Re: Svn revert and file permissions bug

2020-08-13 Thread Nathan Hartman 
On Thu, Aug 13, 2020 at 9:32 AM Captain Hypertext
 wrote:
> I'm running Debian 9 with svn 1.8.17, but I also tried with svn 1.9.5, which 
> I guess is the latest version supported by our OS. Basically, I'm tasked with 
> updating the permission structure of our application servers because we've 
> been using root for years to do everything. We have an svn repo where all the 
> files are owned by the root user.
>
>
> If I change the file ownership (I'm talking about the working copy files) to 
> apache:devops, so owned by user apache and group devops, and I run "svn 
> revert -R .", it lists out every single file. Nothing changes, it just says 
> "Reverted xxx.php" for every file, every time I run it.  Run "svn revert -R 
> ." again, same thing happens. None of the files have changed at all, and root 
> has write permissions. If there are local changes in the working copy, they 
> will be reverted along with all this.
>
>
> This appears to be happening when svn thinks that my user doesn't have write 
> permissions to the file. It looks like svn is trying to calculate the 
> permissions of the files by itself, and isn't factoring in root powers, ACL 
> (setfacl), or supplemental user groups. So if I set a file's permissions to 
> 666 instead of 664, it doesn't get spit out as reverted. Also, if my user 
> owns the file (this applies to root too) or my primary group owns the file, 
> it doesn't spit that file out. But being that a second group I’m a member of 
> owns the file, it gets spit out.
>
>
> Can anyone speak to this? Any help is appreciated.

Hi,

This looks a lot like: https://issues.apache.org/jira/browse/SVN-4622

However, there is no need to involve the root user. I arrived at a
similar result on my Debian box with SVN 1.10.4. The reproduction
steps are very simple: Just check out a working copy as your normal
user and then change the ownership of a file:

$ svn co https://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts
Ahook-scripts/mailer
Ahook-scripts/mailer/tests
Ahook-scripts/validate-files.py
Ahook-scripts/mailer/mailer.conf.example
Ahook-scripts/mailer/mailer.py
Ahook-scripts/mailer/tests/mailer-init.sh
Ahook-scripts/mailer/tests/mailer-t1.output
Ahook-scripts/mailer/tests/mailer.conf
Ahook-scripts/mailer/tests/mailer-t1.sh
Ahook-scripts/mailer/tests/mailer-tweak.py
Ahook-scripts/CVE-2017-9800-pre-commit.py
Ahook-scripts/reject-detected-sha1-collisions.sh
Ahook-scripts/reject-known-sha1-collisions.sh
Ahook-scripts/svn2feed.py
Ahook-scripts/svnperms.py
Ahook-scripts/control-chars.py
Ahook-scripts/validate-files.conf.example
Ahook-scripts/persist-ephemeral-txnprops.py
Ahook-scripts/validate-extensions.py
Ahook-scripts/commit-email.rb
Ahook-scripts/svnperms.conf.example
Ahook-scripts/log-police.py
Ahook-scripts/verify-po.py
Ahook-scripts/commit-access-control.pl.in
Ahook-scripts/commit-access-control.cfg.example
 U   hook-scripts
Checked out revision 1880841.
$ cd hook-scripts/
$ sudo chown nobody svnperms.conf.example
$ ls -al
total 128
drwxr-xr-x 4 nate   nate  4096 Aug 13 23:32 .
drwxr-xr-x 4 nate   nate  4096 Aug 13 23:32 ..
-rw-r--r-- 1 nate   nate  2984 Aug 13 23:32 commit-access-control.cfg.example
-rwxr-xr-x 1 nate   nate 11766 Aug 13 23:32 commit-access-control.pl.in
-rwxr-xr-x 1 nate   nate  3102 Aug 13 23:32 commit-email.rb
-rwxr-xr-x 1 nate   nate  4355 Aug 13 23:32 control-chars.py
-rwxr-xr-x 1 nate   nate  2841 Aug 13 23:32 CVE-2017-9800-pre-commit.py
-rwxr-xr-x 1 nate   nate  5192 Aug 13 23:32 log-police.py
drwxr-xr-x 3 nate   nate  4096 Aug 13 23:32 mailer
-rwxr-xr-x 1 nate   nate  2352 Aug 13 23:32 persist-ephemeral-txnprops.py
-rwxr-xr-x 1 nate   nate  1750 Aug 13 23:32 reject-detected-sha1-collisions.sh
-rwxr-xr-x 1 nate   nate  1797 Aug 13 23:32 reject-known-sha1-collisions.sh
drwxr-xr-x 4 nate   nate  4096 Aug 13 23:32 .svn
-rwxr-xr-x 1 nate   nate 16726 Aug 13 23:32 svn2feed.py
-rw-r--r-- 1 nobody nate  3147 Aug 13 23:32 svnperms.conf.example
-rwxr-xr-x 1 nate   nate 13243 Aug 13 23:32 svnperms.py
-rwxr-xr-x 1 nate   nate  3516 Aug 13 23:32 validate-extensions.py
-rw-r--r-- 1 nate   nate  3409 Aug 13 23:32 validate-files.conf.example
-rwxr-xr-x 1 nate   nate  6669 Aug 13 23:32 validate-files.py
-rwxr-xr-x 1 nate   nate  3954 Aug 13 23:32 verify-po.py
$ svn revert -R .
Reverted 'svnperms.conf.example'
$ svn revert -R .
Reverted 'svnperms.conf.example'
$ svn revert -R .
Reverted 'svnperms.conf.example'

When reverting, nothing seems to change about the file or its
metadata. It remains owned by user 'nobody' after reverting (which is
as I'd expect).

Permissions do play a big role. Change the file's permissions to 664
and we no longer see output from 'svn revert':

$ sudo chmod 664 svnperms.conf.example
$ ls -l svnperms.conf.example
-rw-rw-r-- 1 nobody nate 3147 Aug 13 23:32 svnperms.conf.example
$ svn revert -R .

(no output here)

But change it back to 644,

Re: How to recover from a failed update/merge?

2020-08-13 Thread Nathan Hartman 
On Thu, Aug 13, 2020 at 5:47 PM Bo Berglund  wrote:

> On Mon, 10 Aug 2020 09:52:51 -0400, Nathan Hartman
>  wrote:
>
> >Again, since a revert cannot be undone, always be careful with "svn
> revert"
> >especially with "-R" (recursive)!!
>
> Thanks!
> I used TortoiseSVN to revert the 7 changed files and then I did an
> update and got the latest revision without the conflicts popping up!
>
> I did not need the recursion because it was only files from a single
> dir that were compromised.


Glad it helped. Thanks for confirming it solved the problem.

Cheers,
Nathan

Re: How to recover from a failed update/merge?

2020-08-13 Thread Bo Berglund 
On Mon, 10 Aug 2020 09:52:51 -0400, Nathan Hartman
 wrote:

>> How should I proceed to get the wc in a state like after the last
>> successful update so it can now be updated to the repository head
>> revision?
>
>
>So, if I understand correctly, you want to throw away *all* modifications
>in your working copy. In a situation like this, I would shut down the IDE
>so that it won't interfere, and from the topmost directory of the working
>copy, do:
>
>$ svn revert -R .
>

>
>Now, you should be able to "svn update" to get the latest repository
>revision.
>
>Again, since a revert cannot be undone, always be careful with "svn revert"
>especially with "-R" (recursive)!!

Thanks!
I used TortoiseSVN to revert the 7 changed files and then I did an
update and got the latest revision without the conflicts popping up!

I did not need the recursion because it was only files from a single
dir that were compromised.


-- 
Bo Berglund
Developer in Sweden

Svn revert and file permissions bug

2020-08-13 Thread Captain Hypertext 
I have a really weird problem which may be a bug.


I'm running Debian 9 with svn 1.8.17, but I also tried with svn 1.9.5,
which I guess is the latest version supported by our OS. Basically, I'm
tasked with updating the permission structure of our application servers
because we've been using root for years to do everything. We have an svn
repo where all the files are owned by the root user.


If I change the file ownership (I'm talking about the working copy files)
to apache:devops, so owned by user apache and group devops, and I run "svn
revert -R .", it lists out every single file. Nothing changes, it just says
"Reverted xxx.php" for every file, every time I run it.  Run "svn revert -R
." again, same thing happens. None of the files have changed at all, and
root has write permissions. If there are local changes in the working copy,
they will be reverted along with all this.


This appears to be happening when svn thinks that my user doesn't have
write permissions to the file. It looks like svn is trying to calculate the
permissions of the files by itself, and isn't factoring in root powers, ACL
(setfacl), or supplemental user groups. So if I set a file's permissions to
666 instead of 664, it doesn't get spit out as reverted. Also, if my user
owns the file (this applies to root too) or my primary group owns the file,
it doesn't spit that file out. But being that a second group I’m a member
of owns the file, it gets spit out.


Can anyone speak to this? Any help is appreciated.


Jeremy

Re: Searching entire repository for a file (fastsvncrawler)

2020-08-13 Thread Yasuhito FUTATSUKI 
Hi,

On 2020/07/24 0:46, Kenneth Porter wrote:
> --On Thursday, July 23, 2020 6:22 PM +0200 Stefan Sperling  
> wrote:
> 
>> Some servers will advertise the SVN version on pages which can be visited
>> with a web browser. But this depends on the server's configuration. You
>> may have to ask the administrator to be sure about the server's exact
>> version.
> 
> Drat. My own server is on CentOS 7 and is still back at 1.7. (The "joy" of 
> using a conservative operating system.) So I need to look for someone 
> packaging the latest Subversion release for RHEL for when I start using that 
> with my own work. The server I need to search is a Windows server so it may 
> be quite a bit newer.
> 
 
I made (libserf 1.3.9 and) subversion 1.14.0 RPMs for CentOS 7
and put them on .
Although I didn't built/test some feature, but source RPM
shows how I built with base/update and epel packages.

JFYI.

Cheers,
-- 
Yasuhito FUTATSUKI