Re: [fossil-users] Shunning files with confidential information - renames, removed files etc.

2015-08-17 Thread Stephan Beal 
On Mon, Aug 17, 2015 at 1:07 PM, Graeme Pietersz gra...@pietersz.net
wrote:

 All the files concerned have a  distinctive filename pattern (all start
 the same) and would only ever have been in one of two directories in any
 version. Not sure if that helps.


Fossil does not shun by filename, but my hash value, so you'll need to find
all hashes of all versions of those files and shun those. It is likely far
simpler to recreate your repo without the compromised data (and count it as
a lesson learned for future repos).

That said, i have never used shunning, and it is possible (not sure!) that
shunning the first version of a file will affect (shun) following versions,
as they derive from it and it's conceptually impossible to derive from
something which is no longer in the repository. Perhaps someone who's
better-versed in shunning can enlighten us on that.

-- 
- stephan beal
http://wanderinghorse.net/home/stephan/
http://gplus.to/sgbeal
Freedom is sloppy. But since tyranny's the only guaranteed byproduct of
those who insist on a perfect world, freedom will have to do. -- Bigby Wolf
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Shunning files with confidential information - renames, removed files etc.

2015-08-17 Thread sky5walk 
Nice.
Is it possible to trim the results to only a specific file using a raw SQL
query or TH1?
Or is it quicker to just parse fossil test-whatis-all  artifacts.txt
output?
Can I enter multiple artifacts(comma or space delimited) in the shun ui or
only 1 at a time?

Thanks

On Mon, Aug 17, 2015 at 6:08 PM, Kees Nuyt k.n...@zonnet.nl wrote:


 On Mon, 17 Aug 2015 16:37:41 +0530, Graeme Pietersz
 gra...@pietersz.net wrote:

  I have a Fossil repo that I expected to only work on myself. I have
  files containing confidential information and I now need to allow
  someone else developer access (so clone, push and pull as a minimum) to
  the repo.
 
  I need to do two things:
 
  1) remove past versions of one file that used to contain confidential
  information (it was removed in the latest commit). Does that mean shun,
  rebuild and then add again? How do I ensure all past versions are
  removed? This file has also been renamed so I need to check versions
  using the old path are sunned as well.

 Yes.

  2) ensure that I have never committed another file, and, if I have, shun
  it completely.
  3) shun two files that have been removed, but old versions of which are
  in the repo. They are not hard to find in the UI.
 
  All the files concerned have a  distinctive filename pattern (all start
  the same) and would only ever have been in one of two directories in any
  version. Not sure if that helps.


 I don't have an answer to all of your questions, but I suppose
 the
   fossil test-whatis-all
 command, with some grep or awk magic will help you identify the
 artifacts to shun, and verify the result after the clean-up.

 --
 Regards,

 Kees Nuyt


 I would be very grateful for any help.
 
 Graeme
 ___
 fossil-users mailing list
 fossil-users@lists.fossil-scm.org
 http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Shunning files with confidential information - renames, removed files etc.

2015-08-17 Thread Kees Nuyt 

On Mon, 17 Aug 2015 16:37:41 +0530, Graeme Pietersz
gra...@pietersz.net wrote:

 I have a Fossil repo that I expected to only work on myself. I have
 files containing confidential information and I now need to allow
 someone else developer access (so clone, push and pull as a minimum) to
 the repo.

 I need to do two things:

 1) remove past versions of one file that used to contain confidential
 information (it was removed in the latest commit). Does that mean shun,
 rebuild and then add again? How do I ensure all past versions are
 removed? This file has also been renamed so I need to check versions
 using the old path are sunned as well.

Yes.

 2) ensure that I have never committed another file, and, if I have, shun
 it completely.
 3) shun two files that have been removed, but old versions of which are
 in the repo. They are not hard to find in the UI.

 All the files concerned have a  distinctive filename pattern (all start
 the same) and would only ever have been in one of two directories in any
 version. Not sure if that helps.


I don't have an answer to all of your questions, but I suppose
the
  fossil test-whatis-all
command, with some grep or awk magic will help you identify the
artifacts to shun, and verify the result after the clean-up.

-- 
Regards,

Kees Nuyt


I would be very grateful for any help.

Graeme
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Shunning files with confidential information - renames, removed files etc.

2015-08-17 Thread Graeme Pietersz 


On 17/08/15 16:47, Stephan Beal wrote:

 Fossil does not shun by filename, but my hash value, so you'll need to
 find all hashes of all versions of those files and shun those.
I counted 71 versions of the most frequently changed of those files
a lot easier to recreate.
 It is likely far simpler to recreate your repo without the compromised
 data (and count it as a lesson learned for future repos).
It was my first or second fossil repo. Lesson definitely learned.

 That said, i have never used shunning, and it is possible (not sure!)
 that shunning the first version of a file will affect (shun) following
 versions, as they derive from it and it's conceptually impossible to
 derive from something which is no longer in the repository. Perhaps
 someone who's better-versed in shunning can enlighten us on that.
If anyone can confirm either way it would help a lot - at least I would
know the worst.

I also think it needs to be clearly documented on the wiki page -
someone could easily leak secrets by getting this wrong.


 -- 
 - stephan beal
 http://wanderinghorse.net/home/stephan/
 http://gplus.to/sgbeal
 Freedom is sloppy. But since tyranny's the only guaranteed byproduct
 of those who insist on a perfect world, freedom will have to do. --
 Bigby Wolf


 ___
 fossil-users mailing list
 fossil-users@lists.fossil-scm.org
 http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

-- 
Graeme Pietersz
http://moneyterms.co.uk/
http://pietersz.net/

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Search feature

2015-08-17 Thread j. van den hoff 

On Mon, 17 Aug 2015 18:04:37 +0200, sky5w...@gmail.com wrote:


​I read the search feature is in a trial stage.
Can it be expanded to search in actual source files?
Now using the browser and only per file. Or of course in an external tool
in my checkout folder.

Thanks for Fossil.


until the time comes where fossil supports grep out of the box I'm using  
the following qd shell script. provided you are on linux/unix/macosx this  
should
work for you (N.B.: I'm using `ksh' rather than `bash' (or `zsh'). to make  
it work with `bash' you'd need to replace the `print' command by `echo' or  
a suitable `printf' call (and find out what the equivalent of `print -r  
--' in bash is ... probably some similar `printf' construct). in any case  
you get the idea
sure it is inefficient (dumps all revisions of the file and greps through  
all of them ...), but it works OK for me.


8--

#!/usr/bin/env ksh
#--
# purpose: grep through all revisions of one or more files from a `fossil'
# repository.
#
# calling syntax:
#
#fslgrep grep-options pattern file {file ...}
#
# where `grep-options' is passed to `grep'. options taking arguments for  
the

# time being must *not* contain spaces (or the whole option string must
# be enclosed in quotes).
#
# example:
#
# fslgrep '-C 5' foo bar.txt
#
# will look for `foo' in all revisions of `bar.txt' and report them with a  
5 line context.


#--
function getHashes { # `fossil finfo -W 0' output
   print $1 | awk '
  NR == 1 {next}
  /^[0-9]/ {
 sha1 = substr($2, 2, length($2) - 2)
 print sha1
  }
   '
}
#--
# define default grep options to be used:
options=--colour=always 

# append user defined options and extract grep search pattern
for i do
   [[ $i == -* ]]  {
  options+=$i 
  ((optcnt++))
   }
done
((optcnt  0))  shift $optcnt
pattern=$1
shift

for i do
   timeline=$(fossil finfo -W 0 $i)
   (($? == 0)) || continue
   hashes=$(getHashes $timeline)

   for h in $hashes; do
  rep=$(fossil cat -r $h $i | cat -n | grep $options $pattern)
  (($? == 0))   {
 print -- \n** $i [$h] **
 print -r -- $rep
  }
   done
done

8--

HTH

j.
--
Using Opera's revolutionary email client: http://www.opera.com/mail/
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

[fossil-users] Search feature

2015-08-17 Thread sky5walk 
​I read the search feature is in a trial stage.
Can it be expanded to search in actual source files?
Now using the browser and only per file. Or of course in an external tool
in my checkout folder.

Thanks for Fossil.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Self Signed Certificates

2015-08-17 Thread Saul Hazledine 

Hello,
  Thank you for the quick response. Sorry it took me so long to respond.

On 16/08/15 23:37, Jan Danielsson wrote:

I assume you aren't using client certificates; but I'll ask anyway:
Are you using client-certificates to achieve mutual authentication, or
is it a server-only certificate?

It is a server only certificate.

We could check for expired certificates on the client, but note that
the important question is whether the server accepts expired
certificates.  (The client can be manipulated, so that check can't be
trusted for access control).

What are you using to serve the repository over SSL?  stunnel?
Apache?  Other?
Nginx with openssl. There is no option in the server config to use plain 
http and users are redirected to https.




It was a while back, but I have a vague memory of fossil complaining
when my certificates expired; though I use mutual authentication -- and
I'm not entirely sure I remember correctly.
I am quite sure that fossil did not warn me - I accessed it from several 
machines and only noticed the certificate had expired when I used a browser.



If you didn't add the CA as a trusted CA in fossil, then it should
have asked you to trust the server certificate.  I'm not sure how the
check is done; if it only compares name fields it's not good.
Unfortunately I'll be a little busy the next few days, but send me a
ping in a week or so if it still remains a mystery and I'll take a
closer look.

Fossil definitely did not ask me to trust the new certificate - it is a 
completely different certificate too.


Thank you for your offer of help.

Saul Hazledine
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

[fossil-users] permuted index doc-page: request for feedback (was: Remove redundant shun links from doc page.)

2015-08-17 Thread Michai Ramakers 
[ conversation about appearance of permuted index page from a while ago ]

On 22 June 2015 at 20:11, Ross Berteig r...@cheshireeng.com wrote:

 On 6/22/2015 10:46 AM, sky5w...@gmail.com wrote:

 I agree we all think differently, but the output should collate the
 descriptions while keeping only a single common link.
 The difference with the wiki 'keyword in context' is I can see the
 duplication. The auto doc page infers many unique links.

 The whole point of a permuted index is to provide an alphabetical list of
 keywords, shown along with some context, and references (links) to where
 they appear.
 ...

ok, I tried to do this earlier with a bit of effort, but my TCL-foo is too 
weak:

how about displaying the permuted index (if that must be - I don't see
the whole point of it, since there is a browser 'search' function
anyway, but hey :-), but display canonical links in bold. The section
header could then be something like Permuted index, (canonical
titles displayed in bold).

Is that an idea?

my Tcl-foo is less weak now, and the canonical titles in bold was
tried in [2a8dd751]
(http://fossil-scm.org/index.html/doc/2a8dd751/www/permutedindex.html
for an impression).

After feedback that the canonical titles stick out too much now, a
separate list of canonical titles was tried in [66920879]
(http://fossil-scm.org/index.html/doc/66920879/www/permutedindex.html
for an impression - canonical titles follow the original permited
index).

Another suggestion was to move the list of canonical titles in front
of the original permuted index - which sounds perfect to me.

Is this something you like? Feedback is welcome.

Michai
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users