Return-Path: X-Original-To: apmail-subversion-users-archive@minotaur.apache.org Delivered-To: apmail-subversion-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7C3CB11128 for ; Wed, 3 Sep 2014 19:38:03 +0000 (UTC) Received: (qmail 1791 invoked by uid 500); 3 Sep 2014 19:38:02 -0000 Delivered-To: apmail-subversion-users-archive@subversion.apache.org Received: (qmail 1762 invoked by uid 500); 3 Sep 2014 19:38:02 -0000 Mailing-List: contact users-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@subversion.apache.org Received: (qmail 1752 invoked by uid 99); 3 Sep 2014 19:38:02 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Sep 2014 19:38:02 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of brane@wandisco.com designates 209.85.212.181 as permitted sender) Received: from [209.85.212.181] (HELO mail-wi0-f181.google.com) (209.85.212.181) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Sep 2014 19:37:57 +0000 Received: by mail-wi0-f181.google.com with SMTP id e4so10482286wiv.8 for ; Wed, 03 Sep 2014 12:37:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wandisco.com; s=gapps; h=message-id:date:from:organization:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=xMMG9BwTThNmtgeuSfQigatqt8w0GkflTvlNhLMNVKM=; b=WL9etAKmut5e1cxZJD1EnRoNb8O4ggPdcHWv9+eznOQZUMDjdLXZWkIG+pBGlYC/5z m+AnT2kEMFhfH3FRkQos+6jYjmaJaDUIhYGQRDoIb78pcpkaZyEbXMeyYkMmabDWIi+C UQLjFCPYKM9CLZRHv7fG2N6JN2yNfkQRWjhk4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:organization:user-agent :mime-version:to:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=xMMG9BwTThNmtgeuSfQigatqt8w0GkflTvlNhLMNVKM=; b=kyN0Tp0dPiGFS0sXRoTUO46ZXPhmN0zAeKAr1gqnP7XxThP+AUfHMOtQOE9qtQaHdK d9YgoP1vtJHcqs+yS075xnuNa0GbH8kNbMhRWaZR+cL6kczA8WTjx2GpvtXaCfsKnIsD VStHurhexTDVBkFEVvgzXAk/rr0q0WOEn49DqdcMfpojaJ3szfiStFsNSYVZTLtLgv5w 3jFhyEiQRsckTDZbjqujn8MBd1Rvm9ZQeQgWcNU0KjRnwSsfTT3ovDzaht33KrqBe8RE 01M0WBZnxO2ak4BQzWRm8goLOmE+1XmHNVmPaPXJngziCMg3kD6m/vUwSRERppGsgjfc 4FOw== X-Gm-Message-State: ALoCoQmhuY4gAWzMguNVV9PhralwiEaQABEIV53/Uft3DUSbn6dz47Wx2ZBSg68pro3R2B7mSHDF X-Received: by 10.180.107.37 with SMTP id gz5mr889721wib.40.1409773055643; Wed, 03 Sep 2014 12:37:35 -0700 (PDT) Received: from zulu.local (cpe-90-157-246-198.dynamic.amis.net. [90.157.246.198]) by mx.google.com with ESMTPSA id gj3sm6152035wib.15.2014.09.03.12.37.34 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 03 Sep 2014 12:37:34 -0700 (PDT) Received: from zulu.local (localhost [IPv6:::1]) by zulu.local (Postfix) with ESMTP id E637EC6FAB02 for ; Wed, 3 Sep 2014 21:37:32 +0200 (CEST) Message-ID: <54076DFC.206@wandisco.com> Date: Wed, 03 Sep 2014 21:37:32 +0200 From: =?UTF-8?B?QnJhbmtvIMSMaWJlag==?= Organization: WANdisco User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: users@subversion.apache.org Subject: Re: Commit bot without password References: In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org On 03.09.2014 21:21, Kim Gräsman wrote: > Hello, > > I'm new to the list, so forgive me if this has been discussed before. > I didn't find anything in the archives. > > At my workplace, we run a simple home-cooked "gated commit" system on > top of Subversion 1.8. Users run their working copy changes through a > client program, it assembles all changes and sends them with a work > order (what to build, test and run other analysis steps for) to a > server, which runs all steps and commits on the user's behalf if they > pass. > > This works really well for us, but we haven't been able to avoid > sending the user's SVN credentials together with the work order, and > this is clearly not desirable. > > Is there some way to convince Subversion to commit on a user's behalf? > We'd like to designate one SVN account as the commit bot account and > let it impersonate users at will. The standard command-line client won't let you do that. It's possible to write a script or program, using our bindings or API; but it's rather a lot of work. You could try the following trick: on the build machine, with the bot's credentials, do this: $ svn commit -m ... --with-revprop on-behalf-of=username then on the server, add a pre-commit hook script that looks at the revision properties of the transaction (svnlook propget --revprop) that's about to be committed; and if svn:author is the bot, and the on-behalf-of property exists, the script would replace the svn:author value and delete the on-behalf-of property (svnadmin setrevprop). This is just a blue-sky idea, I've never actually done that; but I don't see a reason, offhand, why it wouldn't work. -- Brane