| # DEFAULT section can be used to place options that can be referenced in |
| # other section values with the %(option)s syntax. Note that the svnlook |
| # value below is required as it is used by the script to determine the path |
| # to the svnlook command in order to determine the changes. Feel free |
| # to create additional values here that you can reuse in other options, |
| # especially the command options to make it easier to maintain. |
| [DEFAULT] |
| svnlook = /usr/local/bin/svnlook |
| #svnauthz = /usr/local/bin/svn-tools/svnauthz |
| #xmllint = /usr/bin/xmllint |
| |
| # The repositories section has key value pairs where the key is a pattern |
| # to match on the repository path and the value is a space separated list of |
| # rules to apply to that repository. Multiple patterns can match and all |
| # unique rules will be applied. The pattern is a Unix shell-style wildcard. |
| # As seen below all repositories will have the svnauthz-validate and xmllint |
| # rules applied and repositories in /repos or below will have admin-rw-authz |
| # applied. |
| [repositories] |
| #* = svnauthz-validate xmllint |
| #/repos/* = admin-rw-authz |
| |
| # Rules allow you define a pattern to match against which files in the |
| # repository to run a command against. Rules are defined by creating a |
| # section name starting with 'rule:' as seen below. |
| # |
| # The pattern option is a Unix shell-style wildcard match against the |
| # files in the repo that the rule will be run for. A leading / in your |
| # pattern will be ignored. Paths segments are / separated regardless of |
| # platform. |
| # |
| # The command option is the command to run, this command will be run via |
| # the shell of your platform. The following environment variables will |
| # be defined for you: |
| # REPO = the path of the repository for the commit. |
| # TXN = the transaction id of the commit. |
| # FILE = the name of the file that matched the pattern. |
| # |
| # IMPORTANT: AS A CONSEQUENCE OF THE USE OF THE SHELL IT IS IMPORTANT TO |
| # QUOTE THE ARGUMENTS OF YOUR COMMANDS. THE FILE VARIABLE DOES CONTAIN |
| # USER GENERATED DATA AND SHELL METACHARACTERS ARE NOT ESCAPED FOR YOU! |
| # |
| # The following examples assume a POSIX shell, if your platform has a |
| # different shell you may need to adjust them. For example on Windows |
| # cmd.exe uses %VARIABLENAME% instead of $VARIABLENAME to expand environment |
| # variables. |
| # |
| # The following rule runs the svnauthz command's validate subcommand |
| # for file named authz in the conf subdir if it is present in the commit. |
| # This is a simple way to ensure that invalid authz files are not allowed |
| # to be committed. |
| #[rule:svnauthz-validate] |
| #pattern = conf/authz |
| #command = '%(svnauthz)s' validate -t "$TXN" "$REPO" "$FILE" |
| |
| # The following rule runs the svnauthz command's accessof subcommand |
| # for any file ending in .authz for the conf subdir and checks that the admin |
| # user has rw rights to the same file. This can be used to prevent an |
| # authz file being committed that would remove access for the admin user. |
| # Note that accessof also validates the validity of the file as well as |
| # checking the permissions, so it's unecessary to run validate and accessof. |
| #[rule:admin-rw-authz] |
| #pattern = /conf/*.authz |
| #command = '%(svnauthz)s' accessof --username admin --path "$FILE" --is rw -t "$TXN" "$REPO" "$FILE" |
| |
| # Use the xmllint command to validate all files ending in .xml |
| #[rule:xmllint] |
| #pattern = *.xml |
| #command = '%(svnlook)s' cat -t "$TXN" "$REPO" "$FILE" | '%(xmllint)s' --noout - |