You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Darrell Blake <da...@gmail.com> on 2008/03/23 16:01:25 UTC
Subversion and FreeBSD permission problems
I'm fairly new to FreeBSD and SVN but myself and a few developer
friends are undertaking a small project and I've been tasked with
getting the source control working. I decided to use FreeBSD for the
server for numerous reasons, stability and security among them. I'm no
stranger to Unix, however, I've been using Linux for a long time.
Anyway, my server is up and running and I've install svn via the ports
system (acquire from portsnap). I have set up a repository in
/usr/local/svn/repository via "svnadmin create
/usr/local/svn/repository" and imported a test project into it via
"svn import TestProject file:///usr/local/svn/repository/TestProject".
I then fired off the deamon server via "svnserve -d -r
/usr/local/svn/repository" which all seems to have worked well.
The thing is, I can't actually perform a checkout of the repository
via the server.
If I move into a temp directory and do "svn checkout
file:///usr/local/svn/repository/TestProject" it works fine but if I
do "svn svn://127.0.0.1/TestProject" I get an error stating "svn:
Can't connect to host '127.0.0.1': Connection refused".
Also, if I try and use TortoiseSVN to browse the repository externally
I get an error stating "Error * Can't connect to host '192.168.0.10':
No connection could be made because the target machine actively
refused it."
Does anyone have any idea what I could be doing wrong? I've been
reading the free O'Reilly Subversion book but I'm a bit clueless. I
suspect it's something to do with permissions on FreeBSD but I just
don't know enough about it =o)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Subversion and FreeBSD permission problems
Posted by Darrell Blake <da...@gmail.com>.
> But have you already tried passing a --listen-host option to svnserve?
Well, you've managed to fix it. Cheers =o)
When I launched svnserver with --listen-host 192.168.0.10 it must have
realised that the interface only supports IPV4 and launched the server
accordingly.
When I launched the server without --listen-host there were no
services found when I did "netstat inet" but it was there under
"netstat inet6". When I launched it WITH --listen-host it's now there
under "netstat inet" and not under "netstat inet6".
I just tested browsing the repository from TortoiseSVN on an external
machine and it's all working now.
Thanks again.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Subversion and FreeBSD permission problems
Posted by Stefan Sperling <st...@elego.de>.
On Mon, Mar 24, 2008 at 10:53:09AM +0000, Darrell Blake wrote:
> > You might want to check the firewall configuration on the machine you
> > are trying to connect to, and verify that svnserve is really running
> > on the server, and listening on the default port (3690 I believe).
>
> Hmm. I think I may have found a possible problem. When I run a
> "sockstat" I get the following output for the svn server:
>
> USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
> redneon svnserve 1336 3 tcp6 *:3690
> *:*
>
> It looks like the server is running under IPV6 as it's using the tcp6
> protocol. Maybe it's having trouble because I'm trying to access the
> server from an IPV4 based network...
>
> I wonder if there's any way to recompile svn to us IPV4...
Subversion relies on APR to handle the networking protocol business,
so recompiling Subversion itself won't help you. You could try recompiling
APR without IPv6 support, but I don't think this is the right approach.
Doing this with the system APR might break other programs on your system,
so if you go down that route you should make sure that only Subversion
links to the IPv4-only APR. You might even want to link Subversion statically
in order to make sure, this way the IPv4-only APR library does not end
up being potentially accessible by other programs.
But have you already tried passing a --listen-host option to svnserve?
What do these commands print with and without passing this option?
netstat -an -f inet | grep 3690
netstat -an -f inet6 | grep 3690
This is what it looks like on an OpenBSD machine I'm running
svnserve on (FreeBSD may differ slightly):
$ netstat -an -f inet | grep 3690
tcp 0 0 130.133.110.101.3690 *.* LISTEN
svnserve is started with:
/usr/local/bin/svnserve --daemon \
--listen-host 130.133.110.101 \
--read-only \
--root=/svnroot
The box in quesion does not use IPv6, however.
Also note that svnserve's behaviour wrt IPv6 is an open isssue.
Quoting Joe Orton in http://subversion.tigris.org/issues/show_bug.cgi?id=2382
Making svnserve itself work correctly is more subtle. It should be
binding and listening on multiple sockets if the sockaddr_info_get call
returns multiple address; it needs to take account of the whether the OS
allows V4-mapped addresses to get sensible defaults; when using multiple
sockets it needs to make them all non-blocking and poll across them, etc
etc etc
(i.e. it needs to reimplement a whole bunch of the logic from httpd)
AFAIK the above hasn't been done yet.
Hope this helps,
--
Stefan Sperling <st...@elego.de> Software Developer
elego Software Solutions GmbH HRB 77719
Gustav-Meyer-Allee 25, Gebaeude 12 Tel: +49 30 23 45 86 96
13355 Berlin Fax: +49 30 23 45 86 95
http://www.elego.de Geschaeftsfuehrer: Olaf Wagner
Re: Subversion and FreeBSD permission problems
Posted by Darrell Blake <da...@gmail.com>.
> You might want to check the firewall configuration on the machine you
> are trying to connect to, and verify that svnserve is really running
> on the server, and listening on the default port (3690 I believe).
Hmm. I think I may have found a possible problem. When I run a
"sockstat" I get the following output for the svn server:
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
redneon svnserve 1336 3 tcp6 *:3690
*:*
It looks like the server is running under IPV6 as it's using the tcp6
protocol. Maybe it's having trouble because I'm trying to access the
server from an IPV4 based network...
I wonder if there's any way to recompile svn to us IPV4...
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Subversion and FreeBSD permission problems
Posted by Stefan Sperling <st...@elego.de>.
On Sun, Mar 23, 2008 at 11:06:09PM +0000, Darrell Blake wrote:
> My make_connection() function in client.c looks like the below, which
> is correct as of the patch. Excuse the lack of indentation but I was
> in a hurry to see if it worked =o)
It's a bit hard this way for others to see if you applied the change
correctly. I took the time to re-indent your code and compare it to
a 1.4.x backport I did myself. Turns out your code looks OK.
> I can't help but think it's something to do with permissions.
You don't mean filesystem permissions, but firewall configuration, right?
> I've just tried to do an SVN checkout using TortoiseSVN on
> svn://192.168.0.10/TestProject on an external windows box and I just
> get the error "Error: Can't connect to host '192.168.0.10': No
> connection could be made because the target machine actively refused
> it."
This seems to be a different problem than the one the patch I
proposed is addressing, since you are specifing an IP address
explicitely.
Looking back in the tread, I just realised you also specified an IP
address the first time around (127.0.0.1 instead of localhost),
so I was actually misleading you by proposing the patch, which
fixes a problem related to specifying a hostname, not an IP.
Sorry, I should have read your mail more carefully. :(
You might want to check the firewall configuration on the machine you
are trying to connect to, and verify that svnserve is really running
on the server, and listening on the default port (3690 I believe).
--
Stefan Sperling <st...@elego.de> Software Developer
elego Software Solutions GmbH HRB 77719
Gustav-Meyer-Allee 25, Gebaeude 12 Tel: +49 30 23 45 86 96
13355 Berlin Fax: +49 30 23 45 86 95
http://www.elego.de Geschaeftsfuehrer: Olaf Wagner
Re: Subversion and FreeBSD permission problems
Posted by Darrell Blake <da...@gmail.com>.
I applied the patch from the diff manually as there were only a few
changes, but I'm still getting the same problem.
My make_connection() function in client.c looks like the below, which
is correct as of the patch. Excuse the lack of indentation but I was
in a hurry to see if it worked =o)
static svn_error_t *make_connection(const char *hostname, unsigned short port,
apr_socket_t **sock, apr_pool_t *pool)
{
apr_sockaddr_t *sa;
apr_status_t status;
int family = APR_INET;
/* Make sure we have IPV6 support first before giving apr_sockaddr_info_get
APR_UNSPEC, because it may give us back an IPV6 address even if we can't
create IPV6 sockets. */
#if APR_HAVE_IPV6
#ifdef MAX_SECS_TO_LINGER
status = apr_socket_create(sock, APR_INET6, SOCK_STREAM, pool);
#else
status = apr_socket_create(sock, APR_INET6, SOCK_STREAM,
APR_PROTO_TCP, pool);
#endif
if (status == 0)
{
apr_socket_close(*sock);
family = APR_UNSPEC;
}
#endif
/* Resolve the hostname. */
status = apr_sockaddr_info_get(&sa, hostname, family, port, 0, pool);
if (status)
return svn_error_createf(status, NULL, _("Unknown hostname '%s'"),
hostname);
/* Create the socket. */
do
{
#ifdef MAX_SECS_TO_LINGER
/* ### old APR interface */
status = apr_socket_create(sock, sa->family, SOCK_STREAM, pool);
#else
status = apr_socket_create(sock, sa->family, SOCK_STREAM, APR_PROTO_TCP,
pool);
#endif
if (status == APR_SUCCESS)
{
status = apr_socket_connect(*sock, sa);
if (status != APR_SUCCESS)
apr_socket_close(*sock);
}
sa = sa->next;
}
while(status != APR_SUCCESS && sa);
if (status)
return svn_error_wrap_apr(status, _("Can't connect to host '%s'"),
hostname);
return SVN_NO_ERROR;
}
I can't help but think it's something to do with permissions. I've
just tried to do an SVN checkout using TortoiseSVN on
svn://192.168.0.10/TestProject on an external windows box and I just
get the error "Error: Can't connect to host '192.168.0.10': No
connection could be made because the target machine actively refused
it."
On Sun, Mar 23, 2008 at 5:54 PM, Stefan Sperling <st...@elego.de> wrote:
>
> The bug is present in 1.4.
>
> See the make_connection function in
> http://svn.collab.net/repos/svn/branches/1.4.x/subversion/libsvn_ra_svn/client.c
>
> It just tries the first address given to it by APR.
> After the call to apr_sockaddr_info_get, the sa variable may be
> the head of a *list* to addres*ses*, not just a single address.
> 1.4 isn't walking the list.
>
> Trunk is now walking the list, see the same function in
> http://svn.collab.net/repos/svn/trunk/subversion/libsvn_ra_svn/client.c
>
> However, the APR version Stefan Küng linked his 1.4 binaries with may
> have no IPv6 support, in which case the bug isn't triggered.
>
> Well, unless you want to connect to an IPv4 host with multiple DNS
> A records (i.e. the hostname resolves to more than one IP).
> In this case the bug is also triggered, since only the first IPv4 address
> is tried. If the server isn't configured to accept connections on the
> svnserve port on that IP, you can't connect. This is arguably a server
> setup error though, so in practice the bug bites IPv4/IPv6 dual stack
> servers connecting to themselves the most, because there 'localhost'
> always resolves to two IPs, one for IPv4 and one for IPv6.
>
> --
>
>
> Stefan Sperling <st...@elego.de> Software Developer
> elego Software Solutions GmbH HRB 77719
> Gustav-Meyer-Allee 25, Gebaeude 12 Tel: +49 30 23 45 86 96
> 13355 Berlin Fax: +49 30 23 45 86 95
> http://www.elego.de Geschaeftsfuehrer: Olaf Wagner
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Subversion and FreeBSD permission problems
Posted by Stefan Sperling <st...@elego.de>.
On Sun, Mar 23, 2008 at 05:39:03PM +0000, Darrell Blake wrote:
> Hmm. Ok, I'll give it a go.
>
> One thing I would meniton though is that in the first link you
> provided the poster states that everything works with 1.4 and it's 1.5
> where the bug exists.
>
> As I'm using 1.4 I would assume this isn't the problem... or am I
> missing something? =o)
The bug is present in 1.4.
See the make_connection function in
http://svn.collab.net/repos/svn/branches/1.4.x/subversion/libsvn_ra_svn/client.c
It just tries the first address given to it by APR.
After the call to apr_sockaddr_info_get, the sa variable may be
the head of a *list* to addres*ses*, not just a single address.
1.4 isn't walking the list.
Trunk is now walking the list, see the same function in
http://svn.collab.net/repos/svn/trunk/subversion/libsvn_ra_svn/client.c
However, the APR version Stefan Küng linked his 1.4 binaries with may
have no IPv6 support, in which case the bug isn't triggered.
Well, unless you want to connect to an IPv4 host with multiple DNS
A records (i.e. the hostname resolves to more than one IP).
In this case the bug is also triggered, since only the first IPv4 address
is tried. If the server isn't configured to accept connections on the
svnserve port on that IP, you can't connect. This is arguably a server
setup error though, so in practice the bug bites IPv4/IPv6 dual stack
servers connecting to themselves the most, because there 'localhost'
always resolves to two IPs, one for IPv4 and one for IPv6.
--
Stefan Sperling <st...@elego.de> Software Developer
elego Software Solutions GmbH HRB 77719
Gustav-Meyer-Allee 25, Gebaeude 12 Tel: +49 30 23 45 86 96
13355 Berlin Fax: +49 30 23 45 86 95
http://www.elego.de Geschaeftsfuehrer: Olaf Wagner
Re: Subversion and FreeBSD permission problems
Posted by Darrell Blake <da...@gmail.com>.
Hmm. Ok, I'll give it a go.
One thing I would meniton though is that in the first link you
provided the poster states that everything works with 1.4 and it's 1.5
where the bug exists.
As I'm using 1.4 I would assume this isn't the problem... or am I
missing something? =o)
On Sun, Mar 23, 2008 at 4:29 PM, Stefan Sperling <st...@elego.de> wrote:
>
> This was fixed in trunk just yesterday.
>
> See this thread:
> http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=136241
>
> Also see the issue: http://subversion.tigris.org/issues/show_bug.cgi?id=2382
>
> ... and the commit message for the fix:
> http://subversion.tigris.org/servlets/ReadMsg?list=svn&msgNo=35298
>
> The patch that fixes the problem is here if you want to apply
> it locally (it should apply to 1.4 without much tweaking, let
> me know if you need help backporting it):
>
> http://subversion.tigris.org/nonav/issues/showattachment.cgi/858/svn_rasvnaddr-stsp.diff
>
> --
> Stefan Sperling <st...@elego.de> Software Developer
> elego Software Solutions GmbH HRB 77719
> Gustav-Meyer-Allee 25, Gebaeude 12 Tel: +49 30 23 45 86 96
> 13355 Berlin Fax: +49 30 23 45 86 95
> http://www.elego.de Geschaeftsfuehrer: Olaf Wagner
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Subversion and FreeBSD permission problems
Posted by Stefan Sperling <st...@elego.de>.
On Sun, Mar 23, 2008 at 04:01:25PM +0000, Darrell Blake wrote:
> If I move into a temp directory and do "svn checkout
> file:///usr/local/svn/repository/TestProject" it works fine but if I
> do "svn svn://127.0.0.1/TestProject" I get an error stating "svn:
> Can't connect to host '127.0.0.1': Connection refused".
This was fixed in trunk just yesterday.
See this thread:
http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=136241
Also see the issue: http://subversion.tigris.org/issues/show_bug.cgi?id=2382
... and the commit message for the fix:
http://subversion.tigris.org/servlets/ReadMsg?list=svn&msgNo=35298
The patch that fixes the problem is here if you want to apply
it locally (it should apply to 1.4 without much tweaking, let
me know if you need help backporting it):
http://subversion.tigris.org/nonav/issues/showattachment.cgi/858/svn_rasvnaddr-stsp.diff
--
Stefan Sperling <st...@elego.de> Software Developer
elego Software Solutions GmbH HRB 77719
Gustav-Meyer-Allee 25, Gebaeude 12 Tel: +49 30 23 45 86 96
13355 Berlin Fax: +49 30 23 45 86 95
http://www.elego.de Geschaeftsfuehrer: Olaf Wagner