subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1429623 - /subversion/site/publish/docs/release-notes/1.8.html
Date Mon, 07 Jan 2013 00:21:03 GMT
Author: breser
Date: Mon Jan  7 00:21:03 2013
New Revision: 1429623

Update 1.8 release notes for in repo authz, svnauthz and the change of
--config-file behavior with svnserve.

* public/docs/release-notes/1.8.html
  (authz-fspath-syntax): Adjust to account for the changes to svnauthz.
  (svnserve-config-file, svnauthz, in-repo-authz): New sections.


Modified: subversion/site/publish/docs/release-notes/1.8.html
--- subversion/site/publish/docs/release-notes/1.8.html (original)
+++ subversion/site/publish/docs/release-notes/1.8.html Mon Jan  7 00:21:03 2013
@@ -333,10 +333,11 @@ change, unless a failure to parse the au
 for everyone... which would not be a sane way to configure a server. -->
 denied as a result of upgrading to Subversion
 1.8.  The <a
->svnauthz-validate</a> tool, when linked to Subversion&nbsp;1.8
-libraries, can be used to test an authz file for validity.  (The tool
-will error out on a file that the Subversion server will error out on.)</p>
+>svnauthz</a> tool, when linked to Subversion&nbsp;1.8
+libraries, can be used to test an authz file for validity using the validate
+subcommand.  (The tool will error out on a file that the Subversion server will
+error out on.)</p>
 </div>  <!-- authz-fspath-syntax -->
@@ -421,6 +422,50 @@ star imports of <tt>from svn.core</tt> c
 </div>  <!-- swig-py-star --> 
+<div class="h4" id="svnserve-config-file">
+<h4>svnserve --config-file behavior with password and authz dbs
+  <a class="sectionlink" href="#svnserve-config-file"
+    title="Link to this section">&para;</a>
+<p>The behavior of the <tt>--config-file</tt> option to svnserve has changed.
+The password db and authz db files will be reloaded on each connection.  In past
+versions these files were cached on startup when <tt>--config-file</tt> was
+<p>The svnserve.conf file directly passed to <tt>--config-file</tt> will
+be cached.  Provided that the locations you wish to use for the authz and
+password dbs have not changed, you will not need to restart svnserve in order to
+have the changes you make to these files applied. This makes the behavior of
+<tt>--config-file</tt> more consistent with configurations that do not use this
+<p>If you were depending on the configuration changes not being applied until
+you restarted svnserve you will need to adjust accordingly.</p>
+</div>  <!-- svnserve-config-file -->
+<div class="h4" id="svnauthz">
+<h4>svnauthz-validate renamed to svnauthz
+  <a class="sectionlink" href="#svnauthz"
+    title="Link to this section">&para;</a>
+<p>The svnauthz-validate command has been renamed to svnauthz and now has
+a validate subcommand.  Meaning the equivalent to <tt>svnauthz-validate
+file</tt> in 1.8 is <tt>svnauthz validate file</tt>.  To maintain command
+line compatability if the svnauthz command is run with the command name of
+<tt>svnauthz-validate</tt> then it emulates the behavior of the
+<tt>svnauthz-validate</tt> command from 1.7.  <tt>make install-tools</tt>
+installs a symlink <tt>svnauthz-validate</tt> to provide this compatability
+<p>Additionally, svnauthz now has an accessof subcommand that can print or
+test what the permissions would be in a given circumstance.  Allowing you
+to validate that your changes have effected the permissions that you intended
+before applying them.  See <tt>svnauthz help accessof</tt> for more details.</p>
+</div>  <!-- svnauthz -->
 </div>  <!-- compat-misc -->
@@ -890,6 +935,66 @@ users apply the same change to multiple 
 </div>  <!-- fsfs-enhancements -->
+<div class="h3" id="in-repo-authz">
+<h3>In repository authz
+  <a class="sectionlink" href="#in-repo-authz"
+    title="Link to this section">&para;</a>
+<p>Subversion 1.8 allows authz files to be stored inside a
+Subversion repository.  This allows you to gain the versioning
+features of Subversion for the configuration of the path based
+authorization feature.  The repository does not need to be the
+same repository as the one that the authz files are being applied
+to.  However, if the repository is the same repository it allows
+the authz file to be synced with the repository making administration
+of the synchronized repositories easier.</p>
+<p>When providing the authz file to httpd or svnserve there are
+now four formats in which the location of the file may be described
+<li>Absolute path to a file (outside of a repository): <tt>/path/to/file</tt>
or <tt>C:\path\to\file</tt>
+<li>Relative path to a file (outside of a repository): <tt>path/to/file</tt>
or <tt>path\to\file</tt>
+<li>Absolute URL to file in repsository: <tt>file:///path/to/repo/file</tt>

+<li>Relative URL to file in a repository: <tt>^/file</tt>
+<p>The first two are the formats that were already supported in versions prior
+to 1.8, leaving the last two as the new ones.  The absolute URL format is
+similar to what you could use with <tt>svn cat</tt> to list a file in a local
+repository.  The relative URL is also
+<a href="">similar
to a format</a>
+that the client can use, the <tt>^/</tt>is removed and the authz file is found
+at the path in the repository being accessed.  httpd accepts all 4 formats
+in both AuthzSVNAccessFile and AuthzSVNReposRelativeAccessFile configuration
+directives, the only difference between the two is the root path for the
+relative path to a file outside a repository format.</p>
+<div class="notice"><span style="color: red"><b>WARNING:</b></span>Unlike
+  files stored on the servers local disk, authz files stored in the repository
+  are accessible via Subversion clients just like any other file in the
+  repository.  If you wish to protect the contents of the authz file you should
+  configure appropriate access restrictions for it in the applicable authz file
+  (potentially the same file even).</div>
+<div class="notice"><span style="color: red"><b>WARNING:</b></span>Commiting
+  authz file to a repository is no different than committing any other file.
+  The Subversion servers do not validate the authz file in anyway.  It may be
+  desirable to setup a pre-commit hook script to validate the authz file is
+  valid and/or has not removed all permissions to edit the file.  If
+  permissions have been removed to edit it via the network server(s) you can
+  of course always edit it via a local (<tt>file://</tt>) checkout since
+  ra_local does not observe path based permissions.  In order to assist in
+  making it easy to validate authz files a new hook-script has been added to
+  tools/hook-scripts called  The
+  validate-files.conf.example contains examples on how to validate both syntax
+  and specific permissions.
+</div>  <!-- in-repo-authz -->
 <div class="h3" id="new-tools">
 <h3>New tools and utilities
   <a class="sectionlink" href="#new-tools"

View raw message