Subversion environmental variables
628 views
Skip to first unread message
Jeffrey Walton
Feb 3, 2022, 1:31:36 PM2/3/22
to us...@subversion.apache.org
Hi Everyone,
I checked the man pages and could not find an answer... What
environmental variables does a subversion client use?
The problem I am trying to solve is, I am being prompted for a
password in a script about 15 times. I want to know which variable to
use for a password to avoid the prompts.
Thanks in advance.
I checked the man pages and could not find an answer... What
environmental variables does a subversion client use?
The problem I am trying to solve is, I am being prompted for a
password in a script about 15 times. I want to know which variable to
use for a password to avoid the prompts.
Thanks in advance.
Nathan Hartman
Feb 3, 2022, 2:12:37 PM2/3/22
to nolo...@gmail.com, Subversion
Come to think of it, I don't think we have an exhaustive list of
environment variables that a Subversion client (or server, for that
matter) can use. That might be a useful thing to document. As far as I
know, there isn't an environment variable for providing credentials.
Regarding the password prompts for a scripted use case, there is an
ongoing and long discussion on our development list about this issue.
I assume you're on a Unix system (since you mentioned reading the man
pages). Whereas on Windows and macOS, Subversion always uses encrypted
credential caches (standard Windows API on Windows; Keychain on
macOS), the situation is more complicated on Linux/Un*x systems, which
do not have a single standardized solution for credential caching. So
on these systems, Subversion can be built with support for several
possible credential caches, including GNOME Keyring, KDE Kwallet,
GPG-Agent, or a plaintext cache. Due to security concerns, the
plaintext credential cache is disabled in the default build starting
with Subversion 1.12, unless enabled at compile-time. However, that
decision has made things more complicated for scripted/remote/headless
use cases, which we have been hearing about. We're trying to find a
solution that balances everyone's needs as well as possible.
Meanwhile, back to the immediate issue:
You can check which credential caches your SVN client was built with by running:
$ svn --version
and looking for "The following authentication credential caches are
available:" in the output.
KWallet and GNOME Keyring will probably prompt for a password once and
then cache it in memory, probably until some timeout elapses.
I looked into GPG Agent in the past and I think it is possible to make
it never prompt for a password interactively, but when I tried to set
this up to test it, I could not get it to work. Maybe others have more
input on this.
If you are in a trusted environment, you can pass --username and
--password arguments to svn on the command line; I say "trusted
environment" because this is not secure: the password becomes
viewable, e.g., in ps.
A slightly better solution could be to cache a plaintext password;
earlier I mentioned that the plaintext cache is disabled by default
since 1.12, but note that SVN clients will still use a cached
plaintext password if it is already saved. (They just won't cache new
passwords by that method.) There exists somewhere in our mail archives
a script for zsh (which I can try to find if you want it) to manually
cache a plaintext password, if you feel this is an acceptable
solution. (There might also be a python script; I don't remember.)
This FAQ entry (which is yet a work-in-progress) may offer something helpful:
https://subversion.apache.org/faq.html#plaintext-passwords
If the repository access is through svn+ssh, this FAQ might be helpful:
https://subversion.apache.org/faq.html#plaintext-passwords
Perhaps other users will chime in with ideas. It might be helpful if
you can tell us the SVN client version, OS on which you're using it,
and the method by which the repository is accessed (http, https, svn,
svn+ssh, file, etc).
Hope this helps...
Nathan
Daniel Shahaf
Feb 8, 2022, 7:17:12 AM2/8/22
to Nathan Hartman, Subversion, nolo...@gmail.com
Nathan Hartman wrote on Thu, 03 Feb 2022 19:12 +00:00:
> On Thu, Feb 3, 2022 at 1:31 PM Jeffrey Walton <nolo...@gmail.com> wrote:
>> I checked the man pages and could not find an answer... What
>> environmental variables does a subversion client use?
>>
>> The problem I am trying to solve is, I am being prompted for a
>> password in a script about 15 times. I want to know which variable to
>> use for a password to avoid the prompts.
>
> Hi Jeffrey,
>
> Come to think of it, I don't think we have an exhaustive list of
> environment variables that a Subversion client (or server, for that
> matter) can use. That might be a useful thing to document.
The file notes/knobs collects some of these. It covers some internal
> On Thu, Feb 3, 2022 at 1:31 PM Jeffrey Walton <nolo...@gmail.com> wrote:
>> I checked the man pages and could not find an answer... What
>> environmental variables does a subversion client use?
>>
>> The problem I am trying to solve is, I am being prompted for a
>> password in a script about 15 times. I want to know which variable to
>> use for a password to avoid the prompts.
>
> Hi Jeffrey,
>
> Come to think of it, I don't think we have an exhaustive list of
> environment variables that a Subversion client (or server, for that
> matter) can use. That might be a useful thing to document.
/ easter eggs / unsupported stuff as well, and manages not to mention
SVN_EDITOR at all.
Bo Berglund
Feb 17, 2022, 9:38:16 AM2/17/22
to us...@subversion.apache.org
On Thu, 3 Feb 2022 14:12:14 -0500, Nathan Hartman <hartman...@gmail.com>
wrote:
>There exists somewhere in our mail archives
>a script for zsh (which I can try to find if you want it) to manually
>cache a plaintext password, if you feel this is an acceptable
>solution. (There might also be a python script; I don't remember.)
I am having problems working with svn on several platforms, like RaspberryPi and
Ubuntu Mint. From some updated version of subversion passwords are no longer
cached by svn itself and hence the operating system pops up a dialog in the GUI
to fill in for executing say an svn update.
But I mostly work on the command line, very seldom on the GUI so I don't see
this....
When it first appeared I just saw a failing svn command and could not understand
why. Now I know what was going on and so I have to VNC to the machines (they are
mostly remote from my location) and thereby getting a GUI. Then I do the svn
command in PuTTY and when it stalls I go over to the VNC GUI and sure enough:
There is the pop-up window to be filled in.
Pretty darn dumb decision to remove the password cache from svn if you ask me...
Anyway I would be *very interested* in adding such a script for caching an svn
password on my machine to get rid of this problem!
--
Bo Berglund
Developer in Sweden
wrote:
>There exists somewhere in our mail archives
>a script for zsh (which I can try to find if you want it) to manually
>cache a plaintext password, if you feel this is an acceptable
>solution. (There might also be a python script; I don't remember.)
Ubuntu Mint. From some updated version of subversion passwords are no longer
cached by svn itself and hence the operating system pops up a dialog in the GUI
to fill in for executing say an svn update.
But I mostly work on the command line, very seldom on the GUI so I don't see
this....
When it first appeared I just saw a failing svn command and could not understand
why. Now I know what was going on and so I have to VNC to the machines (they are
mostly remote from my location) and thereby getting a GUI. Then I do the svn
command in PuTTY and when it stalls I go over to the VNC GUI and sure enough:
There is the pop-up window to be filled in.
Pretty darn dumb decision to remove the password cache from svn if you ask me...
Anyway I would be *very interested* in adding such a script for caching an svn
password on my machine to get rid of this problem!
--
Bo Berglund
Developer in Sweden
Reply all
Reply to author
Forward
0 new messages