Local Subversion Repository

A local subversion repository is being setup, when ready this page will describe how to access it.

For more information on subversion see the Subversion book or the Subversion FAQs.

Repository Organisation

Currently there are four subversion repositories:

• atlas - https://ppesvn.physics.gla.ac.uk/svn/atlas
• lhcb - https://ppesvn.physics.gla.ac.uk/svn/lhcb
• scotgrid - https://ppesvn.physics.gla.ac.uk/svn/scotgrid
• test - https://ppesvn.physics.gla.ac.uk/svn/test
• user - https://ppesvn.physics.gla.ac.uk/svn/user

The test repository is as the name suggests for testing and getting used to using subversion. It will be cleaned out and reset on an irregular basis and without notice.

NB: Browsers will often repeatedly ask for you to choose a certificate at this point. To get around this, you can (in Firefox) choose Edit >> Preferences>> Advanced and click the radio button Select one Automatically in the certificates section.

To request an additional repo contact the SystemAdministrators

Trac Access

All subversion subversion repositories have corresponding trac pages on the ppe web. They can be accessed at:

• atlas - https://ppes8.physics.gla.ac.uk/trac/atlas
• lhcb - https://ppes8.physics.gla.ac.uk/trac/lhcb
• scotgrid - https://ppes8.physics.gla.ac.uk/trac/scotgrid
• test - https://ppes8.physics.gla.ac.uk/trac/test
• user - https://ppes8.physics.gla.ac.uk/trac/user

NB: Browsers will often repeatedly ask for you to choose a certificate at this point. To get around this, you can (in Firefox) choose Edit >> Preferences>> Advanced and click the radio button Select one Automatically in the certificates section.

Using the repositories

All users, once registered to access the repositories, have full read and write access to any files in any of the repositories. So please take care especially when committing changes and when setting up new directories.

To help keep some order in the user repository please do not commit files into the top level repo directory. Instead create a directory named after your user name and store personal files/projects under this directory.

Creating a subdirectory inside the user repo

$ svn mkdir https://ppesvn.physics.gla.ac.uk/svn/user/pickford -m "user repo dir"

For organising files/projects the subversion book http://svnbook.red-bean.com/ describes some recommended possible layouts, in the section Planning Your Repository Organization.

Setting up access

Access to the ppe subversion repository and the trac web pages is via grid certificate. Only users who have registered their certificate with the SystemAdministrators can access to either the repository or the trac pages. To register your certificate for access to the repository email ppesysman@physics.gla.ac.uk with your certificate distinguished name (DN). This can be found with the openssl command (the example assumes your certificate is in ~/.globus/usercert.pem):

Once your certificate is registered for access no addition setup is require to access the trac pages however for access to the subversion repository additional setup is required.

First if you do not have a .subversion directory in your home directory run svn --version to create one.

Inside the .subversion directory is the file servers this file requires editing to access the repository. Edit the groups section of the file adding the line:

ppe = *.physics.gla.ac.uk

to create a ppe group. It should look something like:

[groups]
# group1 = *.collab.net
# othergroup = repository.blarggitywhoomph.com
# thirdgroup = *.example.com
ppe = *.physics.gla.ac.uk

note the [groups] line may need uncommenting by removing any leading #'s. Then add the following to the end of the servers file:

[ppe]
ssl-client-cert-file = /home/user_name/.globus/usercred.p12
ssl-authority-files = /home/user_name/.globus/usercert.pem

Replacing user_name as appropriate. This assumes who have the pkcs12 version of your certificate in /home/user_name/.globus/usercred.p12 and a x509 format copy of your certificate in /home/user_name/.globus/usercert.pem. Access to the subversion repository requires both.

To convert a pkcs12 certificate into a pem format certificate/key file pair, use openssl:

The userkey.pem should then be made readable and writable only by the user by doing a chmod 600 userkey.pem. Note the password used to encrypt the userkey.pem file should be a strong one, this file is the private key for your grid certificate.

Then place userkey.pem and usercert.pem and usercred.p12 in ~/.globus/

Access to the repository can be tested using:

Testing repository access by listing the contents of the test repository

$ svn list https://ppesvn.physics.gla.ac.uk/svn/test

you will be asked for your grid certificate password each time you access the repository.

Using a proxy certificate to access the repository

To avoid having to type a password in each time the repository is accessed a proxy certificate can be used. In order to do this the certificate pointed to in the ~/.subversion/servers file must be changed from:

ssl-client-cert-file = /home/user_name/.globus/usercred.p12

to:

ssl-client-cert-file = /tmp/pkcs12up_uXXXX

replacing XXXX with the output of the command id -u.

Then to create a proxy certificate first source grid-env.sh (or grid-env.csh, see GridServices) and then create the proxy using svn-grid-proxy-init

After typing in your grid certificate password the script will generate a proxy valid for 12 hours. This works on both Scientific Linux 4 and Scientific Linux 5 ppe machines. On external machines the https://twiki.ppe.gla.ac.uk/pub/IT/SubversionRepository/svn-grid-proxy-init script should work on any system where the EGEE gLite tools are installed.

Setting up access with Ubuntu

It is possible that trying to use SVN with Ubuntu can give you the error message

svn: OPTIONS of 'https://ppesvn.physics.gla.ac.uk/svn/test': Could not read status line: SSL error: Key usage violation in certificate has been detected. (https://ppesvn.physics.gla.ac.uk)

If this is the case, it might be something to do with having too recent a version of subversion compared to what is used in SL. The fix (that worked for me) was found here.

Email notification of commits

To setup automatic email notification of commits create a file called !email-notify-list.svn containing a list of email addresses (one email address per line) in the subversion repository. When any changes are made to files in the directory containing !email-notify-list.svn or in any directory below this directory an email will sent out automatically to the email addresses listed in !email-notify-list.svn file. If the project layout follows the suggested subversion layout of branches, tags and trunk directories then the !email-notify-list.svn file should go in the same directory as the branch, tags and trunk directories. eg:

project_name/!email-notify-list.svn
project_name/branches
project_name/tags
project_name/trunk

Multiple !email.notify.list.svn files are also possible for example:

project_name/!email-notify-list.svn
project_name/branches
project_name/tags
project_name/trunk
project_name/trunk/!email-notify-list.svn

people listed in project_name/!email-notify-list.svn will be notified of all changes made to the project and people listed in project_name/trunk/!email-notify-list.svn will only be notified when changes are made in project_name/trunk/ and below.

Notes:

• In the case of the same email address being listed multiple times (either in the same file or multiple files) only one email will be sent.
• To edit files beginning with a ! from a linux shell the explanation mark requires escaping, i.e. nano \!email-notify-list.svn.

-- AndrewPickford - 12 Dec 2008