14

I'm trying to get svn to save my https username+password to ~/.subversion from within an automated script. I can pass creds on the command-line but I do not want to be prompted about whether to save the password unencrypted. Unfortunately this does not create ~/.subversion/:

svn --non-interactive --trust-server-cert --username myusername --password secret co https://private.example.com/src/repo/

FYI I'm trying to do this for a Dockerfile that invokes a bower install with a bower.json that references a password-protected svn repo. Unfortunately there's no way to pass the svn credentials to bower via command-line or environment.

I am currently working around it by running svn interactively and letting it create ~/.subversion, then zipping up that entire directory and ADDing it in the Dockerfile. I guess I could look at the file formats in ~/.subversion and create it with a script, but would rather let svn do it.

Mateusz Piotrowski
  • 4,623
  • 5
  • 36
  • 70
jamshid
  • 362
  • 2
  • 3
  • 9

3 Answers3

6

Credentials will be saved if you use --username and --password without --non-interactive and --trust-server-cert.

I'm assuming that you are using --non-interactive and --trust-server-cert to avoid the prompt that asks you to accept the certificate. To still avoid this prompt without those parameters, you can have your script create a copy of the file that is generated for each accepted cert in ~/.subversion/auth/svn.ssl.server. This file will be the same for everyone for each respective server. I'm currently using this solution for a script.

NeonD
  • 61
  • 1
  • 3
4

Apparently --non-interactive saves username but not password. I've already enabled password storage in ~/.subversion/servers:

store-passwords = yes
store-plaintext-passwords = yes
store-auth-creds = yes

Looking at svn help, there is no command nor option that would appear relevant. I think it is impossible. You should ask SVN developers to be sure and file a bug report.

The file format under auth is not something you would want to script yourself. Most importantly, file name of the auth record seems to be a hash. That's not script-friendly. We need either special file format for hard-coded password list or a way to control this from command line.

Here's what I see under ~/.subversion/auth/svn.simple/:

File name 935...dc9e (32 chars).

Content:

K 8
passtype
V 6
simple
K 8
password
V 8
p@$$w0rd
K 15
svn:realmstring
V 48
<https://svn.someplace.com:443> VisualSVN Server
K 8
username
V 5
johny
Robert Važan
  • 141
  • 3
  • Looks to be some sort of netstring where V is the string length. Rather than simple mine was wincript. I edited mine to be simple but it knows. Probably via the filename – andrew pate Jan 22 '19 at 18:12
  • C:\Users\[you]\AppData\Roaming\Subversion\auth\svn.simple\ – andrew pate Jan 22 '19 at 18:13
  • It is obviously a key-value map. K is for keys, V is for values. The number behind it is the length of the string. The real problem is the file name. – Robert Važan Jan 23 '19 at 22:11
4

I came up against this in an isolated environment (in which security was a non-issue) and resolved with simply running svn ls on the repository with the proper credentials with the help the (linux) yes command, though I found I had to remove the ~/.subversion directory to get it work. Specifically:

rm -fr ~/.subversion yes yes | svn --username=user --password=guest ls svn://server/repo &>/dev/null

Then all following svn commands will use these credentials on this server. Of course, one could pipe yes yes to any svn command that has the --password option.

enjoy!

John
  • 221
  • 2
  • 2
  • This didn't work for me (all the auth values would be saved except the password) until I added the option: `--config-option='servers:global:store-plaintext-passwords=yes'` – Quinn Comendant Jun 09 '20 at 00:49
  • 1
    This (since ~ 1.12??) needs to have been compiled in, else you need the other credential management options (like gpg-agent) – Hvisage May 27 '22 at 14:51