Re: Post svn hook

2014-05-16 Thread Ryan Schmidt

On May 15, 2014, at 17:51, Havlovick, Ron wrote:

> I am a newbie and I am more than a bit confused.
> Perhaps ya'll could tell me something. (Other than to …..)
>  
> I am on Windows using tortoise svn.
>  
> Here's what I want to do, and I am trying to figure out exactly how to do it.
> Please bear with me:
>  
> When I commit a file into the repository, I want the entire repository 
> directory(folder) to be checked out to a "golden directory(folder)".
> I do not care if it over writes any existing file in that golden 
> directory(folder).
> Create an empty text file in the golden directory(folder).
> In the empty text file write to it the revision number of the repository 
> directory(folder) and the date of the last commit (basically the date stamp 
> of the repository directory(folder).
>  
> I can write a perl script to basically copy files from one directory to 
> another (golden).
> read the data stamp of the directory(folder).  
> ctime(stat($directory….)->my_time)
>  
> What has got me baffled is:
> How to get the revision number of the repository directory(folder). (Is this 
> just a regular folder on the server and I just have the path 
> \\server\directory  wrong)
> How to get the date stamp of that repository directory(folder).  (This could 
> be if I have the path wrong then I am trying to read statistics on nothing.)
>  
> Assuming I have the perl script correct, where do I put the perl script in 
> what post_hook or post_commit?
> Do I call the perl script within the post_commit {  function or what…
> And where do I put the combined perl script post_hook script? (In the svn 
> directory on my PC or on the server)
>  
> When I run the perl script on a local directory via the command prompt, 
> everything works. (But I am not pointing to the repository, just a local 
> c:\folder.)

Look in the repository directory on the server. You should see among other 
things a "hooks" directory, containing sample scripts for each of the events 
for which Subversion can call hook scripts. These sample scripts have names 
ending in ".tmpl". They're written in Bash, which is for UNIX systems and won't 
usually work on Windows; for Windows, you'd need to write a batch script or a 
compiled executable. You'd place this script in the hooks directory, named the 
same as the relevant sample script, except without the ".tmpl" extension and 
with an extension appropriate for the type of file (e.g. "post-commit.bat" for 
a batch script, "post-commit.exe" for a compiled executable). Some other 
extensions are recognized by Subversion server on Windows as well, although I 
don't believe .pl is one of them, so you should probably write a small batch 
script or exe that runs your perl script.

The comments in the sample scripts tell you what arguments Subversion server 
supplies to the hook script when it runs it. For example, the post-commit 
script is given the repository path on disk as the first argument and the 
just-committed revision number as the second argument. So in Bash on UNIX, the 
repository path would be available as "$1" and the revision as "$2"; I don't 
know how that works in Windows batch files but there's probably a similar way 
to do that. So in Bash on UNIX, I could use that information to get the date of 
the commit by running "svnlook date $1 -r $2".



snvsync issues

2014-05-16 Thread James Cloos
I occasionally get syncs which are stuck because something killed the
process before it could release its lock.

The only way I could get past that was to edit revprops/0/0 and remove
the svn:sync-lock lines.

Is there a command which will remove such stale svnsync locks?

Neither svn, svnadmin nor svnsync seem to be able to do so.  Or even to
list such locks.

Several of the remote repos which I'd like to sync fail part way through
with errors like:

   svnsync: E210008: Error while replaying commit

Git-svn is able to clone such repos, including the commits which svnsync
cannot replay, so it doesn't seem to be due to any corruption.

Is there any way past the error, without alternate access to the remote?

-JimC
--
James Cloos  OpenPGP: 0x997A9F17ED7DAEA6


Issues authenticating against SAMBA PDC

2014-05-16 Thread Ken Fischer
Hello all,

I'm in need of some help getting my subversion server to allow me to
domain authentication.  I have setup a CentOS 6.5 machine running
samba to act as my primary domain controller.  I then setup another
CentOS 6.5 machine to act as my subversion server, and using winbind I
was able to join that machine to the domain following this tutorial:

https://www.youtube.com/watch?v=c-vWAaocRU0

On the subversion server I am using Apache subversion with Apache 2.2.15.

Below is my subversion.conf script, which includes some commented out
previous attempts.  Basically what happens is that I go to a client
machine, navigate to /svn/svn/mytestproj in firefox, and attempt to
log in.  This works fine with basic authentication.  When I try to use
domain authentication I get the login prompt, I type in
TESTLAB\kfischer as my username and enter my password.  It seems to
reject this and immediately prompts me for the password again (no
warning or error message).  After three attempts I eventually get an
Authorization Required message.

Anyone have any ideas on what I am doing wrong?  Your help is greatly
appreciated!

Best regards,
Ken


START SCRIPT##
#Load Apache LDAP Modules
LoadModule ldap_module  modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

#Load Subversion Apache Modules
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so

#Load winbind module commented out now since this didn't work
#LoadModule auth_ntlm_winbind_module
/usr/lib/apache2/modules/mod_auth_ntlm_winbind.so


#Work around for authz and SVNListParentPath issue
RedirectMatch ^(/repos)$ $1/

#Enable Subversion Logging
CustomLog logs/svn_logfile "%t %u %{SVN-ACTION}e" env=SVN-ACTION


  DAV svn
  SVNParentPath /var/www/svn
  SVNListParentPath On
  SVNAutoversioning On
  AuthType Basic
  AuthName "TESTLAB"
  AuthBasicProvider ldap
  AuthzLDAPAuthoritative on
  AuthLDAPBindDN "CN=ldapbind,CN=Users,DC=TESTLAB,DC=LBTE"
  AuthLDAPBindPassword ldapbind!12
  AuthLDAPURL 
"ldap://testlab.lbte:3268/DC=TESTLAB,DC=LBTE?sAMAccountName?sub?(ObjectClass=*)"
  Require valid-user


  FAILED PREVIOUS ATTEMPTS
#
#---trying to use mod_auth_ntlm_winbind
#  DAV svn
#  AuthName "TESTLAB.LBTE"
#  NTLMAuth on
#  NegotiateAuth on
#  NTLMAuthHelper "/usr/bin/ntlm_auth --domain=testlab.lbte
--helper-protocol=squid-2.5-ntlmssp"
#  NegotiateAuthHelper "/usr/bin/ntlm_auth --helper-protocol=gss-spnego"
#  NTLMBasicAuthoritative on
#  AuthType NTLM
#  AuthType Negotiate
#  require valid-usr
#  SVNParentPath /var/www/svn
#  SVNListParentPath on

#attempt at LDAP--
#  DAV svn
#  SVNParentPath /var/www/svn
#  SVNListParentPath on

#  order allow,deny
#  allow from all
#  Options Indexes
#  AuthzLDAPAuthoritative On

#  AuthName "TESTLAB.LBTE"
#  AuthType Basic
#  AuthBasicProvider ldap
#  AuthzLDAPAuthoritative On

#  AuthLDAPBindDN "CN=ldapbind,CN=linuxusers,DC=testlab,DC=lbte"
#  AuthLDAPBindPassword "ldapbind!12"

#  AuthLDAPURL 
"ldap://testlab.lbte:3268/DC=testlab,DC=lbte?sAMAccountName?sub?(objectClass=*)"
NONE
#  Require ldap-group CN=linuxusers,OU=Groups,DC=testlab,DC=lbte

#--BASIC CONFIGURATION---THIS DOES WORK I JUST HAVE IT DISABLED RIGHT
NOW--

#  DAV svn
#  SVNParentPath /var/www/svn
#  AuthType Basic
#  AuthName "Subversion repositories"
#  AuthUserFile /etc/svn-auth-users
#  Require valid-user


#



Re: SVNCacheRevProps and other performance tweaks.

2014-05-16 Thread Mark Phippard
On Fri, May 16, 2014 at 2:05 PM, Ben Reser  wrote:

> On 5/15/14, 1:15 AM, Terry Dooher wrote:
> > That's so much clearer now and sounds like something I can definitely
> use.
> > As I understand it, the downside is that the server will reveal path
> components
> > and filenames within restricted areas during log operations?
>
> Don't think you quite understand yet.  If Subversion is revealing path
> compontents/filenames within restricted areas during log then it can be
> revealing file contents (by way of the REPORT method and bulk updates).
>
> The short_circuit setting can only break security in this way if and only
> if
> you have some other module than mod_authz_svn that looks at paths to
> determine
> what access to provide.  Many modules may have different configurations per
> Location, but most don't look at the path like mod_authz_svn does and give
> different answers within the same Location for the same request.  In fact
> I'm
> not aware of any such module that does this that comes with httpd, so you'd
> have to install some 3rd party or custom module to run into this.  Meaning
> for
> the vast majority of users if they're using mod_authz_svn they should have
> SVNPathAuthz set to short_circuit.
>
> The off setting, should never be used with mod_authz_svn.  It's probabbly
> possible to configure things such that you only leak file paths, by
> disabling
> bulk updates.  But I'm not 100% sure that there isn't an edge case that
> wouldn't be missed by that.
>
> For the vast majority of users these rules are true:
>
> Using mod_authz_svn with an AuthzSVNAccessFile set you want SVNPathAuthz
> set to
> short_circuit.
> Not using mod_authz_svn, no AuthzSVNAccessFile set, you want SVNPathAuthz
> set
> to off.
>
> The exception is if you use some weird authorization module like I
> explained above.
>

I recall there is a valid scenario for using "off" and that is when you are
only using authz to restrict write access to some paths.  If all paths in
the repository are readable, then I believe "off" works properly in all
scenarios.  Meaning it is not possible to write to any paths that you do
not have access to.

-- 
Thanks

Mark Phippard
http://markphip.blogspot.com/


Bugs? with "automatic" merge and sparse working copies

2014-05-16 Thread Kevin Cathcart
I've found what really looks to be a buggy edge case with
the automatic merge feature of 1.8.X which can occur if:
* a partial (reintegrate-like) merge into a sparse working 
  copy is committed
* and then immediately followed by merging the same branch again
 into a full working copy.

By a partial merge I specifically mean that the sparse working
copy was missing a target of the merge.

Here is a diagram of the branching in question:

3-X4--6-+---+   ^/branch/some_feature
   / /   &   \
  1-2-+--Y5-+-7---8 ^/trunk

(Obviously the ampersand indicates the partial merge due
to sparse WC. Also two commits are showing a name along
with a revision number).

With that particular pattern I see two anomalies
that do not occur if the order of commits X and Y are
reversed:

3X5---6-+---+   ^/branch/some_feature
   / /   &   \
  1-2-+---Y4+-7---8 ^/trunk


As for what I see, if the commented-out line in the script below
is left commented-out, then I get what appears to be a bogus tree
conflict during the merge to create r8.

If you uncomment the line, the merge occurs perfectly with no
conflicts, except that something weird happens with the mergeinfo.
I'll describe that in more detail below the script.

Since commits 4 and 5 are in parallel branches, the order of them
really should not make a difference, which is why I'm pretty
sure this is a bug.


--START OF SCRIPT--
#!/bin/sh

#1:
svnadmin create repo
url=file://`pwd`/repo
svn mkdir $url/B1 ^/trunk ^/branch -m "create structure" 

svn co $url/trunk wc
cd wc

#2:
mkdir A 
#echo 1 >B.txt
echo 1 >C.txt
echo 1 > A/D.txt
svn add *
svn ci -m "Simulate some development" 

#3:
svn cp ^/trunk ^/branch/some_feature -m "Create feature branch"

#X:
svn sw ^/branch/some_feature
echo 2 >> A/D.txt
echo 2 >> B.txt
sed -i '1i 0' C.txt #prepend a 0 line
svn add --force B.txt
svn ci -m "Simulate some development on the branch".

#Y:
svn sw ^/trunk
echo 2 >> C.txt
sed -i '1i 0' C.txt #prepend a 0 line
svn ci -m "Simulate concurrent trunk changes".

#6:
svn sw ^/branch/some_feature
svn merge ^/trunk
svn ci -m "Sync Trunk to branch"

#7:
#set up a sparse trunk checkout
svn sw ^/trunk
svn up --set-depth exclude A
#merge into the sparse trunk checkout
svn merge ^/branch/some_feature
svn ci -m "Partial merge due to sparse checkout" #r7

#8:
#create clean full checkout
rm -r *
svn revert -R .
svn up --set-depth infinity
#re-merge
svn merge ^/branch/some_feature
svn ci -m "Re-Merge"

--END SCRIPT--

Now with the line B uncommented everything works
as expected, without any attempt to double merge 
the changes from either the trunk or branch, which
further supports my contention that the tree conflict
is bogus.

But for the mergeinfo issue I mentioned, look closely at
the output from the last merge:

$ svn merge ^/branch/some_feature
--- Merging differences between repository URLs into '.':
UA/C.txt
--- Recording mergeinfo for merge between repository URLs into '.':
--- Eliding mergeinfo from 'A':
 U   A
--- Eliding mergeinfo from 'A':
 U   A
 U   .
 U   A

Notice that the properties of the directory named A got changed
3 different times. 

Lets look at the mergeinfo for revision 7:

$ svn pg svn:mergeinfo ^/trunk@7
/branch/some_feature:3-6*
$ svn pg svn:mergeinfo ^/trunk/A@7
$ svn pg svn:mergeinfo ^/trunk/A/D.txt@7
$ svn pg svn:mergeinfo ^/trunk/B.txt@7
/branch/some_feature/B.txt:3-6
$ svn pg svn:mergeinfo ^/trunk/C.txt@7
/branch/some_feature/B.txt:3-6

That is obviously correct. The mergeinfo must be non-inheriting
because A was not merged, and it must be duplicated onto B.txt
and C.txt because they were merged.

Now lets look at what happened with revision 8:

$ svn pg svn:mergeinfo ^/trunk@8
/branch/some_feature:3-7
$ svn pg svn:mergeinfo ^/trunk/A@8
/branch/some_feature/A:3-7
$ svn pg svn:mergeinfo ^/trunk/A/D.txt@8
$ svn pg svn:mergeinfo ^/trunk/B.txt@8
/branch/some_feature/B.txt:3-6
$ svn pg svn:mergeinfo ^/trunk/C.txt@8
/branch/some_feature/C.txt:3-6


Ok, so it did the right thing with the trunk, but why on
earth did it add explicit mergeinfo to ^/trunk/A? According
to the output I quoted earlier in this message, it tried
to elide that mergeinfo twice. 

It gets worse. The only reason that things work if you reverse
the order of commit X and Y is due to what looks like another bug.
SVN gets confused as to the direction of the last full merge
which was in fact from trunk to branch. This causes it to run
a sync-like merge on what happens to be precisely the correct
commits to avoid double merging changes that originated on the
trunk.

To support that assertion: Try swapping the order of the X and
Y chunks in the script, and commenting out the last merge
and commit. Now in the working copy:

$ svn mergeinfo ^/branch/some_feature
youngest common ancestor
| last full merge
| |tip of branch
| || repository path

2 47
| |   

RE: Copy the files between the branches witin the same repo and with saving the svn info about the operation.

2014-05-16 Thread Tony Sweeney
Look at 'svn merge'.  This does exactly what you want, from your description.

Tony.


From: Kamil Libich [mailto:kamil.lib...@gmail.com]
Sent: 07 May 2014 15:09
To: users@subversion.apache.org
Subject: Copy the files between the branches witin the same repo and with 
saving the svn info about the operation.

Hi,

I could not find any information neither in the archive nor in the svn book :-(

I'd like to ask you about the copying a file(s) from one repo branch to another 
branch of the repo. Although, seems to be trivial, please read the scenario 
below.

I've been working on the project which has a lot of changes which have to be 
deployed in very short periods of time; daily or sometimes twice a day. I do 
releases directly from the trunk.

Now, I heading the situation in which I have to work on the different software; 
still within the same project, but in different branch. Let call this new 
branch a trunk2.

I realised, that I have to slightly modify a lot of files belongs to trunk 
branch. Instead of doing ordinary copy operation and check in to the new branch 
with comment about its  provenance in the comment field (as I do when I have to 
copy one or two files only) I'd like to copy in the way that the information 
about from where the files were copied we maintain in svn automatically.

Can I do this?

Sumarising,
The present situation:
1. I check out the trunk branch
2. I check out the trunk2 branch
3. I do copy the files I want (under the OS, select and drag over)
4. I update the trunk2 branch with the information about the source of the 
files in the comment window during the update

The demanded situation:
How to do the copy (create a duplicate of the file in the different branch and 
still the same branch) whilst the information about the source of the copy will 
be automatically (not in comments field) maintained by SVN.
It will allow me to do the independent changes in two branches still 
maintaining the history with letting me know which file was derived from which 
file and when.

Cheers,
Kamil

__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__


No virus found in this message.
Checked by AVG - www.avg.com
Version: 2014.0.4577 / Virus Database: 3931/7478 - Release Date: 05/11/14

__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__

Re: snvsync issues

2014-05-16 Thread Stefan Sperling
On Wed, May 07, 2014 at 10:50:59AM -0400, James Cloos wrote:
> I occasionally get syncs which are stuck because something killed the
> process before it could release its lock.
> 
> The only way I could get past that was to edit revprops/0/0 and remove
> the svn:sync-lock lines.
> 
> Is there a command which will remove such stale svnsync locks?
> 
> Neither svn, svnadmin nor svnsync seem to be able to do so.  Or even to
> list such locks.
> 
> Several of the remote repos which I'd like to sync fail part way through
> with errors like:
> 
>svnsync: E210008: Error while replaying commit
> 
> Git-svn is able to clone such repos, including the commits which svnsync
> cannot replay, so it doesn't seem to be due to any corruption.
> 
> Is there any way past the error, without alternate access to the remote?
> 
> -JimC
> --
> James Cloos  OpenPGP: 0x997A9F17ED7DAEA6

I assume you're running >= 1.7 on both svnsync client and the server?
If so, I'm very happy to see that fixes we made in SVN 1.7 seem to
prevent corruption issues users were exposed to with 1.6 and earlier.
http://subversion.apache.org/docs/release-notes/1.7.html#atomic-revprops

Of course, a stale lock can cause syncs to stall. It would be very
nice to know what killed the proccess, so if you are able to invest
more into finding the root cause this might be very helpful to us.

Instead of directly editing a file in the repository (which is something
end users should never do in any case!) you should be able to use svn propdel
with the --revprop option to remove the stale lock:

  svn propdel --revprop -r0 svn:sync-lock REPOS_URL

Is "Error while replaying commit" really all you see in the error message?
If so, the error message could be improved.


Post commit hooks: how to parse $ sign

2014-05-16 Thread Kamil Libich
Hi

I have a hidden share on the server \\BBDD\AAA$

and the post-commit hook looks like:

"C:\Program Files\VisualSVN Server\bin\svn.exe" co
https://BBDD/svn/Development/ABC -r HEAD "\\BBDD\AAA$\PROD\MFG\" --password
xXxXxXxXx

svn.exe cannot resolve the path when the $ sign is used. When I use an
unhide share for a moment the hook is parsed correctly.

The error code is:

post-commit hook, svn: E020024: Error resolving case of
"\\BBDD\AAA$\PROD\MFG\"

Does anyone know how I can use the $ sign to be parsed by svn.exe?

Thanks

Kamil


listing excluded (not ignored) items

2014-05-16 Thread Joseph Bruni
I can use "--set-depth exclude" to remove items from my working copy. Is there 
some option to "status" that can show me what has been excluded this way? 
"status" has a --no-ignore option to show ignored items. Perhaps we should add 
a "--no-exclude" to list excluded items?




need help SVN authentication to SAMBA PDC

2014-05-16 Thread Ken Fischer
Hello all,

I'm in need of some help getting my subversion server to allow me to
domain authentication.  I sent something to the mailing list last
night but it seems to not show up anywhere and I only now just
subscribed, so I apologized if someone has already responded.  Please
cc me in any response.


I have setup a CentOS 6.5 machine running samba to act as my primary
domain controller.  I then setup another CentOS 6.5 machine to act as
my subversion server, and using winbind I was able to join that
machine to the domain following this tutorial:

https://www.youtube.com/watch?v=c-vWAaocRU0

On the subversion server I am using Apache subversion with Apache 2.2.15.

Below is my subversion.conf script, which includes some commented out
previous attempts.  Basically what happens is that I go to a client
machine, navigate to /svn/svn/mytestproj in firefox, and attempt to
log in.  This works fine with basic authentication.  When I try to use
domain authentication I get the login prompt, I type in
TESTLAB\kfischer as my username and enter my password.  It seems to
reject this and immediately prompts me for the password again (no
warning or error message).  After three attempts I eventually get an
Authorization Required message.

New information:  I checked the /var/log/httpd/error_log and it is
telling me I have a password mismatch.  I'm sure I am using the right
password so there must be something else going on.

Anyone have any ideas on what I am doing wrong?  Your help is greatly
appreciated!

Best regards,
Ken


START SCRIPT##
#Load Apache LDAP Modules
LoadModule ldap_module  modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

#Load Subversion Apache Modules
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so

#Load winbind module commented out now since this didn't work
#LoadModule auth_ntlm_winbind_module
/usr/lib/apache2/modules/mod_auth_ntlm_winbind.so


#Work around for authz and SVNListParentPath issue
RedirectMatch ^(/repos)$ $1/

#Enable Subversion Logging
CustomLog logs/svn_logfile "%t %u %{SVN-ACTION}e" env=SVN-ACTION


  DAV svn
  SVNParentPath /var/www/svn
  SVNListParentPath On
  SVNAutoversioning On
  AuthType Basic
  AuthName "TESTLAB"
  AuthBasicProvider ldap
  AuthzLDAPAuthoritative on
  AuthLDAPBindDN "CN=ldapbind,CN=Users,DC=TESTLAB,DC=LBTE"
  AuthLDAPBindPassword ldapbind!12
  AuthLDAPURL 
"ldap://testlab.lbte:3268/DC=TESTLAB,DC=LBTE?sAMAccountName?sub?(ObjectClass=*)"
  Require valid-user


  FAILED PREVIOUS ATTEMPTS
#
#---trying to use mod_auth_ntlm_winbind
#  DAV svn
#  AuthName "TESTLAB.LBTE"
#  NTLMAuth on
#  NegotiateAuth on
#  NTLMAuthHelper "/usr/bin/ntlm_auth --domain=testlab.lbte
--helper-protocol=squid-2.5-ntlmssp"
#  NegotiateAuthHelper "/usr/bin/ntlm_auth --helper-protocol=gss-spnego"
#  NTLMBasicAuthoritative on
#  AuthType NTLM
#  AuthType Negotiate
#  require valid-usr
#  SVNParentPath /var/www/svn
#  SVNListParentPath on

#attempt at LDAP--
#  DAV svn
#  SVNParentPath /var/www/svn
#  SVNListParentPath on

#  order allow,deny
#  allow from all
#  Options Indexes
#  AuthzLDAPAuthoritative On

#  AuthName "TESTLAB.LBTE"
#  AuthType Basic
#  AuthBasicProvider ldap
#  AuthzLDAPAuthoritative On

#  AuthLDAPBindDN "CN=ldapbind,CN=linuxusers,DC=testlab,DC=lbte"
#  AuthLDAPBindPassword "ldapbind!12"

#  AuthLDAPURL 
"ldap://testlab.lbte:3268/DC=testlab,DC=lbte?sAMAccountName?sub?(objectClass=*)"
NONE
#  Require ldap-group CN=linuxusers,OU=Groups,DC=testlab,DC=lbte

#--BASIC CONFIGURATION---THIS DOES WORK I JUST HAVE IT DISABLED RIGHT
NOW--

#  DAV svn
#  SVNParentPath /var/www/svn
#  AuthType Basic
#  AuthName "Subversion repositories"
#  AuthUserFile /etc/svn-auth-users
#  Require valid-user


#



Re: SVNCacheRevProps and other performance tweaks.

2014-05-16 Thread Ben Reser
On 5/15/14, 1:15 AM, Terry Dooher wrote:
> That's so much clearer now and sounds like something I can definitely use.
> As I understand it, the downside is that the server will reveal path 
> components
> and filenames within restricted areas during log operations?

Don't think you quite understand yet.  If Subversion is revealing path
compontents/filenames within restricted areas during log then it can be
revealing file contents (by way of the REPORT method and bulk updates).

The short_circuit setting can only break security in this way if and only if
you have some other module than mod_authz_svn that looks at paths to determine
what access to provide.  Many modules may have different configurations per
Location, but most don't look at the path like mod_authz_svn does and give
different answers within the same Location for the same request.  In fact I'm
not aware of any such module that does this that comes with httpd, so you'd
have to install some 3rd party or custom module to run into this.  Meaning for
the vast majority of users if they're using mod_authz_svn they should have
SVNPathAuthz set to short_circuit.

The off setting, should never be used with mod_authz_svn.  It's probabbly
possible to configure things such that you only leak file paths, by disabling
bulk updates.  But I'm not 100% sure that there isn't an edge case that
wouldn't be missed by that.

For the vast majority of users these rules are true:

Using mod_authz_svn with an AuthzSVNAccessFile set you want SVNPathAuthz set to
short_circuit.
Not using mod_authz_svn, no AuthzSVNAccessFile set, you want SVNPathAuthz set
to off.

The exception is if you use some weird authorization module like I explained 
above.


Re: snvsync issues

2014-05-16 Thread Philip Martin
James Cloos  writes:

> I occasionally get syncs which are stuck because something killed the
> process before it could release its lock.
>
> The only way I could get past that was to edit revprops/0/0 and remove
> the svn:sync-lock lines.
>
> Is there a command which will remove such stale svnsync locks?

No, and that is deliberate as the lock is the mechanism that stops
multiple svnsync in parallel.

> Neither svn, svnadmin nor svnsync seem to be able to do so.  Or even to
> list such locks.

The lock is a revision property and can be seen and deleted like any
other revision property.

> Several of the remote repos which I'd like to sync fail part way through
> with errors like:
>
>svnsync: E210008: Error while replaying commit
>
> Git-svn is able to clone such repos, including the commits which svnsync
> cannot replay, so it doesn't seem to be due to any corruption.

00210008  SVN_ERR_RA_SVN_EDIT_ABORTED

That tells us that the sync is using svn:// but little else. You need to
provided more detail about the changes in the commit that is failing.

> Is there any way past the error, without alternate access to the remote?

You can configure the authentication and hooks for the target repository
to allow the lock to be deleted over the network just like any other
revision property.

-- 
Philip Martin | Subversion Committer
WANdisco // *Non-Stop Data*


Re: snvsync issues

2014-05-16 Thread Tehmul Ghyara

On 05/07/2014 08:20 PM, James Cloos wrote:

I occasionally get syncs which are stuck because something killed the
process before it could release its lock.

The only way I could get past that was to edit revprops/0/0 and remove
the svn:sync-lock lines.

Is there a command which will remove such stale svnsync locks?


If you have svn 1.7 or higher, you can use:
 svnsync synchronize --steal-lock


Ciao and regards
TG


Post svn hook

2014-05-16 Thread Havlovick, Ron
I am a newbie and I am more than a bit confused.
Perhaps ya'll could tell me something. (Other than to .)

I am on Windows using tortoise svn.

Here's what I want to do, and I am trying to figure out exactly how to do it.
Please bear with me:

When I commit a file into the repository, I want the entire repository 
directory(folder) to be checked out to a "golden directory(folder)".
I do not care if it over writes any existing file in that golden 
directory(folder).
Create an empty text file in the golden directory(folder).
In the empty text file write to it the revision number of the repository 
directory(folder) and the date of the last commit (basically the date stamp of 
the repository directory(folder).

I can write a perl script to basically copy files from one directory to another 
(golden).
read the data stamp of the directory(folder).  
ctime(stat($directory)->my_time)

What has got me baffled is:
How to get the revision number of the repository directory(folder). (Is this 
just a regular folder on the server and I just have the path 
\\server\directory  wrong)
How to get the date stamp of that repository directory(folder).  (This could be 
if I have the path wrong then I am trying to read statistics on nothing.)

Assuming I have the perl script correct, where do I put the perl script in what 
post_hook or post_commit?
Do I call the perl script within the post_commit {  function or what...
And where do I put the combined perl script post_hook script? (In the svn 
directory on my PC or on the server)

When I run the perl script on a local directory via the command prompt, 
everything works. (But I am not pointing to the repository, just a local 
c:\folder.)

Thank you

Ron

___
This e-mail and any files transmitted with it are proprietary and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have reason to believe that you have received this e-mail in error, please 
notify the sender and destroy this email and any attached files. Please note 
that any views or opinions presented in this e-mail are solely those of the 
author and do not necessarily represent those of the Curtiss-Wright Corporation 
or any of its subsidiaries.  Documents attached hereto may contain technology 
subject to government export regulations. Recipient is solely responsible for 
ensuring that any re-export, transfer or disclosure of this information is in 
accordance with applicable government export regulations.  The recipient should 
check this e-mail and any attachments for the presence of viruses. 
Curtiss-Wright Corporation and its subsidiaries accept no liability for any 
damage caused by any virus transmitted by this e-mail.

RE: SVNCacheRevProps and other performance tweaks.

2014-05-16 Thread Terry Dooher
From: Ben Reser Sent: 14 May 2014 20:07
> On 5/14/14, 10:11 AM, Terry Dooher wrote:
>> SVNPathAuthz -  Would short_circuit save me any processing time in this
>> scenario or is it only useful for people with LDAP or other auth systems that
>> might slow down request processing?
>
> short_circuit: The secondary path checks do not generate sub-requests but
> rather short circuit the httpd authentication/authorization infrastructure
> and directly as mod_authz_svn.  This has significantly less overhead, while
> being as secure as on provided that the only authorization module that is
> path aware is mod_authz_svn.  If you're using authz unless you have an
> extremely rare case you want this setting.
>
> In your scenario you want to use short_circuit.

That's so much clearer now and sounds like something I can definitely use.
As I understand it, the downside is that the server will reveal path components
and filenames within restricted areas during log operations?

>> SVNCacheRevProps - Currently 'Off'. is it only of benefit in specific 
>> scenarios?
> Actually I think it's more that you really must have this enabled if you have
> revprop packing turned on.  I can't think of a reason you don't want this
> turn off other than desiring to reduce resource usage at the cost of slower
> performance.
>
> The documentation in question is the release notes:
> http://subversion.apache.org/docs/release-notes/1.8.html#revprop-caching
> http://subversion.apache.org/docs/release-notes/1.8.html#revprop-packing

Makes sense. The dump/load cycle I've just finished was to bring in the
revprop packing changes, but I didn't appreciate the need for caching to
reduce CPU load.

>> SVNInMemoryCacheSize
> With the worker or event MPMs you are able to share the cache between the
> threads within the same processes.  This allows you to set a larger cache
> size since you'll have fewer processes and more of the threads will gain
> access to the cache, making it to be more effective.

Ah, of course. I missed the k in the default value and figured that a
16-fold increase would be a small, suitable value for ~100 prefork processes;
I see now that setting it to 256MB per process might incur a slight overhead :)
I can run the PHP under lighttpd, easily, so moving to the worker mpm is
the best option.

Thanks for such a comprehensive response.

Terry.