Jack of All Trades Web Development

MediaTemple, Linux

• Part 1: Media Temple Dedicated Server Setup
• Part 2: Installing Subversion on Apache
• Part 3: Subversion (SVN) Authentication and Auto Update

During the first two parts of my series on setting up a Media Temple dedicated server, I setup subversion (SVN) on apache. Now I want to show you how I setup basic authentication and a SVN hook to automatically deploy files to the server (called continuous integration). This is great because you can check in your files to SVN and see them on the server immediately.

Adding Basic Apache Authentication to your Subversion (SVN) Repository

First lets give apache access to the SVN database (the $ symbol just means it is a shell command).

$ chmod g+s /svnroot/db

Now create a password file with htpasswd, name the file whatever you would like. I chose to make my file hidden by adding the period before the name.

$ htpasswd -cm /etc/.htaccess yourusername

It will prompt you for your password. Now go back to your httpd.conf and than add the lines highlighted in bold - we are adding to what we did in part 2 of the media temple setup series.

<Location /svn>
  DAV svn
  SVNParentPath /usr/local/svn
  AuthType Basic
  AuthName "Subversion repository"
  AuthUserFile /etc/.htaccess
  require valid-user
</Location>

For security reasons, we also need to make sure and hide the .svn folders from having apache publicly display them:

# Disallow browsing of Subversion working copy administrative dirs.
<DirectoryMatch "^/.*/.svn/">
    Order deny,allow
    Deny from all
</DirectoryMatch>

Restart apache and when you try to access SVN you should be prompted for authentication. Great, SVN is now secure! You can also add more security by adding SSL to your dedicated server.

Creating a Subversion (SVN) Hook to Auto Update Your Server

I want to automatically deploy my files to my httpdocs without having to manually go in and update the files. So to accomplish this you need to create a SVN hook that runs after every commit.

First, copy the post-commit template from your svnroot/hooks folder. And lets also use chmod to give the file rights to execute.

$ cd /svnroot/hooks/
$ cp post-commit.tmpl post-commit
$ chmod +x post-commit

Now we need to create a little C program. You should have GCC installed. This will compile our little C program. Create a new whatever.c file and put this code in. Don't forget to change the directory path.

#include <stddef.h>
#include <stdlib.h>
#include <unistd.h>
int main(void)
{
  execl("/usr/bin/svn", "svn", "update", "/public_html_direcotry/",
        (const char *) NULL);
  return(EXIT_FAILURE);
}

Complile the file with this command. It will take the whatever.c and compile it into a binary file.

gcc -o svnupdate svnupdate.c

Try executing the binary to see if it works with the env command.

$ env - ./updatesvn

Alright now copy the whatever binary into your hooks folder. And we'll also run a couple commands to give it proper priveledges:

$ cp whatever /svnroot/hooks
$ cd /svnroot/hooks
$ chown root:root svnupdate
$ chmod +s svnupdate

Then lets tell the post commit hook to run our binary file name, "svnupdate".

$ vi /svnroot/hooks/post-commit

Inside it the post-commit hook tell it to run the binary using the absolute path:

/svnroot/hooks/svnupdate

Test it out by checking in a file to subversion. It should automatically update at the directory we set in the C program.

Comments

• #1. Kolky on Mar 04 2008

  Thanks for the hook script, been searching for this for ages!

• #2. Dallas Clark on May 08 2008

  I'm receiving the error "the directory is not a working copy" which leads me to these questions.
  
  Does the "public_html_directory" need to be the full file path?
  
  Does the location of where you want your SVN to be copied to need to be a checked out svn directory?

• #3. Dallas Clark on May 08 2008

  haha! why my message submitted 3 times, I don't know
  
  I realise yes it has to be a checkout directory of the SVN, but it's still not working, possibly permission errors but I'm not sure. When someone commits to the SVN and it executes the post-commit file, does it execute it as apache or the user?

• #4. Marc on May 09 2008

  I'm not sure what user it executes as.

• #5. Toti on May 11 2008

  Subversion executes hooks as the same user who owns the process which is accessing the
  Subversion repository. In most cases, the repository is being accessed via a Subversion server, so this user is the same user as which that server runs on the system.

• #6. Toti on May 11 2008

  The hooks themselves will need to be configured with OS-level permissions that allow that user to execute them. Also, this means that any file or programs (including the Subversion repository itself) accessed
  directly or indirectly by the hook will be accessed as the same user. In other words, be alert to potential permission-related problems that could prevent the hook from performing the tasks it is designed to perform.

• #7. Toti on May 11 2008

  Marc thanks for the article although that's a bit all over the place and it's not very clear. For instance when you say "Create a new whatever.c file and put this code in. Don't forget to change the directory path." ...change directory path of what? There is no mention of where to create the file in the 1st place :P
  

• #8. Toti on May 11 2008

  ...And here I am lost:
  
  Compile the file with this command. It will take the whatever.c and compile it into a binary file.
  
  gcc -o svnupdate svnupdate.c
  
  (Wait wasn't I compiling whatever.c? Why the command reads svnupdate.c? Should I rename whatever.c to svnupdate.c??)

• #9. Toti on May 11 2008

  Try executing the binary to see if it works with the env command.
  
  $ env - ./updatesvn
  
  (After compiling with gcc the resulting compiled binary should be called "svnupdate" why should I try to use "updatesvn" with the env command?)
  
  Alright now copy the whatever binary into your hooks folder. And we'll also run a couple commands to give it proper priveledges:
  
  I am really lost... could anyone summarize a step by step process for dummies?
  
  Thanks!

• #10. Toti on May 11 2008

  By the way what's the syntax to place in the post-commit to make it run the compiled binary?

Post a Comment!

*Name

*Is fire hot or cold? (spam filter)

*Email (will not be published)

URL

*Message