Hello, Many thanks to those who have provided feedback and suggestions for how to improve the SSH transport for ssh:// URLs.
Is there anything else left to be done (specifically for what is required to be directly in Fossil) regarding the SSH transport changes? I've tested it with a few upgrade scenarios and here is a sample of what will be seen when using the new binary with an already open fossil. This fossil was opened using version-1.22 and then updated with the new SSH changes: $ f ver This is fossil version 1.26 [021e41014d] 2013-07-27 21:09:30 UTC $ f up Autosync: ssh://amb:*@remote//tmp/orig.fossil Round-trips: 1 Artifacts sent: 0 received: 0 ssh -e none -T amb@remote fossil http /tmp/orig.fossil Error: login failed password for amb: remember password (Y/n)? y Round-trips: 2 Artifacts sent: 0 received: 0 Pull finished with 695 bytes sent, 745 bytes received ------------------------------------------------------------------------------- checkout: 51a93acd1a06a336554b6714f38d47d2a81c8f96 2013-07-30 03:54:39 UTC tags: trunk comment: four (user: amb) changes: None. Already up-to-date Notice that it prompted me for the Fossil user password because the one it had stored in the local settings DB is no longer correct. In cases where the password is the same as the SSH account, then this won't present a password prompt because it will succeed. I suspect that most SSH users probably did not set their Fossil user password because there was no need---given that the remote command was essentially fossil test-http. Are there any other areas that should be tested heavily? Someone want to spot check the code for glaring no-no's? Summary of changes: Changed default SSH remote command to ``fossil http /path/to/fossil'' which eliminates any dependency on shells on the server side. This also means that Fossil Privileges and Capabilities will now be imposed upon the account used to clone/sync the fossil. Added additional support for separate Fossil user vs SSH user to allow for more flexibility when using SSH as transport. This will enable shared accounts (useful when using SSH keys) so Fossils can be aggregated under a single account. Traditional shared access is still possible (this is the default behavior) as long as Unix groups and permissions allow read/write access to the fossil. Added additional support to fossil http to recognize the remote SSH client (via SSH_CONNECTION environment variable). This helps identify the source of changes in artifacts. Enhanced the parsing of SSH URLs by ignoring a missing port and not failing (thanks Rene). Made the sync output less verbose (thanks Martin Gagnon). Eliminated the -pw option on Windows (primarily a plink.exe option) since it doesn't really make sense anymore as SSH authentication is no longer handled by fossil. Eliminated the use of test-http for ssh:// URLs (inherent to first item). Eliminated the test-ssh-far-side command since it is really not needed now. Hopefully I haven't missed anything... To see all relevant changes: http://www.fossil-scm.org/index.html/vdiff?from=a60b008f1a01a383&to=021e41014d69a67b&sbs=1 Thanks, Andy -- TAI64 timestamp: 4000000051f749fb _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
