|
Size: 4969
Comment:
|
Size: 4973
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| [[TableOfContents]] | <<TableOfContents>> |
| Line 3: | Line 3: |
| This section contains information on configuring the '''SVNKit''' library - in order that one can adjust the library up to his individual wishes. Here you will find information on what configuration files '''SVNKit''' uses during runtime, what system properties are used in that case when config files are not available, and so on. | This section contains information on configuring the [[SVNKit]] library - in order that one can adjust the library up to his individual wishes. Here you will find information on what configuration files [[SVNKit]] uses during runtime, what system properties are used in that case when config files are not available, and so on. |
| Line 6: | Line 6: |
| By default '''SVNKit''' uses proxy settings from the ''servers'' configuration file that is located in the default [http://subversion.tigris.org Subversion] run-time configuration area. | By default [[SVNKit]] uses proxy settings from the ''servers'' configuration file that is located in the default [[http://subversion.tigris.org|Subversion]] run-time configuration area. |
| Line 8: | Line 8: |
| Default configuration area is located at {{{~/.subversion}}} on Linux and OS X and at {{{C:\Documents and Settings\userName\Application Data\Subversion}}} on Windows. You may read more on Subversion client configuration files in the [http://svnbook.red-bean.com/en/1.1/ch07.html#svn-ch-7-sect-1 Subversion Book]. | Default configuration area is located at {{{~/.subversion}}} on Linux and OS X and at {{{C:\Documents and Settings\userName\Application Data\Subversion}}} on Windows. You may read more on Subversion client configuration files in the [[http://svnbook.red-bean.com/en/1.1/ch07.html#svn-ch-7-sect-1|Subversion Book]]. |
| Line 11: | Line 11: |
| If you're using '''SVNKit''' with [http://subclipse.tigris.org Subclipse] version 0.9.37 or newer there is no need to use system properties to define SSH credentials, [http://subclipse.tigris.org Subclipse] will automatically prompt you for private key or password during establishing SSH connection. | If you're using [[SVNKit]] with [[http://subclipse.tigris.org|Subclipse]] version 0.9.37 or newer there is no need to use system properties to define SSH credentials, [[http://subclipse.tigris.org|Subclipse]] will automatically prompt you for private key or password during establishing SSH connection. |
| Line 14: | Line 14: |
| By default '''SVNKit''' tries to obtain all necessary information from the {{{[tunnels]}}} section of the ''config'' file that is located in the default SVN run-time configuration area. However if that information is not complete or not found at all, '''SVNKit''' tries then to use predefined system properties listed beneath. | By default [[SVNKit]] tries to obtain all necessary information from the {{{[tunnels]}}} section of the ''config'' file that is located in the default SVN run-time configuration area. However if that information is not complete or not found at all, [[SVNKit]] tries then to use predefined system properties listed beneath. |
| Line 16: | Line 16: |
| '''SVNKit''' uses a pure java [http://www.ganymed.ethz.ch/ssh2 Ganymed library] to establish SSH connections. This library supports only SSH version 2, with password or private key authentication. You may use the following system properties to let '''SVNKit''' know about your private key and passphrase: | [[SVNKit]] uses a pure java [[http://www.ganymed.ethz.ch/ssh2|Ganymed library]] to establish SSH connections. This library supports only SSH version 2, with password or private key authentication. You may use the following system properties to let [[SVNKit]] know about your private key and passphrase: |
| Line 26: | Line 26: |
| When starting [http://eclipse.org Eclipse] you can provide the above properties like this: | When starting [[http://eclipse.org|Eclipse]] you can provide the above properties like this: |
| Line 38: | Line 38: |
| To avoid special batch script creation to launch [http://eclipse.org Eclipse] you may define ssh related properties in [http://eclipse.org Eclipse] config.ini file - {{{ECLIPSE_HOME/configuration/config.ini}}} (tip provided by Andrew Berman): | To avoid special batch script creation to launch [[http://eclipse.org|Eclipse]] you may define ssh related properties in [[http://eclipse.org|Eclipse]] config.ini file - {{{ECLIPSE_HOME/configuration/config.ini}}} (tip provided by Andrew Berman): |
| Line 49: | Line 49: |
| '''SVNKit''' uses SSL support included into JDK. Some JDK versions don't support SSL server certificates longer than 1024 bytes or don't support certain Cypher Suites. If you're experiencing problems accessing a [http://subversion.tigris.org Subversion] repository over SSL connection (via https protocol) consider using the latest JDK version and upgrading the JDK JCE package (Cryptotgraphic Extension) to an "unlimited strenght" one. Read [http://java.sun.com/products/jce/javase.html this article] for more details on how to install JCE. | [[SVNKit]] uses SSL support included into JDK. Some JDK versions don't support SSL server certificates longer than 1024 bytes or don't support certain Cypher Suites. If you're experiencing problems accessing a [[http://subversion.tigris.org|Subversion]] repository over SSL connection (via https protocol) consider using the latest JDK version and upgrading the JDK JCE package (Cryptotgraphic Extension) to an "unlimited strenght" one. Read [[http://java.sun.com/products/jce/javase.html|this article]] for more details on how to install JCE. |
| Line 52: | Line 52: |
| If '''SVNKit''' is used as a standalone library and no custom authentication provider is registered, '''SVNKit''': | If [[SVNKit]] is used as a standalone library and no custom authentication provider is registered, [[SVNKit]]: |
| Line 56: | Line 56: |
| * and additionally it uses authority certificate files listed in the [http://subversion.tigris.org Subversion] ''servers'' configuration file in these options: | * and additionally it uses authority certificate files listed in the [[http://subversion.tigris.org|Subversion]] ''servers'' configuration file in these options: |
| Line 68: | Line 68: |
| In the [http://subversion.tigris.org Subversion] ''servers'' configuration file you can specify your SSL authentication certificate files for a specific group: | In the [[http://subversion.tigris.org|Subversion]] ''servers'' configuration file you can specify your SSL authentication certificate files for a specific group: |
| Line 74: | Line 74: |
| Read more information on this options in the [http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-7-sect-1.3 Subversion book]. | Read more information on this options in the [[http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-7-sect-1.3|Subversion book]]. |
Contents
Supported system properties and configuration options
This section contains information on configuring the SVNKit library - in order that one can adjust the library up to his individual wishes. Here you will find information on what configuration files SVNKit uses during runtime, what system properties are used in that case when config files are not available, and so on.
HTTP proxy setup
By default SVNKit uses proxy settings from the servers configuration file that is located in the default Subversion run-time configuration area.
Default configuration area is located at ~/.subversion on Linux and OS X and at C:\Documents and Settings\userName\Application Data\Subversion on Windows. You may read more on Subversion client configuration files in the Subversion Book.
SVN+SSH authentication whith Subclipse
If you're using SVNKit with Subclipse version 0.9.37 or newer there is no need to use system properties to define SSH credentials, Subclipse will automatically prompt you for private key or password during establishing SSH connection.
SVN+SSH authentication with private key
By default SVNKit tries to obtain all necessary information from the [tunnels] section of the config file that is located in the default SVN run-time configuration area. However if that information is not complete or not found at all, SVNKit tries then to use predefined system properties listed beneath.
SVNKit uses a pure java Ganymed library to establish SSH connections. This library supports only SSH version 2, with password or private key authentication. You may use the following system properties to let SVNKit know about your private key and passphrase:
svnkit.ssh2.key = /path/to/private/key/file svnkit.ssh2.username = userName svnkit.ssh2.passphrase = optionalPassphrase svnkit.ssh2.password = userpassword svnkit.ssh2.port = optionalPort
SVN+SSH authentication with private key in Eclipse
When starting Eclipse you can provide the above properties like this:
$ eclipse -vmargs \ -Dsvnkit.ssh2.key=/path/to/private/key/file \ -Dsvnkit.ssh2.username=userName \ -Dsvnkit.ssh2.passphrase=optionalPassphrase \ -Dsvnkit.ssh2.password=userpassword \ -Dsvnkit.ssh2.port=optionalPort
Note: a user name for an ssh connection will be taken from SVN Repository properties.
To avoid special batch script creation to launch Eclipse you may define ssh related properties in Eclipse config.ini file - ECLIPSE_HOME/configuration/config.ini (tip provided by Andrew Berman):
... svnkit.ssh2.key=path/to/private/key/file svnkit.ssh2.passphrase=passphrase svnkit.ssh2.username=username svnkit.ssh2.password=userpassword svnkit.ssh2.port=port
SSL Connections
SVNKit uses SSL support included into JDK. Some JDK versions don't support SSL server certificates longer than 1024 bytes or don't support certain Cypher Suites. If you're experiencing problems accessing a Subversion repository over SSL connection (via https protocol) consider using the latest JDK version and upgrading the JDK JCE package (Cryptotgraphic Extension) to an "unlimited strenght" one. Read this article for more details on how to install JCE.
Trusting SSL Certificates
If SVNKit is used as a standalone library and no custom authentication provider is registered, SVNKit:
- by default trusts all SSL servers, though it doesn't cache server certificates;
- or uses a default JDK certificates storage to get SSL certificates of the trusted servers;
and additionally it uses authority certificate files listed in the Subversion servers configuration file in these options:
### 'ssl-authority-files' is a semicolon-delimited list of files, ### each pointing to a PEM-encoded Certificate Authority (CA) ### SSL certificate. ssl-authority-files = /path/to/CAcert.pem;/path/to/CAcert2.pem ### 'ssl-trust-default-ca' Trust the system 'default' CAs ssl-trust-default-ca = yes
Client SSL authentication
In the Subversion servers configuration file you can specify your SSL authentication certificate files for a specific group:
ssl-client-cert-file= PKCS#12 format client certificate file ssl-client-cert-password= Client Key password, if needed.
Read more information on this options in the Subversion book.