Hi there,
we are a follow-up project to a student's group at Ruhr-University
Bochum, Germany, which tried to integrate a functionality into
Subversion to allow users to encrypt all their data on the client-side,
before committing and to decrpyt while updating.
To achieve this we have found a spot in your project, where we can
encrypt data right after checksums are computed and right before the
file is transmitted to the server, by simply altering a stream (and its
read-function).
Likewise we need a good way to decrypt data in an update-process right
after it is received from the server (or whichever ra-method is used),
but before checksums are calculated and the file is written to its local
path or databases. Yet the code of the update functionality is by far
harder to comprehend.
To me personally it looks like the svn_ra_do_update2 fetches the data
from the server (or whatever method is used here) but does not apply
changes to the working copy yet. Since we do not want to change anything
about the ra modules themselves we omitted this part when checking.
Concerning svn_wc_crawl_revisions5 and svn_wc_crawl_revisions2 it says
"After all revisions are reported, /reporter->finish_report()/ is
called, which immediately causes the RA layer to update the working
copy. Thus the return value may very well reflect the result of the
update!" here
http://subversion.sourcearchive.com/lines/1.4.4dfsg1/svn__wc_8h_9aacdf613889a86c23af70544103132a.html#9aacdf613889a86c23af70544103132a.
I don't actually see where this is done. But I must assume that actual
changes to the local files and database are done here.
Since we do not want or (hopefully) need to change anything about data
transmission, I am hoping that you could give us a hint as to where to
look for a place to alter data right after it is received from the
server. We want to do this as early in the process as possible since we
don't want worry to much about checksums and stuff stored in the local
database, if not necessary.
Basically we want to implement a see-through layer. The server just
knows about the encrypted files, the client only knows about the
plain-text. This way only inhibiting one essential svn functionality,
the one that allows only partial transmittion of files.
Best regards and thanks in advance
Jan Peters
