Return-Path:
X-Original-To: apmail-subversion-commits-archive@minotaur.apache.org
Delivered-To: apmail-subversion-commits-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by minotaur.apache.org (Postfix) with SMTP id 1423CD169
for ;
Mon, 7 Jan 2013 00:21:29 +0000 (UTC)
Received: (qmail 78239 invoked by uid 500); 7 Jan 2013 00:21:28 -0000
Delivered-To: apmail-subversion-commits-archive@subversion.apache.org
Received: (qmail 78118 invoked by uid 500); 7 Jan 2013 00:21:27 -0000
Mailing-List: contact commits-help@subversion.apache.org; run by ezmlm
Precedence: bulk
List-Help:
List-Unsubscribe:
List-Post:
List-Id:
Reply-To: dev@subversion.apache.org
Delivered-To: mailing list commits@subversion.apache.org
Received: (qmail 78092 invoked by uid 99); 7 Jan 2013 00:21:27 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Jan 2013 00:21:27 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Jan 2013 00:21:24 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
by eris.apache.org (Postfix) with ESMTP id C3D6F23888CD;
Mon, 7 Jan 2013 00:21:03 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1429623 -
/subversion/site/publish/docs/release-notes/1.8.html
Date: Mon, 07 Jan 2013 00:21:03 -0000
To: commits@subversion.apache.org
From: breser@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20130107002103.C3D6F23888CD@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
Author: breser
Date: Mon Jan 7 00:21:03 2013
New Revision: 1429623
URL: http://svn.apache.org/viewvc?rev=1429623&view=rev
Log:
Update 1.8 release notes for in repo authz, svnauthz and the change of
--config-file behavior with svnserve.
* public/docs/release-notes/1.8.html
(authz-fspath-syntax): Adjust to account for the changes to svnauthz.
(svnserve-config-file, svnauthz, in-repo-authz): New sections.
Modified:
subversion/site/publish/docs/release-notes/1.8.html
Modified: subversion/site/publish/docs/release-notes/1.8.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/docs/release-notes/1.8.html?rev=1429623&r1=1429622&r2=1429623&view=diff
==============================================================================
--- subversion/site/publish/docs/release-notes/1.8.html (original)
+++ subversion/site/publish/docs/release-notes/1.8.html Mon Jan 7 00:21:03 2013
@@ -333,10 +333,11 @@ change, unless a failure to parse the au
for everyone... which would not be a sane way to configure a server. -->
denied as a result of upgrading to Subversion
1.8. The svnauthz-validate tool, when linked to Subversion 1.8
-libraries, can be used to test an authz file for validity. (The tool
-will error out on a file that the Subversion server will error out on.)
+href="https://svn.apache.org/repos/asf/subversion/trunk/tools/server-side/svnauthz.c"
+>svnauthz tool, when linked to Subversion 1.8
+libraries, can be used to test an authz file for validity using the validate
+subcommand. (The tool will error out on a file that the Subversion server will
+error out on.)
@@ -421,6 +422,50 @@ star imports of from svn.core c
+
+
svnserve --config-file behavior with password and authz dbs
+ ¶
+
+
+
The behavior of the --config-file option to svnserve has changed.
+The password db and authz db files will be reloaded on each connection. In past
+versions these files were cached on startup when --config-file was
+used.
+
+
The svnserve.conf file directly passed to --config-file will still
+be cached. Provided that the locations you wish to use for the authz and
+password dbs have not changed, you will not need to restart svnserve in order to
+have the changes you make to these files applied. This makes the behavior of
+--config-file more consistent with configurations that do not use this
+option.
+
+
If you were depending on the configuration changes not being applied until
+you restarted svnserve you will need to adjust accordingly.
+
+
+
+
+
svnauthz-validate renamed to svnauthz
+ ¶
+
+
+
The svnauthz-validate command has been renamed to svnauthz and now has
+a validate subcommand. Meaning the equivalent to svnauthz-validate
+file in 1.8 is svnauthz validate file. To maintain command
+line compatability if the svnauthz command is run with the command name of
+svnauthz-validate then it emulates the behavior of the
+svnauthz-validate command from 1.7. make install-tools
+installs a symlink svnauthz-validate to provide this compatability
+functionality.
+
+
Additionally, svnauthz now has an accessof subcommand that can print or
+test what the permissions would be in a given circumstance. Allowing you
+to validate that your changes have effected the permissions that you intended
+before applying them. See svnauthz help accessof for more details.
+
+
@@ -890,6 +935,66 @@ users apply the same change to multiple
+
+
In repository authz
+ ¶
+
+
+
Subversion 1.8 allows authz files to be stored inside a
+Subversion repository. This allows you to gain the versioning
+features of Subversion for the configuration of the path based
+authorization feature. The repository does not need to be the
+same repository as the one that the authz files are being applied
+to. However, if the repository is the same repository it allows
+the authz file to be synced with the repository making administration
+of the synchronized repositories easier.
+
+
When providing the authz file to httpd or svnserve there are
+now four formats in which the location of the file may be described
+with.
+
+
+- Absolute path to a file (outside of a repository): /path/to/file or C:\path\to\file
+
- Relative path to a file (outside of a repository): path/to/file or path\to\file
+
- Absolute URL to file in repsository: file:///path/to/repo/file
+
- Relative URL to file in a repository: ^/file
+
+
+
The first two are the formats that were already supported in versions prior
+to 1.8, leaving the last two as the new ones. The absolute URL format is
+similar to what you could use with svn cat to list a file in a local
+repository. The relative URL is also
+similar to a format
+that the client can use, the ^/is removed and the authz file is found
+at the path in the repository being accessed. httpd accepts all 4 formats
+in both AuthzSVNAccessFile and AuthzSVNReposRelativeAccessFile configuration
+directives, the only difference between the two is the root path for the
+relative path to a file outside a repository format.
+
+
WARNING:Unlike authz
+ files stored on the servers local disk, authz files stored in the repository
+ are accessible via Subversion clients just like any other file in the
+ repository. If you wish to protect the contents of the authz file you should
+ configure appropriate access restrictions for it in the applicable authz file
+ (potentially the same file even).
+
+
WARNING:Commiting an
+ authz file to a repository is no different than committing any other file.
+ The Subversion servers do not validate the authz file in anyway. It may be
+ desirable to setup a pre-commit hook script to validate the authz file is
+ valid and/or has not removed all permissions to edit the file. If
+ permissions have been removed to edit it via the network server(s) you can
+ of course always edit it via a local (file://) checkout since
+ ra_local does not observe path based permissions. In order to assist in
+ making it easy to validate authz files a new hook-script has been added to
+ tools/hook-scripts called validate-files.py. The
+ validate-files.conf.example contains examples on how to validate both syntax
+ and specific permissions.
+
+
+
+