by default subversion caches passwords in cleartext under ~/.subversion.

the doco claims this is safe cos the directory has extremely restricted
permissions, but noone i know agrees with this or feels safe. this change
installs a config under /etc/subversion/config that disables this
behaviour.

discussed with pval@ ckuethe@ ok robert@ sturm@ ajacoutot@
This commit is contained in:
dlg 2007-02-15 10:25:17 +00:00
parent fb780e4061
commit e64b95ca8b
3 changed files with 13 additions and 4 deletions

View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.31 2007/02/14 11:51:07 steven Exp $ # $OpenBSD: Makefile,v 1.32 2007/02/15 10:25:17 dlg Exp $
COMMENT-main= "subversion revision control system" COMMENT-main= "subversion revision control system"
COMMENT-perl= "perl interface to subversion" COMMENT-perl= "perl interface to subversion"
@ -7,8 +7,8 @@ COMMENT-ruby= "ruby interface to subversion"
VERSION= 1.4.3 VERSION= 1.4.3
DISTNAME= subversion-${VERSION} DISTNAME= subversion-${VERSION}
PKGNAME= ${DISTNAME} PKGNAME= ${DISTNAME}p0
PKGNAME-main= ${DISTNAME} PKGNAME-main= ${DISTNAME}p0
PKGNAME-perl= p5-SVN-${VERSION} PKGNAME-perl= p5-SVN-${VERSION}
PKGNAME-python= py-subversion-${VERSION} PKGNAME-python= py-subversion-${VERSION}
PKGNAME-ruby= ruby-subversion-${VERSION}p0 PKGNAME-ruby= ruby-subversion-${VERSION}p0
@ -159,6 +159,8 @@ post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/subversion/hook-scripts/mailer ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/subversion/hook-scripts/mailer
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/subversion/hook-scripts/mailer/tests ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/subversion/hook-scripts/mailer/tests
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/subversion/hook-scripts/enforcer ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/subversion/hook-scripts/enforcer
${INSTALL_DATA} ${FILESDIR}/config \
${PREFIX}/share/examples/subversion/config
${INSTALL_DATA} ${WRKBUILD}/tools/backup/hot-backup.py \ ${INSTALL_DATA} ${WRKBUILD}/tools/backup/hot-backup.py \
${PREFIX}/share/examples/subversion/backup ${PREFIX}/share/examples/subversion/backup
${INSTALL_DATA} ${WRKSRC}/tools/server-side/svn-backup-dumps.py \ ${INSTALL_DATA} ${WRKSRC}/tools/server-side/svn-backup-dumps.py \

View File

@ -0,0 +1,4 @@
# $OpenBSD: config,v 1.1 2007/02/15 10:25:17 dlg Exp $
[auth]
store-passwords=no

View File

@ -1,4 +1,4 @@
@comment $OpenBSD: PLIST-main,v 1.1 2006/11/24 19:52:53 steven Exp $ @comment $OpenBSD: PLIST-main,v 1.2 2007/02/15 10:25:17 dlg Exp $
@pkgpath devel/subversion,no_bindings @pkgpath devel/subversion,no_bindings
@pkgpath devel/subversion @pkgpath devel/subversion
%%SHARED%% %%SHARED%%
@ -82,10 +82,13 @@ lib/libsvn_wc-1.la
@man man/man5/svnserve.conf.5 @man man/man5/svnserve.conf.5
@man man/man8/svnserve.8 @man man/man8/svnserve.8
share/examples/subversion/ share/examples/subversion/
@sample ${SYSCONFDIR}/subversion/
share/examples/subversion/backup/ share/examples/subversion/backup/
share/examples/subversion/backup/hot-backup.py share/examples/subversion/backup/hot-backup.py
share/examples/subversion/backup/svn-backup-dumps.py share/examples/subversion/backup/svn-backup-dumps.py
share/examples/subversion/backup/svn-fast-backup share/examples/subversion/backup/svn-fast-backup
share/examples/subversion/config
@sample ${SYSCONFDIR}/subversion/config
share/examples/subversion/hook-scripts/ share/examples/subversion/hook-scripts/
share/examples/subversion/hook-scripts/README share/examples/subversion/hook-scripts/README
share/examples/subversion/hook-scripts/check-case-insensitive.pl share/examples/subversion/hook-scripts/check-case-insensitive.pl