Announcement

Collapse
No announcement yet.

SVN Hook scripts unable to dump Perl print statements or Shell echo statements

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • SVN Hook scripts unable to dump Perl print statements or Shell echo statements

    I've a working perl script that updates SVN Commit information in a custom configured mysql DataBase and also so dumps the print statement info in a log file under /var/tmp/<log file>. The perl script is invoked under post-commit hook & works perfectly fine. Production SVN Server is of SVN 1.8, Apache 2.2 hosted on RHEL6.4

    I've recently set up SVN 1.11, Apache 2.4.6 on RHEL7.8 OS. Added the same perl script in the post-commit hook and a few other perl scripts under pre-commit as well. Upon performing a commit, perl script is executing and the database is reflected with the commit information, but the perl print statements are not dumping into the log file for both pre-commit & post-commit perl scripts.

    I made sure the log file (along with the absolute path) & SVN repository permissions are set to apache level. Also, to debug at an entry-level I added some echo statements in the hooks to capture the log but still, it failed.

    But when I execute the post-commit hook manually at server end, perl script print statements are getting dumped into the log file. My observation is that when hooks are executed neither of perl/bash print or echo statements getting called or dumped during the commit process only.

    Sample pre-commit content:

    #!/bin/sh

    # PRE-COMMIT HOOK
    #
    # The pre-commit hook is invoked before a Subversion txn is
    # committed. Subversion runs this hook by invoking a program
    # (script, executable, binary, etc.) named 'pre-commit' (for which
    # this file is a template), with the following ordered arguments:

    REPOS="$1"
    TXN="$2"

    /usr/bin/perl /opt/integrat/bin/UniversalAbort.pl "$REPOS" "$TXN" || exit 1

    ls -l /bin/sh
    lrwxrwxrwx. 1 root root 4 Apr 1 20:25 /bin/sh -> bash

    Any help/suggestions are highly appreciated.

  • #2
    These types of hook issues normally come down to the execution environment - explicitly the environment variables set by Apache (or NOT set by Apache).

    You might want to do something like:

    #!/bin/bash --noprofile
    printenv > /tmp/ApacheEnvironment.txt

    to see what is set. You can add environment variables/values via the "SVNHooksEnv" mod_dav_svn configuration item. See [url]http://svnbook.red-bean.com/en/1.8/svn.serverconfig.httpd.html#svn.serverconfig.httpd.ref.mod_dav_svn[/url] for more details.

    Comment


    • #3
      Thanks for the suggestion, but it didn't help me much. Ran the commands as suggested and below is the output of it

      cat /tmp/ApacheEnvironment.txt
      XDG_SESSION_ID=1
      HOSTNAME=srcserver-rh78
      SHELL=/bin/bash
      TERM=xterm
      HISTSIZE=1000
      PERL5LIB=/root/perl5/lib/perl5:
      PERL_MB_OPT=--install_base /root/perl5
      SSH_TTY=/dev/pts/0
      USER=root
      LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30; 41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31: *.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*. lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.t xz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=0 1;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:* .lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz= 01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01 ;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;3 1:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31: *.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.c ab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bm p=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga= 01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=0 1;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01 ;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01; 35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;3 5:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35 :*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*. rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fl i=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01 ;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;3 5:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35: *.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*. midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.o gg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga= 01;36:*.spx=01;36:*.xspf=01;36:
      PATH=/root/perl5/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/bin
      MAIL=/var/spool/mail/root
      _=/usr/bin/printenv
      PWD=/usr/local/svnroot
      LANG=en_US.UTF-8
      HISTCONTROL=ignoredups
      HOME=/root
      SHLVL=2
      PERL_LOCAL_LIB_ROOT=:/root/perl5
      LOGNAME=root
      XDG_DATA_DIRS=/root/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share
      LESSOPEN=||/usr/bin/lesspipe.sh %s
      XDG_RUNTIME_DIR=/run/user/0
      PERL_MM_OPT=INSTALL_BASE=/root/perl5



      Also, I updated the subversion.conf file as below, added the SVNHooksEnv directive as per the documentation, and also provided the details of the global hooks-env file info below.

      # Load Apache LDAP modules
      LoadModule ldap_module modules/mod_ldap.so
      LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

      # Load Subversion Apache Modules
      LoadModule dav_svn_module modules/mod_dav_svn.so
      LoadModule authz_svn_module modules/mod_authz_svn.so

      # Work around authz and SVNListParentPath issue
      RedirectMatch ^(/repos)$ $1/

      SVNAllowBulkUpdates Prefer
      [I][B]SVNHooksEnv /usr/local/svnroot/be2_mgmt/conf/hooks-env[/B][/I]

      # Enable Subversion logging
      ErrorLog /var/log/svn_errorfile.log
      CustomLog /var/log/svn_logfile "%t %u %{SVN-ACTION}e" env=SVN-ACTION

      LDAPVerifyServerCert off
      LDAPTrustedGlobalCert CERT_BASE64 /etc/httpd/conf.d/ldap.pem

      <IfModule dav_svn_module>
      SVNInMemoryCacheSize 32768
      SVNCacheFullTexts on
      SVNCacheTextDeltas on
      SVNCacheRevProps on
      </IfModule>

      <Location /svnroot>
      DAV svn
      SVNParentPath /usr/local/svnroot
      SVNListParentPath On
      SVNReposName "Software Repository "
      AuthType Basic
      AuthName "SCM SVN Server"
      AuthBasicProvider file ldap
      AuthUserFile /etc/httpd/passwd/passwords
      AuthLDAPBindDN "username"
      AuthLDAPBindPassword password
      AuthLDAPURL "ldaps://domain.com:636/DC=domain,DC=com?sAMAccountName?sub?(objectClass=* )"
      <LimitExcept GET PROPFIND OPTIONS REPORT>
      Require valid-user
      </LimitExcept>
      AuthzSVNAccessFile /opt/repo/repos.acl
      </Location>


      cat [B]/usr/local/svnroot/be2_mgmt/conf/hooks-env[/B]

      [I][B][default]
      LANG = en_US.UTF-8

      ### This sets the PATH environment variable for the pre-commit hook.
      [pre-commit]
      PATH = /usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin

      [post-commit]
      PATH = /usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin

      [pre-revprop-change]
      PATH = /usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin

      [post-revprop-change]
      PATH = /usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin[/B][/I]

      Comment


      • #4
        First, this is wrong:

        <LimitExcept GET PROPFIND OPTIONS REPORT>
        Require valid-user
        </LimitExcept>

        It should simply be:

        Require valid-user

        Not sure how the "<LimitExcept/>" got "out there" but I'm seeing it more recently and it's wrong to use if if you are using SVN AuthZ .

        Per the "/tmp/ApacheEnvironment.txt" file, I'll assume that it's contents are due to an actual pre-commit execution during a commit operation.

        That said, it's very much surprising as I would not expect Apache to have, for instance, "LS_COLORS" in its environment if it was properly started as a daemon.
        Such a start would be via "service httpd start" or "systemctl start apache". You should never start a daemon by hand since your login process environment pollutes/corrupts the execution environment of the daemon and can cause it to do unexpected things.

        The point of the "--noprofile" option in the bash script was also to prevent pollution of the execution environment of that script by account startup files (e.g. "~/.bash_profile").

        So I'm really confused as to the environment that you're showing - it's way wrong for a daemon such as Apache.

        Comment


        • #5
          Sorry DoughR on the <LimitExcept> directive, I just read the documentation and what you said is right. I overlooked it and understood it's rightful usage now. I removed that now.


          Coming to the "/tmp/ApacheEnvironment.txt" file, I added the command in the pre-commit hook and got the output during a commit. Note: I neither did a reboot nor restarted httpd service before running the commit. Maybe the output could have been from the previous cache or terminal (unsure).

          I did a machine reboot and now when I did a commit nothing is getting dumped from the pre-commit hook. I made sure /tmp directory is set to apache to create the file and to dump the printenv content.


          cat /usr/local/svnroot/be2_mgmt/hooks/pre-commit
          #!/bin/bash --noprofile
          printenv > /tmp/ApacheEnvironment.txt
          # PRE-COMMIT HOOK
          #
          # The pre-commit hook is invoked before a Subversion txn is
          # committed. Subversion runs this hook by invoking a program
          # (script, executable, binary, etc.) named 'pre-commit' (for which
          # this file is a template), with the following ordered arguments:
          #
          # [1] REPOS-PATH (the path to this repository)
          # [2] TXN-NAME (the name of the txn about to be committed)
          #

          REPOS="$1"
          TXN="$2"

          /opt/integrat/bin/UniversalAbort.pl "$REPOS" "$TXN"

          Comment


          • #6
            I assume it's not something as simple as:

            chmod 0755 /usr/local/svnroot/be2_mgmt/hooks/pre-commit

            ???

            Also, you probably want to remove the /tmp/ApacheEnvironment.txt file before trying another commit.

            Oh, and if you're just testing and don't want the commit to go through, just "exit 1" at the bottom of the script and the checkin will fail.

            Cheers.

            Doug

            Comment


            • #7
              File /usr/local/svnroot/be2_mgmt/hooks/pre-commit was already configure with 755 permission.

              ls -ltr /usr/local/svnroot/be2_mgmt/hooks/pre-commit
              -rwxr-xr-x 1 apache apache 3269 Sep 17 17:07 /usr/local/svnroot/be2_mgmt/hooks/pre-commit


              Yes removed the file /tmp/ApacheEnvironment.txt before other commits.

              Actually, It was copy/paste we do have exit 1 to return the error to the client. Sorry about that.

              /opt/integrat/bin/UniversalAbort.pl "$REPOS" "$TXN" || exit 1


              None of the suggestions worked, clueless about why STDOUT is not working. Any other possible suggestions you can think of?

              Thanks
              Pradeep

              Comment


              • #8
                FYI, per here: [url]http://svnbook.red-bean.com/en/1.8/svn.reposadmin.create.html#svn.reposadmin.hooks[/url][INDENT]
                "By default, Subversion executes hook scripts with an empty environment—that is, no environment variables are set at all, not even $PATH (or %PATH%, under Windows). "[/INDENT]

                Normally shell's need "HOME", "SHELL", "PATH", and "USER" to be able to do all of the normal stuff. Not having one of them might make certain sub-commands not work. Not sure about how you've coded that Perl script but if you're using the tainting (-T) then most of those are not going to be trusted anyway. Probably want to set them up early in the script.

                Hmmm. If by "STDOUT" you're talking about using STDOUT for the UniversalAbort.pl script then that's never a good choice for a hook. The script should be opening its own output log file. Writing to STDERR will end up on the user's output so that's ok.

                Comment

                Working...
                X