[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

AW: SELInux disabled !AW: Problem with subversion hooks scripts under Linux Apache Dav

From: Korte, Michael Johannes <michael.korte_at_zeiss.com>
Date: Fri, 27 Jun 2014 07:36:57 +0000

Hello Nico Kadel-Gracia,

thanks a lot for your investigations and tips.
I doing these things in a test environment. Our plan is to switch the subversion server from a Windows sever to a Ubuntu Linux system. Therefore I'm doing the test now in a Linux test environment and only after everything is fine I will switch the Live-System to the Linux-Environment. So I can do in this test environment any testing/trace which could help to find the real reason for this curious problem.
Since yesterday afternoon I have put the hook-scripts for the first time into subversion.

But the day before yesterday when the hook scripts were working at least sporadically I noticed the following. As I was wondering that it worked sometimes and sometimes not, I did the following. When it worked I tried several commits without any change and I saw the following:
- Once only one commit was successful and all following failed with "failed to start ... hook"
- Once two or three commits were successful and only then all following failed with " failed to start ... hook"

After it failed a couple of times, I changed the hooks script and then I changed the hook script back and then it worked (sometimes) again for one or two tries.

Therefore I first thought it is really a memory problem, but as I told you restart of apache server and even reboot did not solve the problem.

I also thought inbetween it may be a problem that the repository was created by svnsync. But I checked also with a new created empty repository and got the same problem.

My biggest hope was that I can switch on some trace/additional logging to get some more detailed information why "Failed to start '/var/subversion/repos17/sbox/hooks/post-commit' hook" occurs.

I also deleted the *.tmp extension of the template hooks (*.tmp) and set the execute bit, but the result was the same "failed to start..."., when I tried with these template hooks. If the hook script itself has an error I would get a more detailed error message. I saw this the day before yesterday when the scripts worked at least sporadically. But why do I get now permanent failed to start.....

Can you please give me any hint which kind of further test I could do/try.

I tried also to change the entries in apache2.conf for StartServers and ThreadsPerChild but I had no success. To say the truth I'm here not sure what are really correct values. Or is it anywhere else possible to define some additional memory values for Apache WebDAV.

Thanks in advance.

Best regards Michael

 

-----Ursprüngliche Nachricht-----
Von: Nico Kadel-Garcia [mailto:nkadel_at_gmail.com]
Gesendet: Freitag, 27. Juni 2014 03:38
An: Korte, Michael Johannes
Cc: users_at_subversion.apache.org; Kocsis, Zoltan; Seelaender, Robin; von Schoenebeck, Florian
Betreff: Re: SELInux disabled !AW: Problem with subversion hooks scripts under Linux Apache Dav

On Thu, Jun 26, 2014 at 8:16 AM, Korte, Michael Johannes <michael.korte_at_zeiss.com> wrote:
> Hello Nico Kadel-Gracia,
>
> thanks for this promising hint. But I fear this is not the reason .
>
> I checked for SELinux and got disabled:
>
> selinuxenabled && echo enabled || echo disabled disabled
>
> Do you have any further idea?
>
> Especially how/where to check get any further log/trace information.
>
> And especially the very curious thing, that yesterday ythe hook scripts were working in this environment at least sporadically.
>
> Best regards
> Michael

That.... Now that makes me really nervous. Can you, or have you, put your hook scripts themselves under source control so that you can record changes between what works and what does not? It can sometimes be very handy to Subversion repository scripts and configurations, themselves, under RCS or git source control on the local host while you work this sort of thing out.

That this worked a little while ago makes me very nervous about underlying system changes on the server itself, potentially including someone cracking your server. Can you start over in a test environment?

> -----Ursprüngliche Nachricht-----
> Von: Nico Kadel-Garcia [mailto:nkadel_at_gmail.com]
> Gesendet: Donnerstag, 26. Juni 2014 13:47
> An: Korte, Michael Johannes
> Cc: users_at_subversion.apache.org; Kocsis, Zoltan; Seelaender, Robin;
> von Schoenebeck, Florian
> Betreff: Re: Problem with subversion hooks scripts under Linux Apache
> Dav
>
> On Thu, Jun 26, 2014 at 4:20 AM, Korte, Michael Johannes <michael.korte_at_zeiss.com> wrote:
>> Hello all,
>>
>>
>>
>> I have a very strange problem with subVersion Hook scripts under
>> Ubuntu Linux (Ubuntu 12.04.4 LTS (GNU/Linux 3.2.0-64-generic
>> x86_64))., when accessing the repository via Apache2 WebDav. I’m using subversion 1.7.9 .
>>
>>
>>
>> The WebDav Configuration is as follows:
>>
>> <Location /sbox>
>>
>> DAV svn
>>
>> SVNPath /var/subversion/repos17/sbox
>
> Hmmm. This might be a hint. Do you have SELinux running? Can you test with it turned off? According to the Linux File System Hierarchy, I'd expect this material to be in "/var/www".
>
> Nico Kadel-Garcia
>
>
>> AuthType Basic
>>
>> AuthName "Subversion Sandbox Repository"
>>
>> AuthUserFile /etc/subversion/etc/svn-auth-file
>>
>> Require valid-user
>>
>> AuthzSVNAccessFile /etc/subversion/etc/svn-acl
>>
>> </Location>
>>
>>
>>
>>
>>
>> I tried with a post-commit hook (I wanted Trac to be informed about
>> commits
>> : /usr/bin/trac-admin /var/lib/trac/YourProject changeset added "$1"
>> "$2") but the same problem occurs also for all other hook scripts, no
>> difference what I use as content of the script.
>>
>>
>>
>> Let me explain my problem:
>>
>>
>>
>> I used a Tortoise Client on a remote Windows machine and tried there
>> a commit. I always got the error message:
>>
>> Failed to start '/var/subversion/repos17/sbox/hooks/post-commit' hook
>>
>>
>>
>> I tried all possible changes at my hook script and at the end it
>> consists only of the following two lines:
>>
>> #!/bin/sh
>>
>> /bin/echo "Dies ist ein Test fuer Pre-Commit."
>>
>>
>>
>> But I got still the same error message.
>>
>> The execute bit was set for the script and the file owner was www-data .
>>
>>
>>
>> A local call of the script works perfect:
>>
>> sudo -u www-data env - ./post-commit /var/subversion/repos17/sbox/
>> 175
>>
>>
>>
>> When I do a direct commit on the subVersion server (without apache
>> Dav
>> access: ) the post-commit script works fine. I could verify this
>> because after such a commit, the Trac shows the new changeset.
>>
>>
>>
>> The very strange thing was, that when I did the tests yesterday the
>> hook script (even called via Apache DAV from Tortoise at a remote
>> client) sporadically was executed but it also failed sporadically
>> without any changes in the script.
>>
>> I checked in google for similar problems and the only helpful hint I
>> found was an entry from 2008 :
>> http://www.wandisco.com/svnforum/threads/31927-Hook-does-not-work-%28
>> a nd-yes-absolute-paths-are-used-*g*%29;
>> : The reason for this was, that the system only has limited resources
>> available, such as main memory.
>> After reducing the number of server processes and/or threads created
>> by Apache at startup, the SVN post-commit hook worked fine when
>> committing to the repository. )
>>
>>
>>
>> I restarted apache service but it didn’t help. Also a reboot of the
>> complete machine did not help. htop showed that memory is still available:
>>
>> Mem : 125 /3954 MB
>>
>> Swp : 65 / 3068
>>
>>
>>
>> I checked also the apache log but I found no relevant error message,
>> even when I used LogLevel debug in the apache2.conf .
>>
>>
>>
>> Can you please give me any hint what is wrong.
>>
>>
>>
>> Can I see in any log /trace why the hook script can not be started?
>>
>>
>>
>> Thanks in advance.
>>
>>
>>
>> Best regards Michael
>>
>>
Received on 2014-06-27 09:37:30 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.