[Buildbot-devel] authenicated SVN checkouts..

[Brian Warner]

> IMO, a patch to the SVN step to always pass "--non-interactive" is a  
> better direction to take.  As noted, you can do this yourself in your  
> build step right now.

Agreed. I'm commiting a patch to do just this right now.

I'm willing to add arguments for other things like --username/--password, and
I think I can even have the build log hide their values from the 'HEADER'
lines sent up to the master (although they'd still be logged locally to the
slave, and they might appear in the buildmaster's local log, and of course
they're in the master.cfg file). There are other SVN authentication
mechanisms out there we should probably cover.. (I've recently seen an https
scheme using client-side certificates, but I've got no idea what svn options
might control that). Personally I've used svn+ssh and a passphraseless ssh
key in the buildslave's ~/.ssh,, but every proprietary environment does
something a little bit differently.

A question though.. if you are prohibiting public read-only access to your
source code this way, aren't you also prohibiting public viewing of your
build logs? In this case, having authentication secrets exposed in the logs
might not be that much of a problem.

In the longer run, I'm thinking that the SVN step (and others) needs to be a
bit more transparent: you should be able to give it most of its arguments in
the buildmaster's config file, and just certain things (like the
"checkout"/"update" verb, and the --revision value) should be substituted by
the buildslave. (In particular I'm unhappy with the bazillion arguments that
the step_twisted.Trial class has accumulated). If we go that way, it should
be easier to add arbitrary arguments like --user, etc.

cheers,
 -Brian