Subversion

Source Code Repository

Sun Ray User Group members are located all around the world. To enable everyone to work together on our software projects, we keep the source code in Internet-accessible revision control system called Subversion. Also commonly referred to as svn or SVN, Subversion is an open source application, designed specifically to be a modern replacement for CVS and shares a number of the same key developers.

Revision control (also known as version control, source control or (source) code management (SCM)) is the management of multiple revisions of the same unit of information. It is most commonly used in engineering and software development to manage ongoing development of digital documents like application source code, art resources such as blueprints or electronic models and other critical information that may be worked on by a team of people. Changes to these documents are identified by incrementing an associated number or letter code, termed the "revision number", "revision level", or simply "revision" and associated historically with the person making the change. A simple form of revision control, for example, has the initial issue of a drawing assigned the revision number "1". When the first change is made, the revision number is incremented to "2" and so on.

svn.sun-rays.org facts

• svn.sun-rays.org runs Subversion 1.4.3
• HTTPS is used. standard HTTP access is not available. note that we use a non-standard HTTPS port: 4443.
• mod_dav_svn is currently used.
• the repository is write-restricted. read access is granted to all users.
• svnserve is not supported, nor is svn+ssh.

There are several ways to access the Subversion repository:

Web Access

If you just wish to browse around or download a few individual files, the best tool is the web-based ViewVC interface for Subversion or go straight to the public repository at https://svn.sun-rays.org:4443/.

Anonymous access

To access the Subversion repository, you will need a Subversion client. You can browse the repository via https://svn.sun-rays.org:4443/.

Choose the project that you would like and check it out. For example, to get the newest code for the Remote Control Toolkit (SUNWutRC), use:

svn checkout https://svn.sun-rays.org:4443/SUNWutRC/trunk SUNWutRC

For more help on using Subversion, consult the Subversion website or Subversion book. The web site provides a list of clients and useful links.

How to get commit access

Members with commit rights will access the repository through their SunRay-Users mailing list mailman accounts. To activate your account you need to fill-in the Commit access request form. You will be notified by e-mail when your account is active.

I M P O R T A N T

• username: the first part of your e-mail address will be used as username (e.g. if you are subscribed to the SunRay-Users mailing list with the e-mail address: hihi_mihi@mydomain.org, the svn commit access username will be: hihi_mihi)
• password [1]: your current mailman account password will be used. Note that if you subsequently change your mailman password the svn account password will NOT be automatically updated. You may request that your svn password is synced by re-submitting the request form.

[1]

If you do not remember your current mailman password you can get a password reminder by visiting the SunRay-Users Info Page.

It is recommended that you change your mailman password prior to submitting your svn commit access account request. The mailman password can be changed by visiting the mailman options web page: http://www.filibeto.org/mailman/options/sunray-users/<e-mail-address>

Subversion client

You can install Subversion by compiling its source code release directly, or you can install one of the prepackaged binaries if there is one for your operating system. Unless a release has "alpha", "beta", or "rc" in its name, it is tested and considered stable for production use.
Binaries for Sun Solaris (SPARC and x86) can be obtained from:

• sunfreeware.com
• blastwave.org

Client configuration

We currently use HTTPS basic authentication for logging in to Subversion. Committers will need to properly configure their svn client. One particular issue is OS-specific line-endings for text files. When you add a new text file, especially when applying patches from Bugzilla, first ensure that the line-endings are appropriate for your system, then do ...

svn add test.txt
svn propset svn:eol-style native test.txt

Your svn client can be configured to do that automatically for some common file types. Add the list to your ~/.subversion/config file. However, you should still pay attention to the messages from your svn client when you do 'svn commit'.

SSL Server certificate

The server certificate for https://svn.sun-rays.org/ is signed by filibeto.org's own Certificate Authority. filibeto's root CA certificate can be obtained from: http://www.filibeto.org/CA/. You will need to verify the authenticity of the certificate and configure the Subversion client to use it.

• Download the certificate from: http://www.filibeto.org/CA/ and place it in a convenient secure place:

$wget http://www.filibeto.org/CA/filibetoCA.CRT

• Verify the authenticity of the certificate:

$digest -a sha1 filibetoCA.CRT
<output omitted>
and
$digest -a md5 filibetoCA.CRT
<output omitted>

and compare the results against the certificate fingerprint given on the website (http://www.filibeto.org/CA/)

Alternatively you could use:

$openssl sha1 filibetoCA.CRT
SHA1(filibetoCA.CRT)= <output omitted>
and
$openssl md5 filibetoCA.CRT
MD5(filibetoCA.CRT)= <output omitted>

Use gnupg to verify the detached signature of the certificate. Information on how to use gnupg can be found in the The GNU Privacy Handbook. you will need to have both files downloaded:

the root certificate itself:
http://www.filibeto.org/CA/filibetoCA.CRT
and the detached signature:
http://www.filibeto.org/CA/filibetoCA.CRT.sig

Information for the key used to sign the root certificate can be found at:

• http://www.filibeto.org/CA/
• http://www.filibeto.org/~aduritz/#gnupg

(sample output)
$gpg --verify filibetoCA.CRT.sig filibetoCA.CRT
gpg: Signature made Mon Mar 19 08:32:26 2007 EET using DSA key ID 85D865DB
gpg: Good signature from "Stoyan Angelov (filibeto.org) <s_angelov at filibeto.org>"

You may also issue openssl x509 -text -in /path/to/certificate/file/filibetoCA.CRT to verify that the certificate’s data (issuer, company name, validity, etc.) looks correct.

• Configure the Subversion client:

Now that you’ve got a certificate in PEM format and verified it edit your ~/.subversion/servers file. In the [globals] section, add the line:

ssl-authority-files = /path/to/certificate/file/filibetoCA.CRT

Note that the ssl-authority-files option is a colon-delimited list.

• Test the Subversion client:

$svn list https://svn.sun-rays.org:4443/
SUNWutRC/

if you get the output above then everything works ok!

If the certificate is not installed correctly you will be prompted for a manual validation:

$svn list https://svn.sun-rays.org:4443/
Error validating server certificate for 'https://svn.sun-rays.org:4443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
Certificate information:
 - Hostname: svn.sun-rays.org
 - Valid: from Sun, 18 Mar 2007 17:37:24 GMT until Mon, 17 Mar 2008 17:37:24 GMT
 - Issuer: BG, Plovdiv Area, Plovdiv, filibeto.org, Certificate Authority, 
filibeto.org CA, support@filibeto.org
 - Fingerprint: 86:bf:db:71:5f:18:38:15:ab:45:1f:54:84:90:ec:94:ca:35:f8:2f
(R)eject, accept (t)emporarily or accept (p)ermanently?