diff --git a/manic/repository_git.py b/manic/repository_git.py index ac55084..aab1a46 100644 --- a/manic/repository_git.py +++ b/manic/repository_git.py @@ -7,6 +7,7 @@ import copy import os +import sys from .global_constants import EMPTY_STR, LOCAL_PATH_INDICATOR from .global_constants import VERBOSITY_VERBOSE @@ -839,12 +840,19 @@ def _git_update_submodules(verbosity, dirname): """Run git submodule update for the side effect of updating this repo's submodules. """ + # due to https://vielmetti.typepad.com/logbook/2022/10/git-security-fixes-lead-to-fatal-transport-file-not-allowed-error-in-ci-systems-cve-2022-39253.html + # submodules from file doesn't work without overriding the protocol, this is done + # for testing submodule support but should not be done in practice + file_protocol = "" + if 'unittest' in sys.modules.keys(): + file_protocol = "-c protocol.file.allow=always" + # First, verify that we have a .gitmodules file if os.path.exists( os.path.join(dirname, ExternalsDescription.GIT_SUBMODULES_FILENAME)): - cmd = ('git -C {dirname} submodule update --init --recursive' - .format(dirname=dirname)).split() + cmd = ('git {file_protocol} -C {dirname} submodule update --init --recursive' + .format(file_protocol=file_protocol, dirname=dirname)).split() if verbosity >= VERBOSITY_VERBOSE: printlog(' {0}'.format(' '.join(cmd))) diff --git a/manic/repository_svn.py b/manic/repository_svn.py index 922855d..32a7118 100644 --- a/manic/repository_svn.py +++ b/manic/repository_svn.py @@ -42,6 +42,9 @@ def __init__(self, component_name, repo, ignore_ancestry=False): Parse repo (a XML element). """ Repository.__init__(self, component_name, repo) + if 'github.com' in self._url: + msg = "SVN access to github.com is no longer supported" + fatal_error(msg) self._ignore_ancestry = ignore_ancestry if self._url.endswith('/'): # there is already a '/' separator in the URL; no need to add another diff --git a/test/repos/README.md b/test/repos/README.md index 8a3502c..026b684 100644 --- a/test/repos/README.md +++ b/test/repos/README.md @@ -1,6 +1,6 @@ -Git repositories for testing git-related behavior. For usage and terminology notes, see test/test_sys_checkout.py. +Git and svn repositories for testing git and svn-related behavior. For usage and terminology notes, see test/test_sys_checkout.py. -To list files and view file contents at HEAD: +For git repos: To list files and view file contents at HEAD: ``` cd git ls-tree --full-tree -r --name-only HEAD diff --git a/test/repos/simple-ext.svn/README.txt b/test/repos/simple-ext.svn/README.txt new file mode 100644 index 0000000..9935818 --- /dev/null +++ b/test/repos/simple-ext.svn/README.txt @@ -0,0 +1,5 @@ +This is a Subversion repository; use the 'svnadmin' and 'svnlook' +tools to examine it. Do not add, delete, or modify files here +unless you know how to avoid corrupting the repository. + +Visit http://subversion.apache.org/ for more information. diff --git a/test/repos/simple-ext.svn/conf/authz b/test/repos/simple-ext.svn/conf/authz new file mode 100644 index 0000000..0b9a410 --- /dev/null +++ b/test/repos/simple-ext.svn/conf/authz @@ -0,0 +1,32 @@ +### This file is an example authorization file for svnserve. +### Its format is identical to that of mod_authz_svn authorization +### files. +### As shown below each section defines authorizations for the path and +### (optional) repository specified by the section name. +### The authorizations follow. An authorization line can refer to: +### - a single user, +### - a group of users defined in a special [groups] section, +### - an alias defined in a special [aliases] section, +### - all authenticated users, using the '$authenticated' token, +### - only anonymous users, using the '$anonymous' token, +### - anyone, using the '*' wildcard. +### +### A match can be inverted by prefixing the rule with '~'. Rules can +### grant read ('r') access, read-write ('rw') access, or no access +### (''). + +[aliases] +# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average + +[groups] +# harry_and_sally = harry,sally +# harry_sally_and_joe = harry,sally,&joe + +# [/foo/bar] +# harry = rw +# &joe = r +# * = + +# [repository:/baz/fuz] +# @harry_and_sally = rw +# * = r diff --git a/test/repos/simple-ext.svn/conf/hooks-env.tmpl b/test/repos/simple-ext.svn/conf/hooks-env.tmpl new file mode 100644 index 0000000..ee965c3 --- /dev/null +++ b/test/repos/simple-ext.svn/conf/hooks-env.tmpl @@ -0,0 +1,19 @@ +### This file is an example hook script environment configuration file. +### Hook scripts run in an empty environment by default. +### As shown below each section defines environment variables for a +### particular hook script. The [default] section defines environment +### variables for all hook scripts, unless overridden by a hook-specific +### section. + +### This example configures a UTF-8 locale for all hook scripts, so that +### special characters, such as umlauts, may be printed to stderr. +### If UTF-8 is used with a mod_dav_svn server, the SVNUseUTF8 option must +### also be set to 'yes' in httpd.conf. +### With svnserve, the LANG environment variable of the svnserve process +### must be set to the same value as given here. +[default] +LANG = en_US.UTF-8 + +### This sets the PATH environment variable for the pre-commit hook. +[pre-commit] +PATH = /usr/local/bin:/usr/bin:/usr/sbin diff --git a/test/repos/simple-ext.svn/conf/passwd b/test/repos/simple-ext.svn/conf/passwd new file mode 100644 index 0000000..ecaa08d --- /dev/null +++ b/test/repos/simple-ext.svn/conf/passwd @@ -0,0 +1,8 @@ +### This file is an example password file for svnserve. +### Its format is similar to that of svnserve.conf. As shown in the +### example below it contains one section labelled [users]. +### The name and password for each user follow, one account per line. + +[users] +# harry = harryssecret +# sally = sallyssecret diff --git a/test/repos/simple-ext.svn/conf/svnserve.conf b/test/repos/simple-ext.svn/conf/svnserve.conf new file mode 100644 index 0000000..6cefc17 --- /dev/null +++ b/test/repos/simple-ext.svn/conf/svnserve.conf @@ -0,0 +1,81 @@ +### This file controls the configuration of the svnserve daemon, if you +### use it to allow access to this repository. (If you only allow +### access through http: and/or file: URLs, then this file is +### irrelevant.) + +### Visit http://subversion.apache.org/ for more information. + +[general] +### The anon-access and auth-access options control access to the +### repository for unauthenticated (a.k.a. anonymous) users and +### authenticated users, respectively. +### Valid values are "write", "read", and "none". +### Setting the value to "none" prohibits both reading and writing; +### "read" allows read-only access, and "write" allows complete +### read/write access to the repository. +### The sample settings below are the defaults and specify that anonymous +### users have read-only access to the repository, while authenticated +### users have read and write access to the repository. +# anon-access = read +# auth-access = write +### The password-db option controls the location of the password +### database file. Unless you specify a path starting with a /, +### the file's location is relative to the directory containing +### this configuration file. +### If SASL is enabled (see below), this file will NOT be used. +### Uncomment the line below to use the default password file. +# password-db = passwd +### The authz-db option controls the location of the authorization +### rules for path-based access control. Unless you specify a path +### starting with a /, the file's location is relative to the +### directory containing this file. The specified path may be a +### repository relative URL (^/) or an absolute file:// URL to a text +### file in a Subversion repository. If you don't specify an authz-db, +### no path-based access control is done. +### Uncomment the line below to use the default authorization file. +# authz-db = authz +### The groups-db option controls the location of the file with the +### group definitions and allows maintaining groups separately from the +### authorization rules. The groups-db file is of the same format as the +### authz-db file and should contain a single [groups] section with the +### group definitions. If the option is enabled, the authz-db file cannot +### contain a [groups] section. Unless you specify a path starting with +### a /, the file's location is relative to the directory containing this +### file. The specified path may be a repository relative URL (^/) or an +### absolute file:// URL to a text file in a Subversion repository. +### This option is not being used by default. +# groups-db = groups +### This option specifies the authentication realm of the repository. +### If two repositories have the same authentication realm, they should +### have the same password database, and vice versa. The default realm +### is repository's uuid. +# realm = My First Repository +### The force-username-case option causes svnserve to case-normalize +### usernames before comparing them against the authorization rules in the +### authz-db file configured above. Valid values are "upper" (to upper- +### case the usernames), "lower" (to lowercase the usernames), and +### "none" (to compare usernames as-is without case conversion, which +### is the default behavior). +# force-username-case = none +### The hooks-env options specifies a path to the hook script environment +### configuration file. This option overrides the per-repository default +### and can be used to configure the hook script environment for multiple +### repositories in a single file, if an absolute path is specified. +### Unless you specify an absolute path, the file's location is relative +### to the directory containing this file. +# hooks-env = hooks-env + +[sasl] +### This option specifies whether you want to use the Cyrus SASL +### library for authentication. Default is false. +### Enabling this option requires svnserve to have been built with Cyrus +### SASL support; to check, run 'svnserve --version' and look for a line +### reading 'Cyrus SASL authentication is available.' +# use-sasl = true +### These options specify the desired strength of the security layer +### that you want SASL to provide. 0 means no encryption, 1 means +### integrity-checking only, values larger than 1 are correlated +### to the effective key length for encryption (e.g. 128 means 128-bit +### encryption). The values below are the defaults. +# min-encryption = 0 +# max-encryption = 256 diff --git a/test/repos/simple-ext.svn/db/current b/test/repos/simple-ext.svn/db/current new file mode 100644 index 0000000..00750ed --- /dev/null +++ b/test/repos/simple-ext.svn/db/current @@ -0,0 +1 @@ +3 diff --git a/test/repos/simple-ext.svn/db/format b/test/repos/simple-ext.svn/db/format new file mode 100644 index 0000000..5dd0c22 --- /dev/null +++ b/test/repos/simple-ext.svn/db/format @@ -0,0 +1,3 @@ +8 +layout sharded 1000 +addressing logical diff --git a/test/repos/simple-ext.svn/db/fs-type b/test/repos/simple-ext.svn/db/fs-type new file mode 100644 index 0000000..4fdd953 --- /dev/null +++ b/test/repos/simple-ext.svn/db/fs-type @@ -0,0 +1 @@ +fsfs diff --git a/test/repos/simple-ext.svn/db/fsfs.conf b/test/repos/simple-ext.svn/db/fsfs.conf new file mode 100644 index 0000000..ac6877a --- /dev/null +++ b/test/repos/simple-ext.svn/db/fsfs.conf @@ -0,0 +1,200 @@ +### This file controls the configuration of the FSFS filesystem. + +[memcached-servers] +### These options name memcached servers used to cache internal FSFS +### data. See http://www.danga.com/memcached/ for more information on +### memcached. To use memcached with FSFS, run one or more memcached +### servers, and specify each of them as an option like so: +# first-server = 127.0.0.1:11211 +# remote-memcached = mymemcached.corp.example.com:11212 +### The option name is ignored; the value is of the form HOST:PORT. +### memcached servers can be shared between multiple repositories; +### however, if you do this, you *must* ensure that repositories have +### distinct UUIDs and paths, or else cached data from one repository +### might be used by another accidentally. Note also that memcached has +### no authentication for reads or writes, so you must ensure that your +### memcached servers are only accessible by trusted users. + +[caches] +### When a cache-related error occurs, normally Subversion ignores it +### and continues, logging an error if the server is appropriately +### configured (and ignoring it with file:// access). To make +### Subversion never ignore cache errors, uncomment this line. +# fail-stop = true + +[rep-sharing] +### To conserve space, the filesystem can optionally avoid storing +### duplicate representations. This comes at a slight cost in +### performance, as maintaining a database of shared representations can +### increase commit times. The space savings are dependent upon the size +### of the repository, the number of objects it contains and the amount of +### duplication between them, usually a function of the branching and +### merging process. +### +### The following parameter enables rep-sharing in the repository. It can +### be switched on and off at will, but for best space-saving results +### should be enabled consistently over the life of the repository. +### 'svnadmin verify' will check the rep-cache regardless of this setting. +### rep-sharing is enabled by default. +# enable-rep-sharing = true + +[deltification] +### To conserve space, the filesystem stores data as differences against +### existing representations. This comes at a slight cost in performance, +### as calculating differences can increase commit times. Reading data +### will also create higher CPU load and the data will be fragmented. +### Since deltification tends to save significant amounts of disk space, +### the overall I/O load can actually be lower. +### +### The options in this section allow for tuning the deltification +### strategy. Their effects on data size and server performance may vary +### from one repository to another. Versions prior to 1.8 will ignore +### this section. +### +### The following parameter enables deltification for directories. It can +### be switched on and off at will, but for best space-saving results +### should be enabled consistently over the lifetime of the repository. +### Repositories containing large directories will benefit greatly. +### In rarely accessed repositories, the I/O overhead may be significant +### as caches will most likely be low. +### directory deltification is enabled by default. +# enable-dir-deltification = true +### +### The following parameter enables deltification for properties on files +### and directories. Overall, this is a minor tuning option but can save +### some disk space if you merge frequently or frequently change node +### properties. You should not activate this if rep-sharing has been +### disabled because this may result in a net increase in repository size. +### property deltification is enabled by default. +# enable-props-deltification = true +### +### During commit, the server may need to walk the whole change history of +### of a given node to find a suitable deltification base. This linear +### process can impact commit times, svnadmin load and similar operations. +### This setting limits the depth of the deltification history. If the +### threshold has been reached, the node will be stored as fulltext and a +### new deltification history begins. +### Note, this is unrelated to svn log. +### Very large values rarely provide significant additional savings but +### can impact performance greatly - in particular if directory +### deltification has been activated. Very small values may be useful in +### repositories that are dominated by large, changing binaries. +### Should be a power of two minus 1. A value of 0 will effectively +### disable deltification. +### For 1.8, the default value is 1023; earlier versions have no limit. +# max-deltification-walk = 1023 +### +### The skip-delta scheme used by FSFS tends to repeatably store redundant +### delta information where a simple delta against the latest version is +### often smaller. By default, 1.8+ will therefore use skip deltas only +### after the linear chain of deltas has grown beyond the threshold +### specified by this setting. +### Values up to 64 can result in some reduction in repository size for +### the cost of quickly increasing I/O and CPU costs. Similarly, smaller +### numbers can reduce those costs at the cost of more disk space. For +### rarely read repositories or those containing larger binaries, this may +### present a better trade-off. +### Should be a power of two. A value of 1 or smaller will cause the +### exclusive use of skip-deltas (as in pre-1.8). +### For 1.8, the default value is 16; earlier versions use 1. +# max-linear-deltification = 16 +### +### After deltification, we compress the data to minimize on-disk size. +### This setting controls the compression algorithm, which will be used in +### future revisions. It can be used to either disable compression or to +### select between available algorithms (zlib, lz4). zlib is a general- +### purpose compression algorithm. lz4 is a fast compression algorithm +### which should be preferred for repositories with large and, possibly, +### incompressible files. Note that the compression ratio of lz4 is +### usually lower than the one provided by zlib, but using it can +### significantly speed up commits as well as reading the data. +### lz4 compression algorithm is supported, starting from format 8 +### repositories, available in Subversion 1.10 and higher. +### The syntax of this option is: +### compression = none | lz4 | zlib | zlib-1 ... zlib-9 +### Versions prior to Subversion 1.10 will ignore this option. +### The default value is 'lz4' if supported by the repository format and +### 'zlib' otherwise. 'zlib' is currently equivalent to 'zlib-5'. +# compression = lz4 +### +### DEPRECATED: The new 'compression' option deprecates previously used +### 'compression-level' option, which was used to configure zlib compression. +### For compatibility with previous versions of Subversion, this option can +### still be used (and it will result in zlib compression with the +### corresponding compression level). +### compression-level = 0 ... 9 (default is 5) + +[packed-revprops] +### This parameter controls the size (in kBytes) of packed revprop files. +### Revprops of consecutive revisions will be concatenated into a single +### file up to but not exceeding the threshold given here. However, each +### pack file may be much smaller and revprops of a single revision may be +### much larger than the limit set here. The threshold will be applied +### before optional compression takes place. +### Large values will reduce disk space usage at the expense of increased +### latency and CPU usage reading and changing individual revprops. +### Values smaller than 4 kByte will not improve latency any further and +### quickly render revprop packing ineffective. +### revprop-pack-size is 16 kBytes by default for non-compressed revprop +### pack files and 64 kBytes when compression has been enabled. +# revprop-pack-size = 16 +### +### To save disk space, packed revprop files may be compressed. Standard +### revprops tend to allow for very effective compression. Reading and +### even more so writing, become significantly more CPU intensive. +### Compressing packed revprops is disabled by default. +# compress-packed-revprops = false + +[io] +### Parameters in this section control the data access granularity in +### format 7 repositories and later. The defaults should translate into +### decent performance over a wide range of setups. +### +### When a specific piece of information needs to be read from disk, a +### data block is being read at once and its contents are being cached. +### If the repository is being stored on a RAID, the block size should be +### either 50% or 100% of RAID block size / granularity. Also, your file +### system blocks/clusters should be properly aligned and sized. In that +### setup, each access will hit only one disk (minimizes I/O load) but +### uses all the data provided by the disk in a single access. +### For SSD-based storage systems, slightly lower values around 16 kB +### may improve latency while still maximizing throughput. If block-read +### has not been enabled, this will be capped to 4 kBytes. +### Can be changed at any time but must be a power of 2. +### block-size is given in kBytes and with a default of 64 kBytes. +# block-size = 64 +### +### The log-to-phys index maps data item numbers to offsets within the +### rev or pack file. This index is organized in pages of a fixed maximum +### capacity. To access an item, the page table and the respective page +### must be read. +### This parameter only affects revisions with thousands of changed paths. +### If you have several extremely large revisions (~1 mio changes), think +### about increasing this setting. Reducing the value will rarely result +### in a net speedup. +### This is an expert setting. Must be a power of 2. +### l2p-page-size is 8192 entries by default. +# l2p-page-size = 8192 +### +### The phys-to-log index maps positions within the rev or pack file to +### to data items, i.e. describes what piece of information is being +### stored at any particular offset. The index describes the rev file +### in chunks (pages) and keeps a global list of all those pages. Large +### pages mean a shorter page table but a larger per-page description of +### data items in it. The latency sweetspot depends on the change size +### distribution but covers a relatively wide range. +### If the repository contains very large files, i.e. individual changes +### of tens of MB each, increasing the page size will shorten the index +### file at the expense of a slightly increased latency in sections with +### smaller changes. +### For source code repositories, this should be about 16x the block-size. +### Must be a power of 2. +### p2l-page-size is given in kBytes and with a default of 1024 kBytes. +# p2l-page-size = 1024 + +[debug] +### +### Whether to verify each new revision immediately before finalizing +### the commit. This is disabled by default except in maintainer-mode +### builds. +# verify-before-commit = false diff --git a/test/repos/simple-ext.svn/db/min-unpacked-rev b/test/repos/simple-ext.svn/db/min-unpacked-rev new file mode 100644 index 0000000..573541a --- /dev/null +++ b/test/repos/simple-ext.svn/db/min-unpacked-rev @@ -0,0 +1 @@ +0 diff --git a/test/repos/simple-ext.svn/db/rep-cache.db b/test/repos/simple-ext.svn/db/rep-cache.db new file mode 100644 index 0000000..3193b2e Binary files /dev/null and b/test/repos/simple-ext.svn/db/rep-cache.db differ diff --git a/test/repos/simple-ext.svn/db/rep-cache.db-journal b/test/repos/simple-ext.svn/db/rep-cache.db-journal new file mode 100644 index 0000000..e69de29 diff --git a/test/repos/simple-ext.svn/db/revprops/0/0 b/test/repos/simple-ext.svn/db/revprops/0/0 new file mode 100644 index 0000000..9276800 --- /dev/null +++ b/test/repos/simple-ext.svn/db/revprops/0/0 @@ -0,0 +1,5 @@ +K 8 +svn:date +V 27 +2023-11-16T20:11:46.318861Z +END diff --git a/test/repos/simple-ext.svn/db/revprops/0/1 b/test/repos/simple-ext.svn/db/revprops/0/1 new file mode 100644 index 0000000..aa95a9d --- /dev/null +++ b/test/repos/simple-ext.svn/db/revprops/0/1 @@ -0,0 +1,13 @@ +K 10 +svn:author +V 5 +sacks +K 8 +svn:date +V 27 +2023-11-16T20:15:56.917904Z +K 7 +svn:log +V 30 +Setting up directory structure +END diff --git a/test/repos/simple-ext.svn/db/revprops/0/2 b/test/repos/simple-ext.svn/db/revprops/0/2 new file mode 100644 index 0000000..3d04d89 --- /dev/null +++ b/test/repos/simple-ext.svn/db/revprops/0/2 @@ -0,0 +1,13 @@ +K 10 +svn:author +V 5 +sacks +K 8 +svn:date +V 27 +2023-11-16T20:27:31.407916Z +K 7 +svn:log +V 10 +Add README +END diff --git a/test/repos/simple-ext.svn/db/revprops/0/3 b/test/repos/simple-ext.svn/db/revprops/0/3 new file mode 100644 index 0000000..de20268 --- /dev/null +++ b/test/repos/simple-ext.svn/db/revprops/0/3 @@ -0,0 +1,13 @@ +K 10 +svn:author +V 5 +sacks +K 8 +svn:date +V 27 +2023-11-16T21:14:43.366717Z +K 7 +svn:log +V 27 +Creating cesm2.0.beta07 tag +END diff --git a/test/repos/simple-ext.svn/db/revs/0/0 b/test/repos/simple-ext.svn/db/revs/0/0 new file mode 100644 index 0000000..9a56c28 Binary files /dev/null and b/test/repos/simple-ext.svn/db/revs/0/0 differ diff --git a/test/repos/simple-ext.svn/db/revs/0/1 b/test/repos/simple-ext.svn/db/revs/0/1 new file mode 100644 index 0000000..c6982ee Binary files /dev/null and b/test/repos/simple-ext.svn/db/revs/0/1 differ diff --git a/test/repos/simple-ext.svn/db/revs/0/2 b/test/repos/simple-ext.svn/db/revs/0/2 new file mode 100644 index 0000000..99a14cf Binary files /dev/null and b/test/repos/simple-ext.svn/db/revs/0/2 differ diff --git a/test/repos/simple-ext.svn/db/revs/0/3 b/test/repos/simple-ext.svn/db/revs/0/3 new file mode 100644 index 0000000..f437a6d Binary files /dev/null and b/test/repos/simple-ext.svn/db/revs/0/3 differ diff --git a/test/repos/simple-ext.svn/db/txn-current b/test/repos/simple-ext.svn/db/txn-current new file mode 100644 index 0000000..00750ed --- /dev/null +++ b/test/repos/simple-ext.svn/db/txn-current @@ -0,0 +1 @@ +3 diff --git a/test/repos/simple-ext.svn/db/txn-current-lock b/test/repos/simple-ext.svn/db/txn-current-lock new file mode 100644 index 0000000..e69de29 diff --git a/test/repos/simple-ext.svn/db/uuid b/test/repos/simple-ext.svn/db/uuid new file mode 100644 index 0000000..0b16502 --- /dev/null +++ b/test/repos/simple-ext.svn/db/uuid @@ -0,0 +1,2 @@ +1c80dd47-0c07-4207-8ee0-e60dd9d98853 +31d57ab1-759c-4129-a63d-898c774d96c9 diff --git a/test/repos/simple-ext.svn/db/write-lock b/test/repos/simple-ext.svn/db/write-lock new file mode 100644 index 0000000..e69de29 diff --git a/test/repos/simple-ext.svn/format b/test/repos/simple-ext.svn/format new file mode 100644 index 0000000..7ed6ff8 --- /dev/null +++ b/test/repos/simple-ext.svn/format @@ -0,0 +1 @@ +5 diff --git a/test/repos/simple-ext.svn/hooks/post-commit.tmpl b/test/repos/simple-ext.svn/hooks/post-commit.tmpl new file mode 100755 index 0000000..988f041 --- /dev/null +++ b/test/repos/simple-ext.svn/hooks/post-commit.tmpl @@ -0,0 +1,62 @@ +#!/bin/sh + +# POST-COMMIT HOOK +# +# The post-commit hook is invoked after a commit. Subversion runs +# this hook by invoking a program (script, executable, binary, etc.) +# named 'post-commit' (for which this file is a template) with the +# following ordered arguments: +# +# [1] REPOS-PATH (the path to this repository) +# [2] REV (the number of the revision just committed) +# [3] TXN-NAME (the name of the transaction that has become REV) +# +# Because the commit has already completed and cannot be undone, +# the exit code of the hook program is ignored. The hook program +# can use the 'svnlook' utility to help it examine the +# newly-committed tree. +# +# The default working directory for the invocation is undefined, so +# the program should set one explicitly if it cares. +# +# On a Unix system, the normal procedure is to have 'post-commit' +# invoke other programs to do the real work, though it may do the +# work itself too. +# +# Note that 'post-commit' must be executable by the user(s) who will +# invoke it (typically the user httpd runs as), and that user must +# have filesystem-level permission to access the repository. +# +# On a Windows system, you should name the hook program +# 'post-commit.bat' or 'post-commit.exe', +# but the basic idea is the same. +# +# The hook program runs in an empty environment, unless the server is +# explicitly configured otherwise. For example, a common problem is for +# the PATH environment variable to not be set to its usual value, so +# that subprograms fail to launch unless invoked via absolute path. +# If you're having unexpected problems with a hook program, the +# culprit may be unusual (or missing) environment variables. +# +# CAUTION: +# For security reasons, you MUST always properly quote arguments when +# you use them, as those arguments could contain whitespace or other +# problematic characters. Additionally, you should delimit the list +# of options with "--" before passing the arguments, so malicious +# clients cannot bootleg unexpected options to the commands your +# script aims to execute. +# For similar reasons, you should also add a trailing @ to URLs which +# are passed to SVN commands accepting URLs with peg revisions. +# +# Here is an example hook script, for a Unix /bin/sh interpreter. +# For more examples and pre-written hooks, see those in +# the Subversion repository at +# http://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/ and +# http://svn.apache.org/repos/asf/subversion/trunk/contrib/hook-scripts/ + + +REPOS="$1" +REV="$2" +TXN_NAME="$3" + +mailer.py commit "$REPOS" "$REV" /path/to/mailer.conf diff --git a/test/repos/simple-ext.svn/hooks/post-lock.tmpl b/test/repos/simple-ext.svn/hooks/post-lock.tmpl new file mode 100755 index 0000000..96f2165 --- /dev/null +++ b/test/repos/simple-ext.svn/hooks/post-lock.tmpl @@ -0,0 +1,64 @@ +#!/bin/sh + +# POST-LOCK HOOK +# +# The post-lock hook is run after a path is locked. Subversion runs +# this hook by invoking a program (script, executable, binary, etc.) +# named 'post-lock' (for which this file is a template) with the +# following ordered arguments: +# +# [1] REPOS-PATH (the path to this repository) +# [2] USER (the user who created the lock) +# +# The paths that were just locked are passed to the hook via STDIN. +# +# Because the locks have already been created and cannot be undone, +# the exit code of the hook program is ignored. The hook program +# can use the 'svnlook' utility to examine the paths in the repository +# but since the hook is invoked asynchronously the newly-created locks +# may no longer be present. +# +# The default working directory for the invocation is undefined, so +# the program should set one explicitly if it cares. +# +# On a Unix system, the normal procedure is to have 'post-lock' +# invoke other programs to do the real work, though it may do the +# work itself too. +# +# Note that 'post-lock' must be executable by the user(s) who will +# invoke it (typically the user httpd runs as), and that user must +# have filesystem-level permission to access the repository. +# +# On a Windows system, you should name the hook program +# 'post-lock.bat' or 'post-lock.exe', +# but the basic idea is the same. +# +# The hook program runs in an empty environment, unless the server is +# explicitly configured otherwise. For example, a common problem is for +# the PATH environment variable to not be set to its usual value, so +# that subprograms fail to launch unless invoked via absolute path. +# If you're having unexpected problems with a hook program, the +# culprit may be unusual (or missing) environment variables. +# +# CAUTION: +# For security reasons, you MUST always properly quote arguments when +# you use them, as those arguments could contain whitespace or other +# problematic characters. Additionally, you should delimit the list +# of options with "--" before passing the arguments, so malicious +# clients cannot bootleg unexpected options to the commands your +# script aims to execute. +# For similar reasons, you should also add a trailing @ to URLs which +# are passed to SVN commands accepting URLs with peg revisions. +# +# Here is an example hook script, for a Unix /bin/sh interpreter. +# For more examples and pre-written hooks, see those in +# the Subversion repository at +# http://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/ and +# http://svn.apache.org/repos/asf/subversion/trunk/contrib/hook-scripts/ + + +REPOS="$1" +USER="$2" + +# Send email to interested parties, let them know a lock was created: +mailer.py lock "$REPOS" "$USER" /path/to/mailer.conf diff --git a/test/repos/simple-ext.svn/hooks/post-revprop-change.tmpl b/test/repos/simple-ext.svn/hooks/post-revprop-change.tmpl new file mode 100755 index 0000000..de1b914 --- /dev/null +++ b/test/repos/simple-ext.svn/hooks/post-revprop-change.tmpl @@ -0,0 +1,69 @@ +#!/bin/sh + +# POST-REVPROP-CHANGE HOOK +# +# The post-revprop-change hook is invoked after a revision property +# has been added, modified or deleted. Subversion runs this hook by +# invoking a program (script, executable, binary, etc.) named +# 'post-revprop-change' (for which this file is a template), with the +# following ordered arguments: +# +# [1] REPOS-PATH (the path to this repository) +# [2] REV (the revision that was tweaked) +# [3] USER (the username of the person tweaking the property) +# [4] PROPNAME (the property that was changed) +# [5] ACTION (the property was 'A'dded, 'M'odified, or 'D'eleted) +# +# [STDIN] PROPVAL ** the old property value is passed via STDIN. +# +# Because the propchange has already completed and cannot be undone, +# the exit code of the hook program is ignored. The hook program +# can use the 'svnlook' utility to help it examine the +# new property value. +# +# The default working directory for the invocation is undefined, so +# the program should set one explicitly if it cares. +# +# On a Unix system, the normal procedure is to have 'post-revprop-change' +# invoke other programs to do the real work, though it may do the +# work itself too. +# +# Note that 'post-revprop-change' must be executable by the user(s) who will +# invoke it (typically the user httpd runs as), and that user must +# have filesystem-level permission to access the repository. +# +# On a Windows system, you should name the hook program +# 'post-revprop-change.bat' or 'post-revprop-change.exe', +# but the basic idea is the same. +# +# The hook program runs in an empty environment, unless the server is +# explicitly configured otherwise. For example, a common problem is for +# the PATH environment variable to not be set to its usual value, so +# that subprograms fail to launch unless invoked via absolute path. +# If you're having unexpected problems with a hook program, the +# culprit may be unusual (or missing) environment variables. +# +# CAUTION: +# For security reasons, you MUST always properly quote arguments when +# you use them, as those arguments could contain whitespace or other +# problematic characters. Additionally, you should delimit the list +# of options with "--" before passing the arguments, so malicious +# clients cannot bootleg unexpected options to the commands your +# script aims to execute. +# For similar reasons, you should also add a trailing @ to URLs which +# are passed to SVN commands accepting URLs with peg revisions. +# +# Here is an example hook script, for a Unix /bin/sh interpreter. +# For more examples and pre-written hooks, see those in +# the Subversion repository at +# http://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/ and +# http://svn.apache.org/repos/asf/subversion/trunk/contrib/hook-scripts/ + + +REPOS="$1" +REV="$2" +USER="$3" +PROPNAME="$4" +ACTION="$5" + +mailer.py propchange2 "$REPOS" "$REV" "$USER" "$PROPNAME" "$ACTION" /path/to/mailer.conf diff --git a/test/repos/simple-ext.svn/hooks/post-unlock.tmpl b/test/repos/simple-ext.svn/hooks/post-unlock.tmpl new file mode 100755 index 0000000..e33f793 --- /dev/null +++ b/test/repos/simple-ext.svn/hooks/post-unlock.tmpl @@ -0,0 +1,61 @@ +#!/bin/sh + +# POST-UNLOCK HOOK +# +# The post-unlock hook runs after a path is unlocked. Subversion runs +# this hook by invoking a program (script, executable, binary, etc.) +# named 'post-unlock' (for which this file is a template) with the +# following ordered arguments: +# +# [1] REPOS-PATH (the path to this repository) +# [2] USER (the user who destroyed the lock) +# +# The paths that were just unlocked are passed to the hook via STDIN. +# +# Because the lock has already been destroyed and cannot be undone, +# the exit code of the hook program is ignored. +# +# The default working directory for the invocation is undefined, so +# the program should set one explicitly if it cares. +# +# On a Unix system, the normal procedure is to have 'post-unlock' +# invoke other programs to do the real work, though it may do the +# work itself too. +# +# Note that 'post-unlock' must be executable by the user(s) who will +# invoke it (typically the user httpd runs as), and that user must +# have filesystem-level permission to access the repository. +# +# On a Windows system, you should name the hook program +# 'post-unlock.bat' or 'post-unlock.exe', +# but the basic idea is the same. +# +# The hook program runs in an empty environment, unless the server is +# explicitly configured otherwise. For example, a common problem is for +# the PATH environment variable to not be set to its usual value, so +# that subprograms fail to launch unless invoked via absolute path. +# If you're having unexpected problems with a hook program, the +# culprit may be unusual (or missing) environment variables. +# +# CAUTION: +# For security reasons, you MUST always properly quote arguments when +# you use them, as those arguments could contain whitespace or other +# problematic characters. Additionally, you should delimit the list +# of options with "--" before passing the arguments, so malicious +# clients cannot bootleg unexpected options to the commands your +# script aims to execute. +# For similar reasons, you should also add a trailing @ to URLs which +# are passed to SVN commands accepting URLs with peg revisions. +# +# Here is an example hook script, for a Unix /bin/sh interpreter. +# For more examples and pre-written hooks, see those in +# the Subversion repository at +# http://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/ and +# http://svn.apache.org/repos/asf/subversion/trunk/contrib/hook-scripts/ + + +REPOS="$1" +USER="$2" + +# Send email to interested parties, let them know a lock was removed: +mailer.py unlock "$REPOS" "$USER" /path/to/mailer.conf diff --git a/test/repos/simple-ext.svn/hooks/pre-commit.tmpl b/test/repos/simple-ext.svn/hooks/pre-commit.tmpl new file mode 100755 index 0000000..626e723 --- /dev/null +++ b/test/repos/simple-ext.svn/hooks/pre-commit.tmpl @@ -0,0 +1,91 @@ +#!/bin/sh + +# PRE-COMMIT HOOK +# +# The pre-commit hook is invoked before a Subversion txn is +# committed. Subversion runs this hook by invoking a program +# (script, executable, binary, etc.) named 'pre-commit' (for which +# this file is a template), with the following ordered arguments: +# +# [1] REPOS-PATH (the path to this repository) +# [2] TXN-NAME (the name of the txn about to be committed) +# +# [STDIN] LOCK-TOKENS ** the lock tokens are passed via STDIN. +# +# If STDIN contains the line "LOCK-TOKENS:\n" (the "\n" denotes a +# single newline), the lines following it are the lock tokens for +# this commit. The end of the list is marked by a line containing +# only a newline character. +# +# Each lock token line consists of a URI-escaped path, followed +# by the separator character '|', followed by the lock token string, +# followed by a newline. +# +# If the hook program exits with success, the txn is committed; but +# if it exits with failure (non-zero), the txn is aborted, no commit +# takes place, and STDERR is returned to the client. The hook +# program can use the 'svnlook' utility to help it examine the txn. +# +# *** NOTE: THE HOOK PROGRAM MUST NOT MODIFY THE TXN, EXCEPT *** +# *** FOR REVISION PROPERTIES (like svn:log or svn:author). *** +# +# This is why we recommend using the read-only 'svnlook' utility. +# In the future, Subversion may enforce the rule that pre-commit +# hooks should not modify the versioned data in txns, or else come +# up with a mechanism to make it safe to do so (by informing the +# committing client of the changes). However, right now neither +# mechanism is implemented, so hook writers just have to be careful. +# +# The default working directory for the invocation is undefined, so +# the program should set one explicitly if it cares. +# +# On a Unix system, the normal procedure is to have 'pre-commit' +# invoke other programs to do the real work, though it may do the +# work itself too. +# +# Note that 'pre-commit' must be executable by the user(s) who will +# invoke it (typically the user httpd runs as), and that user must +# have filesystem-level permission to access the repository. +# +# On a Windows system, you should name the hook program +# 'pre-commit.bat' or 'pre-commit.exe', +# but the basic idea is the same. +# +# The hook program runs in an empty environment, unless the server is +# explicitly configured otherwise. For example, a common problem is for +# the PATH environment variable to not be set to its usual value, so +# that subprograms fail to launch unless invoked via absolute path. +# If you're having unexpected problems with a hook program, the +# culprit may be unusual (or missing) environment variables. +# +# CAUTION: +# For security reasons, you MUST always properly quote arguments when +# you use them, as those arguments could contain whitespace or other +# problematic characters. Additionally, you should delimit the list +# of options with "--" before passing the arguments, so malicious +# clients cannot bootleg unexpected options to the commands your +# script aims to execute. +# For similar reasons, you should also add a trailing @ to URLs which +# are passed to SVN commands accepting URLs with peg revisions. +# +# Here is an example hook script, for a Unix /bin/sh interpreter. +# For more examples and pre-written hooks, see those in +# the Subversion repository at +# http://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/ and +# http://svn.apache.org/repos/asf/subversion/trunk/contrib/hook-scripts/ + + +REPOS="$1" +TXN="$2" + +# Make sure that the log message contains some text. +SVNLOOK=/opt/homebrew/Cellar/subversion/1.14.2_1/bin/svnlook +$SVNLOOK log -t "$TXN" "$REPOS" | \ + grep "[a-zA-Z0-9]" > /dev/null || exit 1 + +# Check that the author of this commit has the rights to perform +# the commit on the files and directories being modified. +commit-access-control.pl "$REPOS" "$TXN" commit-access-control.cfg || exit 1 + +# All checks passed, so allow the commit. +exit 0 diff --git a/test/repos/simple-ext.svn/hooks/pre-lock.tmpl b/test/repos/simple-ext.svn/hooks/pre-lock.tmpl new file mode 100755 index 0000000..148582a --- /dev/null +++ b/test/repos/simple-ext.svn/hooks/pre-lock.tmpl @@ -0,0 +1,95 @@ +#!/bin/sh + +# PRE-LOCK HOOK +# +# The pre-lock hook is invoked before an exclusive lock is +# created. Subversion runs this hook by invoking a program +# (script, executable, binary, etc.) named 'pre-lock' (for which +# this file is a template), with the following ordered arguments: +# +# [1] REPOS-PATH (the path to this repository) +# [2] PATH (the path in the repository about to be locked) +# [3] USER (the user creating the lock) +# [4] COMMENT (the comment of the lock) +# [5] STEAL-LOCK (1 if the user is trying to steal the lock, else 0) +# +# If the hook program outputs anything on stdout, the output string will +# be used as the lock token for this lock operation. If you choose to use +# this feature, you must guarantee the tokens generated are unique across +# the repository each time. +# +# If the hook program exits with success, the lock is created; but +# if it exits with failure (non-zero), the lock action is aborted +# and STDERR is returned to the client. +# +# The default working directory for the invocation is undefined, so +# the program should set one explicitly if it cares. +# +# On a Unix system, the normal procedure is to have 'pre-lock' +# invoke other programs to do the real work, though it may do the +# work itself too. +# +# Note that 'pre-lock' must be executable by the user(s) who will +# invoke it (typically the user httpd runs as), and that user must +# have filesystem-level permission to access the repository. +# +# On a Windows system, you should name the hook program +# 'pre-lock.bat' or 'pre-lock.exe', +# but the basic idea is the same. +# +# The hook program runs in an empty environment, unless the server is +# explicitly configured otherwise. For example, a common problem is for +# the PATH environment variable to not be set to its usual value, so +# that subprograms fail to launch unless invoked via absolute path. +# If you're having unexpected problems with a hook program, the +# culprit may be unusual (or missing) environment variables. +# +# CAUTION: +# For security reasons, you MUST always properly quote arguments when +# you use them, as those arguments could contain whitespace or other +# problematic characters. Additionally, you should delimit the list +# of options with "--" before passing the arguments, so malicious +# clients cannot bootleg unexpected options to the commands your +# script aims to execute. +# For similar reasons, you should also add a trailing @ to URLs which +# are passed to SVN commands accepting URLs with peg revisions. +# +# Here is an example hook script, for a Unix /bin/sh interpreter. +# For more examples and pre-written hooks, see those in +# the Subversion repository at +# http://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/ and +# http://svn.apache.org/repos/asf/subversion/trunk/contrib/hook-scripts/ + + +REPOS="$1" +PATH="$2" +USER="$3" +COMMENT="$4" +STEAL="$5" + +# If a lock exists and is owned by a different person, don't allow it +# to be stolen (e.g., with 'svn lock --force ...'). + +# (Maybe this script could send email to the lock owner?) +SVNLOOK=/opt/homebrew/Cellar/subversion/1.14.2_1/bin/svnlook +GREP=/bin/grep +SED=/bin/sed + +LOCK_OWNER=`$SVNLOOK lock "$REPOS" "$PATH" | \ + $GREP '^Owner: ' | $SED 's/Owner: //'` + +# If we get no result from svnlook, there's no lock, allow the lock to +# happen: +if [ "$LOCK_OWNER" = "" ]; then + exit 0 +fi + +# If the person locking matches the lock's owner, allow the lock to +# happen: +if [ "$LOCK_OWNER" = "$USER" ]; then + exit 0 +fi + +# Otherwise, we've got an owner mismatch, so return failure: +echo "Error: $PATH already locked by ${LOCK_OWNER}." 1>&2 +exit 1 diff --git a/test/repos/simple-ext.svn/hooks/pre-revprop-change.tmpl b/test/repos/simple-ext.svn/hooks/pre-revprop-change.tmpl new file mode 100755 index 0000000..8b065d7 --- /dev/null +++ b/test/repos/simple-ext.svn/hooks/pre-revprop-change.tmpl @@ -0,0 +1,79 @@ +#!/bin/sh + +# PRE-REVPROP-CHANGE HOOK +# +# The pre-revprop-change hook is invoked before a revision property +# is added, modified or deleted. Subversion runs this hook by invoking +# a program (script, executable, binary, etc.) named 'pre-revprop-change' +# (for which this file is a template), with the following ordered +# arguments: +# +# [1] REPOS-PATH (the path to this repository) +# [2] REV (the revision being tweaked) +# [3] USER (the username of the person tweaking the property) +# [4] PROPNAME (the property being set on the revision) +# [5] ACTION (the property is being 'A'dded, 'M'odified, or 'D'eleted) +# +# [STDIN] PROPVAL ** the new property value is passed via STDIN. +# +# If the hook program exits with success, the propchange happens; but +# if it exits with failure (non-zero), the propchange doesn't happen. +# The hook program can use the 'svnlook' utility to examine the +# existing value of the revision property. +# +# WARNING: unlike other hooks, this hook MUST exist for revision +# properties to be changed. If the hook does not exist, Subversion +# will behave as if the hook were present, but failed. The reason +# for this is that revision properties are UNVERSIONED, meaning that +# a successful propchange is destructive; the old value is gone +# forever. We recommend the hook back up the old value somewhere. +# +# The default working directory for the invocation is undefined, so +# the program should set one explicitly if it cares. +# +# On a Unix system, the normal procedure is to have 'pre-revprop-change' +# invoke other programs to do the real work, though it may do the +# work itself too. +# +# Note that 'pre-revprop-change' must be executable by the user(s) who will +# invoke it (typically the user httpd runs as), and that user must +# have filesystem-level permission to access the repository. +# +# On a Windows system, you should name the hook program +# 'pre-revprop-change.bat' or 'pre-revprop-change.exe', +# but the basic idea is the same. +# +# The hook program runs in an empty environment, unless the server is +# explicitly configured otherwise. For example, a common problem is for +# the PATH environment variable to not be set to its usual value, so +# that subprograms fail to launch unless invoked via absolute path. +# If you're having unexpected problems with a hook program, the +# culprit may be unusual (or missing) environment variables. +# +# CAUTION: +# For security reasons, you MUST always properly quote arguments when +# you use them, as those arguments could contain whitespace or other +# problematic characters. Additionally, you should delimit the list +# of options with "--" before passing the arguments, so malicious +# clients cannot bootleg unexpected options to the commands your +# script aims to execute. +# For similar reasons, you should also add a trailing @ to URLs which +# are passed to SVN commands accepting URLs with peg revisions. +# +# Here is an example hook script, for a Unix /bin/sh interpreter. +# For more examples and pre-written hooks, see those in +# the Subversion repository at +# http://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/ and +# http://svn.apache.org/repos/asf/subversion/trunk/contrib/hook-scripts/ + + +REPOS="$1" +REV="$2" +USER="$3" +PROPNAME="$4" +ACTION="$5" + +if [ "$ACTION" = "M" -a "$PROPNAME" = "svn:log" ]; then exit 0; fi + +echo "Changing revision properties other than svn:log is prohibited" >&2 +exit 1 diff --git a/test/repos/simple-ext.svn/hooks/pre-unlock.tmpl b/test/repos/simple-ext.svn/hooks/pre-unlock.tmpl new file mode 100755 index 0000000..9ba99d0 --- /dev/null +++ b/test/repos/simple-ext.svn/hooks/pre-unlock.tmpl @@ -0,0 +1,87 @@ +#!/bin/sh + +# PRE-UNLOCK HOOK +# +# The pre-unlock hook is invoked before an exclusive lock is +# destroyed. Subversion runs this hook by invoking a program +# (script, executable, binary, etc.) named 'pre-unlock' (for which +# this file is a template), with the following ordered arguments: +# +# [1] REPOS-PATH (the path to this repository) +# [2] PATH (the path in the repository about to be unlocked) +# [3] USER (the user destroying the lock) +# [4] TOKEN (the lock token to be destroyed) +# [5] BREAK-UNLOCK (1 if the user is breaking the lock, else 0) +# +# If the hook program exits with success, the lock is destroyed; but +# if it exits with failure (non-zero), the unlock action is aborted +# and STDERR is returned to the client. +# +# The default working directory for the invocation is undefined, so +# the program should set one explicitly if it cares. +# +# On a Unix system, the normal procedure is to have 'pre-unlock' +# invoke other programs to do the real work, though it may do the +# work itself too. +# +# Note that 'pre-unlock' must be executable by the user(s) who will +# invoke it (typically the user httpd runs as), and that user must +# have filesystem-level permission to access the repository. +# +# On a Windows system, you should name the hook program +# 'pre-unlock.bat' or 'pre-unlock.exe', +# but the basic idea is the same. +# +# The hook program runs in an empty environment, unless the server is +# explicitly configured otherwise. For example, a common problem is for +# the PATH environment variable to not be set to its usual value, so +# that subprograms fail to launch unless invoked via absolute path. +# If you're having unexpected problems with a hook program, the +# culprit may be unusual (or missing) environment variables. +# +# CAUTION: +# For security reasons, you MUST always properly quote arguments when +# you use them, as those arguments could contain whitespace or other +# problematic characters. Additionally, you should delimit the list +# of options with "--" before passing the arguments, so malicious +# clients cannot bootleg unexpected options to the commands your +# script aims to execute. +# For similar reasons, you should also add a trailing @ to URLs which +# are passed to SVN commands accepting URLs with peg revisions. +# +# Here is an example hook script, for a Unix /bin/sh interpreter. +# For more examples and pre-written hooks, see those in +# the Subversion repository at +# http://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/ and +# http://svn.apache.org/repos/asf/subversion/trunk/contrib/hook-scripts/ + + +REPOS="$1" +PATH="$2" +USER="$3" +TOKEN="$4" +BREAK="$5" + +# If a lock is owned by a different person, don't allow it be broken. +# (Maybe this script could send email to the lock owner?) + +SVNLOOK=/opt/homebrew/Cellar/subversion/1.14.2_1/bin/svnlook +GREP=/bin/grep +SED=/bin/sed + +LOCK_OWNER=`$SVNLOOK lock "$REPOS" "$PATH" | \ + $GREP '^Owner: ' | $SED 's/Owner: //'` + +# If we get no result from svnlook, there's no lock, return success: +if [ "$LOCK_OWNER" = "" ]; then + exit 0 +fi + +# If the person unlocking matches the lock's owner, return success: +if [ "$LOCK_OWNER" = "$USER" ]; then + exit 0 +fi + +# Otherwise, we've got an owner mismatch, so return failure: +echo "Error: $PATH locked by ${LOCK_OWNER}." 1>&2 +exit 1 diff --git a/test/repos/simple-ext.svn/hooks/start-commit.tmpl b/test/repos/simple-ext.svn/hooks/start-commit.tmpl new file mode 100755 index 0000000..1395e83 --- /dev/null +++ b/test/repos/simple-ext.svn/hooks/start-commit.tmpl @@ -0,0 +1,81 @@ +#!/bin/sh + +# START-COMMIT HOOK +# +# The start-commit hook is invoked immediately after a Subversion txn is +# created and populated with initial revprops in the process of doing a +# commit. Subversion runs this hook by invoking a program (script, +# executable, binary, etc.) named 'start-commit' (for which this file +# is a template) with the following ordered arguments: +# +# [1] REPOS-PATH (the path to this repository) +# [2] USER (the authenticated user attempting to commit) +# [3] CAPABILITIES (a colon-separated list of capabilities reported +# by the client; see note below) +# [4] TXN-NAME (the name of the commit txn just created) +# +# Note: The CAPABILITIES parameter is new in Subversion 1.5, and 1.5 +# clients will typically report at least the "mergeinfo" capability. +# If there are other capabilities, then the list is colon-separated, +# e.g.: "mergeinfo:some-other-capability" (the order is undefined). +# +# The list is self-reported by the client. Therefore, you should not +# make security assumptions based on the capabilities list, nor should +# you assume that clients reliably report every capability they have. +# +# Note: The TXN-NAME parameter is new in Subversion 1.8. Prior to version +# 1.8, the start-commit hook was invoked before the commit txn was even +# created, so the ability to inspect the commit txn and its metadata from +# within the start-commit hook was not possible. +# +# If the hook program exits with success, the commit continues; but +# if it exits with failure (non-zero), the commit is stopped before +# a Subversion txn is created, and STDERR is returned to the client. +# +# The default working directory for the invocation is undefined, so +# the program should set one explicitly if it cares. +# +# On a Unix system, the normal procedure is to have 'start-commit' +# invoke other programs to do the real work, though it may do the +# work itself too. +# +# Note that 'start-commit' must be executable by the user(s) who will +# invoke it (typically the user httpd runs as), and that user must +# have filesystem-level permission to access the repository. +# +# On a Windows system, you should name the hook program +# 'start-commit.bat' or 'start-commit.exe', +# but the basic idea is the same. +# +# The hook program runs in an empty environment, unless the server is +# explicitly configured otherwise. For example, a common problem is for +# the PATH environment variable to not be set to its usual value, so +# that subprograms fail to launch unless invoked via absolute path. +# If you're having unexpected problems with a hook program, the +# culprit may be unusual (or missing) environment variables. +# +# CAUTION: +# For security reasons, you MUST always properly quote arguments when +# you use them, as those arguments could contain whitespace or other +# problematic characters. Additionally, you should delimit the list +# of options with "--" before passing the arguments, so malicious +# clients cannot bootleg unexpected options to the commands your +# script aims to execute. +# For similar reasons, you should also add a trailing @ to URLs which +# are passed to SVN commands accepting URLs with peg revisions. +# +# Here is an example hook script, for a Unix /bin/sh interpreter. +# For more examples and pre-written hooks, see those in +# the Subversion repository at +# http://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/ and +# http://svn.apache.org/repos/asf/subversion/trunk/contrib/hook-scripts/ + + +REPOS="$1" +USER="$2" + +commit-allower.pl --repository "$REPOS" --user "$USER" || exit 1 +special-auth-check.py --user "$USER" --auth-level 3 || exit 1 + +# All checks passed, so allow the commit. +exit 0 diff --git a/test/repos/simple-ext.svn/locks/db-logs.lock b/test/repos/simple-ext.svn/locks/db-logs.lock new file mode 100644 index 0000000..20dd636 --- /dev/null +++ b/test/repos/simple-ext.svn/locks/db-logs.lock @@ -0,0 +1,3 @@ +This file is not used by Subversion 1.3.x or later. +However, its existence is required for compatibility with +Subversion 1.2.x or earlier. diff --git a/test/repos/simple-ext.svn/locks/db.lock b/test/repos/simple-ext.svn/locks/db.lock new file mode 100644 index 0000000..20dd636 --- /dev/null +++ b/test/repos/simple-ext.svn/locks/db.lock @@ -0,0 +1,3 @@ +This file is not used by Subversion 1.3.x or later. +However, its existence is required for compatibility with +Subversion 1.2.x or earlier. diff --git a/test/test_sys_checkout.py b/test/test_sys_checkout.py old mode 100644 new mode 100755 index ab4f77e..664160d --- a/test/test_sys_checkout.py +++ b/test/test_sys_checkout.py @@ -97,6 +97,7 @@ SIMPLE_REPO = 'simple-ext.git' # Child repo SIMPLE_FORK_REPO = 'simple-ext-fork.git' # Child repo MIXED_REPO = 'mixed-cont-ext.git' # Both parent and child +SVN_TEST_REPO = 'simple-ext.svn' # Subversion repository # Standard (arbitrary) external names for test configs TAG_SECTION = 'simp_tag' @@ -120,8 +121,6 @@ # Branch that exists in both the simple and simple-fork repos. REMOTE_BRANCH_FEATURE2 = 'feature2' -SVN_TEST_REPO = 'https://github.com/escomp/cesm' - # Disable too-many-public-methods error # pylint: disable=R0904 @@ -354,7 +353,7 @@ def create_section_reference_to_subexternal(self, name): self._config.set(name, ExternalsDescription.EXTERNALS, CFG_SUB_NAME) - def create_svn_external(self, name, tag='', branch=''): + def create_svn_external(self, name, url, tag='', branch=''): """Create a config section for an svn repository. """ @@ -365,7 +364,7 @@ def create_svn_external(self, name, tag='', branch=''): self._config.set(name, ExternalsDescription.PROTOCOL, ExternalsDescription.PROTOCOL_SVN) - self._config.set(name, ExternalsDescription.REPO_URL, SVN_TEST_REPO) + self._config.set(name, ExternalsDescription.REPO_URL, url) self._config.set(name, ExternalsDescription.REQUIRED, str(True)) @@ -1387,36 +1386,10 @@ def test_container_sparse(self): 'simple_subdir', 'subdir_file.txt')) - class TestSysCheckoutSVN(BaseTestSysCheckout): """Run systems level tests of checkout_externals accessing svn repositories - SVN tests - these tests use the svn repository interface. Since - they require an active network connection, they are significantly - slower than the git tests. But svn testing is critical. So try to - design the tests to only test svn repository functionality - (checkout, switch) and leave generic testing of functionality like - 'optional' to the fast git tests. - - Example timing as of 2017-11: - - * All other git and unit tests combined take between 4-5 seconds - - * Just checking if svn is available for a single test takes 2 seconds. - - * The single svn test typically takes between 10 and 25 seconds - (depending on the network)! - - NOTE(bja, 2017-11) To enable CI testing we can't use a real remote - repository that restricts access and it seems inappropriate to hit - a random open source repo. For now we are just hitting one of our - own github repos using the github svn server interface. This - should be "good enough" for basic checkout and swich - functionality. But if additional svn functionality is required, a - better solution will be necessary. I think eventually we want to - create a small local svn repository on the fly (doesn't require an - svn server or network connection!) and use it for testing. - + SVN tests - these tests use the svn repository interface. """ @staticmethod @@ -1427,6 +1400,9 @@ def _svn_branch_name(): def _svn_tag_name(): return './{0}/svn_tag'.format(EXTERNALS_PATH) + def _svn_test_repo_url(self): + return 'file://' + os.path.join(self._bare_root, SVN_TEST_REPO) + def _check_tag_branch_svn_tag_clean(self, tree): self._check_sync_clean(tree[self._external_path(TAG_SECTION)], ExternalStatus.STATUS_OK, @@ -1438,13 +1414,12 @@ def _check_tag_branch_svn_tag_clean(self, tree): ExternalStatus.STATUS_OK, ExternalStatus.STATUS_OK) - @staticmethod - def _have_svn_access(): + def _have_svn_access(self): """Check if we have svn access so we can enable tests that use svn. """ have_svn = False - cmd = ['svn', 'ls', SVN_TEST_REPO, ] + cmd = ['svn', 'ls', self._svn_test_repo_url(), ] try: execute_subprocess(cmd) have_svn = True @@ -1472,8 +1447,8 @@ def test_container_simple_svn(self): self._generator.create_section(SIMPLE_REPO, TAG_SECTION, tag='tag1') # Svn repos. - self._generator.create_svn_external('svn_branch', branch='trunk') - self._generator.create_svn_external('svn_tag', tag='tags/cesm2.0.beta07') + self._generator.create_svn_external('svn_branch', self._svn_test_repo_url(), branch='trunk') + self._generator.create_svn_external('svn_tag', self._svn_test_repo_url(), tag='tags/cesm2.0.beta07') self._generator.write_config(cloned_repo_dir) @@ -1557,7 +1532,7 @@ def setUp(self): execute_subprocess(cmd) cmd = ['git', 'checkout', self._bare_branch_name] execute_subprocess(cmd) - cmd = ['git', 'submodule', 'add', fork_repo_dir] + cmd = ['git', '-c', 'protocol.file.allow=always','submodule', 'add', fork_repo_dir] execute_subprocess(cmd) cmd = ['git', 'commit', '-am', "'Added simple-ext-fork as a submodule'"] execute_subprocess(cmd) @@ -1571,7 +1546,7 @@ def setUp(self): execute_subprocess(cmd) cmd = ['git', 'checkout', self._config_branch_name] execute_subprocess(cmd) - cmd = ['git', 'submodule', 'add', '--name', SIMPLE_REPO, + cmd = ['git', '-c', 'protocol.file.allow=always', 'submodule', 'add', '--name', SIMPLE_REPO, simple_repo_dir, self._simple_ext_name] execute_subprocess(cmd) # Checkout feature2