each before trying to combine them. Location /svn AuthName Subversion Server AuthType Basic AuthBasicAuthoritative On AuthBasicProvider ldap # If ldap checks are used with non-ldap (valid-user), set this to off AuthzLDAPAuthoritative off AuthLDAPURL ldaps://gc.company.com:3269/DC=domain,DC=comp,DC=company,DC=com?sAMAccountName?sub?(objectCategory=user) AuthLDAPBindDN CN=ADMIN,OU=Users,DC=domain,DC=comp,DC=company,DC=com AuthLDAPBindPassword pa$$w0rd /Location Location /svn/bu/repo1 DAV svn SVNPath /Repositories/bu/repo1 SVNPathAuthz off #1 The following users/groups will have read-write permission Require ldap-group CN=REPO1_USERS,OU=Groups,DC=domain,DC=comp,DC=company,DC=com Require ldap-group CN=Admins,OU=Groups,DC=domain,DC=comp,DC=company,DC=com Require ldap-user someid Limit GET PROPFIND OPTIONS REPORT #2 For any read-only operation, allow these additional users/groups Require valid-user /Limit /Location I know this works. After the #1 line, add Require directives for all the groups/users that should read-write access. After the #2 line, add any Require directives for any groups/users that should also have read-only access. In this example, Require valid-user is used to mean that any authenticated user has read-only access to the repository. The first Location block must come first; repeat the second Location block as many times as necessary for each repository. From: Patricia A Moss [mailto:pmo...@csc.com] Sent: Tuesday, November 09, 2010 9:42 AM To: kmra...@rockwellcollins.com Cc: users@subversion.apache.org Subject: Re: locking down access to a repository I don't think you want the Require valid-user line, since by default it uses ANY of the Require lines as matches. (And in your case valid-user matches all users so it doesn't care you are also specifying a group and an user.) But if I remove that line then no one can access the repository. PATI MOSS System Engineer Sr. Professional CSC From: kmra...@rockwellcollins.com To: Patricia A Moss/USA/c...@csc Cc: users@subversion.apache.org Date: 11/09/2010 10:38 AM Subject:Re: locking down access to a repository Stefan Sperling s...@elego.de wrote on 11/09/2010 08:34:37 AM: I've configured my ldap aliases as follows: AuthnProviderAlias ldap ldap-FCGNET AuthLDAPBindDN FCGNET\svnuser AuthLDAPBindPassword x AuthLDAPURL ldap://xx.fcg.com:3268/DC=fcg,DC=com?samAccountName?sub? (objectCategory=person) /AuthnProviderAlias AuthnProviderAlias ldap ldap-VIET AuthLDAPBindDN CN=fcgvuser,OU=Service Accounts,OU=Users,OU=Production,DC =vdc,DC=csc,DC=com AuthLDAPBindPassword xxx AuthLDAPURL ldap://x.vdc.csc.com:3268/DC=vdc,DC=csc,DC=com?sa mAccountName?sub?(objectCategory=person) /AuthnProviderAlias Then in each, specific repositorry configuration file, I have the following: Location /FDCertifications dav svn SVNPath /disk01/home/FDCertifications AuthType Basic AuthBasicProvider ldap-FCGNET ldap-VIET AuthzLDAPAuthoritative off AuthName CSC Subversion Repository Require valid-user Require ldap-group CN=PRJ FDCertifications,OU=Europe,OU=Groups,DC=fcg,DC=com Require ldap-user pmoss /Location I don't think you want the Require valid-user line, since by default it uses ANY of the Require lines as matches. (And in your case valid-user matches all users so it doesn't care you are also specifying a group and an user.) Kevin R. -Message Disclaimer- This e-mail message is intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply email to conn...@principal.com and delete or destroy all copies of the original message and attachments thereto. Email sent to or from the Principal Financial Group or any of its member companies may be retained as required by law or regulation. Nothing in this message is intended to constitute an Electronic signature for purposes of the Uniform Electronic Transactions Act (UETA) or the Electronic Signatures in Global and National Commerce Act (E-Sign) unless a specific statement to the contrary is included in this message. While this communication may be used to promote or market a transaction or
Re: locking down access to a repository
I appreciate all of the help that I am receiving. I have still not been successful in resolving this. I removed the line: Require valid-user I have tried using: ?samAccountName?sub?(objectClass=*) Instead of: ?samAccountName?sub?(objectCategory=person) That is the only difference I see in my config files and the examples in the google hits. Yet I am still not successful in accessing the repository. I am, apparently, quite a novice with SVN, LDAP and ActiveDirectory because I am really confused as to how to proceed. PATI MOSS System Engineer Sr. Professional CSC From: kmra...@rockwellcollins.com To: Patricia A Moss/USA/c...@csc Cc: users@subversion.apache.org Date: 11/09/2010 11:13 AM Subject: Re: locking down access to a repository Patricia A Moss pmo...@csc.com wrote on 11/09/2010 09:41:42 AM: From: Patricia A Moss pmo...@csc.com To: kmra...@rockwellcollins.com Cc: users@subversion.apache.org Date: 11/09/2010 09:41 AM Subject: Re: locking down access to a repository I don't think you want the Require valid-user line, since by default it uses ANY of the Require lines as matches. (And in your case valid-user matches all users so it doesn't care you are also specifying a group and an user.) But if I remove that line then no one can access the repository. I think you also may need to be less specific with your ldapurl (remove the objectclass or use * ??): (Assuming active directory, this is like what I have used in the past) AuthLDAPURL ldap://ad.example.com/ou=group,dc=example,dc=com?sAMAccountName; AuthLDAPGroupAttribute member Require ldap-group ... It has been quite awhile since I used ldap groups instead of authz files... This first google hit has some examples: http://www.held-im-ruhestand.de/software/apache-ldap-active-directory-authentication As does this one: http://ramblings.gibberishcode.net/archives/apache-22-and-active-directory-and-group-restrictions/36 Kevin R.
Re: locking down access to a repository
On Tue, Nov 9, 2010 at 12:54 PM, Patricia A Moss pmo...@csc.com wrote: I appreciate all of the help that I am receiving. I have still not been successful in resolving this. I removed the line: Require valid-user I have tried using: ?samAccountName?sub?(objectClass=*) Instead of: ?samAccountName?sub?(objectCategory=person) That is the only difference I see in my config files and the examples in the google hits. Yet I am still not successful in accessing the repository. I am, apparently, quite a novice with SVN, LDAP and ActiveDirectory because I am really confused as to how to proceed. PATI MOSS System Engineer Sr. Professional CSC From: kmra...@rockwellcollins.com To: Patricia A Moss/USA/c...@csc Cc: users@subversion.apache.org Date: 11/09/2010 11:13 AM Subject: Re: locking down access to a repository -- Patricia A Moss pmo...@csc.com wrote on 11/09/2010 09:41:42 AM: From: Patricia A Moss pmo...@csc.com To: kmra...@rockwellcollins.com Cc: users@subversion.apache.org Date: 11/09/2010 09:41 AM Subject: Re: locking down access to a repository I don't think you want the Require valid-user line, since by default it uses ANY of the Require lines as matches. (And in your case valid-user matches all users so it doesn't care you are also specifying a group and an user.) But if I remove that line then no one can access the repository. I think you also may need to be less specific with your ldapurl (remove the objectclass or use * ??): (Assuming active directory, this is like what I have used in the past) AuthLDAPURL ldap:// ad.example.com/ou=group,dc=example,dc=com?sAMAccountName AuthLDAPGroupAttribute member Require ldap-group ... It has been quite awhile since I used ldap groups instead of authz files... This first google hit has some examples: * ** http://www.held-im-ruhestand.de/software/apache-ldap-active-directory-authentication *http://www.held-im-ruhestand.de/software/apache-ldap-active-directory-authentication As does this one: * ** http://ramblings.gibberishcode.net/archives/apache-22-and-active-directory-and-group-restrictions/36 *http://ramblings.gibberishcode.net/archives/apache-22-and-active-directory-and-group-restrictions/36 Kevin R. Although this is probably better suited for the apache/mod_ldap list, I'll attempt to help. do your domain controllers support unencrypted binds (very dangerous)? can you supply any apache/AD debug logs? can you supply versions of apache/mod_ldap? can you describe anything that is knows to be working? ...this should be pretty straight forward to troubleshoot if you give us some useful information to work with. I speak without a full understanding of the lists user base, but I bet none of them can or ever will be able to read the minds of the end user with a problem (let alone know how their systems are configured). If there is such a wonderful beasty, I'd be mighty interested in meeting them. /OSG
Re: locking down access to a repository
I've tried twice to reply to your first response. I am not sure why it is not posting. I am going to try again. First. LDAP (authentication) is only 1/2 of the big picture. You will still need configure authorization on the repo's themselves. I have done this already. I have a separate configuration file for each repository. That looks like this: Location /RepositoryName dav svn SVNPath /disk01/home/RepositoryName AuthType Basic AuthBasicProvider ldap-FCGNET ldap-VIET AuthzLDAPAuthoritative off AuthName CSC Subversion Repository Require valid-user Require ldap-group CN=ADGroupName,OU=Europe,OU=Groups,DC=fcg,DC=com Require ldap-user pmoss /Location I have defined the LDAP Aliases in the very first repository configuration file; as such: AuthnProviderAlias ldap ldap-FCGNET AuthLDAPBindDN FCGNET\svnuser AuthLDAPBindPassword x AuthLDAPURL ldap://xx.fcg.com:3268/DC=fcg,DC=com?samAccountName?sub?(objectCategory=person) /AuthnProviderAlias AuthnProviderAlias ldap ldap-VIET AuthLDAPBindDN CN=fcgvuser,OU=Service Accounts,OU=Users,OU=Production,DC=vdc,DC=csc,DC=com AuthLDAPBindPassword xxx AuthLDAPURL ldap://x.vdc.csc.com:3268/DC=vdc,DC=csc,DC=com?samAccountName?sub?(objectCategory=person) /AuthnProviderAlias Second, Its hard to help troubleshoot when you don't provide useful information or a direct question. Was there something you needed help with? I didnt see any questions other than Can someone lend a hand in figuring out what I have done wrong, or need to do? I think that I have 2 separate issues: 1. I need to lock down access so that only the users in the associated AD group have access to the repository. 2. I need to be able to allow just my user account access to the repositories, without having to be added to all of the AD groups. Right now; All, valid, users can access all repositories, whether they are a member of the Active Directory group or not. When I remove the Require valid-user line then no one, including the members of the Active Directory group, can access the repository. PATI MOSS System Engineer Sr. Professional CSC From: opensrcguru opensrcg...@gmail.com To: users@subversion.apache.org Date: 11/09/2010 02:12 PM Subject: Re: locking down access to a repository On Tue, Nov 9, 2010 at 12:54 PM, Patricia A Moss pmo...@csc.com wrote: I appreciate all of the help that I am receiving. I have still not been successful in resolving this. I removed the line: Require valid-user I have tried using: ?samAccountName?sub?(objectClass=*) Instead of: ?samAccountName?sub?(objectCategory=person) That is the only difference I see in my config files and the examples in the google hits. Yet I am still not successful in accessing the repository. I am, apparently, quite a novice with SVN, LDAP and ActiveDirectory because I am really confused as to how to proceed. PATI MOSS System Engineer Sr. Professional CSC From: kmra...@rockwellcollins.com To: Patricia A Moss/USA/c...@csc Cc: users@subversion.apache.org Date: 11/09/2010 11:13 AM Subject: Re: locking down access to a repository Patricia A Moss pmo...@csc.com wrote on 11/09/2010 09:41:42 AM: From: Patricia A Moss pmo...@csc.com To: kmra...@rockwellcollins.com Cc: users@subversion.apache.org Date: 11/09/2010 09:41 AM Subject: Re: locking down access to a repository I don't think you want the Require valid-user line, since by default it uses ANY of the Require lines as matches. (And in your case valid-user matches all users so it doesn't care you are also specifying a group and an user.) But if I remove that line then no one can access the repository. I think you also may need to be less specific with your ldapurl (remove the objectclass or use * ??): (Assuming active directory, this is like what I have used in the past) AuthLDAPURL ldap:// ad.example.com/ou=group,dc=example,dc=com?sAMAccountName AuthLDAPGroupAttribute member Require ldap-group ... It has been quite awhile since I used ldap groups instead of authz files... This first google hit has some examples: http://www.held-im-ruhestand.de/software/apache-ldap-active-directory-authentication As does this one: http://ramblings.gibberishcode.net/archives/apache-22-and-active-directory-and-group-restrictions/36 Kevin R. Although this is probably better suited for the apache/mod_ldap list, I'll attempt to help. do your domain controllers support unencrypted binds (very dangerous)? can you supply any apache/AD debug logs? can you supply versions of apache/mod_ldap? can you describe anything that is knows to be working? ...this should be pretty straight forward to troubleshoot if you give us some useful information to work with. I speak without a full understanding of the lists user base, but I bet none of them can or ever will be able to read the minds of the end user with a problem (let alone know
Re: locking down access to a repository
On Tue, Nov 9, 2010 at 1:40 PM, Patricia A Moss pmo...@csc.com wrote: I've tried twice to reply to your first response. I am not sure why it is not posting. I am going to try again. First. LDAP (authentication) is only 1/2 of the big picture. You will still need configure authorization on the repo's themselves. I have done this already. I have a separate configuration file for each repository. That looks like this: Location /RepositoryName dav svn SVNPath /disk01/home/RepositoryName AuthType Basic AuthBasicProvider ldap-FCGNET ldap-VIET AuthzLDAPAuthoritative off AuthName CSC Subversion Repository Require valid-user Require ldap-group CN=ADGroupName,OU=Europe,OU=Groups,DC=fcg,DC=com Require ldap-user pmoss /Location I have defined the LDAP Aliases in the very first repository configuration file; as such: AuthnProviderAlias ldap ldap-FCGNET AuthLDAPBindDN FCGNET\svnuser AuthLDAPBindPassword x AuthLDAPURL ldap://xx.fcg.com:3268/DC=fcg,DC=com?samAccountName?sub?(objectCategory=person) /AuthnProviderAlias AuthnProviderAlias ldap ldap-VIET AuthLDAPBindDN CN=fcgvuser,OU=Service Accounts,OU=Users,OU=Production,DC=vdc,DC=csc,DC=com AuthLDAPBindPassword xxx AuthLDAPURL ldap://x.vdc.csc.com:3268/DC=vdc,DC=csc,DC=com?samAccountName?sub?(objectCategory=person) /AuthnProviderAlias Second, Its hard to help troubleshoot when you don't provide useful information or a direct question. Was there something you needed help with? I didnt see any questions other than Can someone lend a hand in figuring out what I have done wrong, or need to do? I think that I have 2 separate issues: 1. I need to lock down access so that only the users in the associated AD group have access to the repository. 2. I need to be able to allow just my user account access to the repositories, without having to be added to all of the AD groups. Right now; All, valid, users can access all repositories, whether they are a member of the Active Directory group or not. When I remove the Require valid-user line then no one, including the members of the Active Directory group, can access the repository. PATI MOSS System Engineer Sr. Professional CSC From: opensrcguru opensrcg...@gmail.com To: users@subversion.apache.org Date: 11/09/2010 02:12 PM Subject: Re: locking down access to a repository On Tue, Nov 9, 2010 at 12:54 PM, Patricia A Moss pmo...@csc.com wrote: I appreciate all of the help that I am receiving. I have still not been successful in resolving this. I removed the line: Require valid-user I have tried using: ?samAccountName?sub?(objectClass=*) Instead of: ?samAccountName?sub?(objectCategory=person) That is the only difference I see in my config files and the examples in the google hits. Yet I am still not successful in accessing the repository. I am, apparently, quite a novice with SVN, LDAP and ActiveDirectory because I am really confused as to how to proceed. PATI MOSS System Engineer Sr. Professional CSC From: kmra...@rockwellcollins.com To: Patricia A Moss/USA/c...@csc Cc: users@subversion.apache.org Date: 11/09/2010 11:13 AM Subject: Re: locking down access to a repository Patricia A Moss pmo...@csc.com wrote on 11/09/2010 09:41:42 AM: From: Patricia A Moss pmo...@csc.com To: kmra...@rockwellcollins.com Cc: users@subversion.apache.org Date: 11/09/2010 09:41 AM Subject: Re: locking down access to a repository I don't think you want the Require valid-user line, since by default it uses ANY of the Require lines as matches. (And in your case valid-user matches all users so it doesn't care you are also specifying a group and an user.) But if I remove that line then no one can access the repository. I think you also may need to be less specific with your ldapurl (remove the objectclass or use * ??): (Assuming active directory, this is like what I have used in the past) AuthLDAPURL ldap://ad.example.com/ou=group,dc=example,dc=com?sAMAccountName; AuthLDAPGroupAttribute member Require ldap-group ... It has been quite awhile since I used ldap groups instead of authz files... This first google hit has some examples: http://www.held-im-ruhestand.de/software/apache-ldap-active-directory-authentication As does this one: http://ramblings.gibberishcode.net/archives/apache-22-and-active-directory-and-group-restrictions/36 Kevin R. Although this is probably better suited for the apache/mod_ldap list, I'll attempt to help. do your domain controllers support unencrypted binds (very dangerous)? can you supply any apache/AD debug logs? can you supply versions of apache/mod_ldap? can you describe anything that is knows to be working? ...this should be pretty straight forward to troubleshoot if you give us some useful information to work with. I
Re: locking down access to a repository
I was trying to go back and answer your very first response and then go from there. My first reply didn't post to you. I didn't want to skip any steps. I don' think that your response had levity, but more so rudeness and sarcasm. I simply wanted to make sure that you saw my first response and that it answered those first questions. THEN I would have moved on to the next set of questions. PATI MOSS System Engineer Sr. Professional CSC From: opensrcguru opensrcg...@gmail.com To: Patricia A Moss/USA/c...@csc Cc: users@subversion.apache.org Date: 11/09/2010 03:03 PM Subject: Re: locking down access to a repository On Tue, Nov 9, 2010 at 1:40 PM, Patricia A Moss pmo...@csc.com wrote: I've tried twice to reply to your first response. I am not sure why it is not posting. I am going to try again. First. LDAP (authentication) is only 1/2 of the big picture. You will still need configure authorization on the repo's themselves. I have done this already. I have a separate configuration file for each repository. That looks like this: Location /RepositoryName dav svn SVNPath /disk01/home/RepositoryName AuthType Basic AuthBasicProvider ldap-FCGNET ldap-VIET AuthzLDAPAuthoritative off AuthName CSC Subversion Repository Require valid-user Require ldap-group CN=ADGroupName,OU=Europe,OU=Groups,DC=fcg,DC=com Require ldap-user pmoss /Location I have defined the LDAP Aliases in the very first repository configuration file; as such: AuthnProviderAlias ldap ldap-FCGNET AuthLDAPBindDN FCGNET\svnuser AuthLDAPBindPassword x AuthLDAPURL ldap://xx.fcg.com:3268/DC=fcg,DC=com?samAccountName?sub?(objectCategory=person) /AuthnProviderAlias AuthnProviderAlias ldap ldap-VIET AuthLDAPBindDN CN=fcgvuser,OU=Service Accounts,OU=Users,OU=Production,DC=vdc,DC=csc,DC=com AuthLDAPBindPassword xxx AuthLDAPURL ldap://x.vdc.csc.com:3268/DC=vdc,DC=csc,DC=com?samAccountName?sub?(objectCategory=person) /AuthnProviderAlias Second, Its hard to help troubleshoot when you don't provide useful information or a direct question. Was there something you needed help with? I didnt see any questions other than Can someone lend a hand in figuring out what I have done wrong, or need to do? I think that I have 2 separate issues: 1. I need to lock down access so that only the users in the associated AD group have access to the repository. 2. I need to be able to allow just my user account access to the repositories, without having to be added to all of the AD groups. Right now; All, valid, users can access all repositories, whether they are a member of the Active Directory group or not. When I remove the Require valid-user line then no one, including the members of the Active Directory group, can access the repository. PATI MOSS System Engineer Sr. Professional CSC From: opensrcguru opensrcg...@gmail.com To: users@subversion.apache.org Date: 11/09/2010 02:12 PM Subject: Re: locking down access to a repository On Tue, Nov 9, 2010 at 12:54 PM, Patricia A Moss pmo...@csc.com wrote: I appreciate all of the help that I am receiving. I have still not been successful in resolving this. I removed the line: Require valid-user I have tried using: ?samAccountName?sub?(objectClass=*) Instead of: ?samAccountName?sub?(objectCategory=person) That is the only difference I see in my config files and the examples in the google hits. Yet I am still not successful in accessing the repository. I am, apparently, quite a novice with SVN, LDAP and ActiveDirectory because I am really confused as to how to proceed. PATI MOSS System Engineer Sr. Professional CSC From: kmra...@rockwellcollins.com To: Patricia A Moss/USA/c...@csc Cc: users@subversion.apache.org Date: 11/09/2010 11:13 AM Subject: Re: locking down access to a repository Patricia A Moss pmo...@csc.com wrote on 11/09/2010 09:41:42 AM: From: Patricia A Moss pmo...@csc.com To: kmra...@rockwellcollins.com Cc: users@subversion.apache.org Date: 11/09/2010 09:41 AM Subject: Re: locking down access to a repository I don't think you want the Require valid-user line, since by default it uses ANY of the Require lines as matches. (And in your case valid-user matches all users so it doesn't care you are also specifying a group and an user.) But if I remove that line then no one can access the repository. I think you also may need to be less specific with your ldapurl (remove the objectclass or use * ??): (Assuming active directory, this is like what I have used in the past) AuthLDAPURL ldap://ad.example.com/ou=group,dc=example,dc=com?sAMAccountName; AuthLDAPGroupAttribute member Require ldap-group ... It has been quite awhile since I used ldap groups instead of authz files... This first google hit has some examples:
RE: one's own posts Re: Can you hear me now?
From: Stefan Sperling [mailto:s...@elego.de] Sent: Wednesday, November 03, 2010 3:33 PM On Wed, Nov 03, 2010 at 09:20:32PM +0200, Daniel Shahaf wrote: Daniel Shahaf wrote on Wed, Nov 03, 2010 at 21:17:09 +0200: Andy Levy wrote on Wed, Nov 03, 2010 at 15:04:29 -0400: On Wed, Nov 3, 2010 at 14:54, Andersen, Krista krista.ander...@itg.com wrote: I tried posting a question to this users list last night and I still don't see it here (nor any responses). Am I being blocked? Am I being too impatient? Will I simply not see my own posts until someone replies? Your own posts are not sent back to you. Are you sure? I certainly get all my own posts via the list. Andy is using gmail, which hides a user's own posts to mailing lists. I have found that our corporate mail server rejects email sent from me (m...@company.com) that arrives at our SMTP server under the impression that mail from m...@company.com should not originate from outside the company. When I send email to the list, the list is processed, in effect, as a big mail alias, which then gets resent back to me. Thus, it considers my posting as a forged email when it arrives here. I don't have the problem with all lists, so maybe some of them rewrite the from/envelope/return-address/whatever in the distribution process, and so they are not rejected. Google might be doing the same thing. I ended up turning on send me acks for those lists that do this. -- -Justin
Subversion/Tortoise questions
1) Does Tortoise just send command to the Subversion Windows Command Line client? 2) Can the Tortoise and/or Subversion Windows Command Line client be configured to reduce and/or eliminate with small pack CIFS traffic that occurs during the check out process to a Windows network drive? -maybe trust the check out and run an update status as a separate operation to get the status information validated -turn off the status feature during the check out and then turn it on -other options (i.e. ini or xml) file the client use to turn the client or other specific knowledge you have about the client we can tune 3) Are there options around the Export which is very fast but does not write out any of the .svn file that we can use to speed up the client and get our status information? 4) Is the another GUI Subversion client that has better performance when content is being checked out to a Windows network drive. 5) Does Tortoise and/or Subversion Windows Command Line client installed on the server allow multiple (i.e. 30 to 50) users accessing the one installation at the same time to check out, check in, and update content without corrupting content or experiencing great performance degradation? 6) Does Subversion other customers, example scripts or configurations for using a Subversion client with Windows network dr
SVN mixed public\restricted access, please help!
Hi All, Ok I am trying to achieve a repository that at its base level everyone has read-only access without a username. But then at subsequent levels I would like to remove their access so they have none. I thought this could be accomplished with 1.6 with the addition of ~ and $anonymous but I have yet been able to get a working configuration. First off I tried setting up my apache just like this for my repo. Code: Location /repos DAV svn SVNParentPath /var/svn # our access control policy AuthzSVNAccessFile /path/to/access/file # try anonymous access first, resort to real # authentication if necessary. Satisfy Any Require valid-user # how to authenticate a user AuthType Basic AuthName Subversion repository AuthUserFile /path/to/users/file /Location with this in my SVNAccessFile Code: [openclinica:/subdir] @clients = rw @svn-admin = rw [/] @svn-admin = rw I could not achieve a non authenticated user to gain access unless i added either * = r or $anonymous = r to the [/] in the access file. so now my file looks like this. Code: [openclinica:/subdir] @clients = rw @svn-admin = rw [/] @svn-admin = rw $anonymous = r Now I try to remove access to my subdir for the anonymous users by adding ~$anonymous = r so my file now looks like this. Code: [openclinica:/subdir] @clients = rw @svn-admin = rw ~$anonymous = r [/] @svn-admin = rw $anonymous = r which apparently does nothing as anonymous users can still access my subdir and it does not force anyone to login. So then I tried the following. Code: [openclinica:/subdir] @clients = rw @svn-admin = rw $anonymous = [/] @svn-admin = rw $anonymous = r Which did not allow anonymous users to access my subdir, unfortunately it does not allow my authenticated users to access the subdir either. I have tried all these configuration with the Satisfy Any in apache enabled and disabled. Please help!! This was posted on svnforum.org http://www.svnforum.org/2017/viewtopic.php?p=32748#32748 Thanks, Shaun -- Shaun Martin Systems Administrator Akaza Research smar...@akazaresearch.com Office: (781) 547-8413 www.akazaresearch.com http://www.akazaresearch.com/ www.openclinica.org http://www.openclinica.org/ Open Source Platform for Clinical Research
Re: Subversion/Tortoise questions
On Tue, Nov 9, 2010 at 4:56 PM, Andy Levy andy.l...@gmail.com wrote: On Tue, Nov 9, 2010 at 16:30, Phil Pinkerton pcpinker...@gmail.com wrote: 1) Does Tortoise just send command to the Subversion Windows Command Line client? No, it is not a wrapper. TortoiseSVN is built on top of the Subversion client libraries. 2) Can the Tortoise and/or Subversion Windows Command Line client be configured to reduce and/or eliminate with small pack CIFS traffic that occurs during the check out process to a Windows network drive? No. The next-generation WC format (coming with 1.7) may improve performance, but Subversion checkout operations are very I/O intensive. Some filesystems handle it better than others. -maybe trust the check out and run an update status as a separate operation to get the status information validated -turn off the status feature during the check out and then turn it on TortoiseSVN's TSVNCache by default does not check network drives. -other options (i.e. ini or xml) file the client use to turn the client or other specific knowledge you have about the client we can tune 3) Are there options around the Export which is very fast but does not write out any of the .svn file that we can use to speed up the client and get our status information? Not if you want to maintain the connection to the repository. 4) Is the another GUI Subversion client that has better performance when content is being checked out to a Windows network drive. You won't find much variation, because they almost all use the same core libraries or code. 5) Does Tortoise and/or Subversion Windows Command Line client installed on the server allow multiple (i.e. 30 to 50) users accessing the one installation at the same time to check out, check in, and update content without corrupting content or experiencing great performance degradation? Can you rephrase this? I can't tell if you're asking about 30 people logged onto one server (via Terminal Services/RDP?) simultaneously, or 30 people accessing the same repository from their individual workstations. 6) Does Subversion other customers, example scripts or configurations for using a Subversion client with Windows network dr Your question got cut off. Generally it's recommended that WCs not be located on network shares, partly for performance reasons, partly for practicality (IOW, why have dozens of copies of the same stuff on one fileserver, when you don't need it all backed up and it's 95% identical in the first place?). 5) Basically what I'd like to know is whether multiple instances of the client running on the same machine maintain completely separate data areas (i.e. - the separate instances don't interfere with each other). If the code is re-entrant, then separate instances of the commands will be complete separate from each other - the only thing they share is the executable code. 6) Does Subversion other customers, example scripts or configurations for using a Subversion client with Windows network drive? -- The fundamental principle here is that the justification for a physical concept lies exclusively in its clear and unambiguous relation to the facts that it can be experienced AE Please Feed and Educate the Children... it's the least any of us can do.
Re: SVN mixed public\restricted access, please help!
I've tried and tried to get a per-directory thing going where one was public (anonymous) and others were password protected. IIRC, a problem I had was the public one needed authentication to do an svn log, even though you could svn checkout just fine w/o a password. Anyhow, I gave up. Your repository should be either all public or all password restricted, but not both. Othewise it's too buggy. That's why I have 2 SVN servers running - one for public access and one requiring security clearance. On Tue, Nov 9, 2010 at 10:32 AM, Shaun Martin smar...@akazaresearch.comwrote: Hi All, Ok I am trying to achieve a repository that at its base level everyone has read-only access without a username. But then at subsequent levels I would like to remove their access so they have none. I thought this could be accomplished with 1.6 with the addition of ~ and $anonymous but I have yet been able to get a working configuration. First off I tried setting up my apache just like this for my repo. *Code:* Location /repos DAV svn SVNParentPath /var/svn # our access control policy AuthzSVNAccessFile /path/to/access/file # try anonymous access first, resort to real # authentication if necessary. Satisfy Any Require valid-user # how to authenticate a user AuthType Basic AuthName Subversion repository AuthUserFile /path/to/users/file /Location with this in my SVNAccessFile *Code:* [openclinica:/subdir] @clients = rw @svn-admin = rw [/] @svn-admin = rw I could not achieve a non authenticated user to gain access unless i added either * = r or $anonymous = r to the [/] in the access file. so now my file looks like this. *Code:* [openclinica:/subdir] @clients = rw @svn-admin = rw [/] @svn-admin = rw $anonymous = r Now I try to remove access to my subdir for the anonymous users by adding ~$anonymous = r so my file now looks like this. *Code:* [openclinica:/subdir] @clients = rw @svn-admin = rw ~$anonymous = r [/] @svn-admin = rw $anonymous = r which apparently does nothing as anonymous users can still access my subdir and it does not force anyone to login. So then I tried the following. *Code:* [openclinica:/subdir] @clients = rw @svn-admin = rw $anonymous = [/] @svn-admin = rw $anonymous = r Which did not allow anonymous users to access my subdir, unfortunately it does not allow my authenticated users to access the subdir either. I have tried all these configuration with the Satisfy Any in apache enabled and disabled. Please help!! This was posted on svnforum.org http://www.svnforum.org/2017/viewtopic.php?p=32748#32748 Thanks, Shaun -- *Shaun Martin *Systems Administrator Akaza Research *smar...@akazaresearch.com *Office: (781) 547-8413 www.akazaresearch.com *http://www.akazaresearch.com/* www.openclinica.org *http://www.openclinica.org/* Open Source Platform for Clinical Research
Re: SVN mixed public\restricted access, please help!
1. There is a $authenticated keyword in addition to $anonymous. Might help. 2. Bugfix that will be in 1.6.14: unreadable directories will not appear in their parent directory's list of children, both in 'svn ls' and in the listing that appears when an http:// repository is accessed in a browser. It's in the neighbourhood, though not directly related to what you need. Shaun Martin wrote on Tue, Nov 09, 2010 at 13:32:46 -0500: Hi All, Ok I am trying to achieve a repository that at its base level everyone has read-only access without a username. But then at subsequent levels I would like to remove their access so they have none. I thought this could be accomplished with 1.6 with the addition of ~ and $anonymous but I have yet been able to get a working configuration. First off I tried setting up my apache just like this for my repo. Code: Location /repos DAV svn SVNParentPath /var/svn # our access control policy AuthzSVNAccessFile /path/to/access/file # try anonymous access first, resort to real # authentication if necessary. Satisfy Any Require valid-user # how to authenticate a user AuthType Basic AuthName Subversion repository AuthUserFile /path/to/users/file /Location with this in my SVNAccessFile Code: [openclinica:/subdir] @clients = rw @svn-admin = rw [/] @svn-admin = rw I could not achieve a non authenticated user to gain access unless i added either * = r or $anonymous = r to the [/] in the access file. so now my file looks like this. Code: [openclinica:/subdir] @clients = rw @svn-admin = rw [/] @svn-admin = rw $anonymous = r Now I try to remove access to my subdir for the anonymous users by adding ~$anonymous = r so my file now looks like this. Code: [openclinica:/subdir] @clients = rw @svn-admin = rw ~$anonymous = r [/] @svn-admin = rw $anonymous = r which apparently does nothing as anonymous users can still access my subdir and it does not force anyone to login. So then I tried the following. Code: [openclinica:/subdir] @clients = rw @svn-admin = rw $anonymous = [/] @svn-admin = rw $anonymous = r Which did not allow anonymous users to access my subdir, unfortunately it does not allow my authenticated users to access the subdir either. I have tried all these configuration with the Satisfy Any in apache enabled and disabled. Please help!! This was posted on svnforum.org http://www.svnforum.org/2017/viewtopic.php?p=32748#32748 Thanks, Shaun -- Shaun Martin Systems Administrator Akaza Research smar...@akazaresearch.com Office: (781) 547-8413 www.akazaresearch.com http://www.akazaresearch.com/ www.openclinica.org http://www.openclinica.org/ Open Source Platform for Clinical Research
Re: svnsync checksum error
Edward Ned Harvey wrote on Sat, Nov 06, 2010 at 20:29:18 -0400: From: opensrcguru [mailto:opensrcg...@gmail.com] Today, the sync process started failing on 1 repo (all others were unaffected) on both r/o copies at the exact same time/same revision with errors similar to the following... Transmitting file data .svnsync: Base checksum mismatch on '/path/to/file/foo/bar': expected: 2f2e025c4c4855e7466799a877b3e23d actual: 272214b9518d352e16e7eeceeb22f573 Can you compare the contents of /path/to/file/foo/bar between the master and mirror, as of the last revision successfully synced to the mirror? If you create a fresh mirror and svnsync it, from r0 to that revision, does the file /path/to/file/foo/bar in the fresh mirror differ from the one in the master? What versions of everything are you using? What format are the repositories? (What are the contents of the files $REPOS_DIR/db/fs-type and $REPOS_DIR/db/format?) I recently had the same problem. I never found any cause for it, but I did manage to deal with it somewhat better than you did. On the master, I did svnadmin hotcopy, then I tarred up the backup and sent it to the slave, and extracted it. I had to configure the slave hook scripts, and the revprop rev 0 properties, and then I was able to svnsync to the slave again. The main point of difference ... No need to wait for 65k commits to transfer. Since it's starting from a recent backup, it's enormously faster.
Re: locking down access to a repository
opensrcguru wrote on Tue, Nov 09, 2010 at 14:03:32 -0600: I figured it out. You can't (or refuse) to read. Quit your job and apply at wal-mart as a greeter. This tone is completely unnecessary, Terry.
Re: locking down access to a repository
On 11/09/2010 06:44 PM, Daniel Shahaf wrote: opensrcguru wrote on Tue, Nov 09, 2010 at 14:03:32 -0600: I figured it out. You can't (or refuse) to read. Quit your job and apply at wal-mart as a greeter. This tone is completely unnecessary, Terry. Agreed. Generally, my professionalism far exceeds that of any other, but today the stresses of life got the best of me. My apologies go to Ms. Moss and the list.
RE: svnsync checksum error
From: Daniel Shahaf [mailto:d...@daniel.shahaf.name] Can you compare the contents of /path/to/file/foo/bar between the master and mirror, as of the last revision successfully synced to the mirror? The latest rev which synced without reporting any error was 5045. It was trying to go from 5045 to 5046 when it triggered the checksum failure. I checked the history of the file in question, and it was changed in ~200 different revs. But the revs of interest are: in 4390, it synced to the slave without reporting any error, however, from 4390 onward, if I checkout from the slave and master, the two files differ. And the next rev where this file was changed was 5046, which is when svnsync notices the checksum mismatch, and dies. It would seem, all of this behavior could be explained by a simple undetected hardware error. During sync of 4390, the slave wrote some bits to disk, which got written wrongly. It is known that disks will do this rarely. This is one of the huge arguments in favor of ZFS and BTRFS and filesystem checksumming in general. Such filesystems detect and correct data corruption which would have otherwise passed silently... Which seems to be what happened in my case. All servers and clients are running 1.6.12. However, at the time when 4390 was committed... The master was 1.6.12, but the slave was probably 1.5.7 If you create a fresh mirror and svnsync it, from r0 to that revision, does the file /path/to/file/foo/bar in the fresh mirror differ from the one in the master? No problems. Although ... I didn't let it sync from rev 0. (That would be impossibly time consuming... weeks) I did as mentioned before. Transferred a backup of the master to the slave, and used it as the seed for the sync, so I only needed to sync the last 100 revs or something like that...
Sparse updates
Hello, I have a simple feature request for the svn update command, so I'd like some feedback on the utility of this feature. In the past, I've wanted to perform a sparse checkout of several different parts of a repository, so I've started by checking out the root using --depth=empty: svn co --depth=empty svn+ssh://svn.example.com/trunk/ trunk/ From here, if I wanted to download the contents of /trunk/a/b/ and /trunk/c/d/e/ without any extraneous files or directories, I would have to first check out all of the intermediate directories in the two paths explicitly: svn up --depth=empty trunk/a/ trunk/c/ svn up --depth=empty trunk/c/d/ svn up trunk/a/b/ trunk/c/d/e/ What I'm proposing is that svn update have a --parent flag that would perform these intermediate updates as necessary for the requested update paths, much like mkdir. Thanks, Klaus
