TWiki> IT Web>SubversionRepository (revision 3)EditAttach

Local Subversion Repository

A local subversion repository is being setup, when ready this page will describe how to access it.

For more information on subversion see the Subversion book or the Subversion FAQs.

Repository Organisation

Currently there are three subversion repositories:

The test repository is as the name suggests for testing and getting used to using subversion. It will be cleaned out and reset on an irregular basis and without notice.

To request an additional repo contact the SystemAdministrators

Trac Access

All subversion subversion repositories have corresponding trac pages on the ppe web. They can be accessed at:

Using the repositories

All users, once registered to access the repositories, have full read and write access to any files in any of the repositories. So please take care especially when committing changes and when setting up new directories.

To help keep some order in the user repository please do not commit files into the top level repo directory. Instead create a directory named after your user name and store personal files/projects under this directory.

Creating a subdirectory inside the user repo
$ svn mkdir -m "user repo dir"

For organising files/projects the subversion book describes some recommended possible layouts, in the section Planning Your Repository Organization.

Setting up access

Access to the ppe subversion repository and the trac web pages is via grid certificate. Only users who have registered their certificate with the SystemAdministrators can access to either the repository or the trac pages. To register your certificate for access to the repository email with your certificate distinguished name (DN). This can be found with the openssl command (the example assumes your certificate is in ~/.globus/usercert.pem):

Printing a certificates DN
$ openssl x509 -in ~/.globus/usercert.pem -noout -subject

Once your certificate is registered for access no addition setup is require to access the trac pages however for access to the subversion repository additional setup is required. If you do not have a .subversion directory in your home directory run svn --version to create one.

Inside the .subversion directory is the file servers this file requires editing to access the repository. Edit the groups section of the file adding the line:

ppe = *

to create a ppe group. It should look something like:

# group1 = *
# othergroup =
# thirdgroup = *
ppe = *

then add the following to the end of the servers file:

ssl-client-cert-file = /home/user_name/.globus/usercred.p12
ssl-authority-files = /home/user_name/.globus/usercert.pem

Replacing user_name as appropriate. This assumes who have the pkcs12 version of your certificate in /home/user_name/.globus/usercred.p12 and a x509 format copy of your certificate in /home/user_name/.globus/usercert.pem. Access to the subversion repository requires both.

To convert a pkcs12 certificate into a pem format certificate/key file pair, use openssl:

Creating an x509 certificate from a pkcs12 certificate
$ openssl pkcs12 -in usercred.p12 -nokeys -clcerts -out usercert.pem

Creating an x509 key from a pkcs12 certificate
$ openssl pkcs12 -in usercred.p12 -nocerts -out userkey.pem

The userkey.pem should then be made readable and writable only by the user by doing a chmod 600 userkey.pem. Note the password used to encrypt the userkey.pem file should be a strong one, this file is the private key for your grid certificate.

Then place userkey.pem and usercert.pem and usercred.p12 in ~/.globus/

Access to the repository can be tested using:

Testing repository access by listing the contents of the test repository
$ svn list

you will be asked for your grid certificate password each time you access the repository.

Using a proxy certificate to access the repository

To avoid having to type a password in each time the repository is accessed a proxy certificate can be used. In order to do this the certificate pointed to in the ~/.subversion/servers file must be changed from:

ssl-client-cert-file = /home/user_name/.globus/usercred.p12


ssl-client-cert-file = /tmp/pkcs12up_uXXXX

replacing XXXX with the output of the command id -u.

Then to create a proxy certificate first source (or grid-env.csh, see GridServices) and then create the proxy using svn-grid-proxy-init

Creating a proxy certificate to access the svn repository
$ source /data/ppe01/sl44/i386/grid/glite-ui/latest/external/etc/profile.d/
$ svn-grid-proxy-init

After typing in your grid certificate password the script will generate a proxy valid for 12 hours. This works on both Scientific Linux 4 and Scientific Linux 5 ppe machines. On external machines the script should work on any system where the EGEE gLite tools are installed.

-- AndrewPickford - 12 Dec 2008

Topic attachments
I Attachment History Action Size Date Who Comment
Unknown file formatext svn-grid-proxy-init r1 manage 0.2 K 2008-12-12 - 16:49 AndrewPickford script to create a pkcs12 proxy using grid-proxy-init
Edit | Attach | Watch | Print version | History: r14 | r5 < r4 < r3 < r2 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r3 - 2009-01-25 - AndrewPickford
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback