obs-service-tar_scm icon indicating copy to clipboard operation
obs-service-tar_scm copied to clipboard

Published 20 hours ago verified publisher icon openSUSE

allow user name for svn repos

Open holgerreif opened this issue 9 years ago • 8 comments

I'm successfully using this service to retrieve sources via svn+ssh:// URL. Right now I had to access a svn repo via https://. Unfortunately it seems impossible to get svn acknowleding somthing like https://[email protected]/repo.

Thus I extended the service to accept a username parameter. It relies on subversion's (cleartext) password caching mechanism, thus you need to access the svn repo once interactively as user root. (In case you are worried about clear text caching: This goes along the lines of using svn+ssh with unprotected private key for readonly user).

I was successful with the attached diff

I would be happy to document this feature (where?) if it get's integrated into this service.

BTW: one could add a passwordparameter as well. This would remove the need for root access on the obs instance. If this is a read only account it shouldn't be a big deal either, since possible contents of the repo are available in the expanded source tar file as well.

holgerreif avatar Mar 30 '16 15:03 holgerreif

That's great, thanks! I'll gladly accept a pull request if you can submit it according to the contributors' guide!

I think the help text you already added to the .service file is sufficient documentation. There isn't really anywhere else to put it. I'm not sure about password - even with a read-only account there's still a risk it could expose access to other parts of the svn tree which were not intended to be generally accessible. But I'm open to arguments either way.

aspiers avatar Mar 30 '16 18:03 aspiers

To be honest, I never used git before (and never wrote a script in python either). And yes I read the contributor's guide before, it states If you are unable to provide a fix via a pull request, please submit an issue. ;-)

Since I'm more familiar with diff and patch I attached a udiff (where I know what I do). Would you accept this as well?

Regarding the password setting option: it is about freedom of choice. The user can decide what suits better to him: doing something as root on obs server or putting the password for a ro account into a service file. If you are interested I'd add and test this option as well.

holgerreif avatar Mar 30 '16 19:03 holgerreif

To be honest, I never used git before (and never wrote a script in python either).

Ah well, so isn't this the perfect excuse to start learning git? ;-) It's not too hard, and it's a tremendously useful (and important) tool to have under your belt, since the vast majority of the development world use git these days, and github is almost as popular. Plus it's fun ;-)

Also there are plenty of great tutorials available to guide you through, e.g.

  • https://www.thinkful.com/learn/github-pull-request-tutorial/
  • https://youtu.be/oFYyTZwMyAg
  • http://stackoverflow.com/questions/14680711/how-to-do-a-github-pull-request
  • https://yangsu.github.io/pull-request-tutorial/
  • https://git-scm.com/

But if you really can't or don't want to, maybe I can do it, but it's unlikely to happen any time soon.

aspiers avatar Mar 30 '16 19:03 aspiers

I could do that for you, as I'm dealing with http proxy support. But right now I need someone to look over my code and find out what is wrong, since I can run the "make check" tests locally, but Travis CI bombs out with a syntax error(?)

doccaz avatar Jul 26 '16 20:07 doccaz

Just created https://github.com/openSUSE/obs-service-tar_scm/pull/342 that allow authentication for multiple SCM including svn. Please let me know if it fits your needs ?

jjacque avatar Feb 02 '20 13:02 jjacque

Just created #342 that allow authentication for multiple SCM including svn. Please let me know if it fits your needs ?

That looks fine to me. One question though: since there will be one keyring for everyone, shouldn't there be an admin GUI to deal with it?

doccaz avatar Feb 03 '20 17:02 doccaz

Hi @doccaz , the drawback here is that you'll need an ssh access to the machine and the perms to sudo to obsservicerun to create/update the keyring. I guess it would be pretty hard to implement a GUI that will distinguished the OBS users running the service. Changes should be done in the https://github.com/openSUSE/open-build-service repo

jjacque avatar Feb 27 '20 08:02 jjacque

Hi @doccaz , the drawback here is that you'll need an ssh access to the machine and the perms to sudo to obsservicerun to create/update the keyring. I guess it would be pretty hard to implement a GUI that will distinguished the OBS users running the service. Changes should be done in the https://github.com/openSUSE/open-build-service repo

You're right. However, wouldn't the password be exposed in the service for everyone? Maybe it'd be a good idea to have a password attribute for the project/package?

doccaz avatar Feb 28 '20 14:02 doccaz