How to do http + ssh with Subversion on Linux
Originally posted on a private mailing list.
One of the consequences of having a mobile development station is being able to go to places such as Panera's or the local coffee shop to do development work. These days, it is trivially easy for people to get something similar to Kismet and do packet sniffing ... so I tend to proxy my internet connection through ssh. Fortunately, most of the GUI programs does this -- Firefox, Thunderbird, Gaim, Xchat2.
Unfortunately, Subversion doesn't.
We have it set up so that Subversion runs through Apache in order to take advantage of authenticating (but not authorizing) against a MySQL database. In this way, svn+ssh is not an option. However, the svn command line does not understand SOCKS4 or SOCKS5. This is where a transparent socks proxy comes in. I'm using something called proxychains, though tsocks is also available on the internet. You set it up by writing into ~/.proxychains/proxychains.conf with:
DynamicChain
tcp_read_time_out 15000
tcp_connect_time_out 10000[ProxyList]
socks5 127.0.0.1 1080
and then you have two methods for accessing it. For svn commands, you can do:
proxychain svn ls http://svn.mydomain.com/project/trunk/
but I prefer just setting the environment variable,
export LD_PRELOAD=/usr/lib/libproxychains.so
Update 2007-07-22: I now put in my .bashrc file alias svn="proxychains svn" and alias svk="proxychains svk"
The library intercepts TCP connect calls and reroutes them through a socks proxy. Transparent, effect, ... and kinda scary, considering how easy it is to replace DLL calls like that. In any case, although I did this mainly because I have a laptop and Panera's uses an http proxy, I think I'll need to do this for my workstation as well. Then require a proxy to access the Subversion server.