You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Peter Samuelson <pe...@p12n.org> on 2008/07/01 04:24:42 UTC
[PATCH] Simpler and safer DAV proxy sync script
Is there any reason not to recommend this much simpler procedure for
DAV mirroring? It is not only simpler and faster, but closes a
security hole in temp file handling on the master.
--
Peter Samuelson | org-tld!p12n!peter | http://p12n.org/
[[[
Use a simple pipe for svnadmin dump / load in the WebDAV proxy
example scripts, instead of temporary files.
* notes/webdav-proxy: Rewrite mirror hook example to use a pipe instead
of a temp file. Also use -q in svnadmin dump|load, because nobody
needs to see the verbose output.
* www/svn_1.5_releasenotes.html (webdav-proxy-example): Likewise.
]]]
Index: www/svn_1.5_releasenotes.html
===================================================================
--- www/svn_1.5_releasenotes.html (revisione 31895)
+++ www/svn_1.5_releasenotes.html (copia locale)
@@ -1164,11 +1164,9 @@
SLAVE_PATH=/my/local/copy/of/repos
# Ensure svnadmin is in $PATH on both this machine and the remote server!
- svnadmin dump --incremental -r$2 $1 > /tmp/$2.dump
- scp /tmp/$2.dump $SLAVE_HOST:$SLAVE_PATH
- ssh $SLAVE_HOST "svnadmin load $SLAVE_PATH < $SLAVE_PATH/$2.dump"
- ssh $SLAVE_HOST "rm $SLAVE_PATH/$2.dump"
- rm /tmp/$2.dump
+
+ svnadmin dump -q --incremental -r$REV "$REPOS" |
+ ssh $SLAVE_HOST "svnadmin load -q $SLAVE_PATH"
</code></pre>
</div> <!-- webdav-proxy-example -->
Index: notes/webdav-proxy
===================================================================
--- notes/webdav-proxy (revisione 31895)
+++ notes/webdav-proxy (copia locale)
@@ -62,11 +62,8 @@
SLAVE_PATH=/my/local/copy/of/repos
# Ensure svnadmin is in your PATH on both this machine and the remote server!
-svnadmin dump --incremental -r$2 $1 > /tmp/$2.dump
-scp /tmp/$2.dump $SLAVE_HOST:$SLAVE_PATH
-ssh $SLAVE_HOST "svnadmin load $SLAVE_PATH < $SLAVE_PATH/$2.dump"
-ssh $SLAVE_HOST "rm $SLAVE_PATH/$2.dump"
-rm /tmp/$2.dump
+svnadmin dump -q --incremental -r$REV "$REPOS" |
+ ssh $SLAVE_HOST "svnadmin load -q $SLAVE_PATH"
----
Issues/Thoughts:
Re: [PATCH] Simpler and safer DAV proxy sync script
Posted by Peter Samuelson <pe...@p12n.org>.
[Karl Fogel]
> Looks reasonable to me. (Did you actually test it, though?)
I did not - but (a) piping svnadmin dump -q to svnadmin load -q, and
(b) piping commands to each other through ssh (which is 8-bit-clean
when used in this manner), are both things I do often.
I can test it when I set up a DAV proxy here at work, which I plan to
do anyway sometime this week.
--
Peter Samuelson | org-tld!p12n!peter | http://p12n.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [PATCH] Simpler and safer DAV proxy sync script
Posted by "C. Michael Pilato" <cm...@collab.net>.
Mark Phippard wrote:
> On Tue, Jul 1, 2008 at 11:22 AM, Karl Fogel <kf...@red-bean.com> wrote:
>> Peter Samuelson <pe...@p12n.org> writes:
>>> Is there any reason not to recommend this much simpler procedure for
>>> DAV mirroring? It is not only simpler and faster, but closes a
>>> security hole in temp file handling on the master.
>> Looks reasonable to me. (Did you actually test it, though?)
>
> Do we have a script that uses svnsync? I recall this script pre-dated
> svnsync being available as an option. I just do not see why we would
> promote any other option.
The Book recommends using svnsync, so I don't mind if our notes demonstrate
yet another way of doing this.
--
C. Michael Pilato <cm...@collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
Re: [PATCH] Simpler and safer DAV proxy sync script
Posted by Mark Phippard <ma...@gmail.com>.
On Tue, Jul 1, 2008 at 11:22 AM, Karl Fogel <kf...@red-bean.com> wrote:
> Peter Samuelson <pe...@p12n.org> writes:
>> Is there any reason not to recommend this much simpler procedure for
>> DAV mirroring? It is not only simpler and faster, but closes a
>> security hole in temp file handling on the master.
>
> Looks reasonable to me. (Did you actually test it, though?)
Do we have a script that uses svnsync? I recall this script pre-dated
svnsync being available as an option. I just do not see why we would
promote any other option.
--
Thanks
Mark Phippard
http://markphip.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [PATCH] Simpler and safer DAV proxy sync script
Posted by Karl Fogel <kf...@red-bean.com>.
Peter Samuelson <pe...@p12n.org> writes:
> Is there any reason not to recommend this much simpler procedure for
> DAV mirroring? It is not only simpler and faster, but closes a
> security hole in temp file handling on the master.
Looks reasonable to me. (Did you actually test it, though?)
> [[[
> Use a simple pipe for svnadmin dump / load in the WebDAV proxy
> example scripts, instead of temporary files.
>
> * notes/webdav-proxy: Rewrite mirror hook example to use a pipe instead
> of a temp file. Also use -q in svnadmin dump|load, because nobody
> needs to see the verbose output.
>
> * www/svn_1.5_releasenotes.html (webdav-proxy-example): Likewise.
> ]]]
>
> Index: www/svn_1.5_releasenotes.html
> ===================================================================
> --- www/svn_1.5_releasenotes.html (revisione 31895)
> +++ www/svn_1.5_releasenotes.html (copia locale)
> @@ -1164,11 +1164,9 @@
> SLAVE_PATH=/my/local/copy/of/repos
>
> # Ensure svnadmin is in $PATH on both this machine and the remote server!
> - svnadmin dump --incremental -r$2 $1 > /tmp/$2.dump
> - scp /tmp/$2.dump $SLAVE_HOST:$SLAVE_PATH
> - ssh $SLAVE_HOST "svnadmin load $SLAVE_PATH < $SLAVE_PATH/$2.dump"
> - ssh $SLAVE_HOST "rm $SLAVE_PATH/$2.dump"
> - rm /tmp/$2.dump
> +
> + svnadmin dump -q --incremental -r$REV "$REPOS" |
> + ssh $SLAVE_HOST "svnadmin load -q $SLAVE_PATH"
> </code></pre>
>
> </div> <!-- webdav-proxy-example -->
> Index: notes/webdav-proxy
> ===================================================================
> --- notes/webdav-proxy (revisione 31895)
> +++ notes/webdav-proxy (copia locale)
> @@ -62,11 +62,8 @@
> SLAVE_PATH=/my/local/copy/of/repos
>
> # Ensure svnadmin is in your PATH on both this machine and the remote server!
> -svnadmin dump --incremental -r$2 $1 > /tmp/$2.dump
> -scp /tmp/$2.dump $SLAVE_HOST:$SLAVE_PATH
> -ssh $SLAVE_HOST "svnadmin load $SLAVE_PATH < $SLAVE_PATH/$2.dump"
> -ssh $SLAVE_HOST "rm $SLAVE_PATH/$2.dump"
> -rm /tmp/$2.dump
> +svnadmin dump -q --incremental -r$REV "$REPOS" |
> + ssh $SLAVE_HOST "svnadmin load -q $SLAVE_PATH"
> ----
>
> Issues/Thoughts:
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org