Svn_authz_mail
Svn_authz_mail is a Perl script intended to assist with the maintenance of Subversion source-code repositories. It is common to configure Subversion such that it sends out an email to the project team, upon the successful commit of updated code (via a “post-commit hook”). One good mechanism for doing that is Dave Wheeler’s SVN::Notify Perl module, which provides colorized HTML email to an email list. It is also not uncommon to configure Subversion with access control, so that particular users have read or write permission. The Subversion “AuthZSVNAccessFile” is a good way to configure this, as it allow path and module-based specification of access rights in a fairly simple manner, and separates authorization from authentication (i.e. the AuthZ file doesn’t contain password or other account information).
But, if you think about it, one has to maintain two lists of people: One is a per-repository list for email notification, and the other is a server-wide authorization file. Svn_authz_mail combines the two, by finding the appropriate users for the email list from the AuthZ file. Based on the Subversion revision, it finds the files that were modified in the commit, determines the union of people that have access to those files, looks up their emails (from an htpasswd-style file), and write out the appropriate arguments for the SVN::Notify script. It uses Michael Gregorowicz’s SVN::Access Perl module to interpret the AuthZ file, and (hopefully) follows Subversion’s rules for determining access.
Here’s an example of its use, in a post-commit hook script (on Debian Linux):
#!/bin/sh # This post-commit hook script shows an example of the use of the # svn_authz_mail script, along with the SVN::Notify script. # REPOS="$1" REV="$2" MODULE=svn_authz_mail PROJPREFIX="[SVN $MODULE ]" SVNLOOK=/usr/bin/svnlook SENDMAIL=/usr/sbin/sendmail PASSWDDB=/etc/apache2/apache.password AUTHZFILE=/home/subversion/public.authz MAILFINDER=/home/jborlik/projects/svn_authz_mail/svn_authz_mail.pl VIEWURL="https://www.borlik.net/websvn/listing.php?repname=${MODULE}&path=%2F&sv=0" INFORMUSERS=`$MAILFINDER --module $MODULE --passwd $PASSWDDB --write_from --write_to --translate --svnrev $REV --repo $REPOS --authz $AUTHZFILE` /usr/local/bin/svnnotify --repos-path "$REPOS" --revision "$REV" \ $INFORMUSERS \ --subject-prefix "$PROJPREFIX" --subject-cx \ --svnlook $SVNLOOK --sendmail $SENDMAIL \ --viewcvs-url $VIEWURL --handler HTML::ColorDiff --with-diffCommand-line options:
svn_authz_mail [options] [file ...] Options: --authz filepath Path to AuthZ file --svnlook filepath Path to svnlook, defaults to /usr/bin/svnlook --module name Name of the SVN module, e.g. MyProject --passwd filepath Path to the username/email database file --write_from Write out the SVN::Notify --from email address --write_to Write out the set of SVN::Notify --to email --translate Translate the usernames to email address --debug Output some text debugging information --svnrev number SVN revision in question (often $2) --repo filepath Path to the SVN module repository (often $1) --help This messageOther notes:
- The script can write out both the set of “--to” SVN::Notify options and the “--from" option. In this case, the “from” option is really just done for the username/email lookup.
- The htpasswd-style file can also be used for authentication, as it is a colon-separated file, and the Svn_authz_mail script only cares about the first (username) and fourth (email) field (which is not normally used). But, it doesn’t have to be… For example, if you are using LDAP for your authentication (via Apache), this file would just contain a dump of your LDAP-based address book, in the form [username:::email].
- I don’t think that the script does a good job with emails with apostrophes, and they might have to be “backslashified” in the user database.
- Copyright 2008 Jeffrey Borlik. It is covered under the GNU General Public License. It is distributed in the hope that it is useful, but without any warranty; without even the implied warranty of mechantability or fitness for a particular purpose.
- Download the zip file, which contains the script as well as some example other files.
- The script depends upon SVN::Access. So, you might need to “perl –MCPAN –e install SVN::Access”.