RHEL5 svn+https


Here are the steps I took to install Subversion over https on RHEL5


You will need mod_dav_svn in order to use Apache authentication for subversion repositories and mod_ssl for Apache over SSL to configure https+svn.

To install these if you are using the Apache RPM provided by RedHat Network: yum install mod_ssl mod_dav_svn

You will then need to reload apache.

Check config for errors: httpd -t

Reload service: service httpd reload

Apache configuration

By default, mod_ssl will add a ssl.conf file to /etc/httpd/conf.d/ssl.conf and include a default localhost certificate with generic information.  You can create a self-signed cert if you like or purchase a valid certificate.

I configured a virtual host to handle the subversion repository. Here is a copy of my virtual host stanza.

<VirtualHost *:443>

ServerAdmin webmaster@example.com

DocumentRoot /var/www/html

ServerName svn.example.com

ErrorLog logs/svn.example.com-error_log

CustomLog logs/svn.example.com-access_log common

<Location />

DAV svn

SVNParentPath /path/to/repo/

AuthType Basic

AuthName “Subversion repository”

AuthUserFile /path/to/svn-auth-file

Require valid-user

AuthzSVNAccessFile /path/to/svn-policy-file



SVN Policy File

Located at /path/to/svn-policy-file. The access file below will allow every authenticated user read access for a listing of all the repos.  By selecting repo1, user1 and user2 will be able to view the entire repo1 but user3 and user4 cannot.


admins = admin1, admin2, admin3


@admins = rw

* = r


@admins = r

user1 = r

user2 = r


@admins = r

user3 = r

user4 = r

Apache Basic Authentication File

Finally we need to create an Apache authentication file for access to the subversion repository.

htpasswd -cm /path/to/svn-auth-file user1 [user1 password]

htpasswd -m /path/to/svn-auth-file user2 [user2 password]

htpasswd -m /path/to/svn-auth-file user2 [user2 password]

htpasswd -m /path/to/svn-auth-file user2 [user2 password]

Note: Only the first command has -c option to create the file!


I found this great post explaining how to get mod_svn, subversion and selinux all working together.

SELinux, Subversion and mod_svn

Excellent SELinux troubleshooting explained: http://www.threepillarglobal.com/troubleshooting-selinux-issues

Here’s what happened to me. I wanted to put my repository in a partition that was not under /var which is the where Apache by default stores it DocumentRoot.  Knowing that files need a particular SELinux context to run correctly under Apache  edited the security context to be the same as the /var/www/html directory which is the default directory.

chcon -R –reference=/var/www/html /path/to/repo

I was still getting SELinux errors and a permissions denied. All UNIX permissions were correct so I knew it was still SELinux.  So looking at the audit.log errors, I noticed that, similar to UNIX permissions, SELinux permissions are inherited and the permissions have to be correct going up to / as they are going down to the /path/to/repo.  So that lead me to check the SELinux permission on /data which is the partition I wanted my data on.

It was the SELinux permissions on /data that was preventing Apache from working properly. To resolve this I did the following:

chcon –reference=/var /data

NOTE: Make sure this change doesn’t break any other application that may be accessing files or using /data as it’s partition.

Now on to install redmine …

Anonymous LDAP Windows 2003 AD

I found this great article here: http://www.petri.co.il/anonymous_ldap_operations_in_windows_2003_ad.htm

I recently went to a new company and wanted to setup an application to use their central AD.  Not knowing anything about their setup, and not having any access to the AD server, I was able to determine that anonymous read access was not enabled in our environment.

By default, anonymous LDAP operations, except rootDSE searches and binds, are not permitted on Windows 2003 domain controllers. This means that when trying to perform unauthenticated search in AD, you can query for attributes of the RootDSE object only – any other query will result in DC requesting authenticated bind to LDAO and refusing your query.

Let’s see what we are allowed to see when trying to perform an anonymous lookup against W2K3 domain controller.

The query below is performed from a Linux machine just to eliminate the query tools attempt on Windows to perform GSSAPI authentication.

Just to decipher the syntax above:

  • -h hostname.domain.com (perform the query against specified host)
  • -b ” (Use RootDSE as the search base)
  • -x (Use simple bind, no encryption)
  • -LLL (Print responses in LDIF format without comments and version)
  • -s base ( Do a base search as opposed to a subtree or onelevel)
  • ‘objectClass=*’ (LDAP filter which basically means: return anything you find)

If you repeat the above command with -s sub (Subtree scope) query you will get an error message similar to the following. This tells you that anonymous bind access is disabled for the domain.

svn propset

Fixing a broken EOL file

If you find a file that was incorrectly checked in, it’s not too hard to fix.

First, change the file to the correct line-ending style for your platform. Any programming editor should be able to switch styles with some built-in command, or you can use a ‘fromdos’ or ‘todos’-type utility.

Once it’s fixed, set the property and check it in:

For a file: svn propset svn:eol-style native filename svn commit filename
For a symlink: svn propset svn:special native filename svn commit filename
For a binary: svn propset svn:mime-type application/octet-stream <filename> svn commit filename

Still getting ? on some directories?  Make sure you don’t have a checkout within a checkout

Enable auto-props for SVN client

You will need edit the subversion config file.

In Linux/Cygwin, place this file in ~/.subversion/config.
In Windows, place this file in C:\Documents and Settings\%USERNAME%\Application Data\Subversion\config

In Windows for Eclipse:

In Eclipse you’ve got to set the path to your config file:

Window > Preferences > Team > SVN > “Configuration Location” > “Use directory”

To enable

### Set enable-auto-props to 'yes' to enable automatic properties
### for 'svn add' and 'svn import', it defaults to 'no'.
### Automatic properties are defined in the section 'auto-props'.
enable-auto-props = yes

*.rb = svn:keywords=Id Author Revision HeadURL Date

[etc specific]

Add the following to it:

# store-passwords = no
# store-auth-creds = no

# editor-cmd = editor (vi, emacs, notepad, etc.)
# diff-cmd = diff_program (diff, gdiff, etc.)
# diff3-cmd = diff3_program (diff3, gdiff3, etc.)
# diff3-has-program-arg = [true | false]

# ssh = c:\ssh\plink.exe
# rsh = rsh
# rsh = /path/to/rsh -l myusername

# global-ignores = *.o *.lo *.la #*# .*.rej *.rej .*~ *~ .#* .DS_Store
# log-encoding = latin1
# use-commit-times = yes
# no-unlock = yes
enable-auto-props = yes

### The format of the entries is:
###   file-name-pattern = propname[=value][;propname[=value]...]
### The file-name-pattern can contain wildcards (such as '*' and
### '?').  All entries which match will be applied to the file.
### Note that auto-props functionality must be enabled, which
### is typically done by setting the 'enable-auto-props' option.
# *.c = svn:eol-style=native
# *.cpp = svn:eol-style=native
# *.h = svn:eol-style=native
# *.dsp = svn:eol-style=CRLF
# *.dsw = svn:eol-style=CRLF
# *.sh = svn:eol-style=native;svn:executable
# *.txt = svn:eol-style=native
# *.png = svn:mime-type=image/png
# *.jpg = svn:mime-type=image/jpeg
# Makefile = svn:eol-style=native

# etc specific
*.conf       = svn:eol-style=native; svn:mime-type=text/plain
*.rules      = svn:eol-style=native; svn:mime-type=text/plain
*.repo       = svn:eol-style=native; svn:mime-type=text/plain

# Scriptish formats
*.bat        = svn:eol-style=native; svn:mime-type=text/plain
*.bsh        = svn:eol-style=native; svn:mime-type=text/x-beanshell
*.cgi        = svn:eol-style=native; svn:mime-type=text/plain
*.cmd        = svn:eol-style=native; svn:mine-type=text/plain
*.js         = svn:eol-style=native; svn:mime-type=text/javascript
*.php        = svn:eol-style=native; svn:mime-type=text/x-php
*.phtml      = svn:eol-style=native; svn:mime-type=text/x-php
*.pl         = svn:eol-style=native; svn:mime-type=text/x-perl; svn:executable
*.pm         = svn:eol-style=native; svn:mime-type=text/x-perl
*.py         = svn:eol-style=native; svn:mime-type=text/x-python; svn:executable
*.sh         = svn:eol-style=native; svn:mime-type=text/x-sh; svn:executable
configure    = svn:eol-style=native; svn:mime-type=text/x-sh; svn:executable

# Image formats
*.bmp        = svn:mime-type=image/bmp
*.gif        = svn:mime-type=image/gif
*.ico        = svn:mime-type=image/ico
*.jpeg       = svn:mime-type=image/jpeg
*.jpg        = svn:mime-type=image/jpeg
*.png        = svn:mime-type=image/png
*.tif        = svn:mime-type=image/tiff
*.tiff       = svn:mime-type=image/tiff
*.svg        = svn:eol-style=native; svn:mime-type=image/svg+xml

# Data formats
*.pdf        = svn:mime-type=application/pdf
*.avi        = svn:mime-type=video/avi
*.doc        = svn:mime-type=application/msword
*.dsp        = svn:eol-style=CRLF
*.dsw        = svn:eol-style=CRLF
*.eps        = svn:mime-type=application/postscript
*.gz         = svn:mime-type=application/gzip
*.mov        = svn:mime-type=video/quicktime
*.mp3        = svn:mime-type=audio/mpeg
*.ppt        = svn:mime-type=application/vnd.ms-powerpoint
*.ps         = svn:mime-type=application/postscript
*.psd        = svn:mime-type=application/photoshop
*.rdf        = svn:eol-style=native;svn:keywords=Id
*.rss        = svn:eol-style=native;svn:keywords=Id
*.rtf        = svn:mime-type=text/rtf
*.sln       = svn:eol-style=CRLF;svn:mime-type=text/xml
*.swf        = svn:mime-type=application/x-shockwave-flash
*.tgz        = svn:mime-type=application/gzip
*.vcproj    = svn:eol-style=CRLF;svn:mime-type=text/xml
*.wav        = svn:mime-type=audio/wav
*.xls        = svn:mime-type=application/vnd.ms-excel
*.zip        = svn:mime-type=application/zip

# Text formats
.htaccess    = svn:eol-style=native; svn:mime-type=text/plain
*.bbk        = svn:eol-style=native; svn:mime-type=text/xml
*.cmake      = svn:eol-style=native; svn:mime-type=text/plain
*.css        = svn:eol-style=native; svn:mime-type=text/css
*.csv        = svn:eol-style=native; svn:mime-type=text/css
*.dtd        = svn:eol-style=native; svn:mime-type=text/xml
*.dist       = svn:eol-style=native; svn:mime-type=text/xml
*.htm        = svn:eol-style=native; svn:mime-type=text/html
*.html       = svn:eol-style=native; svn:mime-type=text/html
*.ini        = svn:eol-style=native; svn:mime-type=text/plain
*.mak        = svn:eol-style=native; svn:mime-type=text/plain
*.mbox         = svn:eol-style=native; svn:mime-type=text/plain
*.qbk        = svn:eol-style=native; svn:mime-type=text/plain
*.po         = svn:eol-style=native; svn:mime-type=text/plain
*.response   = svn:eol-style=native; svn:mime-type=text/plain
*.rst        = svn:eol-style=native; svn:mime-type=text/plain
*.sql        = svn:eol-style=native; svn:mime-type=text/x-sql
*.template   = svn:eol-style=native; svn:mime-type=text/plain
*.tmx        = svn:eol-style=native; svn:mime-type=text/plain
*.ts         = svn:eol-style=native; svn:mime-type=text/plain
*.txt        = svn:eol-style=native; svn:mime-type=text/plain
*.TXT        = svn:eol-style=native; svn:mime-type=text/plain
*.tpl        = svn:eol-style=native; svn:mime-type=text/plain
*.xhtml      = svn:eol-style=native; svn:mime-type=text/xhtml+xml
*.xliff      = svn:eol-style=native; svn:mime-type=text/plain
*.xml        = svn:eol-style=native; svn:mime-type=text/xml
*.xsd        = svn:eol-style=native; svn:mime-type=text/xml
*.xsl        = svn:eol-style=native; svn:mime-type=text/xml
*.xslt       = svn:eol-style=native; svn:mime-type=text/xml
*.xul        = svn:eol-style=native; svn:mime-type=text/xul
*.yml        = svn:eol-style=native; svn:mime-type=text/plain
configure    = svn:eol-style=native; svn:mime-type=text/plain
CHANGES      = svn:eol-style=native; svn:mime-type=text/plain
COPYING      = svn:eol-style=native; svn:mime-type=text/plain
INSTALL      = svn:eol-style=native; svn:mime-type=text/plain
INBOX        = svn:eol-style=native; svn:mime-type=text/plain
Jamfile      = svn:eol-style=native; svn:mime-type=text/plain
Jamroot      = svn:eol-style=native; svn:mime-type=text/plain
Jamfile.v2   = svn:eol-style=native; svn:mime-type=text/plain
Jamrules     = svn:eol-style=native; svn:mime-type=text/plain
Makefile*    = svn:eol-style=native; svn:mime-type=text/plain
README       = svn:eol-style=native; svn:mime-type=text/plain

# Code formats
*.c          = svn:eol-style=native; svn:mime-type=text/plain
*.cpp        = svn:eol-style=native; svn:mime-type=text/plain
*.h          = svn:eol-style=native; svn:mime-type=text/plain
*.hpp        = svn:eol-style=native; svn:mime-type=text/plain
*.ipp        = svn:eol-style=native; svn:mime-type=text/plain
*.tpp        = svn:eol-style=native; svn:mime-type=text/plain
*.jam        = svn:eol-style=native; svn:mime-type=text/plain
*.java       = svn:eol-style=native; svn:mime-type=text/plain

For Tortoise SVN

First, you must open the dialogue box for Tortoise, and find the settings option

Tortoise Settings

Second, click edit

Third, clear our the contents, then cut and paste the above config file into the editor, and finally go to File -> Save

Install json for PHP 5

  1. Install json – This was actually trickier than expected. I assumed I would be able to install this via pear. Apparently, a PEAR Services_JSON package was developed, but it has never been accepted into the official repository. The trick instead is to use the PECL json package. This was as easy as running pecl install json and watching the compiler do its thing. When it’s done you should have ajson.so file in your PHP modules directory. (Mine is/usr/lib/php/modules/.)
  2. Add json.ini file to /etc/php.d/ – This file is pretty simple. Simply add extension=json.so to this file and that will enable the extension.
  3. Restart Apache – Not much more to add here. Without the restart, the extension won’t be loaded.
  4. Profit!


Remove i386 packages RHEL5

I recently was updating a server that someone else installed and had way to many unnecessary packages installed. I my quest to uninstall unneeded packages, I ran across packages listed twice for certain ones. By editing my .rpmmacros file in my home directory and adding this:

%_query_all_fmt %%{name}-%%{version}-%%{release}.%%{arch}

I was able to determine that there were several packages installed with both i386 and x86_64 architectures. From this post it looks like there is no harm in removing the packages except you may have some issues with browser plugins or applications that require i386 architecture.  Since all of my apps were 64bit I was able to remove all the i386 rpm with this command:

rpm -qa –queryformat=’%{n}-%{v}-%{r}.%{arch}\n’ | grep ‘\.i[3456]86$’ | wc -l

I found the above command from here which in turn referenced a great post on minimal installs of RHEL/CentOS.

Using debugfs

Especially if you can’t unmount the file system containing the deleted data, debugfs is a less comfortable, but usable alternative if it is already installed on your system. (If you have to install it, you can use the more comfortable e2undel as well.) Just try a

/sbin/debugfs device

Replace device by your file system, e.g. /dev/hda1 for the first partition on your first IDE drive. At the “debugfs:” prompt, enter the command


After some time, you will be presented a list of deleted files. You must identify the file you want to recover by its owner (2nd column), size (4th column), and deletion date. When found, you can write the data of the file via

dump <inode_number> filename

The inode_number is printed in the 1st column of the “lsdel” command. The file filename should reside on a different file system than the one you opened with debugfs. This might be another partition, a RAM disk or even a floppy disk.

Repeat the “dump” command for all files that you want to recover; then quit debugfs by entering “q”.

To open in write mode:

debugfs: open -w /dev/sda5

View parameters:
debugfs: params
Open mode: read-write

Translate inode to pathname:

debugfs: ncheck 2348010
Inode Pathname
2348010 /oss/man/cat1

Stat a file to get the inode of the file

debugfs: stat giis.txt
Inode: 15 Type: regular Mode: 0664 Flags: 0x0 Generation: 3139576194
User: 500 Group: 500 Size: 18
File ACL: 505359 Directory ACL: 0
Links: 1 Blockcount: 16
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x4805d3eb — Wed Apr 16 15:54:43 2008
atime: 0x4805d3e7 — Wed Apr 16 15:54:39 2008
mtime: 0x4805d3eb — Wed Apr 16 15:54:43 2008
dtime: 0x4805d445 — Wed Apr 16 15:56:13 2008