Special property names
[Documentation for users]

Defines

#define FSVS_PROP_PREFIX   "fsvs:"
 The common prefix.
#define FSVS_PROP_COMMIT_PIPE   FSVS_PROP_PREFIX "commit-pipe"
 The name for the commit-pipe property.
#define FSVS_PROP_UPDATE_PIPE   FSVS_PROP_PREFIX "update-pipe"
 The name of the update-pipe property.
#define FSVS_PROP_INSTALL_CMD   FSVS_PROP_PREFIX "install"
 Local install commandline.
#define FSVS_PROP_ORIG_MD5   FSVS_PROP_PREFIX "original-md5"
 The MD5 of the original (un-encoded) data.

Detailed Description

Special FSVS properties.

These are used only by FSVS; subversion doesn't know them.


Define Documentation

#define FSVS_PROP_COMMIT_PIPE   FSVS_PROP_PREFIX "commit-pipe"

The name for the commit-pipe property.

If this property is set for a file, this file gets filtered by the given command on its way to the repository. This is mostly used for backups, to protect data.

To make that easier to understand, here's an example. You're versioning your etc:

     cd /etc
     fsvs urls <your repository url>

That means that /etc/shadow, /etc/ssh/ssh_host_key and so on would all get transmitted to the repository. Now we could say that if the machine crashes hard, a changed ssh-key is the least of our worries - so we simply exclude it from backup.

     fsvs ignore './ssh/ssh_host_*key'

But the users' passwords and similar should not be lost - so we use gpg to encrypt them on backup. You generate a key, whose private key gets kept in a secure place, but not (only) on this machine; because if the machine gets damaged, the backups could no longer be decrypted.

Note:
If the key is on this machine, and it gets hacked, your backups might be read!
     gpg --import-key  .....
     fsvs propset fsvs:commit-pipe 'gpg -er <backup-key>' shadow
You might want/need to set an update-pipe, too; see FSVS_PROP_UPDATE_PIPE for details.

The only thing left is to take the first backup:

     fsvs commit
Note:
Currently only files can use this property. Would it make sense for devices or symlinks too? Currently not, as the only way to send these into the repository is changing the major/minor number - which is not possible with normal files.
If we instead sent the whole data, we could encrypt a filesystem into the repository - but that would get no delta-transfers, and deltification only if not CBC ...
Sending the fsvs generated string "cdev:x:x" for encryption wouldn't help; so if such special files must be processed, we'd might need to make a raw pipe - which does no interpreting.
Ideas welcome.
Encrypted data cannot be deltified, so the few marked files will take their full space in the repository. (Although gpg compresses the files before encryption, so it won't be that bad.)

You might be interested in exported environment variables, too.

Note:
Another idea is to ignore files that are not readable by everyone; see ignore pattern modifiers for details.

Definition at line 194 of file props.c.

#define FSVS_PROP_INSTALL_CMD   FSVS_PROP_PREFIX "install"

Local install commandline.

Note:
This is not yet implemented. This list is more or less just a kind of brainstorming. If you need this feature, tell us at dev@fsvs.tigris.org - you'll get it.

This is used after the temporary file (which had possibly used FSVS_PROP_UPDATE_PIPE) has been written; the normal, internal fsvs operation is approximately this:

  • File gets piped through FSVS_PROP_UPDATE_PIPE into a temporary file, which was created with mask 0700.
  • chmod $m $tmp - set the stored access mode.
  • chown $u.$g $tmp || chown $U.$G $tmp - set user and group by the stored strings, and if that fails, by the uid and gid.
  • touch -t$t $tmp - set the stored access mode.
  • mv $tmp $dest rename to destination name.

You could get a more or less equivalent operation by using

     fsvs propset fsvs:update-pipe \
       '/usr/bin/install -g$g -o$u -m$m  $tmp $dest' \
       [paths]

The environment gets prepared as outlined above - you get the variables

  • $g and $G (group name and gid),
  • $u and $U (owner name and uid),
  • $m (octal mode, like 0777),
  • $t (mtime in form yyyymmddHHMM.SS - like used with GNU touch(1)),
  • $tmp (name of temporary file) and
  • $dest (destination name) set.

After the given program completed

  • $tmp gets deleted (ENOENT is not seen as an error, in case your install program moved the file), and
  • the destination path gets queried to store the meta-data of the (now assumed to be non-modified) node.

Definition at line 252 of file props.c.

#define FSVS_PROP_ORIG_MD5   FSVS_PROP_PREFIX "original-md5"

The MD5 of the original (un-encoded) data.

Used for encoded entries, see FSVS_PROP_COMMIT_PIPE.

If we do a sync-repos (or update), we need the cleartext-MD5 to know whether the entry has changed; this entry holds it.

Todo:
Do we need some kind of SALT here, to avoid plaintext guessing?

Definition at line 263 of file props.c.

#define FSVS_PROP_PREFIX   "fsvs:"

The common prefix.

Definition at line 134 of file props.c.

#define FSVS_PROP_UPDATE_PIPE   FSVS_PROP_PREFIX "update-pipe"

The name of the update-pipe property.

This is the reverse thing to FSVS_PROP_COMMIT_PIPE; it's used in the same way.

Extending the example before:

     fsvs propset fsvs:commit-pipe 'gpg -er <backup-key>' shadow
     fsvs propset fsvs:update-pipe 'gpg -d' shadow
Note:
This command is used for revert, diff, and export, too.

Definition at line 211 of file props.c.


Generated for fsvs by  doxygen 1.6.1