This really shouldn’t be as hard as it ends up being, but in subversion, you have a bear of a time checking out with one set of credentials, and then committing with a second set. For example, you want to give everyone a single public (read only) checkout path, and then let people with commit access use their ssh keys to do checkins. The secret actually lies in the clever use of the
svn switch command. I in no way know if this is the best solution, but it seemed to be better than changing short usernames or other workarounds in the ssh client itself to force login with a certain user.
The first step is to set up a scheme for doing a readonly checkout.
# Sets up a scheme called "readonly" which uses ssh # with a private key and user that only has read access readonly = $SVN_SSH ssh -i /path/to/ssh/shared_read_only_private_key -l readonly
This defines an ssh scheme called
readonly which uses a shared key for access. Since we’re dealing with this over SSH, everyone needs some kind of login, and this happened to be how it was set up coming in. (This would be mountains easier if “read only” was accomplished over https.)
Once we have the svn scheme set up, we can checkout the code using the
svn co command.
svn co svn+readonly://example.com/path/to/repository <local_directory>
At this point, we have the code checked out, but any attempts to commit will fail (since the user doesn’t have write permissions on the target machine. Everything to this point is working as designed. The last step then is to change the repository so that you can use a non-readonly account to perform the commit.
The solution as mentioned at the top is using the
svn switch command to change the repository’s URL. It’s the same URL, but by changing the scheme, we enable normal ssh commits (where the local user could presumably use their own private key). The svn switch command uses the –relocate command to rewrite the URLs.
svn switch --relocate svn+readonly://example.com/path/to/repository svn+ssh://example.com/path/to/repository
Our svn commit now goes through over svn ssh using the local user’s credentials. If you ever want to revoke the commit access, you can call
svn switch again and change back to the readonly scheme.