You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Reid Priedhorsky <re...@umn.edu> on 2010/03/03 21:01:22 UTC

"svn log" via svnserve is letting me see things it shouldn't, but "svn ls" works as I expect

Hi,

We are trying to set up svnserve to serve part of a repository to the 
public. The problem: "svn log" shows _all_ log messages in the repo when 
invoked on the repo root, even when "svn ls" on the same path gives 
"Authorization failed".

The goal: serve repository path /cyclingproject/public read-only to 
anyone, and the rest of the repo should not be available to the public. 
In particular, log messages to files not in /cyclingproject/public 
should not be available.

We are mirroring our main repository with svnsync, restricting the copy 
to the path /cyclingproject/public. Only data in this path seems to be 
copied, but all log messages in the main repo are coming over. We are 
using file: to do the mirroring, so this step does not involve svnserve. 
It is the mirror that we're serving with svnserve.

We are on version 1.5.7.

Contents of svnserve.conf:

   [general]
   anon-access = read
   auth-access = none
   authz-db = authz

Contents of authz:

   [/cyclingproject/public]
   * = r

We invoke svnserve as:

   $ svnserve -d --foreground -r /project/Grouplens/svn-cyclopath-public

"svn ls" output (all this is what we want):

   $ svn ls svn://localhost/
   svn: Authorization failed
   $ svn ls svn://localhost/cyclingproject
   svn: Authorization failed
   $ svn ls svn://localhost/cyclingproject/public
   test

"svn log" output:

   $ svn log svn://localhost/cyclingproject/public
   [log messages for /cyclingproject/public]
   $ svn log svn://localhost/cyclingproject
   svn: Item is not readable
   $ svn log svn://localhost
   [log messages for the whole mirror repository]

It is the last command that is the problem. The expected (and desired) 
behavior is either (a) "svn: Item is not readable" or (b) log messages 
for /cyclingproject/public only.

What's wrong? Did I make a configuration error? Is this a bug?

All I can think of is to write a commit hook in the mirror repository 
that removes log messages for paths that shouldn't be public.

Any help would be much appreciated.

Reid

Re: "svn log" via svnserve is letting me see things it shouldn't, but "svn ls" works as I expect

Posted by Alexey Neyman <st...@att.net>.

On Wednesday 03 March 2010 01:14:38 pm Stefan Sperling wrote:
> On Wed, Mar 03, 2010 at 03:01:22PM -0600, Reid Priedhorsky wrote:
> > In particular, log messages to files not in
> > /cyclingproject/public should not be available.
>
> Log message are not per file. They are per revision.
> They aren't tied to any particular path.
> Off-hand I cannot think of a way to prevent them from being seen.

Using svnadmin dump/load sequence piped through "svndumpfilter 
include --drop-empty-revs /cyclingproject/public" instead of svnsync 
would probably help.

Regards,
Alexey.

Re: "svn log" via svnserve is letting me see things it shouldn't, but "svn ls" works as I expect

Posted by Reid Priedhorsky <re...@umn.edu>.

On 03/04/10 07:14, Jon Foster wrote:
> Hi,
> 
> Stefan Sperling wrote:
>> On Wed, Mar 03, 2010 at 03:01:22PM -0600, Reid Priedhorsky wrote:
>>> In particular, log messages to files not in
>>> /cyclingproject/public should not be available.
>> Log message are not per file. They are per revision.
>> They aren't tied to any particular path.
>> Off-hand I cannot think of a way to prevent them from being seen.
> 
> But the documentation for how authz works says:
> 
> http://svn.apache.org/viewvc/subversion/trunk/notes/authz_policy.txt?ann
> otate=859714
> 
>> ==============================================
>> WHAT USERS SHOULD EXPECT FROM PATH-BASED AUTHZ
>> ==============================================
>>
> [...]
>> 2. LOG MESSAGES
>>
>> Log information may be restricted, based on readability of
>> changed-paths.
>>   
>> * If the target of 'svn log' wanders into unreadable territory,
>>   then log output will simply stop at the last readable revision.
>>   If the log is tracing backwards through time, as the plain
>>   "svn log" command does, the target will appear to be added
>>   (without history) in that revision.
>>   
>> * If a revision returned by 'svn log' contains a mixture of
>>   readable/unreadable changed-paths, then the log message is
>>   suppressed, along with the unreadable changed-paths.  Only
>>   the revision number, author, date, and readable paths are
>>   displayed.
>>   
>> * If a revision returned by 'svn log' contains only unreadable
>>   changed-paths, then only the revision number is displayed.
> 
> Is this documentation wrong?  Or doesn't it apply for some reason?

That's my take. If I can't "svn ls" it, why can I "svn log" it?

Note that the anomaly only appears at the repository root - one 
directory down, neither "svn ls" or "svn log" gives any results, which 
is what I'd expect.

In this case, I wrote a post-commit hook that cleared non-public log 
messages when they were mirrored with svnsync. But that seems like a 
hack, and if we were not mirroring, it seems we'd be out of luck.

Reid

Re: "svn log" via svnserve is letting me see things it shouldn't, but "svn ls" works as I expect

Posted by Stefan Sperling <st...@elego.de>.

On Thu, Mar 04, 2010 at 01:14:19PM -0000, Jon Foster wrote:
> Hi,
> 
> Stefan Sperling wrote:
> > On Wed, Mar 03, 2010 at 03:01:22PM -0600, Reid Priedhorsky wrote:
> > > In particular, log messages to files not in
> > > /cyclingproject/public should not be available.
> >
> > Log message are not per file. They are per revision.
> > They aren't tied to any particular path.
> > Off-hand I cannot think of a way to prevent them from being seen.
> 
> But the documentation for how authz works says:
> 
> http://svn.apache.org/viewvc/subversion/trunk/notes/authz_policy.txt?annotate=859714

Those are developer notes, not documentation.
I'm not sure if this was ever implemented, but I'm not an expert on authz.

Stefan

RE: "svn log" via svnserve is letting me see things it shouldn't, but "svn ls" works as I expect

Posted by Jon Foster <Jo...@cabot.co.uk>.

Hi,

Stefan Sperling wrote:
> On Wed, Mar 03, 2010 at 03:01:22PM -0600, Reid Priedhorsky wrote:
> > In particular, log messages to files not in
> > /cyclingproject/public should not be available.
>
> Log message are not per file. They are per revision.
> They aren't tied to any particular path.
> Off-hand I cannot think of a way to prevent them from being seen.

But the documentation for how authz works says:

http://svn.apache.org/viewvc/subversion/trunk/notes/authz_policy.txt?ann
otate=859714

> ==============================================
> WHAT USERS SHOULD EXPECT FROM PATH-BASED AUTHZ
> ==============================================
> 
[...]
> 2. LOG MESSAGES
>
> Log information may be restricted, based on readability of
> changed-paths.
>   
> * If the target of 'svn log' wanders into unreadable territory,
>   then log output will simply stop at the last readable revision.
>   If the log is tracing backwards through time, as the plain
>   "svn log" command does, the target will appear to be added
>   (without history) in that revision.
>   
> * If a revision returned by 'svn log' contains a mixture of
>   readable/unreadable changed-paths, then the log message is
>   suppressed, along with the unreadable changed-paths.  Only
>   the revision number, author, date, and readable paths are
>   displayed.
>   
> * If a revision returned by 'svn log' contains only unreadable
>   changed-paths, then only the revision number is displayed.

Is this documentation wrong?  Or doesn't it apply for some reason?

Kind regards,

Jon

**********************************************************************
This email and its attachments may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Cabot Communications Ltd.

If you are not the intended recipient of this email and its attachments, you must take no action based upon them, nor must you copy or show them to anyone.

Cabot Communications Limited
Verona House, Filwood Road, Bristol BS16 3RY, UK
+44 (0) 1179584232

Co. Registered in England number 02817269

Please contact the sender if you believe you have received this email in error.

**********************************************************************

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

Re: "svn log" via svnserve is letting me see things it shouldn't, but "svn ls" works as I expect

Posted by Stefan Sperling <st...@elego.de>.

On Wed, Mar 03, 2010 at 03:01:22PM -0600, Reid Priedhorsky wrote:
> In particular, log messages to files not in
> /cyclingproject/public should not be available.

Log message are not per file. They are per revision.
They aren't tied to any particular path.
Off-hand I cannot think of a way to prevent them from being seen.

Stefan