blob: f37981f19e2b6d79f85125c06b8a7f0a117a0bf6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
# DEFAULT section can be used to place options that can be referenced in
# other section values with the %(option)s syntax. Note that the svnlook
# value below is required as it is used by the script to determine the path
# to the svnlook command in order to determine the changes. Feel free
# to create additional values here that you can reuse in other options,
# especially the command options to make it easier to maintain.
[DEFAULT]
svnlook = /usr/local/bin/svnlook
#svnauthz = /usr/local/bin/svn-tools/svnauthz
#xmllint = /usr/bin/xmllint
# The repositories section has key value pairs where the key is a pattern
# to match on the repository path and the value is a space separated list of
# rules to apply to that repository. Multiple patterns can match and all
# unique rules will be applied. The pattern is a Unix shell-style wildcard.
# As seen below all repositories will have the svnauthz-validate and xmllint
# rules applied and repositories in /repos or below will have admin-rw-authz
# applied.
[repositories]
#* = svnauthz-validate xmllint
#/repos/* = admin-rw-authz
# Rules allow you define a pattern to match against which files in the
# repository to run a command against. Rules are defined by creating a
# section name starting with 'rule:' as seen below.
#
# The pattern option is a Unix shell-style wildcard match against the
# files in the repo that the rule will be run for. A leading / in your
# pattern will be ignored. Paths segments are / separated regardless of
# platform.
#
# The command option is the command to run, this command will be run via
# the shell of your platform. The following environment variables will
# be defined for you:
# REPO = the path of the repository for the commit.
# TXN = the transaction id of the commit.
# FILE = the name of the file that matched the pattern.
#
# IMPORTANT: AS A CONSEQUENCE OF THE USE OF THE SHELL IT IS IMPORTANT TO
# QUOTE THE ARGUMENTS OF YOUR COMMANDS. THE FILE VARIABLE DOES CONTAIN
# USER GENERATED DATA AND SHELL METACHARACTERS ARE NOT ESCAPED FOR YOU!
#
# The following examples assume a POSIX shell, if your platform has a
# different shell you may need to adjust them. For example on Windows
# cmd.exe uses %VARIABLENAME% instead of $VARIABLENAME to expand environment
# variables.
#
# The following rule runs the svnauthz command's validate subcommand
# for file named authz in the conf subdir if it is present in the commit.
# This is a simple way to ensure that invalid authz files are not allowed
# to be committed.
#[rule:svnauthz-validate]
#pattern = conf/authz
#command = '%(svnauthz)s' validate -t "$TXN" "$REPO" "$FILE"
# The following rule runs the svnauthz command's accessof subcommand
# for any file ending in .authz for the conf subdir and checks that the admin
# user has rw rights to the same file. This can be used to prevent an
# authz file being committed that would remove access for the admin user.
# Note that accessof also validates the validity of the file as well as
# checking the permissions, so it's unecessary to run validate and accessof.
#[rule:admin-rw-authz]
#pattern = /conf/*.authz
#command = '%(svnauthz)s' accessof --username admin --path "$FILE" --is rw -t "$TXN" "$REPO" "$FILE"
# Use the xmllint command to validate all files ending in .xml
#[rule:xmllint]
#pattern = *.xml
#command = '%(svnlook)s' cat -t "$TXN" "$REPO" "$FILE" | '%(xmllint)s' --noout -
|
