[MacPorts] howto/SyncingWithSVN modified

Wed Nov 20 06:10:46 PST 2013

On 2013-11-20 20:58 , Rainer Müller wrote:
> On 2013-11-20 04:19, MacPorts wrote:
>> Page "howto/SyncingWithSVN" was changed by cobbe at ccs.neu.edu
>> Diff URL: <https://trac.macports.org/wiki/howto/SyncingWithSVN?action=diff&version=12>
>> Revision 12
>> Comment: Added SVN proxy and certificate configuration instructions.
>> Changes:
>> -------8<------8<------8<------8<------8<------8<------8<------8<--------
>> Index: howto/SyncingWithSVN
>> =========================================================================
>> --- howto/SyncingWithSVN (version: 11)
>> +++ howto/SyncingWithSVN (version: 12)
>> @@ -44,11 +44,22 @@
>>  file://$prefix/var/macports/sources/svn.macports.org/trunk/dports/ [default]
>>  }}}
>>  
>> +=== Step 3: '''Configure Subversion''' ===
>>  
>> +First, tell subversion to use your proxy to connect to the server:
>> +1. If $prefix/var/macports/home/.subversion/servers doesn't exist, create it by copying the corresponding file from another user.  (SVN automatically creates this file if it doesn't exist.)
>> +2. Edit the file and set a proxy for hosts at `*.macports.org`.  Different proxy configurations require different sets of options here, but the file is pretty well commented, so it should be easy to figure out what you need.  At a minimum you'll need settings for http-proxy-host and http-proxy-port.
>> +
>> +Finally, if you want to use SVN over HTTPS to access the repository, you'll need to tell SVN to trust the MacPorts signature.  (SVN doesn't trust the authority that issued it, and `port sync` below invokes `svn up` with the `--non-interactive` flag, so you won't have the opportunity to accept the certificate then.)
>> +1. `mkdir -p $prefix/var/macports/home/.subversion/auth/svn.ssl.server`
>> +2. As a normal user, run `svn ls https://svn.macports.org/repository/macports/trunk/dports/`.  When prompted, accept the certificate permanently.
>> +3. SVN will store the certificate in a file in the directory `$HOME/.subversion/auth/svn.ssl.server`.  In that directory, find the file that contains the string "`https://svn.macports.org`" and copy it into `$prefix/var/macports/home/.subversion/auth/svn.ssl.server`.
>> +
>> +Or, you can use SVN over HTTP, in which case you don't need to worry about the certificate.
> 
> Wouldn't this only be a problem if the Subversion checkout is owned by
> the macports user? If it's owned by your user account it should also use
> the same configuration files.

Also, the certificate trust is only a problem on certain versions of OS
X, and it's not just the certs for macports.org, the system svn doesn't
trust (or know about) any root certificates.

This can be worked around by doing the initial checkout manually and
then installing the subversion port. And of course forcing svn to trust
the cert that first time is potentially insecure, so you really ought to
verify the fingerprint it shows in any case. (And using http instead of
https just ensures the insecurity.)

- Josh