On Fri, Jun 27, 2014 at 9:42 AM, Korte, Michael Johannes <michael.ko...@zeiss.com> wrote: > Hello Nico Kadel-Garcia, > > I still could not fix the problem. I did the following checks: > I did a checkout in the server with user "www-data" on file level: > www-data@artifactory:/tmp/Michael/co_www-data/sbox/trunk$ svn co > file:///var/subversion/repos17/sbox/trunk
I'm sorry I don't have a good hint for you. I don't have Ubuntu environments in hand to play with, Can I assume that your httpd is the basic one from Ubuntu for your release? And there's also a point where one might say "I'm suspicious of this server, let me try it on a cleanly built host". I recommend reading "The Cuckoo's Egg" by Clifford Stoll, to show where noticing a small bug can lead you. You know, can you test it with svn+ssh access, or svnserve access, even if it's only from the localhost? That would help verify the issue as tied to HTTPD and mod_dav_svn, possibly even to the "serf" library now used. Can you reproduce the issue with an older, perhaps subversion-1.7, from before the switch to 'serf'? I'm personally a strong supporter of the "use svn+ssh because https clients often store the password in clear text in $HOME/.subversion", If it solves your problem to switch, perhaps you should consider it and get the potential security benefit on the side Also. Can you try a post-commit that is simply a link to /bin/true? No interpretation, no permissions issues, no output, just a link? > Then the checkin can start the hook script (post-commit) wirh any problem. > > But when I do checkout via http Url (usinge Apache WebDav) (of course also on > the server > root@artifactory:/tmp/Michael/co_http/sbox/trunk# svn co > http://172.25.22.94/sbox/trunk/ > > During the checkin no hook scripts can be called: > root@artifactory:/tmp/Michael/co_http/sbox/trunk/trunk# svn ci -m "aaa" > Anmeldebereich: <http://172.25.22.94:80> Subversion Sandbox Repository > Passwort für »michael.korte«: > Sende Test_commit.txt > Ãbertrage Daten . > Revision 308 übertragen. > > Warnung: Failed to start '/var/subversion/repos17/sbox/hooks/post-commit' hook > > It seems that the hook script can not be executed, when it is started via > apache server, if it has execute permission and owner www-data. > > Is there any possibility to specify that apache can execute a script? > > I linked the subversion Repository under /var/www/subversion/repos17/sbox but > also this didn't help (Failed to start > '/var/www/subversion/repos17/sbox/hooks/post-commit' hook). > > I tried also with oder deny, allow in the apache Konfiguration file but also > this didn't help. Is there any possibility to trace/debug how subversion > calls a hook script exactly. > > That's all for today. May be I have on Monday a good idea. > > Best regards > Michael > > > > > > -----Ursprüngliche Nachricht----- > Von: Korte, Michael Johannes > Gesendet: Freitag, 27. Juni 2014 09:40 > An: 'Nico Kadel-Garcia' > Cc: users@subversion.apache.org; Kocsis, Zoltan; Seelaender, Robin; von > Schoenebeck, Florian > Betreff: AW: SELInux disabled !AW: Problem with subversion hooks scripts > under Linux Apache Dav > > Hello Nico Kadel-Gracia, > > thanks a lot for your investigations and tips. > I doing these things in a test environment. Our plan is to switch the > subversion server from a Windows sever to a Ubuntu Linux system. Therefore > I'm doing the test now in a Linux test environment and only after everything > is fine I will switch the Live-System to the Linux-Environment. So I can do > in this test environment any testing/trace which could help to find the real > reason for this curious problem. > Since yesterday afternoon I have put the hook-scripts for the first time into > subversion. > > But the day before yesterday when the hook scripts were working at least > sporadically I noticed the following. As I was wondering that it worked > sometimes and sometimes not, I did the following. When it worked I tried > several commits without any change and I saw the following: > - Once only one commit was successful and all following failed with "failed > to start ... hook" > - Once two or three commits were successful and only then all following > failed with " failed to start ... hook" > > After it failed a couple of times, I changed the hooks script and then I > changed the hook script back and then it worked (sometimes) again for one or > two tries. > > Therefore I first thought it is really a memory problem, but as I told you > restart of apache server and even reboot did not solve the problem. > > I also thought inbetween it may be a problem that the repository was created > by svnsync. But I checked also with a new created empty repository and got > the same problem. > > My biggest hope was that I can switch on some trace/additional logging to get > some more detailed information why "Failed to start > '/var/subversion/repos17/sbox/hooks/post-commit' hook" occurs. > > I also deleted the *.tmp extension of the template hooks (*.tmp) and set the > execute bit, but the result was the same "failed to start..."., when I tried > with these template hooks. If the hook script itself has an error I would get > a more detailed error message. I saw this the day before yesterday when the > scripts worked at least sporadically. But why do I get now permanent failed > to start..... > > Can you please give me any hint which kind of further test I could do/try. > > I tried also to change the entries in apache2.conf for StartServers and > ThreadsPerChild but I had no success. To say the truth I'm here not sure what > are really correct values. Or is it anywhere else possible to define some > additional memory values for Apache WebDAV. > > Thanks in advance. > > Best regards Michael > > > > -----Ursprüngliche Nachricht----- > Von: Nico Kadel-Garcia [mailto:nka...@gmail.com] > Gesendet: Freitag, 27. Juni 2014 03:38 > An: Korte, Michael Johannes > Cc: users@subversion.apache.org; Kocsis, Zoltan; Seelaender, Robin; von > Schoenebeck, Florian > Betreff: Re: SELInux disabled !AW: Problem with subversion hooks scripts > under Linux Apache Dav > > On Thu, Jun 26, 2014 at 8:16 AM, Korte, Michael Johannes > <michael.ko...@zeiss.com> wrote: >> Hello Nico Kadel-Gracia, >> >> thanks for this promising hint. But I fear this is not the reason . >> >> I checked for SELinux and got disabled: >> >> selinuxenabled && echo enabled || echo disabled disabled >> >> Do you have any further idea? >> >> Especially how/where to check get any further log/trace information. >> >> And especially the very curious thing, that yesterday ythe hook scripts were >> working in this environment at least sporadically. >> >> Best regards >> Michael > > > That.... Now that makes me really nervous. Can you, or have you, put your > hook scripts themselves under source control so that you can record changes > between what works and what does not? It can sometimes be very handy to > Subversion repository scripts and configurations, themselves, under RCS or > git source control on the local host while you work this sort of thing out. > > That this worked a little while ago makes me very nervous about underlying > system changes on the server itself, potentially including someone cracking > your server. Can you start over in a test environment? > > >> -----Ursprüngliche Nachricht----- >> Von: Nico Kadel-Garcia [mailto:nka...@gmail.com] >> Gesendet: Donnerstag, 26. Juni 2014 13:47 >> An: Korte, Michael Johannes >> Cc: users@subversion.apache.org; Kocsis, Zoltan; Seelaender, Robin; >> von Schoenebeck, Florian >> Betreff: Re: Problem with subversion hooks scripts under Linux Apache >> Dav >> >> On Thu, Jun 26, 2014 at 4:20 AM, Korte, Michael Johannes >> <michael.ko...@zeiss.com> wrote: >>> Hello all, >>> >>> >>> >>> I have a very strange problem with subVersion Hook scripts under >>> Ubuntu Linux (Ubuntu 12.04.4 LTS (GNU/Linux 3.2.0-64-generic >>> x86_64))., when accessing the repository via Apache2 WebDav. I’m using >>> subversion 1.7.9 . >>> >>> >>> >>> The WebDav Configuration is as follows: >>> >>> <Location /sbox> >>> >>> DAV svn >>> >>> SVNPath /var/subversion/repos17/sbox >> >> Hmmm. This might be a hint. Do you have SELinux running? Can you test with >> it turned off? According to the Linux File System Hierarchy, I'd expect this >> material to be in "/var/www". >> >> Nico Kadel-Garcia >> >> >>> AuthType Basic >>> >>> AuthName "Subversion Sandbox Repository" >>> >>> AuthUserFile /etc/subversion/etc/svn-auth-file >>> >>> Require valid-user >>> >>> AuthzSVNAccessFile /etc/subversion/etc/svn-acl >>> >>> </Location> >>> >>> >>> >>> >>> >>> I tried with a post-commit hook (I wanted Trac to be informed about >>> commits >>> : /usr/bin/trac-admin /var/lib/trac/YourProject changeset added "$1" >>> "$2") but the same problem occurs also for all other hook scripts, no >>> difference what I use as content of the script. >>> >>> >>> >>> Let me explain my problem: >>> >>> >>> >>> I used a Tortoise Client on a remote Windows machine and tried there >>> a commit. I always got the error message: >>> >>> Failed to start '/var/subversion/repos17/sbox/hooks/post-commit' hook >>> >>> >>> >>> I tried all possible changes at my hook script and at the end it >>> consists only of the following two lines: >>> >>> #!/bin/sh >>> >>> /bin/echo "Dies ist ein Test fuer Pre-Commit." >>> >>> >>> >>> But I got still the same error message. >>> >>> The execute bit was set for the script and the file owner was www-data . >>> >>> >>> >>> A local call of the script works perfect: >>> >>> sudo -u www-data env - ./post-commit /var/subversion/repos17/sbox/ >>> 175 >>> >>> >>> >>> When I do a direct commit on the subVersion server (without apache >>> Dav >>> access: ) the post-commit script works fine. I could verify this >>> because after such a commit, the Trac shows the new changeset. >>> >>> >>> >>> The very strange thing was, that when I did the tests yesterday the >>> hook script (even called via Apache DAV from Tortoise at a remote >>> client) sporadically was executed but it also failed sporadically >>> without any changes in the script. >>> >>> I checked in google for similar problems and the only helpful hint I >>> found was an entry from 2008 : >>> http://www.wandisco.com/svnforum/threads/31927-Hook-does-not-work-%28 >>> a nd-yes-absolute-paths-are-used-*g*%29; >>> : The reason for this was, that the system only has limited resources >>> available, such as main memory. >>> After reducing the number of server processes and/or threads created >>> by Apache at startup, the SVN post-commit hook worked fine when >>> committing to the repository. ) >>> >>> >>> >>> I restarted apache service but it didn’t help. Also a reboot of the >>> complete machine did not help. htop showed that memory is still available: >>> >>> Mem : 125 /3954 MB >>> >>> Swp : 65 / 3068 >>> >>> >>> >>> I checked also the apache log but I found no relevant error message, >>> even when I used LogLevel debug in the apache2.conf . >>> >>> >>> >>> Can you please give me any hint what is wrong. >>> >>> >>> >>> Can I see in any log /trace why the hook script can not be started? >>> >>> >>> >>> Thanks in advance. >>> >>> >>> >>> Best regards Michael >>> >>>
