pre-commit
:
-bash-3.2$ uname -a Linux banot.etsii.ull.es 2.6.18-164.15.1.el5 #1 SMP Wed Mar 17 11:37:14 EDT 2010 i686 i686 i386 GNU/Linux -bash-3.2$ pwd /home/casiano/newrepository/hooks -bash-3.2$ ls -l pre-commit -rwxr-xr-x 1 casiano apache 281 abr 20 17:17 pre-commit -bash-3.2$ -bash-3.2$ cat pre-commit #!/bin/sh REPOS="$1" TXN="$2" perl -I/home/casiano/perl5/lib/perl5/site_perl/5.8.8/ /home/casiano/newrepository/hooks/commit-access-control.pl \ "$REPOS" "$TXN" /home/casiano/newrepository/hooks/commit-access-control.cfg || exit 1 # All checks passed, so allow the commit. exit 0 -bash-3.2$En
/home/casiano/perl5/lib/perl5/site_perl/5.8.8/
se encuentra la librería Config::IniFiles
usada por
commit-access-control.pl
para parsear el fichero de configuración.
svn+ssh
.
Para ello, si no lo ha hecho ya, genere una pareja de claves y publique la clave en el servidor
subversion.
Recuerde el formato en el fichero authorized_keys
para identificarle:
-bash-3.2$ cat ~/.ssh/authorized_keys ............................................................. # key for subversion command="/usr/bin/svnserve -t -r /home/casiano/newrepository/ --tunnel-user=aluXXXX",no-port-forwarding ssh-dss AAAAB...................= myfriend key
-bash-3.2$ cat commit-access-control.cfg [Make everything read-only for all users] match = .* access = read-only [project1 aluXXXX permissions] match = ^project1/trunk users = myfriend access = read-write [casiano permissions] match = .* users = casiano access = read-write
ssh
para facilitar el acceso via svn
al repositorio:
aluXXXX@nereida:/tmp$ sed -ne '/svn/,//p' /home/aluXXXX/.ssh/config Host svn HostName banot.etsii.ull.es user casiano IdentityFile /home/aluXXXX/.ssh/id_dsa_svnA continuación descarga los proyectos en los que está interesado:
aluXXXX@nereida:/tmp$ svn ls svn+ssh://svn/ project1/ project2/ aluXXXX@nereida:/tmp$ svn checkout svn+ssh://svn/ A svn/project1 A svn/project1/trunk A svn/project1/trunk/t A svn/project1/trunk/t/project1.t A svn/project1/trunk/MANIFEST A svn/project1/trunk/lib A svn/project1/trunk/lib/project1.pm A svn/project1/trunk/Makefile.PL A svn/project1/trunk/Changes A svn/project1/trunk/README A svn/project1/branches A svn/project1/branches/branch1 A svn/project1/branches/branch1/t A svn/project1/branches/branch1/t/project1.t A svn/project1/branches/branch1/MANIFEST A svn/project1/branches/branch1/lib A svn/project1/branches/branch1/lib/project1.pm A svn/project1/branches/branch1/Makefile.PL A svn/project1/branches/branch1/Changes A svn/project1/branches/branch1/README A svn/project2 A svn/project2/trunk A svn/project2/trunk/t A svn/project2/trunk/t/project2.t A svn/project2/trunk/MANIFEST A svn/project2/trunk/lib A svn/project2/trunk/lib/project2.pm A svn/project2/trunk/Makefile.PL A svn/project2/trunk/Changes A svn/project2/trunk/README Revisión obtenida: 24Hace modificaciones e intenta un commit en la zona prohibida:
aluXXXX@nereida:/tmp$ cd svn/project1/branches/branch1 aluXXXX@nereida:/tmp/svn/project1/branches/branch1$ echo '# comentario'>>Makefile.PL aluXXXX@nereida:/tmp/svn/project1/branches/branch1$ svn commit -m 'checking permits' Enviando branch1/Makefile.PL Transmitiendo contenido de archivos .svn: Falló el commit (detalles a continuación): svn: El hook 'pre-commit' falló con la siguiente salida de error: /home/casiano/newrepository/hooks/commit-access-control.pl: user `aluXXXX' does not have permission to commit to these paths: project1/branches/branch1 project1/branches/branch1/Makefile.PL
Veamos que ocurre en la zona en la que tiene permisos de escritura:
aluXXXX@nereida:/tmp/svn/project1/branches/branch1$ cd /tmp/svn/project1/trunk/ aluXXXX@nereida:/tmp/svn/project1/trunk$ echo '# comentario'>>Makefile.PL aluXXXX@nereida:/tmp/svn/project1/trunk$ svn commit -m 'checking permits' Enviando trunk/Makefile.PL Transmitiendo contenido de archivos . Commit de la revisión 25. aluXXXX@nereida:/tmp/svn/project1/trunk$
Véanse:
/usr/share/doc/subversion-1.4.2/tools/hook-scripts/commit-access-control.pl
en banot
y en https://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/commit-access-control.pl.in
(Para entender el código necesitará repasar
las secciones
,
y
)
A sample configuration might look like the following, in which usersmother
,father
,dick
,jane
, andspot
(along with any other users who have unix-file-permission access to the repository) have read-access ontestproj-a
andtestproj-b
; but onlydick
andjane
can write (commit) totestproj-a
. Onlyspot
can write (commit) to any part oftestproj-b
, butfather
can commit to thebbq
directory oftestproj-b
, in thebranches
,tags
, and/ortrunk
directories of that project.
Note the special case login,mother
, who can write to all directories and files in this repository - includingSVN/
which is where the commit permission configuration file is versioned. Some account with this level of privilege is necessary if new projects are to be created in the repository (as siblings - if you will - totestproj-a
andtestproj-b
). It ismother
who would import the new projects and, presumably, modify the commit access configuration file to allow write access on the new project to appropriate users.
[Make everything read-only for all users] match = .* access = read-only [REPOSITORY WRITE EVERYTHING] match = .* access = read-write users = mother [SVN - config modification permissions] match = ^SVN access = read-write users = mother [testproj-a commit permissions] match = ^testproj-a/(branches|tags|trunk) users = dick jane access = read-write [testproj-b commit permissions] match = ^testproj-b/(branches|tags|trunk) users = spot access = read-write [testproj-b/bbq commit permissions] match = ^testproj-b/(branches|tags|trunk)/bbq users = father access = read-write
Casiano Rodríguez León