Return-Path: X-Original-To: apmail-subversion-commits-archive@minotaur.apache.org Delivered-To: apmail-subversion-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1423CD169 for ; Mon, 7 Jan 2013 00:21:29 +0000 (UTC) Received: (qmail 78239 invoked by uid 500); 7 Jan 2013 00:21:28 -0000 Delivered-To: apmail-subversion-commits-archive@subversion.apache.org Received: (qmail 78118 invoked by uid 500); 7 Jan 2013 00:21:27 -0000 Mailing-List: contact commits-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@subversion.apache.org Delivered-To: mailing list commits@subversion.apache.org Received: (qmail 78092 invoked by uid 99); 7 Jan 2013 00:21:27 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Jan 2013 00:21:27 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Jan 2013 00:21:24 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id C3D6F23888CD; Mon, 7 Jan 2013 00:21:03 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1429623 - /subversion/site/publish/docs/release-notes/1.8.html Date: Mon, 07 Jan 2013 00:21:03 -0000 To: commits@subversion.apache.org From: breser@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130107002103.C3D6F23888CD@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: breser Date: Mon Jan 7 00:21:03 2013 New Revision: 1429623 URL: http://svn.apache.org/viewvc?rev=1429623&view=rev Log: Update 1.8 release notes for in repo authz, svnauthz and the change of --config-file behavior with svnserve. * public/docs/release-notes/1.8.html (authz-fspath-syntax): Adjust to account for the changes to svnauthz. (svnserve-config-file, svnauthz, in-repo-authz): New sections. Modified: subversion/site/publish/docs/release-notes/1.8.html Modified: subversion/site/publish/docs/release-notes/1.8.html URL: http://svn.apache.org/viewvc/subversion/site/publish/docs/release-notes/1.8.html?rev=1429623&r1=1429622&r2=1429623&view=diff ============================================================================== --- subversion/site/publish/docs/release-notes/1.8.html (original) +++ subversion/site/publish/docs/release-notes/1.8.html Mon Jan 7 00:21:03 2013 @@ -333,10 +333,11 @@ change, unless a failure to parse the au for everyone... which would not be a sane way to configure a server. --> denied as a result of upgrading to Subversion 1.8. The svnauthz-validate tool, when linked to Subversion 1.8 -libraries, can be used to test an authz file for validity. (The tool -will error out on a file that the Subversion server will error out on.)

+href="https://svn.apache.org/repos/asf/subversion/trunk/tools/server-side/svnauthz.c" +>svnauthz tool, when linked to Subversion 1.8 +libraries, can be used to test an authz file for validity using the validate +subcommand. (The tool will error out on a file that the Subversion server will +error out on.)

@@ -421,6 +422,50 @@ star imports of from svn.core c +
+

svnserve --config-file behavior with password and authz dbs + +

+ +

The behavior of the --config-file option to svnserve has changed. +The password db and authz db files will be reloaded on each connection. In past +versions these files were cached on startup when --config-file was +used.

+ +

The svnserve.conf file directly passed to --config-file will still +be cached. Provided that the locations you wish to use for the authz and +password dbs have not changed, you will not need to restart svnserve in order to +have the changes you make to these files applied. This makes the behavior of +--config-file more consistent with configurations that do not use this +option.

+ +

If you were depending on the configuration changes not being applied until +you restarted svnserve you will need to adjust accordingly.

+ +
+ +
+

svnauthz-validate renamed to svnauthz + +

+ +

The svnauthz-validate command has been renamed to svnauthz and now has +a validate subcommand. Meaning the equivalent to svnauthz-validate +file in 1.8 is svnauthz validate file. To maintain command +line compatability if the svnauthz command is run with the command name of +svnauthz-validate then it emulates the behavior of the +svnauthz-validate command from 1.7. make install-tools +installs a symlink svnauthz-validate to provide this compatability +functionality.

+ +

Additionally, svnauthz now has an accessof subcommand that can print or +test what the permissions would be in a given circumstance. Allowing you +to validate that your changes have effected the permissions that you intended +before applying them. See svnauthz help accessof for more details.

+ +
@@ -890,6 +935,66 @@ users apply the same change to multiple +
+

In repository authz + +

+ +

Subversion 1.8 allows authz files to be stored inside a +Subversion repository. This allows you to gain the versioning +features of Subversion for the configuration of the path based +authorization feature. The repository does not need to be the +same repository as the one that the authz files are being applied +to. However, if the repository is the same repository it allows +the authz file to be synced with the repository making administration +of the synchronized repositories easier.

+ +

When providing the authz file to httpd or svnserve there are +now four formats in which the location of the file may be described +with.

+ +
    +
  1. Absolute path to a file (outside of a repository): /path/to/file or C:\path\to\file +
  2. Relative path to a file (outside of a repository): path/to/file or path\to\file +
  3. Absolute URL to file in repsository: file:///path/to/repo/file +
  4. Relative URL to file in a repository: ^/file +
+ +

The first two are the formats that were already supported in versions prior +to 1.8, leaving the last two as the new ones. The absolute URL format is +similar to what you could use with svn cat to list a file in a local +repository. The relative URL is also +similar to a format +that the client can use, the ^/is removed and the authz file is found +at the path in the repository being accessed. httpd accepts all 4 formats +in both AuthzSVNAccessFile and AuthzSVNReposRelativeAccessFile configuration +directives, the only difference between the two is the root path for the +relative path to a file outside a repository format.

+ +
WARNING:Unlike authz + files stored on the servers local disk, authz files stored in the repository + are accessible via Subversion clients just like any other file in the + repository. If you wish to protect the contents of the authz file you should + configure appropriate access restrictions for it in the applicable authz file + (potentially the same file even).
+ +
WARNING:Commiting an + authz file to a repository is no different than committing any other file. + The Subversion servers do not validate the authz file in anyway. It may be + desirable to setup a pre-commit hook script to validate the authz file is + valid and/or has not removed all permissions to edit the file. If + permissions have been removed to edit it via the network server(s) you can + of course always edit it via a local (file://) checkout since + ra_local does not observe path based permissions. In order to assist in + making it easy to validate authz files a new hook-script has been added to + tools/hook-scripts called validate-files.py. The + validate-files.conf.example contains examples on how to validate both syntax + and specific permissions. +
+ +
+

New tools and utilities