You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Ryan Schmidt <su...@ryandesign.com> on 2006/03/26 18:12:06 UTC
Re: Checkout hooks? (summary and script implementation)
On Mar 26, 2006, at 11:52, Andrew Gabriel wrote:
> Adrian Hoe 贺文耀 wrote:
>
>> Look. I am not talking about having to log checkout/update. I just
>> want a simple email sent out to designated persons when someone do a
>> svn checkout/update. I am just interested to know who and when
>> checkout what. Simple.
>
> In a previous job, using a proprietary source control system, we
> used the equivalent of a checkout hook to add people to a mailing
> list regarding the repository they checked out from. With
> Subversion, I can't do this until the first time they commit, so it
> would be useful to me too so I could do it on the checkout. (We
> only use the svn:// access method at the moment).
So it sounds like several people (3 so far in this thread alone) want
a pre- or post-checkout hook. (And I see for the first time now,
Adrian, that you also want a pre- or post-update hook.) Someone even
already implemented a pre-checkout / pre-update hook, the patch for
which is here:
On Mar 24, 2006, at 16:00, Mathias Weinert wrote:
> You may want to look at
> http://svn.haxx.se/dev/archive-2006-02/0304.shtml
> and a little follow-up discussion in a separate thread for which
> I don't have the number available at the moment (the subject
> is "Re: [PATCH] pre-update and pre-getfile hook").
There's some controversy about the way in which this feature was
implemented, which you can read about in the continued discussion
Matthias mentioned:
http://svn.haxx.se/dev/archive-2006-03/0033.shtml
One of the perceived problems was that a pre-checkout hook can be
seen as another authorization mechanism, which was thought to be a
bad idea (the better idea presumably being to extend the existing
authorization mechanism to offer whatever features people would be
implementing in a pre-checkout hook).
For the purposes of this thread, all that's desired is notification,
which would probably fit best into a post-checkout or post-update
hook. I can't find an issue tracker record for this request. Is there
a reason, or would anybody object to such an enhancement request
being filed?
So friends, until such new hooks are implemented, I think the only
way to get what you want is to serve your repository using Apache and
monitor the Subversion access log. Fortunately, since I'm trying to
avoid real work at the moment, I wrote you a nifty script which can
be used in conjunction with the new Apache access log features in
Subversion 1.3.0 to basically create the post-checkout-or-export and
post-update hooks out of thin air. The script is written in PHP,
because I like it. The server must therefore be running Apache 2.0.x
or greater, Subversion 1.3.x or greater, and PHP. (I'm running 5.1.2
but 4.3.x or greater should probably be fine; if not, let me know.) I
would like for the script to work on Windows too, but I can't test
that; it's tested to work on Mac OS X. Instructions and hook
templates are included in the archive.
http://www.ryandesign.com/svnhookdispatcher/
I should note that the new post-checkout-or-export and post-update
hooks get called even if the checkout, export or update is
interrupted for some reason, so just keep that in mind.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Checkout hooks? (summary and script implementation)
Posted by Ryan Schmidt <su...@ryandesign.com>.
On Mar 28, 2006, at 09:35, Adrian Hoe 贺文耀 wrote:
>> So friends, until such new hooks are implemented, I think the only
>> way to get what you want is to serve your repository using Apache
>> and monitor the Subversion access log. Fortunately, since I'm
>> trying to avoid real work at the moment, I wrote you a nifty
>> script which can be used in conjunction with the new Apache access
>> log features in Subversion 1.3.0 to basically create the post-
>> checkout-or-export and post-update hooks out of thin air. The
>> script is written in PHP, because I like it. The server must
>> therefore be running Apache 2.0.x or greater, Subversion 1.3.x or
>> greater, and PHP. (I'm running 5.1.2 but 4.3.x or greater should
>> probably be fine; if not, let me know.) I would like for the
>> script to work on Windows too, but I can't test that; it's tested
>> to work on Mac OS X. Instructions and hook templates are included
>> in the archive.
>>
>> http://www.ryandesign.com/svnhookdispatcher/
>
> The reason I wish to have a pre/post checkout/update hooks is that,
> people such as project managers and svn administrator can be
> alerted with emails while they are away from their office desks.
>
> We don't have an Apache setup simply because our security policies
> and we don't want to provide conveniences of source browsing using
> browsers. We sees no reasons to install Apache too because svn+ssh
> is enough to do the job.
>
> We are able to use the hooks provided to monitor all commits
> (post). The problem is that we are unable to know who checkout
> what. That's a security concern. We would also like to know the ip
> address of the person who checkout the items. We don't know who
> until he/she commits changes.
>
> I am using 1.2.x and have no plan to migrate to 1.3 at this moment.
> I will certainly migrate immediately if future version has checkout/
> export/update hooks implemented.
So, now you have a reason to install Apache and upgrade to Subversion
1.3: svn+ssh does not provide you with post-checkout-or-export or
post-update hooks; Apache + Subversion 1.3 + my script above does.
I can't speak to your security policies, but if they get in the way
of you doing what you need to do for your business, then you'd best
reexamine those security policies. But I really don't know what kind
of security-related issues you see in an Apache + Subversion server
that are not present in an SSH + Subversion server.
If you don't want people to be able to browse the repository via the
web browser, I'm sure you can do that with a simple Apache directive
like prohibiting all GET requests (since AFAIK real Subversion
clients get all information via PROPFIND and REPORT requests) or by
user agent (allowing only user agents like "SVN/1.3.0 (r17949) neon/
0.25.4" for example). In any case, you're merely taking away a
convenience, not a feature, since a user can still browse the
repository via the command-line client, if perhaps less conveniently.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Checkout hooks? (summary and script implementation)
Posted by Adrian Hoe 贺文耀 <ma...@adrianhoe.com>.
Sorry for the late reply. I was on travel and got my hands tied up.
The reason I wish to have a pre/post checkout/update hooks is that,
people such as project managers and svn administrator can be alerted
with emails while they are away from their office desks.
We don't have an Apache setup simply because our security policies
and we don't want to provide conveniences of source browsing using
browsers. We sees no reasons to install Apache too because svn+ssh is
enough to do the job.
We are able to use the hooks provided to monitor all commits (post).
The problem is that we are unable to know who checkout what. That's a
security concern. We would also like to know the ip address of the
person who checkout the items. We don't know who until he/she commits
changes.
I am using 1.2.x and have no plan to migrate to 1.3 at this moment. I
will certainly migrate immediately if future version has checkout/
export/update hooks implemented.
On Mar 27, 2006, at 2:12 AM, Ryan Schmidt wrote:
> On Mar 26, 2006, at 11:52, Andrew Gabriel wrote:
>
>> Adrian Hoe 贺文耀 wrote:
>>
>>> Look. I am not talking about having to log checkout/update. I just
>>> want a simple email sent out to designated persons when someone do a
>>> svn checkout/update. I am just interested to know who and when
>>> checkout what. Simple.
>>
>> In a previous job, using a proprietary source control system, we
>> used the equivalent of a checkout hook to add people to a mailing
>> list regarding the repository they checked out from. With
>> Subversion, I can't do this until the first time they commit, so
>> it would be useful to me too so I could do it on the checkout. (We
>> only use the svn:// access method at the moment).
>
> So it sounds like several people (3 so far in this thread alone)
> want a pre- or post-checkout hook. (And I see for the first time
> now, Adrian, that you also want a pre- or post-update hook.)
> Someone even already implemented a pre-checkout / pre-update hook,
> the patch for which is here:
>
> On Mar 24, 2006, at 16:00, Mathias Weinert wrote:
>
>> You may want to look at
>> http://svn.haxx.se/dev/archive-2006-02/0304.shtml
>> and a little follow-up discussion in a separate thread for which
>> I don't have the number available at the moment (the subject
>> is "Re: [PATCH] pre-update and pre-getfile hook").
>
> There's some controversy about the way in which this feature was
> implemented, which you can read about in the continued discussion
> Matthias mentioned:
>
> http://svn.haxx.se/dev/archive-2006-03/0033.shtml
>
> One of the perceived problems was that a pre-checkout hook can be
> seen as another authorization mechanism, which was thought to be a
> bad idea (the better idea presumably being to extend the existing
> authorization mechanism to offer whatever features people would be
> implementing in a pre-checkout hook).
>
> For the purposes of this thread, all that's desired is
> notification, which would probably fit best into a post-checkout or
> post-update hook. I can't find an issue tracker record for this
> request. Is there a reason, or would anybody object to such an
> enhancement request being filed?
>
>
> So friends, until such new hooks are implemented, I think the only
> way to get what you want is to serve your repository using Apache
> and monitor the Subversion access log. Fortunately, since I'm
> trying to avoid real work at the moment, I wrote you a nifty script
> which can be used in conjunction with the new Apache access log
> features in Subversion 1.3.0 to basically create the post-checkout-
> or-export and post-update hooks out of thin air. The script is
> written in PHP, because I like it. The server must therefore be
> running Apache 2.0.x or greater, Subversion 1.3.x or greater, and
> PHP. (I'm running 5.1.2 but 4.3.x or greater should probably be
> fine; if not, let me know.) I would like for the script to work on
> Windows too, but I can't test that; it's tested to work on Mac OS
> X. Instructions and hook templates are included in the archive.
>
> http://www.ryandesign.com/svnhookdispatcher/
>
> I should note that the new post-checkout-or-export and post-update
> hooks get called even if the checkout, export or update is
> interrupted for some reason, so just keep that in mind.
>
>
>
--
"If you missed the rising sun and the morning dew, don't miss the
beautiful sunset." -- Adrian Hoe inspired by Michal Nowak, June 15 2004
http://adrianhoe.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org