Ubuntu
subversion package

Bug #10560
Comment #32

Comment 32 for bug 10560

Revision history for this message

In Debian Bug tracker #282468, Peters-guest (peters-guest) wrote on 2006-04-21: subversion Debian ci: r557 - in trunk/debian: . man

#32

tags 242368 pending
tags 259226 pending
tags 282468 pending
tags 292358 pending
thanks

Author: peters-guest
Date: 2006-04-21 09:10:45 +0000 (Fri, 21 Apr 2006)
New Revision: 557

Added:
   trunk/debian/man/svnwrap.1
   trunk/debian/svnwrap.sh
Modified:
   trunk/debian/changelog
   trunk/debian/rules
   trunk/debian/subversion-tools.manpages
   trunk/debian/subversion.README.Debian
Log:
New tool /usr/bin/svnwrap for subversion-tools.
This sets umask 002 unconditionally then runs whatever client binary
you ask for. I hope it solves more problems than it causes. :/

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2006-04-21 05:22:23 UTC (rev 556)
+++ trunk/debian/changelog 2006-04-21 09:10:45 UTC (rev 557)
@@ -14,6 +14,9 @@
   * rules: add -V'libsvn0 (>= 1.3.0)' to dh_makeshlibs to loosen the
     shlibs file a bit. Upstream guarantees that the library ABI won't be
     augmented during any single x.y.* cycle.
+ * svnwrap.sh, man/svnwrap.1: new script for subversion-tools package to
+ optionally wrap subversion client commands with 'umask 002'.
+ (Closes: #242368, #259226, #282468, #292358)

-- Peter Samuelson <email address hidden> Wed, 19 Apr 2006 17:14:31 -0500

Added: trunk/debian/man/svnwrap.1
===================================================================
--- trunk/debian/man/svnwrap.1 2006-04-21 05:22:23 UTC (rev 556)
+++ trunk/debian/man/svnwrap.1 2006-04-21 09:10:45 UTC (rev 557)
@@ -0,0 +1,98 @@
+.\" svnwrap.1
+.\" Copyright 2006 by Peter Samuelson
+.\" Permission is granted to everyone to use and distribute this work,
+.\" without limitation, modified or unmodified, in any way, for any purpose.
+.TH SVNWRAP 1 "2006-04-21"
+.\"
+.SH NAME
+svnwrap - Umask wrapper for subversion client commands
+.\"
+.SH SYNOPSIS
+.B svnwrap
+.RB { program }
+.RI [ args... ]
+.\"
+.SH DESCRIPTION
+.B svnwrap
+is a simple shell script to work around permission problems when
+sharing Subversion repositories between multiple local users.
+.B svnwrap
+can be used either by specifying the
+.B subversion
+client command explicitly on the command line, or by invoking it by the
+same name as the client command in question, via a symlink.
+.PP
+.B svnwrap
+sets the
+.I umask
+to 002, then launches the appropriate
+.B subversion
+client command. For complicated reasons, this is needed when using the
+clients with
+.IR BDB -format
+repositories, but not for
+.IR FSFS -format
+ones.
+.\"
+.SH EXAMPLES
+To create a new BDB-format shared repository (note that FSFS-format
+shared repositories should also be created this way):
+.PP
+svnwrap\ svnadmin\ create\ \-\-fs\-type=bdb
+.I /path/to/repo
+.br
+chgrp\ \-R
+.I shared_group\ /path/to/repo
+.PP
+The following line in
+.I /etc/inetd.conf
+can be used to serve
+.I svn://
+URLs:
+.PP
+svn\ stream\ tcp\ nowait
+.I my_svn_user
+/usr/bin/svnwrap\ svnserve\ \-i\ \-r
+.I /srv/svn
+.PP
+The following commands enable use of
+.B svnwrap
+for local
+.I file:///
+and remote
+.I svn+ssh://
+URLs:
+.PP
+ln\ \-s\ /usr/bin/svnwrap\ /usr/local/bin/svn
+.br
+ln\ \-s\ /usr/bin/svnwrap\ /usr/local/bin/svnserve
+.PP
+.B svn
+is used for local
+.I file:///
+URLs, and
+.B svnserve
+is invoked by remote users of
+.I svn+ssh://
+URLs.
+.SH BUGS
+If you symlink the
+.B svn
+binary to
+.BR svnwrap ,
+as shown in one of the examples,
+.I all local users' working copies will also use the new
+.IR umask .
+Be sure to warn your users about this, as security-related surprises
+are rarely pleasant.
+.\"
+.SH "SEE ALSO"
+.BR svnserve (8),
+.BR svn (1),
+.BR svnlook (1).
+.\"
+.SH AUTHOR
+.B svnwrap
+and this manual were written by Peter Samuelson
+.\" <email address hidden>
+for the Debian Project (but may be used by others).

Modified: trunk/debian/rules
===================================================================
--- trunk/debian/rules 2006-04-21 05:22:23 UTC (rev 556)
+++ trunk/debian/rules 2006-04-21 09:10:45 UTC (rev 557)
@@ -219,6 +219,7 @@
  # Install files for 'subversion-tools' package.
  install $(DEB_BUILDDIR)/contrib/client-side/svn_load_dirs.pl \
   debian/subversion-tools/usr/bin/svn_load_dirs
+ install debian/svnwrap.sh debian/subversion-tools/usr/bin/svnwrap

install contrib/client-side/svn_load_dirs.README \
debian/subversion-tools/usr/share/doc/subversion-tools/ \

Modified: trunk/debian/subversion-tools.manpages
===================================================================
--- trunk/debian/subversion-tools.manpages 2006-04-21 05:22:23 UTC (rev 556)
+++ trunk/debian/subversion-tools.manpages 2006-04-21 09:10:45 UTC (rev 557)
@@ -1 +1,2 @@
debian/man/svn_load_dirs.1
+debian/man/svnwrap.1

+The umask issue
+---------------
+If you are sharing BDB repositories between multiple users, you may
+wish to use the 'svnwrap' script after setting proper permissions.
+This sets 'umask 002' before running the real subversion binary. See
+'man svnwrap' for details.
+
+
Emacs and Subversion
--------------------
There are two packages that provide support for Subversion in Emacs:

Added: trunk/debian/svnwrap.sh
===================================================================
--- trunk/debian/svnwrap.sh 2006-04-21 05:22:23 UTC (rev 556)
+++ trunk/debian/svnwrap.sh 2006-04-21 09:10:45 UTC (rev 557)
@@ -0,0 +1,35 @@
+#!/bin/sh
+#
+# svnwrap.sh: wrapper subversion client programs, which sets umask=002.
+#
+# Copyright 2006 by Peter Samuelson
+# Permission is granted to everyone to use and distribute this work,
+# without limitation, modified or unmodified, in any way, for any purpose.
+#
+# This script is not always needed: for somewhat complicated reasons,
+# subversion already Does The Right Thing for FSFS repositories but
+# cannot feasibly do so for BDB.
+#
+# See the manpage for more details.
+
+umask 002
+
+known_progs='svn svnlook svnserve svnadmin svnversion'
+known_progs_path=/usr/bin
+
+usage () {
+ echo >&2 "Usage: svnwrap {program} [args...]"
+ echo >&2 "Valid programs: $known_progs"
+ exit 1
+}
+
+exe=
+arg0=$(basename "$0")
+case " $known_progs " in
+ *" $arg0 "*) exe=$arg0 ;;
+ *" $1 "*) exe=$1; shift ;;
+ *) usage ;;
+esac
+case "$exe" in *" "*) usage ;; esac
+
+exec $known_progs_path/$exe "$@"

Property changes on: trunk/debian/svnwrap.sh
___________________________________________________________________
Name: svn:executable
+ *

tags 242368 pending
tags 259226 pending
tags 282468 pending
tags 292358 pending
thanks

Author: peters-guest
Date: 2006-04-21 09:10:45 +0000 (Fri, 21 Apr 2006)
New Revision: 557

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2006-04-21 05:22:23 UTC (rev 556)
+++ trunk/debian/changelog	2006-04-21 09:10:45 UTC (rev 557)
@@ -14,6 +14,9 @@
   * rules: add -V'libsvn0 (>= 1.3.0)' to dh_makeshlibs to loosen the
     shlibs file a bit.  Upstream guarantees that the library ABI won't be
     augmented during any single x.y.* cycle.
+  * svnwrap.sh, man/svnwrap.1: new script for subversion-tools package to
+    optionally wrap subversion client commands with 'umask 002'.
+    (Closes: #242368, #259226, #282468, #292358)
 
  -- Peter Samuelson <peter@p12n.org>  Wed, 19 Apr 2006 17:14:31 -0500

Added: trunk/debian/man/svnwrap.1
===================================================================
--- trunk/debian/man/svnwrap.1	2006-04-21 05:22:23 UTC (rev 556)
+++ trunk/debian/man/svnwrap.1	2006-04-21 09:10:45 UTC (rev 557)
@@ -0,0 +1,98 @@
+.\" svnwrap.1
+.\" Copyright 2006 by Peter Samuelson
+.\" Permission is granted to everyone to use and distribute this work,
+.\" without limitation, modified or unmodified, in any way, for any purpose.
+.TH SVNWRAP 1 "2006-04-21"
+.\"
+.SH NAME
+svnwrap - Umask wrapper for subversion client commands
+.\"
+.SH SYNOPSIS
+.B svnwrap
+.RB { program }
+.RI [ args... ]
+.\"
+.SH DESCRIPTION
+.B svnwrap
+is a simple shell script to work around permission problems when
+sharing Subversion repositories between multiple local users.
+.B svnwrap
+can be used either by specifying the
+.B subversion
+client command explicitly on the command line, or by invoking it by the
+same name as the client command in question, via a symlink.
+.PP
+.B svnwrap
+sets the
+.I umask
+to 002, then launches the appropriate
+.B subversion
+client command.  For complicated reasons, this is needed when using the
+clients with
+.IR BDB -format
+repositories, but not for
+.IR FSFS -format
+ones.
+.\"
+.SH EXAMPLES
+To create a new BDB-format shared repository (note that FSFS-format
+shared repositories should also be created this way):
+.PP
+svnwrap\ svnadmin\ create\ \-\-fs\-type=bdb
+.I /path/to/repo
+.br
+chgrp\ \-R
+.I shared_group\ /path/to/repo
+.PP
+The following line in
+.I /etc/inetd.conf
+can be used to serve
+.I svn://
+URLs:
+.PP
+svn\ stream\ tcp\ nowait
+.I my_svn_user
+/usr/bin/svnwrap\ svnserve\ \-i\ \-r
+.I /srv/svn
+.PP
+The following commands enable use of
+.B svnwrap
+for local
+.I file:///
+and remote
+.I svn+ssh://
+URLs:
+.PP
+ln\ \-s\ /usr/bin/svnwrap\ /usr/local/bin/svn
+.br
+ln\ \-s\ /usr/bin/svnwrap\ /usr/local/bin/svnserve
+.PP
+.B svn
+is used for local
+.I file:///
+URLs, and
+.B svnserve
+is invoked by remote users of
+.I svn+ssh://
+URLs.
+.SH BUGS
+If you symlink the
+.B svn
+binary to
+.BR svnwrap ,
+as shown in one of the examples,
+.I all local users' working copies will also use the new
+.IR umask .
+Be sure to warn your users about this, as security-related surprises
+are rarely pleasant.
+.\"
+.SH "SEE ALSO"
+.BR svnserve (8),
+.BR svn (1),
+.BR svnlook (1).
+.\"
+.SH AUTHOR
+.B svnwrap
+and this manual were written by Peter Samuelson
+.\" <peter@p12n.org>
+for the Debian Project (but may be used by others).

Modified: trunk/debian/rules
===================================================================
--- trunk/debian/rules	2006-04-21 05:22:23 UTC (rev 556)
+++ trunk/debian/rules	2006-04-21 09:10:45 UTC (rev 557)
@@ -219,6 +219,7 @@
 	# Install files for 'subversion-tools' package.
 	install $(DEB_BUILDDIR)/contrib/client-side/svn_load_dirs.pl \
 		debian/subversion-tools/usr/bin/svn_load_dirs
+	install debian/svnwrap.sh debian/subversion-tools/usr/bin/svnwrap
 
 	install contrib/client-side/svn_load_dirs.README \
 		debian/subversion-tools/usr/share/doc/subversion-tools/ \

Modified: trunk/debian/subversion-tools.manpages
===================================================================
--- trunk/debian/subversion-tools.manpages	2006-04-21 05:22:23 UTC (rev 556)
+++ trunk/debian/subversion-tools.manpages	2006-04-21 09:10:45 UTC (rev 557)
@@ -1 +1,2 @@
 debian/man/svn_load_dirs.1
+debian/man/svnwrap.1

Modified: trunk/debian/subversion.README.Debian
===================================================================
--- trunk/debian/subversion.README.Debian	2006-04-21 05:22:23 UTC (rev 556)
+++ trunk/debian/subversion.README.Debian	2006-04-21 09:10:45 UTC (rev 557)
@@ -19,6 +19,14 @@
   http://subversion.tigris.org/faq.html#nfs
 
 
+The umask issue
+---------------
+If you are sharing BDB repositories between multiple users, you may
+wish to use the 'svnwrap' script after setting proper permissions.
+This sets 'umask 002' before running the real subversion binary.  See
+'man svnwrap' for details.
+
+
 Emacs and Subversion
 --------------------
 There are two packages that provide support for Subversion in Emacs:

Added: trunk/debian/svnwrap.sh
===================================================================
--- trunk/debian/svnwrap.sh	2006-04-21 05:22:23 UTC (rev 556)
+++ trunk/debian/svnwrap.sh	2006-04-21 09:10:45 UTC (rev 557)
@@ -0,0 +1,35 @@
+#!/bin/sh
+#
+# svnwrap.sh: wrapper subversion client programs, which sets umask=002.
+#
+# Copyright 2006 by Peter Samuelson
+# Permission is granted to everyone to use and distribute this work,
+# without limitation, modified or unmodified, in any way, for any purpose.
+#
+# This script is not always needed: for somewhat complicated reasons,
+# subversion already Does The Right Thing for FSFS repositories but
+# cannot feasibly do so for BDB.
+#
+# See the manpage for more details.
+
+umask 002
+
+known_progs='svn svnlook svnserve svnadmin svnversion'
+known_progs_path=/usr/bin
+
+usage () {
+    echo >&2 "Usage: svnwrap {program} [args...]"
+    echo >&2 "Valid programs: $known_progs"
+    exit 1
+}
+
+exe=
+arg0=$(basename "$0")
+case " $known_progs " in
+    *" $arg0 "*) exe=$arg0 ;;
+    *" $1 "*) exe=$1; shift ;;
+    *) usage ;;
+esac
+case "$exe" in *" "*) usage ;; esac
+
+exec $known_progs_path/$exe "$@"

Property changes on: trunk/debian/svnwrap.sh
___________________________________________________________________
Name: svn:executable
   + *

Ubuntusubversion package

Comment 32 for bug 10560

Ubuntu
subversion package