having trouble syncing via svn behind corporate firewall

Richard Cobbe cobbe at ccs.neu.edu
Mon Nov 18 19:30:00 PST 2013


On Thu, Nov 14, 2013 at 06:36:38PM -0600, Ryan Schmidt wrote:
>
> On Nov 14, 2013, at 18:30, Richard Cobbe wrote:
>
> > I followed the directions at
> > <http://trac.macports.org/wiki/howto/SyncingWithSVN>, and after modifying
> > both ~/.subversion/servers and ~root/.subversion/servers to use the
> > corporate http proxy, I was able to perform the initial checkout with no
> > problem.
>
> These settings are likely not taking effect, when MacPorts is running the
> svn command.
>
> You could try copying your ~/.subversion/servers file to
> /opt/local/var/macports/home/.subversion/servers

Well, after a little bit of work to get around certificate issues, this
worked just fine.  Thanks!

Might I suggest that someone with write permissions update the wiki page at
<http://trac.macports.org/wiki/howto/SyncingWithSVN> to reflect two things?

  1) the change to /opt/local/var/macports/home/.subversion/servers, as
     above

  2) Those who want to use svn over https will also need to put the
     server's certificate in
     /opt/local/var/macports/home/.subversion/auth/svn.ssl.server, because
     svn doesn't natively trust the certificate's issuer, and the
     --non-interactive switch that "port sync" passes to svn prevents the
     client from accepting it.

     (I got the certificate by running "svn ls
     https://svn.macports.org/repository/macports/trunk/dports" as my
     normal user, then choosing to accept the certificate permanently, then
     finding the appropriate file in ~/.subversion/auth/svn.ssl.server.)

I'm assuming, of course, that there's no undue risk in accepting this
certificate permanently.  Along those lines, though, would it be possible
to publish the certificate's fingerprint on macports.org so users could
verify it?  (Apologies if it is published there; I searched around but
couldn't find it.)

Also, while "sudo port sync" works just fine, "sudo port selfupdate"
doesn't, since the corporate proxy blocks rsync.  I'm assuming that this
means I should use "sudo port sync" to update the list of packages, and
when a new release comes out, just download the new installer from
macports.org and install that.  Is that correct?

Thanks a bunch!

Richard


More information about the macports-users mailing list