You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Zorba the Hutt <zo...@uswest.net> on 2004/03/02 21:31:16 UTC
password-db failure?
I'm trying to set up svnserve with a source repository, and, well, it isn't
working :) I've narrowed down the weirdness finally. Without a password-db,
it seems to work fine (though with no security so this obviously isn't a
very tenable solution). With a password-db, I get the error that my
respository doesn't exist. I can comment the line out and put it back and
duplicate this behavior as many times as I want, with an otherwise-empty
svnserve.conf (well, [general] before the password-db line.)
svnserve.conf:
----
[general]
password-db = ../../users
----
(or - same behavior)
----
[general]
password-db = /usr/local/svn/users
----
/usr/local/svn/users:
----
[users]
myusername = mypassword
----
With password-db commented out/removed, I get:
----
$ svn import mv svn://servername/mv --username myusername
Log message unchanged or not specified
a)bort, c)ontinue, e)dit
c
svn: Connection is read-only
----
With it not commented out, I get:
----
$ svn import mv svn://servername/mv --username myusername
Log message unchanged or not specified
a)bort, c)ontinue, e)dit
c
svn: 'mv' does not exist
----
Any suggestions? This is getting annoying. :P I'm starting the daemon
with -d -r /usr/local/svn, btw. Thanks,
-Ben
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: password-db failure?
Posted by Ben Wilhelm <zo...@uswest.net>.
Looks like that worked. I doubt my virtual machine has direct enough
hardware access for the hw_random device - it's a VPS. Probably also why it
didn't get much entropy - presumably it only gets packets that are forwarded
to it, and it has no mouse/keyboard.
Anyway, maybe it should spit out warnings or something if /dev/random
appears to be blocking for a long time? Or maybe /dev/random shouldn't be
used at all if it's not necessary - one of those things where it tells you
"if you have a good /dev/random and need maximum security, use this switch".
Or just use it for seeding?
Anyway. Works now.
-Ben
----- Original Message -----
From: "Jani Averbach" <ja...@jaa.iki.fi>
To: "Tobias Ringström" <to...@ringstrom.mine.nu>
Cc: "Ben Wilhelm" <zo...@uswest.net>; <us...@subversion.tigris.org>
Sent: Friday, March 05, 2004 1:12 PM
Subject: Re: password-db failure?
> On 2004-03-05 18:59+0100, Tobias Ringström wrote:
> > Ben Wilhelm wrote:
> >
> > >Anybody have a clue how to fix this? Should I just, like, cat the
kernel
> > >source into /dev/random and hope that fixes it? ;) Or is there a better
> > >way?
> >
> > The kernel has two devices, /dev/random which provide better randomness
> > and blocks, and /dev/urandom which can provide less random data but does
> > not block. I think it's possible to configure APR to use /dev/urandom
> > instead of /dev/random.
>
> apr/configure --with-devrandom=/dev/urandom or
>
> There is is also hw_random device driver for some mb in Linux kernel (and
> probably in *BSD).
>
> CONFIG_HW_RANDOM:
> This driver provides kernel-side support for the Random
> Number Generator hardware found on Intel i8xx-based
> motherboards, AMD 76x-based motherboards, and Via Nehemiah CPUs.
>
> I just hit in that by myself.
> http://www.contactor.se/~dast/svn/archive-2004-03/0143.shtml
>
> BR, Jani
>
> --
> Jani Averbach
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: password-db failure?
Posted by Jani Averbach <ja...@jaa.iki.fi>.
On 2004-03-05 18:59+0100, Tobias Ringström wrote:
> Ben Wilhelm wrote:
>
> >Anybody have a clue how to fix this? Should I just, like, cat the kernel
> >source into /dev/random and hope that fixes it? ;) Or is there a better
> >way?
>
> The kernel has two devices, /dev/random which provide better randomness
> and blocks, and /dev/urandom which can provide less random data but does
> not block. I think it's possible to configure APR to use /dev/urandom
> instead of /dev/random.
apr/configure --with-devrandom=/dev/urandom or
There is is also hw_random device driver for some mb in Linux kernel (and
probably in *BSD).
CONFIG_HW_RANDOM:
This driver provides kernel-side support for the Random
Number Generator hardware found on Intel i8xx-based
motherboards, AMD 76x-based motherboards, and Via Nehemiah CPUs.
I just hit in that by myself.
http://www.contactor.se/~dast/svn/archive-2004-03/0143.shtml
BR, Jani
--
Jani Averbach
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: password-db failure?
Posted by Tobias Ringström <to...@ringstrom.mine.nu>.
Ben Wilhelm wrote:
> Anybody have a clue how to fix this? Should I just, like, cat the kernel
> source into /dev/random and hope that fixes it? ;) Or is there a better way?
The kernel has two devices, /dev/random which provide better randomness
and blocks, and /dev/urandom which can provide less random data but does
not block. I think it's possible to configure APR to use /dev/urandom
instead of /dev/random. I'm surprised that the default is /dev/random.
/Tobias
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: password-db failure?
Posted by Ben Wilhelm <zo...@uswest.net>.
Oooh. That's a very cool utility. I didn't know about that one.
It looks to me like /dev/random is blocking quite nastily. (And this time,
it only took about 30 seconds . . . go figure.) svn.strace, around the
important area:
17:41:07 connect(3, {sa_family=AF_INET, sin_port=htons(3690),
sin_addr=inet_addr("127.0.0.1")}, 16) = 0
(large amount of uninteresting stuff)
17:41:07 write(3, "( CRAM-MD5 ( ) ) ", 17) = 17
17:41:07 read(3, "( step ( 52:<5717741632206738798"..., 4096) = 69
17:41:43 write(3, "38:zorba 7db8a2c4e537e888c7a3d49"..., 42) = 42
17:41:43 read(3, "( success ( ) ) ( success ( 36:0"..., 4096) = 94
It's waiting for svnserve to reply, as near as I can tell, and
svnserve.strace:
1097 17:41:07 munmap(0x40099000, 4096) = 0
1097 17:41:07 write(4, "( success ( ( CRAM-MD5 ) 2:mv ) "..., 34) = 34
1097 17:41:07 read(4, "( CRAM-MD5 ( ) ) ", 4096) = 17
1097 17:41:07 open("/dev/random", O_RDONLY) = 14
1097 17:41:07 read(14, "n\25%y\270", 8) = 5
1097 17:41:07 read(14, "\177", 3) = 1
1097 17:41:07 read(14, "YO", 2) = 2
1097 17:41:43 close(14) = 0
1097 17:41:43 uname({sys="Linux", node="(censored)", ...}) = 0
1097 17:41:43 gettimeofday({1078508503, 171557}, NULL) = 0
1097 17:41:43 write(4, "( step ( 52:<5717741632206738798"..., 69) = 69
So, yeah. Blocking on /dev/random. I'm guessing the entropy pool is empty -
reading through the /dev/random docs, it seems like it tries to accumulate
entropy from system hardware. Unfortunately this is a VPS, and so there
isn't really any physical hardware with entropy available to it -
everything's virtual through VPS drivers. I have no idea if that would make
any difference, but . . . there's the problem, at least.
Anybody have a clue how to fix this? Should I just, like, cat the kernel
source into /dev/random and hope that fixes it? ;) Or is there a better way?
Thanks,
-Ben
----- Original Message -----
From: "Tobias Ringstrom" <to...@ringstrom.mine.nu>
To: "Ben Wilhelm" <zo...@uswest.net>
Cc: <us...@subversion.tigris.org>
Sent: Thursday, March 04, 2004 4:29 PM
Subject: Re: password-db failure?
> Ben Wilhelm wrote:
> > make install
> > mkdir /usr/local/svn
> > svnadmin create /usr/local/svn/mv
> > ( edit /usr/local/svn/users to contain [users] \n username = password
\n)
> > ( edit /usr/local/svn/mv/conf/svnserve.conf to contain [general] \n
> > password-db = ../../users \n)
> > svnserve -d -r /usr/local/svn
> > cd ~
> > mkdir mv
> > touch mv/foo.bar
> > svn import mv svn://localhost/mv
>
> That's a nice reproduction recepie, thanks!
>
> > . . . and grr. Now it seems to be working - sort of - it's back to the
> > five-minute delay-before-doing-anything. At least, it takes five minutes
to
> > authenticate my password, during which it uses 0% CPU.
>
> What??? Five minutes? Something is very weird indeed. If you're on
> Linux, you can run svnserve under strace like this:
>
> strace -t -f -o svnserve.strace svnserve -d -r /usr/local/svn
>
> and checkout like this:
>
> strace -t -o svn.strace svn import mv svn://localhost/mv
>
> If you study svnserve.strace and svn.strace after it's done, you
> should be able to figure out why it's waiting for five minutes.
> Another way is to use a debugger. Add --enable-maintainer-mode to
> configure to compile with debug info.
>
> /Tobias
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: password-db failure?
Posted by Tobias Ringstrom <to...@ringstrom.mine.nu>.
Ben Wilhelm wrote:
> make install
> mkdir /usr/local/svn
> svnadmin create /usr/local/svn/mv
> ( edit /usr/local/svn/users to contain [users] \n username = password \n)
> ( edit /usr/local/svn/mv/conf/svnserve.conf to contain [general] \n
> password-db = ../../users \n)
> svnserve -d -r /usr/local/svn
> cd ~
> mkdir mv
> touch mv/foo.bar
> svn import mv svn://localhost/mv
That's a nice reproduction recepie, thanks!
> . . . and grr. Now it seems to be working - sort of - it's back to the
> five-minute delay-before-doing-anything. At least, it takes five minutes to
> authenticate my password, during which it uses 0% CPU.
What??? Five minutes? Something is very weird indeed. If you're on
Linux, you can run svnserve under strace like this:
strace -t -f -o svnserve.strace svnserve -d -r /usr/local/svn
and checkout like this:
strace -t -o svn.strace svn import mv svn://localhost/mv
If you study svnserve.strace and svn.strace after it's done, you
should be able to figure out why it's waiting for five minutes.
Another way is to use a debugger. Add --enable-maintainer-mode to
configure to compile with debug info.
/Tobias
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: password-db failure?
Posted by Ben Wilhelm <zo...@uswest.net>.
I'm running 1.0.0, compiled from source on Debian. I don't know enough about
scripting to know how to write a script - all I've done is compile/install
it (I was having different trouble with the testing package - it would take
a few minutes for it to respond to any remote connection over svn://, even
if the remote connection was from localhost), start svnserve -d -r
/usr/local/svn, and svnadmin create /usr/local/svn. And then set up the
password file and the conf file.
I have a custom-compiled apache2 installation also, btw, though I don't know
how that could be causing any problems since I'm currently not trying to use
mod_dav_svn. (Which is my next attempt . . .)
I could try providing step-by-step instructions after "install it", though.
lesse if I can get this happening again.
make install
mkdir /usr/local/svn
svnadmin create /usr/local/svn/mv
( edit /usr/local/svn/users to contain [users] \n username = password \n)
( edit /usr/local/svn/mv/conf/svnserve.conf to contain [general] \n
password-db = ../../users \n)
svnserve -d -r /usr/local/svn
cd ~
mkdir mv
touch mv/foo.bar
svn import mv svn://localhost/mv
. . . and grr. Now it seems to be working - sort of - it's back to the
five-minute delay-before-doing-anything. At least, it takes five minutes to
authenticate my password, during which it uses 0% CPU.
Great. New bug now.
It works - it just takes approximately five minutes to verify my password.
Right now I'm trying to import - it takes five minutes to realize my old
password didn't work, then prompts me for the password for my current user.
I'm using a different username on subversion, so I hit enter and it takes
another five minutes. Then it prompts me for my username and password, which
I type in, and . . . it takes another five minutes.
And then works fine.
What five-minute delay am I missing? And why am I the one who keeps ending
up with weird bugs? :P
-Ben
----- Original Message -----
From: "Tobias Ringström" <to...@ringstrom.mine.nu>
To: "Ben Wilhelm" <zo...@uswest.net>
Cc: <us...@subversion.tigris.org>
Sent: Thursday, March 04, 2004 8:58 AM
Subject: Re: password-db failure?
> Ben Wilhelm wrote:
> > It does exist - as I said, without the password-db line - that one
single
> > line - it works fine. Imports and everything, if I add anon-access =
write.
> > I just don't want to leave it completely unprotected, y'know?
> >
> > Without password-db, everything works (to the limit that it can, without
a
> > password-db.) Anon access checkout works, checkin works, import works.
> >
> > With password-db, it says it can't find the repository. Nothing else
> > changes.
> >
> > That's what's confusing me. At the least, it's a bad error message. At
the
> > worst, it's a bug.
>
> This sounds very strange. What version are you running? Can you
> reproduce it and post a reproduction recepie as a script that we can
> just run?
>
> /Tobias
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: password-db failure?
Posted by Tobias Ringström <to...@ringstrom.mine.nu>.
Ben Wilhelm wrote:
> It does exist - as I said, without the password-db line - that one single
> line - it works fine. Imports and everything, if I add anon-access = write.
> I just don't want to leave it completely unprotected, y'know?
>
> Without password-db, everything works (to the limit that it can, without a
> password-db.) Anon access checkout works, checkin works, import works.
>
> With password-db, it says it can't find the repository. Nothing else
> changes.
>
> That's what's confusing me. At the least, it's a bad error message. At the
> worst, it's a bug.
This sounds very strange. What version are you running? Can you
reproduce it and post a reproduction recepie as a script that we can
just run?
/Tobias
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: password-db failure?
Posted by Ben Wilhelm <zo...@uswest.net>.
It does exist - as I said, without the password-db line - that one single
line - it works fine. Imports and everything, if I add anon-access = write.
I just don't want to leave it completely unprotected, y'know?
Without password-db, everything works (to the limit that it can, without a
password-db.) Anon access checkout works, checkin works, import works.
With password-db, it says it can't find the repository. Nothing else
changes.
That's what's confusing me. At the least, it's a bad error message. At the
worst, it's a bug.
-Ben
----- Original Message -----
From: "Tobias Ringström" <to...@ringstrom.mine.nu>
To: "Zorba the Hutt" <zo...@uswest.net>
Cc: <us...@subversion.tigris.org>
Sent: Wednesday, March 03, 2004 3:21 AM
Subject: Re: password-db failure?
> Zorba the Hutt wrote:
> > $ svn import mv svn://servername/mv --username myusername
> >
> > Log message unchanged or not specified
> > a)bort, c)ontinue, e)dit
> > c
> > svn: 'mv' does not exist
>
> This is the error you get if mv does not exist locally, i.e. in the
> directory from which you run svn. Could it be that it doesn't really
> exist? If you are unsure about how import works, there's an example in
> the book here:
>
> http://svnbook.red-bean.com/html-chunk/ch03s07.html#svn-ch-3-sect-7.3
>
> If mv does exits, it would help to know what platform and version of
> Subversion you are running. Please try to always include that info.
>
> /Tobias
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: password-db failure?
Posted by Tobias Ringström <to...@ringstrom.mine.nu>.
Zorba the Hutt wrote:
> $ svn import mv svn://servername/mv --username myusername
>
> Log message unchanged or not specified
> a)bort, c)ontinue, e)dit
> c
> svn: 'mv' does not exist
This is the error you get if mv does not exist locally, i.e. in the
directory from which you run svn. Could it be that it doesn't really
exist? If you are unsure about how import works, there's an example in
the book here:
http://svnbook.red-bean.com/html-chunk/ch03s07.html#svn-ch-3-sect-7.3
If mv does exits, it would help to know what platform and version of
Subversion you are running. Please try to always include that info.
/Tobias
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: password-db failure?
Posted by Ben Wilhelm <zo...@uswest.net>.
I've tried that - it doesn't change anything :) If I have a password-db, it
gives me the "does not exist" error, *not* a "you do not have permissions"
error. That's what's confusing me - something about adding the password-db
line makes it no longer realize the repository exists in the first place.
Everything else appears to work fine, but if there's a password file, it
can't find the repository anymore.
-Ben
----- Original Message -----
From: "Erik Huelsmann" <e....@gmx.net>
To: "Zorba the Hutt" <zo...@uswest.net>
Cc: <us...@subversion.tigris.org>
Sent: Tuesday, March 02, 2004 4:52 PM
Subject: Re: password-db failure?
> HI!
>
> Well you've found your way to the right file, but the solution should be
> this:
>
> Standard the svnserve.conf file does not allow commits by anyone. If you
> want anybody to be able to commit to the repository, you need to put in
either:
>
> auth-access = write
> (for write access for authenticated users)
> or
>
> anon-access = write
> (for write acces for non-authenticated users)
>
> in the [general] section.
>
> A description of what you can do to configure svnserve wrt authentication
is
> right above where you found the information on the format of the users
file.
>
> HTH,
>
> Erik.
>
> >
> > I'm trying to set up svnserve with a source repository, and, well, it
> > isn't
> > working :) I've narrowed down the weirdness finally. Without a
> > password-db,
> > it seems to work fine (though with no security so this obviously isn't a
> > very tenable solution). With a password-db, I get the error that my
> > respository doesn't exist. I can comment the line out and put it back
and
> > duplicate this behavior as many times as I want, with an otherwise-empty
> > svnserve.conf (well, [general] before the password-db line.)
> >
> > svnserve.conf:
> >
> > ----
> > [general]
> > password-db = ../../users
> > ----
> >
> > (or - same behavior)
> >
> > ----
> > [general]
> > password-db = /usr/local/svn/users
> > ----
> >
> > /usr/local/svn/users:
> >
> > ----
> > [users]
> > myusername = mypassword
> > ----
> >
> > With password-db commented out/removed, I get:
> >
> > ----
> > $ svn import mv svn://servername/mv --username myusername
> >
> > Log message unchanged or not specified
> > a)bort, c)ontinue, e)dit
> > c
> > svn: Connection is read-only
> > ----
> >
> > With it not commented out, I get:
> >
> > ----
> > $ svn import mv svn://servername/mv --username myusername
> >
> > Log message unchanged or not specified
> > a)bort, c)ontinue, e)dit
> > c
> > svn: 'mv' does not exist
> > ----
> >
> > Any suggestions? This is getting annoying. :P I'm starting the daemon
> > with -d -r /usr/local/svn, btw. Thanks,
> >
> > -Ben
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: users-help@subversion.tigris.org
> >
>
> --
> +++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz
+++
> 100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: password-db failure?
Posted by Erik Huelsmann <e....@gmx.net>.
HI!
Well you've found your way to the right file, but the solution should be
this:
Standard the svnserve.conf file does not allow commits by anyone. If you
want anybody to be able to commit to the repository, you need to put in either:
auth-access = write
(for write access for authenticated users)
or
anon-access = write
(for write acces for non-authenticated users)
in the [general] section.
A description of what you can do to configure svnserve wrt authentication is
right above where you found the information on the format of the users file.
HTH,
Erik.
>
> I'm trying to set up svnserve with a source repository, and, well, it
> isn't
> working :) I've narrowed down the weirdness finally. Without a
> password-db,
> it seems to work fine (though with no security so this obviously isn't a
> very tenable solution). With a password-db, I get the error that my
> respository doesn't exist. I can comment the line out and put it back and
> duplicate this behavior as many times as I want, with an otherwise-empty
> svnserve.conf (well, [general] before the password-db line.)
>
> svnserve.conf:
>
> ----
> [general]
> password-db = ../../users
> ----
>
> (or - same behavior)
>
> ----
> [general]
> password-db = /usr/local/svn/users
> ----
>
> /usr/local/svn/users:
>
> ----
> [users]
> myusername = mypassword
> ----
>
> With password-db commented out/removed, I get:
>
> ----
> $ svn import mv svn://servername/mv --username myusername
>
> Log message unchanged or not specified
> a)bort, c)ontinue, e)dit
> c
> svn: Connection is read-only
> ----
>
> With it not commented out, I get:
>
> ----
> $ svn import mv svn://servername/mv --username myusername
>
> Log message unchanged or not specified
> a)bort, c)ontinue, e)dit
> c
> svn: 'mv' does not exist
> ----
>
> Any suggestions? This is getting annoying. :P I'm starting the daemon
> with -d -r /usr/local/svn, btw. Thanks,
>
> -Ben
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
--
+++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org