Hello, On 2021/02/23 2:40, CoolCold wrote: > Good day! > (please CC me, I'm not subscribed to the list) > > A bit of context: > I was using subversion to store my serves' configs versioned for > almost a decade, with bash wrapping around it. Simplified, it had repo > per server name, wrapper called by cron to checkout, rsync over, > commit changes back, sending email on diffs ( > https://github.com/coolcold/svnbackup ). Had no issue with it, when > password store was enabled. It's runned under root user and saved > credentials are not exposed to non-admin users on the system. > > Issue: with recent changes hitting packages in distributions ( > https://marc.info/?l=subversion-commits&m=154101482302608&w=2 ), that > seems to be not possible anymore. > I did adjust my script to use command line switch --password, but this > makes it visible for anyone who does simple commands like ps aux. > I've tried to look around for possible support of environment > variables / password file support, but couldn't find any except some > old proposals like > http://subversion.1072662.n5.nabble.com/Feature-proposal-SVN-USERNAME-and-SVN-PASSWORD-environment-variables-td180031.html > > Rebuilding subversion from source is not an option for many reasons. > > Seeking for your help on this, what is the proper way of doing this > with recent versions? > Thanks in advance.
For this purpose, I'm just using svn+ssh:// with dedicated user on server side and public key authentication with empty pass phrase. e.g. svn+ssh://svn-ag...@svnhost.example.org/repo/ On svnhost.example.org, authorized_key file for user svn-agent could be: [[[ # only for svn agent via ssh. all lines shoud be started with following # command and option specification: command="/usr/bin/svnserve -t -r /base/path/to/repo --tunnel-user=root-on-hostA",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-ed25519 (public key A) r...@hosta.example.org command="/usr/bin/svnserve -t -r /base/path/to/repo --tunnel-user=root-on-hostB",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-ed25519 (public key B) r...@hostb.example.org ... ]]] Cf. http://svnbook.red-bean.com/nightly/en/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshtricks If you want to use ssh key other than default key or alternative tcp port other than 22, you can use them by overriding ssh tunnel setting with SVN_SSH environment variable or config file, etc. (Of course, if you want to use non standard port for ssh connection you also need to change configuration of sshd on server side). Cheers, -- Yasuhito FUTATSUKI <futat...@yf.bsclub.org>
