Gmail Cees Bos <cbos.ec@gmail.com>
SVN username overridden by Hudson in local .subversion folder
3 messages
Cees Bos <cbos.ec@gmail.com> Thu, Nov 11, 2010 at 3:00 PM
To: users@hudson.dev.java.net
Hi all,

Yesterday I updated from 1.379 to 1.384.
On one of our servers we use Hudson to execute sync-merges between branches.

Hudson job updates to the latest revision of the target branch (just like you do with normal jobs)

Then we start an Ant script which executes a number of SVN commands like svn merge -r revA:revB <sourceurl> <targetfolder> --accept postpone --non-interactive
That was working fine till yesterday.

In the local .subversion folder the credentials are stored. These credentials are used to execute the svn merge command.
We stored both username and password. (if you execute svn st -u Subversion asks for username and password and stores it in the .subserversion folder)

With the update now Hudson is overriding these credentials by only storing the username provided in Hudson.

Why is this change made?
To keep our script running we now have to provide username and password as part of our scripts. That does not sound valid to me.

Is this change intended or by accident? 

Regards,
Cees
Cees Bos <cbos.ec@gmail.com> Fri, Nov 12, 2010 at 9:19 AM
To: users@hudson.dev.java.net
Hi all,

I started an audit on the particular credentials file.

This is the outcome:

time->Fri Nov 12 08:53:28 2010
type=PATH msg=audit(1289548408.792:42274): item=0 name="/home/hudson/.subversion/auth/svn.simple/6bc3222cd8ad55f7f92d11b22dadee94" inode=393418 dev=08:02 mode=0100644 ouid=500 ogid=0 rdev=00:00
type=CWD msg=audit(1289548408.792:42274):  cwd="/opt/hudsonslave"
type=SYSCALL msg=audit(1289548408.792:42274): arch=40000003 syscall=5 per=400000 success=yes exit=15 a0=98a2f48 a1=8000 a2=0 a3=8000 items=1 ppid=25046 pid=7864 auid=500 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=0 sgid=0 fsgid=0 tty=(none) ses=6647 comm="java" exe="/usr/java/jdk1.6.0_17/bin/java" key="svncredentials"
----
time->Fri Nov 12 08:54:09 2010
type=PATH msg=audit(1289548449.964:42275): item=0 name="/home/hudson/.subversion/auth/svn.simple/6bc3222cd8ad55f7f92d11b22dadee94" inode=393418 dev=08:02 mode=0100644 ouid=500 ogid=0 rdev=00:00
type=CWD msg=audit(1289548449.964:42275):  cwd="/opt/hudsonslave"
type=SYSCALL msg=audit(1289548449.964:42275): arch=40000003 syscall=5 per=400000 success=yes exit=15 a0=b4cbe090 a1=8000 a2=0 a3=8000 items=1 ppid=25046 pid=7864 auid=500 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=0 sgid=0 fsgid=0 tty=(none) ses=6647 comm="java" exe="/usr/java/jdk1.6.0_17/bin/java" key="svncredentials"
----
time->Fri Nov 12 08:54:09 2010
type=PATH msg=audit(1289548449.965:42277): item=4 name="/home/hudson/.subversion/auth/svn.simple/6bc3222cd8ad55f7f92d11b22dadee94" inode=393420 dev=08:02 mode=0100644 ouid=500 ogid=0 rdev=00:00
type=PATH msg=audit(1289548449.965:42277): item=3 name="/home/hudson/.subversion/auth/svn.simple/6bc3222cd8ad55f7f92d11b22dadee94" inode=393418 dev=08:02 mode=0100644 ouid=500 ogid=0 rdev=00:00
type=PATH msg=audit(1289548449.965:42277): item=2 name="/home/hudson/.subversion/auth/svn.simple/auth.aec8133f-2c01-0010-b72c-6d9a98d2f89a.tmp" inode=393420 dev=08:02 mode=0100644 ouid=500 ogid=0 rdev=00:00
type=PATH msg=audit(1289548449.965:42277): item=1 name="/home/hudson/.subversion/auth/svn.simple/" inode=393401 dev=08:02 mode=040775 ouid=500 ogid=500 rdev=00:00
type=PATH msg=audit(1289548449.965:42277): item=0 name="/home/hudson/.subversion/auth/svn.simple/" inode=393401 dev=08:02 mode=040775 ouid=500 ogid=500 rdev=00:00
type=CWD msg=audit(1289548449.965:42277):  cwd="/opt/hudsonslave"
type=SYSCALL msg=audit(1289548449.965:42277): arch=40000003 syscall=38 per=400000 success=yes exit=0 a0=b4cbe150 a1=b4cbe1b0 a2=b76c86e8 a3=b4cbe1b0 items=5 ppid=25046 pid=7864 auid=500 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=0 sgid=0 fsgid=0 tty=(none) ses=6647 comm="java" exe="/usr/java/jdk1.6.0_17/bin/java" key="svncredentials"
----
time->Fri Nov 12 08:54:09 2010
type=PATH msg=audit(1289548449.966:42278): item=0 name="/home/hudson/.subversion/auth/svn.simple/6bc3222cd8ad55f7f92d11b22dadee94" inode=393420 dev=08:02 mode=0100644 ouid=500 ogid=0 rdev=00:00
type=CWD msg=audit(1289548449.966:42278):  cwd="/opt/hudsonslave"
type=SYSCALL msg=audit(1289548449.966:42278): arch=40000003 syscall=15 per=400000 success=yes exit=0 a0=b4cbe150 a1=8124 a2=b76c86e8 a3=b4cbe150 items=1 ppid=25046 pid=7864 auid=500 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=0 sgid=0 fsgid=0 tty=(none) ses=6647 comm="java" exe="/usr/java/jdk1.6.0_17/bin/java" key="svncredentials"
----

The parent pid is 25046.

hudson   25046 24932   0  0 Nov10 ?        00:00:00 bash -c cd '/opt/hudsonslave' && java -Xmx512M -jar slave.jar
hudson   25069 25046   0  0 Nov10 ?        00:12:28 java -Xmx512M -jar slave.jar

But the process which executed the svn actions is NOT the slave itself. Because that is PID 25069  and the action is executed by PID 7864

So which additional action is changing the SVN credential files???

Regards,
Cees
[Quoted text hidden]
Cees Bos <cbos.ec@gmail.com> Fri, Nov 12, 2010 at 10:18 AM
Draft To: users@hudson.dev.java.net
Hi all,

I downgraded the SVN Plugin from 1.20 to 1.17 and that fixed the issue.

Change Log

Version 1.20 (Nov 1, 2010)

  • Fixed a serialization issue.

Version 1.19 (Oct 29, 2010)

  • Fixed a configuration roundtrip regression introduced in 1.18 (issue #7944)
  • Supported svn:externals to files (issue #7539)

Version 1.18 (Oct 27, 2010)

  • Requires Hudson 1.375 or newer.
  • Builds triggered via the post-commit hook check out from the revision specified by the hook. The hook specifies the revision with either the rev query parameter, or the X-Hudson-Subversion-Revision HTTP header.
  • Uses svnkit 1.3.4 now. (issue #6417)

I will report a ticket for this issue. 
[Quoted text hidden]