3

We have a situation where we have to give a third party access to an asp.net solution versioned with SVN. We have scrubbed Web.config and other files of sensitive data and would now like to create a feature branch for the contractor. Is there a way to create the feature branch so that only the HEAD revision is visible and all prior revision history is locked down? Ideally, we would like to have a single repository and use the TRUNK/BRANCH features of subversion.

Alternate Methods

  1. Could we dump -> dumpfilter -> load a copy of the trunk into a new branch? It seems like subversion would consider them different repositories and make merging troublesome.

  2. If we were to have to use two separate repositories, how difficult would it be to keep them synced using svnadmin dump/load?

  3. Could we dump -> dumpfilter (exclude just the sensitive files) -> load into a new repository, switch to that, and create the branch from there?

Any help would be greatly appreciated.

Cédric Julien
  • 78,516
  • 15
  • 127
  • 132
Cactus Bob
  • 53
  • 5

4 Answers4

4

The easiest way is to create the branch, then do an svn export of the code you want in that branch, then do an svn add. That way, the files in the branch have no connection to the files elsewhere.

Of course you can't use merge tracking to do merges between this branch and your other branches.

You can setup Apache httpd security and svnserve security to limit the developer to only seeing this branch. Why not do that?

You might want to try that, and see if svn log shows changes that took place on other branches or the trunk. Even if it does, this might be okay because there might not be proprietary information in the log. And, if there is, it can easily be scrubbed by changing the svn:log revision property.

David W.
  • 105,218
  • 39
  • 216
  • 337
  • This was our first approach (and may be the one we stick with). When we did a test run to merge a quick change from the trunk into the new branch, we received an error something like, "cannot merge because these are different repositories". – Cactus Bob Nov 15 '11 at 22:03
  • Can you provide an example of how to edit the svn:log revision property to only show revisions after rev xxxx? This property should apply to all users with access to the branch. – Cactus Bob Nov 15 '11 at 22:10
  • The `svn:log` is a **revision** property (revprop) that is set on the revision itself and not a particular file. The `svn:log` contains the commit comment. What I was trying to say is that you can setup permissions, so this company doesn't have read-write access to anything but this branch. The only problem is that `svn log` might show changes that involve files not on this branch. However, the commit messages that `svn log` shows probably don't contain proprietary information, and if they do can be modified to remove them. – David W. Nov 16 '11 at 00:50
  • __cannot merge because these are different repositories__: The method I mentioned isn't making another repository, it's simply creating a new branch on the current repository without any history because the files in that branch, as far as Subversion is concerned, are new files. – David W. Nov 16 '11 at 00:51
  • "cannot merge...": I apologize, I posted the wrong error message. We actually were getting tree conflict errors, which makes sense because we're adding "new" files of the same name to the empty branch. We had to edit the tree conflicts manually, but other than that, your suggestions worked perfectly. Exactly what we needed. – Cactus Bob Nov 16 '11 at 01:02
  • @CactusBob - **We actually were getting tree conflict errors**. Did you try using the `--ignore-ancestory` flag? – David W. Nov 16 '11 at 01:15
  • What about properties (esp. `svn:externals`, also `svn:ignore` etc.)? We use relative externals quite a bit, and the export/add cycle would I think lose them and leave us with a broken working copy on the new branch. – Matt McHenry May 22 '14 at 18:57
2

The really easiest way will be

  • Create separate repo for contractor
  • Import HEAD of trunk to this new repo
  • Link contractor's repo to MainRepo into any location with svn:externaks
  • Give to contractor authorization credential only for his repo

No history, no access, no troubles (I suppose) with merges

Lazy Badger
  • 94,711
  • 9
  • 78
  • 110
0

A trick to try : when you delete and re-add a file, you break history.

So :

  1. create the branch with the "svn copy" command (to keep link and merging capabilities)
  2. "svn rm" all the files in the branch
  3. "svn export" your trunk in your (now empty) branch
  4. Optionnaly modify files you want (for security reasons...)
  5. commit the branch

This way I think merge to trunk will be OK.

fred727
  • 2,644
  • 1
  • 20
  • 16
0

Can restrict access using your svn conf [1] -

  • create a branch (for yourself)
  • commit any changes you need to (e.g. remove/edit code not to be shared)
  • create another branch (to share with the third party)
  • create a new user in your passwd and give read/write access to that user for this copy in your authz.

You can share the url of the new branch with the third party, authz prevents access to the log outside the branch specified but still lets you merge their changes in when they are finished.

[1] How do I set up access control in SVN?

heuan
  • 1