« May 2008 | Main | July 2008 »

June 22, 2008

Svn_authz_mail

Svn_authz_mail is a Perl script intended to assist with the maintenance of Subversion source-code repositories. It is common to configure Subversion such that it sends out an email to the project team, upon the successful commit of updated code (via a “post-commit hook”). One good mechanism for doing that is Dave Wheeler’s SVN::Notify Perl module, which provides colorized HTML email to an email list. It is also not uncommon to configure Subversion with access control, so that particular users have read or write permission. The Subversion “AuthZSVNAccessFile” is a good way to configure this, as it allow path and module-based specification of access rights in a fairly simple manner, and separates authorization from authentication (i.e. the AuthZ file doesn’t contain password or other account information).

But, if you think about it, one has to maintain two lists of people: One is a per-repository list for email notification, and the other is a server-wide authorization file. Svn_authz_mail combines the two, by finding the appropriate users for the email list from the AuthZ file. Based on the Subversion revision, it finds the files that were modified in the commit, determines the union of people that have access to those files, looks up their emails (from an htpasswd-style file), and write out the appropriate arguments for the SVN::Notify script. It uses Michael Gregorowicz’s SVN::Access Perl module to interpret the AuthZ file, and (hopefully) follows Subversion’s rules for determining access.

Here’s an example of its use, in a post-commit hook script (on Debian Linux):

#!/bin/sh

# This post-commit hook script shows an example of the use of the
# svn_authz_mail script, along with the SVN::Notify script.
# 
REPOS="$1"
REV="$2"

MODULE=svn_authz_mail
PROJPREFIX="[SVN $MODULE ]"
SVNLOOK=/usr/bin/svnlook
SENDMAIL=/usr/sbin/sendmail
PASSWDDB=/etc/apache2/apache.password
AUTHZFILE=/home/subversion/public.authz
MAILFINDER=/home/jborlik/projects/svn_authz_mail/svn_authz_mail.pl
VIEWURL="https://www.borlik.net/websvn/listing.php?repname=${MODULE}&path=%2F&sv=0"
INFORMUSERS=`$MAILFINDER --module $MODULE --passwd $PASSWDDB --write_from --write_to --translate --svnrev $REV --repo $REPOS --authz $AUTHZFILE`

/usr/local/bin/svnnotify --repos-path "$REPOS" --revision "$REV" \
                         $INFORMUSERS \
                         --subject-prefix "$PROJPREFIX" --subject-cx \
                         --svnlook $SVNLOOK --sendmail $SENDMAIL \
                         --viewcvs-url $VIEWURL --handler HTML::ColorDiff  --with-diff
Command-line options:
       svn_authz_mail [options] [file ...]

        Options:
           --authz filepath     Path to AuthZ file
           --svnlook filepath   Path to svnlook, defaults to /usr/bin/svnlook
           --module name        Name of the SVN module, e.g. MyProject
           --passwd filepath    Path to the username/email database file
           --write_from         Write out the SVN::Notify --from email address
           --write_to           Write out the set of SVN::Notify --to email
           --translate          Translate the usernames to email address
           --debug              Output some text debugging information
           --svnrev number      SVN revision in question (often $2)
           --repo filepath      Path to the SVN module repository (often $1)
           --help               This message
Other notes:
  • The script can write out both the set of “--to” SVN::Notify options and the “--from" option. In this case, the “from” option is really just done for the username/email lookup.
  • The htpasswd-style file can also be used for authentication, as it is a colon-separated file, and the Svn_authz_mail script only cares about the first (username) and fourth (email) field (which is not normally used). But, it doesn’t have to be… For example, if you are using LDAP for your authentication (via Apache), this file would just contain a dump of your LDAP-based address book, in the form [username:::email].
  • I don’t think that the script does a good job with emails with apostrophes, and they might have to be “backslashified” in the user database.
  • Copyright 2008 Jeffrey Borlik. It is covered under the GNU General Public License. It is distributed in the hope that it is useful, but without any warranty; without even the implied warranty of mechantability or fitness for a particular purpose.
Download / Installation:
  • Download the zip file, which contains the script as well as some example other files.
  • The script depends upon SVN::Access. So, you might need to “perl –MCPAN –e install SVN::Access”.

Ads