Help:SysAdmin Repositories

From SysadminWiki

Table of contents

1 Repositories Access 2 Files banners 3 Subversion clients 4 Subversion Official docs 5 Basic commands 6 Certificate setup 7 Enabling the subversion Id tag 8 Possible Errors 8.1 403 Forbidden

Repositories Access

The repositories are publicly readable. To get write access to the repository the DN of your certificate needs to be added to the apropriate ACLs. Send your DN to Alessandra Forti if you want to get write access.

Files banners

Each file committed should contain a banner to know Some basic information like the author, the data of creation etc, etc. The basic information contained should be the following:

##################################
# Description:
# Author:
# Institute:
# Created:
# License:
# $Id:$
##################################

Licencing your files is not mandatory but some people want to do it. A short list of most commonly used Open Source licenses pointers can be found here (http://www.sysadmin.hep.ac.uk/smwg/licenses.html) for convenience. List can be extended if needed.

$Id:$ is expanded by subversion once the file is committed.

Subversion clients

If you don't have subversion clients installed you can find them in the APT/YUM repository (http://www.sysadmin.hep.ac.uk/rpms/sysadmin-hep/RPMS.tools) for this WEB site tools.

To configure yum

cat /etc/yum.conf << EOF
[sysadmin-tools]
name=sysadmin tools
baseurl=http://www.sysadmin.hep.ac.uk/rpms/sysadmin-hep/RPMS.tools 
EOF

To configure apt

cat /etc/apt/sources.list.d/sysadmin-hep-tools.list << EOF
rpm http://www.sysadmin.hep.ac.uk/rpms sysadmin-hep tools
EOF

Subversion Official docs

Subversion Online book (http://svnbook.red-bean.com/nightly/en/svn-book.html) (HTML version) is the full text of the Subversion O'Reilly book and I found the Quick Start there very useful.

Basic commands

Because of the way Subversion uses URLs, a separate repository for each authorization domain has been created: ie each set of people with write access (you can have a separate group of people with read-only access to each repository too.). In the following page the repository is the smwgtest test repository you can try out commands in that repository.

The URL is https://www.sysadmin.hep.ac.uk/svn/smwgtest and that is equivalent to file:///path/to/repos in the Subversion book. You can import a new set of files with CVS like commands:

   * mkdir -p /tmp/smwgtest/config1
   * echo 123 > /tmp/smwgtest/config1/123.txt
   * svn import /tmp/smwgtest/config1 https://www.sysadmin.hep.ac.uk/svn/smwgtest/config1  \ 
     -m 'intial import' 

Once something like this is done, you can examine the repository via the web too, at https://www.sysadmin.hep.ac.uk/svn/smwgtest/

   * mkdir -p /tmp/checkout
   * cd /tmp/checkout
   * svn checkout https://www.sysadmin.hep.ac.uk/svn/smwgtest/config1 

will reproduce the config1 directory in /tmp/checkout (NB without any reference to smwgtest)

Certificate setup

As far as the client side security goes, running the svn command will produce a .subversion directory and files with default settings. Some of the questions subversion commands ask can be actually silenced configuring .subversion/servers file

ssl-client-cert-file = /path-to mycert/mycertificate.p12

should be enough to get it working. A small drawback is that the p12 export passphrase is needed for each SVN command.

If you have multiple svn servers, you can set it within a group statement.

[groups]
swmg = http://www.sysadmin.hep.ac.uk/svn/smwgtest

[swmg]
ssl-client-cert-file = /home/moreyc/.globus/escience-exp-06-05-07.p12

You can restrict the client to a list of trusted CAs with the following line if you want.

ssl-authority-files=trusted-CA-cert1,trusted-CA-cert2....

Enabling the subversion Id tag

It is really useful to have the Id tag automatically updated on the files when they are committed. Differently from cvs subversion doesn't do it automatically it needs to be configured. To do that edit you ~/.subversion/config file and add or uncomment the following lines:

[miscellany]
enable-auto-props = yes

[auto-props]
* = svn:keywords=Id

you need to do it before adding any file to the repository. Global settings don't work on files already in the repository.

Possible Errors

403 Forbidden

If you get the following:

svn: Commit failed (details follow):
svn: MKACTIVITY of '/svn/fabric-management/!svn/act/00317abb-e233-0410-bb13-a852
66a3ace8': 403 Forbidden (http://www.sysadmin.hep.ac.uk)

If you check out a directory from http and then try to commit a new file it will give you the above error. This is because svn reads the original source of your chekout from the files in the .svn directory and tries to commit to and http URL which has read only access.

To do a commit you need to checkout the directory you want to commit to from https or use svn switch. For example:

svn switch --relocate http://www.sysadmin.hep.ac.uk/svn/fabric-management \
                      https://www.sysadmin.hep.ac.uk/svn/fabric-management