Eric Crahen wrote:
I have some questions on the new SVNKit integration.
#1) Connection Error?
I upgraded from using an external svn binary in hudson 1.6.8, to hudson
version 1.75 which uses SVNKit. When I create a new project and place my svn
url in the field, I an given the following error.
"Unable to access http://myserver/svn/myproject : svn: Unable to create
SVNRepository object for 'http://myserver/svn/myproject' (Maybe you
need to enter
credential<http://localhost:8080/hudson/scm/SubversionSCM/enterCredential?http://myserver/svn/myproject>
?)"
I was previously able to access this URL with my external client. I'm not
sure what when wrong, I looked at stdout, I looked in my servlet container
logs and I checked the "Manage Hudson" system log and I did not find any
output that would help me understand the error. There is no credential
required to check out of this respository, anonymous access is perfectly OK.
What can I do to find the source of the error? Is there a way to make the
real error more obvious to the user? (I think SVNKit must have produced some
sort of useful error message we could use.)
I think this is the same issue reported in #245. I need to take a look
at this.
#2) Trust?
Another thing I have a question about is how can I provide SVNKit with the
set of certificates I trust? My repository requires an SSL login in order to
perform updates, which I would want to do after the fact tagging. My
repository uses a self-signed certificate which is not going to trusted
without extra work. The way I told my svn binary to trust my servers
certificate was by first using the user account I ran hudson as to do an:
svn https://myserver/svn/myproject
This would cause the svn binary to prompt me that this server has a
self-signed cert and asks me if I should trust it. I would select yes
permanently and svn would save some info in ~/.subversion to say trust this
certificate. Later when I used hudson, I ran svn as the user and svn
remebered to trust this server because of the data in ~/.subversion
With the SVNKit integration, its not immediately obvious to me how to
associate a trusted certificate with an SVN connection. I suppose one method
would be to manually create a jks trust store and run hudson with the
correct -Djavax.net.ssl.trustStore, -Djavax.net.ssl.trustStorePasswordoptions.
Since I haven't gotten past my first problem I can't confirm this works, but
it ought to.
I actually tell svnkit to accept any server certificate without any
check, so this should work just fine.
#3) Username / Password the only credential?
I can also configure my subversion repository to use SSL client
identification as a credential, instead of or along with user/name password.
I'm not doing this, but it would be an interesting thing for the TODO list.
I see. I guess I don't have the environment to test this, so I could use
some help.
--
Kohsuke Kawaguchi
Sun Microsystems kohsuke.kawaguchi@xxxxxxx
smime.p7s
Description: S/MIME Cryptographic Signature
| 