Local Subversion Repository
A local subversion repository is being setup, when ready this page will describe how to access it.
Setting up access
Access to the ppe subversion repository is via grid certificate. Only users who have registered their certificate with the
SystemAdministrators can access the repository. To register your certificate for access to the repository email
ppesysman@physics.gla.ac.uk with your certificate distinguished name (DN). This can be found with the openssl command (the example assumes your certificate is in ~/.globus/usercert.pem):
| Printing a certificates DN |
| $ openssl x509 -in ~/.globus/usercert.pem -noout -subject |
Once your certificate this registered for access subversion needs to be setup. If you do not have a .subversion directory in your home directory run
svn --version to create one.
Inside the .subversion directory is the file
servers this file requires editing to access the repository. Edit the
groups section of the file adding the line:
ppe = *.physics.gla.ac.uk
to create a ppe group. It should look something like:
[groups]
# group1 = *.collab.net
# othergroup = repository.blarggitywhoomph.com
# thirdgroup = *.example.com
ppe = *.physics.gla.ac.uk
then add the following to the end of the
servers file:
[ppe]
ssl-client-cert-file = /home/user_name/.globus/usercred.p12
ssl-authority-files = /home/user_name/.globus/usercert.pem
Replacing user_name as appropriate. This assumes who have the pkcs12 version of your certificate in
/home/user_name/.globus/usercred.p12 and a x509 format copy of your certificate in /home/user_name/.globus/usercert.pem. Access to the subversion repository requires both.
To convert a pkcs12 certificate into a pem format certificate/key file pair, use openssl:
| Creating an x509 certificate from a pkcs12 certificate |
| $ openssl pkcs12 -in usercred.p12 -nokeys -clcerts -out usercert.pem |
| Creating an x509 key from a pkcs12 certificate |
| $ openssl pkcs12 -in usercred.p12 -nocerts -out userkey.pem |
The userkey.pem should then be made readable and writable only by the user by doing a
chmod 600 userkey.pem. Note the password used to encrypt the
userkey.pem file should be a strong one, this file is the private key for your grid certificate.
Then place
userkey.pem and
usercert.pem and
usercred.p12 in
~/.globus/
Access to the repository can be tested using:
you will be asked for your grid certificate password each time you access the repository.
Using a proxy certificate to access the repository
To avoid having to type a password in each time the repository is accessed a proxy certificate can be used. In order to do this the certificate pointed to in the
~/.subversion/servers file must be changed from:
ssl-client-cert-file = /home/user_name/.globus/usercred.p12
to:
ssl-client-cert-file = /tmp/pkcs12up_uXXXX
replacing XXXX with the output of the command
id -u.
Then to create a proxy certificate first source
grid-env.sh (or
grid-env.csh, see
GridServices) and then create the proxy using
svn-grid-proxy-init
| Creating a proxy certificate to access the svn repository |
| $ source /data/ppe01/sl44/i386/grid/glite-ui/latest/external/etc/profile.d/grid-env.sh |
| $ svn-grid-proxy-init |
After typing in your grid certificate password the script will generate a proxy valid for 12 hours. This works on both Scientific Linux 4 and Scientific Linux 5 ppe machines. On external machines the
https://twiki.ppe.gla.ac.uk/pub/IT/SubversionRepository/svn-grid-proxy-init script should work on any system where the EGEE gLite tools are installed.
--
AndrewPickford - 12 Dec 2008
ext 
IT Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
ATLAS
Copyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.