subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Branko Čibej <br...@wandisco.com>
Subject Re: Commit bot without password
Date Wed, 03 Sep 2014 19:37:32 GMT
On 03.09.2014 21:21, Kim Gräsman wrote:
> Hello,
>
> I'm new to the list, so forgive me if this has been discussed before.
> I didn't find anything in the archives.
>
> At my workplace, we run a simple home-cooked "gated commit" system on
> top of Subversion 1.8. Users run their working copy changes through a
> client program, it assembles all changes and sends them with a work
> order (what to build, test and run other analysis steps for) to a
> server, which runs all steps and commits on the user's behalf if they
> pass.
>
> This works really well for us, but we haven't been able to avoid
> sending the user's SVN credentials together with the work order, and
> this is clearly not desirable.
>
> Is there some way to convince Subversion to commit on a user's behalf?
> We'd like to designate one SVN account as the commit bot account and
> let it impersonate users at will.

The standard command-line client won't let you do that. It's possible to
write a script or program, using our bindings or API; but it's rather a
lot of work.

You could try the following trick: on the build machine, with the bot's
credentials, do this:

    $ svn commit -m ... --with-revprop on-behalf-of=username

then on the server, add a pre-commit hook script that looks at the
revision properties of the transaction (svnlook propget --revprop)
that's about to be committed; and if svn:author is the bot, and the
on-behalf-of property exists, the script would replace the svn:author
value and delete the on-behalf-of property (svnadmin setrevprop).

This is just a blue-sky idea, I've never actually done that; but I don't
see a reason, offhand, why it wouldn't work.

-- Brane


Mime
View raw message