Login/Register
Subversion hook does not accept certificate permanently
Asked Answered
svnhooksvn-hooks
N

7

6

I hope someone will be able to answer my question.

I have Subversion set up, served by Apache2+SSL, doing web development.

I want a post-commit hook that runs svn update on my testing server, so when someone commits, it will automatically update the testing site. The hook doesn't work because the certificate is a self generated one and it's not trusted.

I've tried to accept (p)ermanently, but it doesn't.

Any ideas?

Nitrogenize answered 30/10, 2008 at 7:27 Comment(0)
M
9

root owned the .subversion folder in my $HOME, so i deleted it and ran 'svn up' again. Everything is good now.

Maracanda answered 26/2, 2009 at 18:21 Comment(2)
Voted Up because I googled for this answer and this pointed me in the right direction. '(p)' failing is because ~/.subversion is not owned by the current owner. fix it. if in doubt, run 'strace e-trace=file svn up' and see what file it silently errors on trying to writeRyswick
I had always wondered why SVN would not remember my saved passwords or trusted certs, and this was the answer I needed. Thanks!Cherice
H
6

Under Linux:

Here I fixed the problem by chmodding the files in $HOME/.subversion/auth/svn.ssl.server to -rw-r--r--. Apparently, if a server gets a new or upgraded certificate, It writes the new file, but doesn't add write-rights for itself. with -r--r--r-- rights the svn program works, but it can't write the "Accept permanently" flag to the file.. :)

Halfhardy answered 29/3, 2010 at 12:47 Comment(1)
Since this is the top result on google, I'll add that in our case it wasn't enough to give +w permission. We had to remove the saved certs inside ~/.subversion/auth/svn.ssl.server/ and let them be regenerated. Might help other people with the issue.Yokoyama
B
1

You didn't say what platform your testing server is running, but if it's a Windows box, then you need to add the certificate to your testing server's certificate store. The following technet articles might be of some use:

Barberabarberry answered 30/10, 2008 at 8:25 Comment(0)
F
1

It might be that subversion is running as a different user then the one you accepted the certificate with when called by the hook. Try to figure out the user (e.g., put "echo $USER > /tmp/svn-hook-user" in the post-commit hook script) and use sudo to accept the certificate as that user.

Alternatively, check out the Subversion book on how to set up your configuration so that self-signed certificates are accepted: SSL certificate management.

Fraya answered 30/10, 2008 at 12:0 Comment(0)
S
0

Are you using sudo or something in the script? Sudo usually cleans the environment variables so HOME doesn't exist. You must have writable home directory where subversion can store the information about permanently accepted certificate. So set HOME variable yourself in the beginning of the script and it should work.

Selfdriven answered 30/10, 2008 at 17:17 Comment(0)
R
0

Had the same issue setting this up on Window Server with Apache. The post commit hook would fail. I'm not sure about SVN stand alone but I use VisualSVN Server that runs as a Windows Service. The default user account for this service was Network Service - So I simply changed the account to my own admin account and every thing worked.

Rudolfrudolfo answered 22/8, 2010 at 2:38 Comment(0)
S
0

When your tesing site is on the same server use file:/// to checkout the repository to avoid the cert check.

svn co file:///path_to/your/repo
Sculptor answered 18/5, 2011 at 18:2 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.