(r1) SubversionRepository < IT

IT Web>SubversionRepository (revision 1) (raw view)~~EditAttach~~
---+ Local Subversion Repository

A local subversion repository is being setup, when ready this page will describe how to access it.

---++ Setting up access

Access to the ppe subversion repository is via grid certificate. Only users who have registered their certificate with the [[SystemAdministrators]]  can access the repository. To register your certificate for access to the repository email ppesysman@physics.gla.ac.uk with your certificate  distinguished name (DN). This can be found with the openssl command (the example assumes your certificate is in ~/.globus/usercert.pem):

<table width="100%" cellspacing="0">
<tr><td bgcolor="lightgreen">Printing a certificates DN</td></tr>
<tr><td bgcolor="lightblue">$ openssl x509 -in ~/.globus/usercert.pem -noout -subject</td></tr>
</table>

Once your certificate this registered for access subversion needs to be setup. If you do not have a .subversion directory in your home directory run <code>svn --version</code> to create one.

Inside the .subversion directory is the file <code>servers</code> this file requires editing to access the repository. Edit the <code>groups</code> section of the file adding the line:

<verbatim>
ppe = *.physics.gla.ac.uk
</verbatim>

to create a ppe group. It should look something like:

<verbatim>
[groups]
# group1 = *.collab.net
# othergroup = repository.blarggitywhoomph.com
# thirdgroup = *.example.com
ppe = *.physics.gla.ac.uk
</verbatim>

then add the following to the end of the <code>servers</code> file:

<verbatim>
[ppe]
ssl-client-cert-file = /home/user_name/.globus/usercred.p12
ssl-authority-files = /home/user_name/.globus/usercert.pem
</verbatim>

Replacing user_name as appropriate. This assumes who have the pkcs12 version of your certificate in <code> /home/user_name/.globus/usercred.p12</code> and a x509 format copy of your certificate in  /home/user_name/.globus/usercert.pem. Access to the subversion repository requires both.

To convert a pkcs12 certificate into a pem format certificate/key file pair, use openssl:

<table width="100%" cellspacing="0">
<tr><td bgcolor="lightgreen">Creating an x509 certificate from a pkcs12 certificate</td></tr>
<tr><td bgcolor="lightblue">$ openssl pkcs12 -in usercred.p12 -nokeys -clcerts -out usercert.pem</td></tr>
</table>

<table width="100%" cellspacing="0">
<tr><td bgcolor="lightgreen">Creating an x509  key from a pkcs12 certificate</td></tr>
<tr><td bgcolor="lightblue">$ openssl pkcs12 -in usercred.p12 -nocerts -out userkey.pem</td></tr>
</table>

The userkey.pem should then be made readable and writable only by the user by doing a <code>chmod 600 userkey.pem</code>. Note the password used to encrypt the <code>userkey.pem</code> file should be a strong one, this file is the private key for your grid certificate.

Then place <code>userkey.pem</code> and <code>usercert.pem</code> and <code>usercred.p12</code> in <code>~/.globus/</code>

Access to the repository can be tested using:

<table width="100%" cellspacing="0">
<tr><td bgcolor="lightgreen">Testing repository access by listing the contents of the test repository</td></tr>
<tr><td bgcolor="lightblue">$ svn list https://ppesvn.physics.gla.ac.uk/svn/test</td></tr>
</table>

you will be asked for your grid certificate password each time you access the repository.

---+++ Using a proxy certificate to access the repository

To avoid having to type a password in each time the repository is accessed a proxy certificate can be used. In order to do this the certificate pointed to in the <code>~/.subversion/servers</code> file must be changed from:

<verbatim>
ssl-client-cert-file = /home/user_name/.globus/usercred.p12
</verbatim>

to:

<verbatim>
ssl-client-cert-file = /tmp/pkcs12up_uXXXX
</verbatim>

replacing XXXX with the output of the command <code>id -u</code>.

Then to create a proxy certificate first source <code>grid-env.sh</code> (or <code>grid-env.csh</code>, see [[GridServices]]) and then create the proxy using <code>svn-grid-proxy-init</code>

<table width="100%" cellspacing="0">
<tr><td bgcolor="lightgreen">Creating a proxy certificate to access the svn repository</td></tr>
<tr><td bgcolor="lightblue">$ source /data/ppe01/sl44/i386/grid/glite-ui/latest/external/etc/profile.d/grid-env.sh</td></tr>
<tr><td bgcolor="lightblue">$ svn-grid-proxy-init</td></tr>
</table>

After typing in your grid certificate password the script will generate a proxy valid for 12 hours. This works on both Scientific Linux 4 and Scientific Linux 5 ppe machines. On external machines the %ATTACHURL%/svn-grid-proxy-init script should work on any system where the EGEE gLite tools are installed.


-- Main.AndrewPickford - 12 Dec 2008
Attachments
Topic attachments
I	Attachment	History	Action	Size	Date	Who	Comment
ext	svn-grid-proxy-init	r1	manage	0.2 K	2008-12-12 - 16:49	AndrewPickford	script to create a pkcs12 proxy using grid-proxy-init
Topic revision: r1 - 2008-12-12 - AndrewPickford