You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by br...@apache.org on 2013/01/07 01:21:03 UTC
svn commit: r1429623 - /subversion/site/publish/docs/release-notes/1.8.html
Author: breser
Date: Mon Jan 7 00:21:03 2013
New Revision: 1429623
URL: http://svn.apache.org/viewvc?rev=1429623&view=rev
Log:
Update 1.8 release notes for in repo authz, svnauthz and the change of
--config-file behavior with svnserve.
* public/docs/release-notes/1.8.html
(authz-fspath-syntax): Adjust to account for the changes to svnauthz.
(svnserve-config-file, svnauthz, in-repo-authz): New sections.
Modified:
subversion/site/publish/docs/release-notes/1.8.html
Modified: subversion/site/publish/docs/release-notes/1.8.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/docs/release-notes/1.8.html?rev=1429623&r1=1429622&r2=1429623&view=diff
==============================================================================
--- subversion/site/publish/docs/release-notes/1.8.html (original)
+++ subversion/site/publish/docs/release-notes/1.8.html Mon Jan 7 00:21:03 2013
@@ -333,10 +333,11 @@ change, unless a failure to parse the au
for everyone... which would not be a sane way to configure a server. -->
denied as a result of upgrading to Subversion
1.8. The <a
-href="https://svn.apache.org/repos/asf/subversion/trunk/tools/server-side/svnauthz-validate.c"
->svnauthz-validate</a> tool, when linked to Subversion 1.8
-libraries, can be used to test an authz file for validity. (The tool
-will error out on a file that the Subversion server will error out on.)</p>
+href="https://svn.apache.org/repos/asf/subversion/trunk/tools/server-side/svnauthz.c"
+>svnauthz</a> tool, when linked to Subversion 1.8
+libraries, can be used to test an authz file for validity using the validate
+subcommand. (The tool will error out on a file that the Subversion server will
+error out on.)</p>
</div> <!-- authz-fspath-syntax -->
@@ -421,6 +422,50 @@ star imports of <tt>from svn.core</tt> c
</div> <!-- swig-py-star -->
+<div class="h4" id="svnserve-config-file">
+<h4>svnserve --config-file behavior with password and authz dbs
+ <a class="sectionlink" href="#svnserve-config-file"
+ title="Link to this section">¶</a>
+</h4>
+
+<p>The behavior of the <tt>--config-file</tt> option to svnserve has changed.
+The password db and authz db files will be reloaded on each connection. In past
+versions these files were cached on startup when <tt>--config-file</tt> was
+used.</p>
+
+<p>The svnserve.conf file directly passed to <tt>--config-file</tt> will still
+be cached. Provided that the locations you wish to use for the authz and
+password dbs have not changed, you will not need to restart svnserve in order to
+have the changes you make to these files applied. This makes the behavior of
+<tt>--config-file</tt> more consistent with configurations that do not use this
+option.</p>
+
+<p>If you were depending on the configuration changes not being applied until
+you restarted svnserve you will need to adjust accordingly.</p>
+
+</div> <!-- svnserve-config-file -->
+
+<div class="h4" id="svnauthz">
+<h4>svnauthz-validate renamed to svnauthz
+ <a class="sectionlink" href="#svnauthz"
+ title="Link to this section">¶</a>
+</h4>
+
+<p>The svnauthz-validate command has been renamed to svnauthz and now has
+a validate subcommand. Meaning the equivalent to <tt>svnauthz-validate
+file</tt> in 1.8 is <tt>svnauthz validate file</tt>. To maintain command
+line compatability if the svnauthz command is run with the command name of
+<tt>svnauthz-validate</tt> then it emulates the behavior of the
+<tt>svnauthz-validate</tt> command from 1.7. <tt>make install-tools</tt>
+installs a symlink <tt>svnauthz-validate</tt> to provide this compatability
+functionality.</p>
+
+<p>Additionally, svnauthz now has an accessof subcommand that can print or
+test what the permissions would be in a given circumstance. Allowing you
+to validate that your changes have effected the permissions that you intended
+before applying them. See <tt>svnauthz help accessof</tt> for more details.</p>
+
+</div> <!-- svnauthz -->
</div> <!-- compat-misc -->
@@ -890,6 +935,66 @@ users apply the same change to multiple
</div> <!-- fsfs-enhancements -->
+<div class="h3" id="in-repo-authz">
+<h3>In repository authz
+ <a class="sectionlink" href="#in-repo-authz"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>Subversion 1.8 allows authz files to be stored inside a
+Subversion repository. This allows you to gain the versioning
+features of Subversion for the configuration of the path based
+authorization feature. The repository does not need to be the
+same repository as the one that the authz files are being applied
+to. However, if the repository is the same repository it allows
+the authz file to be synced with the repository making administration
+of the synchronized repositories easier.</p>
+
+<p>When providing the authz file to httpd or svnserve there are
+now four formats in which the location of the file may be described
+with.</p>
+
+<ol>
+<li>Absolute path to a file (outside of a repository): <tt>/path/to/file</tt> or <tt>C:\path\to\file</tt>
+<li>Relative path to a file (outside of a repository): <tt>path/to/file</tt> or <tt>path\to\file</tt>
+<li>Absolute URL to file in repsository: <tt>file:///path/to/repo/file</tt>
+<li>Relative URL to file in a repository: <tt>^/file</tt>
+</ol>
+
+<p>The first two are the formats that were already supported in versions prior
+to 1.8, leaving the last two as the new ones. The absolute URL format is
+similar to what you could use with <tt>svn cat</tt> to list a file in a local
+repository. The relative URL is also
+<a href="http://svn.apache.org/repos/asf/subversion/trunk/notes/cli-repo-root-relative-support.txt">similar to a format</a>
+that the client can use, the <tt>^/</tt>is removed and the authz file is found
+at the path in the repository being accessed. httpd accepts all 4 formats
+in both AuthzSVNAccessFile and AuthzSVNReposRelativeAccessFile configuration
+directives, the only difference between the two is the root path for the
+relative path to a file outside a repository format.</p>
+
+<div class="notice"><span style="color: red"><b>WARNING:</b></span>Unlike authz
+ files stored on the servers local disk, authz files stored in the repository
+ are accessible via Subversion clients just like any other file in the
+ repository. If you wish to protect the contents of the authz file you should
+ configure appropriate access restrictions for it in the applicable authz file
+ (potentially the same file even).</div>
+
+<div class="notice"><span style="color: red"><b>WARNING:</b></span>Commiting an
+ authz file to a repository is no different than committing any other file.
+ The Subversion servers do not validate the authz file in anyway. It may be
+ desirable to setup a pre-commit hook script to validate the authz file is
+ valid and/or has not removed all permissions to edit the file. If
+ permissions have been removed to edit it via the network server(s) you can
+ of course always edit it via a local (<tt>file://</tt>) checkout since
+ ra_local does not observe path based permissions. In order to assist in
+ making it easy to validate authz files a new hook-script has been added to
+ tools/hook-scripts called validate-files.py. The
+ validate-files.conf.example contains examples on how to validate both syntax
+ and specific permissions.
+</div>
+
+</div> <!-- in-repo-authz -->
+
<div class="h3" id="new-tools">
<h3>New tools and utilities
<a class="sectionlink" href="#new-tools"