www.lewiz.org

This evening I set up a simple Subversion repository to host some web content over on noisy at CompSoc.

Everything was up and running and Vlad and I were able to successfully checkout, update and commit changes to the Apache/mod_dav_svn repository. Permissions were configured in a sensible way. /home/lewiz/svn belongs to lewiz:www and is chmod 0770. Apache runs as the www user and this way I had total control over all of the files, while still allowing Apache to do the necessary goodness.

I came across an interesting FAQ in the Subversion docs that concerned me. As we are both doing web development and work in a standard change-commit-fix cycle it makes sense for the actual copy of the site to be always updated. I wanted to run an update every time a change was committed.

http://subversion.tigris.org/faq.html#website-auto-update covers this perfectly and makes use of the post-commit hook by way of a simple C programme. Everything seemed set but on my initial commit with the post-commit hook in place I saw:

$ svn commit
Sending index.php
Transmitting file data .
Committed revision 6.

Warning: ‘post-commit’ hook failed with error output:
Error validating server certificate for ‘https://www.compsoc.man.ac.uk:443’: – The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
Certificate information: – Hostname: www.compsoc.man.ac.uk – Valid: from Sun, 21 Jan 2007 15:34:35 GMT until Mon, 21 Jan 2008 15:34:35 GMT – Issuer: The University of Manchester Computer Society, Manchester, UK – Fingerprint: 39:2a:09:a1:d1:d1:4f:f6:44:fd:6b:1b:ad:c6:f4:55:29:e8:2e:07
(R)eject, accept (t)emporarily or accept (p)ermanently? svn: PROPFIND request failed on ’/svn/lewiz/walktojapan/testsite’
svn: PROPFIND of ’/svn/lewiz/walktojapan/testsite’: Server certificate verification failed: issuer is not trusted (www.compsoc.man.ac.uk)

Ouch! This really isn’t good. I initially assumed that the script was not running as me so I double-checked the setuid bit and so on. Once this was confirmed I realised that svn simply didn’t know where to find my hashed password and certificates.

Some man pages and a Google later and we come across the true goodness of execle(3).

execle() allows a pointer to a null-terminated list of environment variables to be passed to the binary being exec()d. In my case the script now reads:

char *env[] = { “HOME=/home/lewiz”, NULL };
execle(”/usr/local/bin/svn”, “svn”, “update”, ”/tmp/myrepo”, NULL, env);

Basic, maybe… but still new to me!

Tags: UNIX

This entry was posted on Tuesday, April 17th, 2007 at 1:00 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.