NAME
SVNPlus::TagProtect - Perl extension for Subversion tag protection
SYNOPSIS
This is a fully functional Subversion "pre-commit" file for deploying this object.
#! /usr/bin/perl -w
use warnings;
use strict;
use SVNPlus::TagProtect;
$_ = $0;
s@.*/@@;
my $NAME = $_;
# build the object: it exits if args are invalid
my $tagprotect = SVNPlus::TagProtect->new( $0, \@ARGV );
if ( $tagprotect->SimplyAllow() )
{
# if the commit is ok, because it does impact protected directories,
# but debug is wanted then this script must exit NON-zero, which
# causes the commit to fail but the client gets the standard error.
# A zero exit causes the STDERR to be squashed. If any "True"
# errors occured, "SimplyAllow" will have printed them to standard
# error and would have returned 0.
if ( $tagprotect->GetDebugLevel > 0 )
{
print STDERR
"$NAME: SimplyAllow succeeded but script exiting 1 (FAIL) because debug is enabled.\n";
exit 1;
}
exit 0;
}
if ( $tagprotect->AllowCommit() )
{
# if the commit is ok, i.e.: it is allowed, but debug is wanted
# then this script must exit NON-zero, which causes the commit to
# fail but the client gets the standard error. A zero exit causes
# the STDERR to be squashed. If any "True" errors occurred,
# "AllowCommit" will have printed them to standard error and would
# have returned 0.
if ( $tagprotect->GetDebugLevel > 0 )
{
print STDERR
"$NAME: AllowCommit succeeded but script exiting 1 (FAIL) because debug is enabled.\n";
exit 1;
}
exit 0;
}
# commit is not allowed, sub "AllowCommit" has already output the reason
print STDERR "$NAME: exit 1 (FAIL) this is a true prevent commit condition.\n"
if ( $tagprotect->GetDebugLevel > 0 );
exit 1;DESCRIPTION
THIS SCRIPT IS A hook FOR Subversion AND IS NOT MEANT TO BE RUN FROM THE COMMAND LINE UNDER NORMAL USAGE.
It would be run from the command line for configuration testing and configuration debugging. TagProtect provides immutablity (write once) protection for the /tags directory of a subversion repository. This is the default protected directory and everything is configurable.
Subversion requires that this software be invoked with the name pre-commit. Installation of this subversion hook is trivial, simply put pre-commit into the directory named hooks found under the directory where you have built the subversion repostitory. Make sure pre-commit is executable by the owner of the httpd process.
The subversion admistrator - or anyone with write permission on the subversion installation directory - can change the configurtion. Below is a complete configuration set with default values: Debug value and where subversion looks for programs it needs:
DEBUG = 0
SVNPATH = "/usr/bin/svn"
SVNLOOK = "/usr/bin/svnlook"The remaining configuration variables comprise an N-Tuple and this set can be repeated as many times as wanted.
PROTECTED_PARENT = "/tags" # a literal path
PROTECTED_PRJDIRS = "/tags/*" # literal, glob, or blank
PRJDIR_CREATORS = "*" # or comma list, or blank
ARCHIVE_DIRECTORY = "Archive" # directory nameDo not configure directories with trailing slash characters, if you do they will simply be discarded anyway but to avoid confusion don't add them. The configuration of the protected project directories variable, PROTECTED_PRJDIRS, must start with the exact same path as its associated protected parent configuration, namely PROTECTED_PARENT. This is for security. Also for security any instances of /../ (or the like) found in the PROTECTED_PRJDIRS variable will be discared.
Each TAG_FOLDER value must be unique and two(2) or more of them cannot be subdirectories of each other. For example:
PROTECTED_PARENT = "/tags"
PROTECTED_PARENT = "/tags/foobar"will not be allowed.
SEE ALSO
svn(1), svnlook(1), "Version Control with Subversion" at http://svnbook.red-bean.com/
AUTHOR
Joseph C. Pietras, <joseph.pietras@gmail.com>
COPYRIGHT AND LICENSE
Copyright (C) 2015 by Joseph C. Pietras
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.16.3 or, at your option, any later version of Perl 5 you may have available.