1 /* repos.c : repository creation; shared and exclusive repository locking
3 * ====================================================================
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
20 * ====================================================================
23 #include <apr_pools.h>
24 #include <apr_file_io.h>
26 #include "svn_pools.h"
27 #include "svn_error.h"
28 #include "svn_dirent_uri.h"
33 #include "svn_ra.h" /* for SVN_RA_CAPABILITY_* */
34 #include "svn_repos.h"
36 #include "svn_version.h"
37 #include "svn_config.h"
39 #include "private/svn_repos_private.h"
40 #include "private/svn_subr_private.h"
41 #include "svn_private_config.h" /* for SVN_TEMPLATE_ROOT_DIR */
45 /* Used to terminate lines in large multi-line string literals. */
46 #define NL APR_EOL_STR
49 /* Path accessor functions. */
53 svn_repos_path(svn_repos_t *repos, apr_pool_t *pool)
55 return apr_pstrdup(pool, repos->path);
60 svn_repos_db_env(svn_repos_t *repos, apr_pool_t *pool)
62 return apr_pstrdup(pool, repos->db_path);
67 svn_repos_conf_dir(svn_repos_t *repos, apr_pool_t *pool)
69 return apr_pstrdup(pool, repos->conf_path);
74 svn_repos_svnserve_conf(svn_repos_t *repos, apr_pool_t *pool)
76 return svn_dirent_join(repos->conf_path, SVN_REPOS__CONF_SVNSERVE_CONF, pool);
81 svn_repos_lock_dir(svn_repos_t *repos, apr_pool_t *pool)
83 return apr_pstrdup(pool, repos->lock_path);
88 svn_repos_db_lockfile(svn_repos_t *repos, apr_pool_t *pool)
90 return svn_dirent_join(repos->lock_path, SVN_REPOS__DB_LOCKFILE, pool);
95 svn_repos_db_logs_lockfile(svn_repos_t *repos, apr_pool_t *pool)
97 return svn_dirent_join(repos->lock_path, SVN_REPOS__DB_LOGS_LOCKFILE, pool);
101 svn_repos_hook_dir(svn_repos_t *repos, apr_pool_t *pool)
103 return apr_pstrdup(pool, repos->hook_path);
108 svn_repos_start_commit_hook(svn_repos_t *repos, apr_pool_t *pool)
110 return svn_dirent_join(repos->hook_path, SVN_REPOS__HOOK_START_COMMIT, pool);
115 svn_repos_pre_commit_hook(svn_repos_t *repos, apr_pool_t *pool)
117 return svn_dirent_join(repos->hook_path, SVN_REPOS__HOOK_PRE_COMMIT, pool);
122 svn_repos_pre_lock_hook(svn_repos_t *repos, apr_pool_t *pool)
124 return svn_dirent_join(repos->hook_path, SVN_REPOS__HOOK_PRE_LOCK, pool);
129 svn_repos_pre_unlock_hook(svn_repos_t *repos, apr_pool_t *pool)
131 return svn_dirent_join(repos->hook_path, SVN_REPOS__HOOK_PRE_UNLOCK, pool);
135 svn_repos_post_lock_hook(svn_repos_t *repos, apr_pool_t *pool)
137 return svn_dirent_join(repos->hook_path, SVN_REPOS__HOOK_POST_LOCK, pool);
142 svn_repos_post_unlock_hook(svn_repos_t *repos, apr_pool_t *pool)
144 return svn_dirent_join(repos->hook_path, SVN_REPOS__HOOK_POST_UNLOCK, pool);
149 svn_repos_post_commit_hook(svn_repos_t *repos, apr_pool_t *pool)
151 return svn_dirent_join(repos->hook_path, SVN_REPOS__HOOK_POST_COMMIT, pool);
156 svn_repos_pre_revprop_change_hook(svn_repos_t *repos, apr_pool_t *pool)
158 return svn_dirent_join(repos->hook_path, SVN_REPOS__HOOK_PRE_REVPROP_CHANGE,
164 svn_repos_post_revprop_change_hook(svn_repos_t *repos, apr_pool_t *pool)
166 return svn_dirent_join(repos->hook_path, SVN_REPOS__HOOK_POST_REVPROP_CHANGE,
171 create_repos_dir(const char *path, apr_pool_t *pool)
175 err = svn_io_dir_make(path, APR_OS_DEFAULT, pool);
176 if (err && (APR_STATUS_IS_EEXIST(err->apr_err)))
178 svn_boolean_t is_empty;
180 svn_error_clear(err);
182 SVN_ERR(svn_io_dir_empty(&is_empty, path, pool));
187 err = svn_error_createf(SVN_ERR_DIR_NOT_EMPTY, 0,
188 _("'%s' exists and is non-empty"),
189 svn_dirent_local_style(path, pool));
192 return svn_error_trace(err);
195 static const char * bdb_lock_file_contents =
196 "DB lock file, representing locks on the versioned filesystem." NL
198 "All accessors -- both readers and writers -- of the repository's" NL
199 "Berkeley DB environment take out shared locks on this file, and" NL
200 "each accessor removes its lock when done. If and when the DB" NL
201 "recovery procedure is run, the recovery code takes out an" NL
202 "exclusive lock on this file, so we can be sure no one else is" NL
203 "using the DB during the recovery." NL
205 "You should never have to edit or remove this file." NL;
207 static const char * bdb_logs_lock_file_contents =
208 "DB logs lock file, representing locks on the versioned filesystem logs." NL
210 "All log manipulators of the repository's Berkeley DB environment" NL
211 "take out exclusive locks on this file to ensure that only one" NL
212 "accessor manipulates the logs at a time." NL
214 "You should never have to edit or remove this file." NL;
216 static const char * pre12_compat_unneeded_file_contents =
217 "This file is not used by Subversion 1.3.x or later." NL
218 "However, its existence is required for compatibility with" NL
219 "Subversion 1.2.x or earlier." NL;
221 /* Create the DB logs lockfile. */
223 create_db_logs_lock(svn_repos_t *repos, apr_pool_t *pool) {
224 const char *contents;
225 const char *lockfile_path;
227 lockfile_path = svn_repos_db_logs_lockfile(repos, pool);
228 if (strcmp(repos->fs_type, SVN_FS_TYPE_BDB) == 0)
229 contents = bdb_logs_lock_file_contents;
231 contents = pre12_compat_unneeded_file_contents;
233 SVN_ERR_W(svn_io_file_create(lockfile_path, contents, pool),
234 _("Creating db logs lock file"));
239 /* Create the DB lockfile. */
241 create_db_lock(svn_repos_t *repos, apr_pool_t *pool) {
242 const char *contents;
243 const char *lockfile_path;
245 lockfile_path = svn_repos_db_lockfile(repos, pool);
246 if (strcmp(repos->fs_type, SVN_FS_TYPE_BDB) == 0)
247 contents = bdb_lock_file_contents;
249 contents = pre12_compat_unneeded_file_contents;
251 SVN_ERR_W(svn_io_file_create(lockfile_path, contents, pool),
252 _("Creating db lock file"));
258 create_locks(svn_repos_t *repos, apr_pool_t *pool)
260 /* Create the locks directory. */
261 SVN_ERR_W(create_repos_dir(repos->lock_path, pool),
262 _("Creating lock dir"));
264 SVN_ERR(create_db_lock(repos, pool));
265 return create_db_logs_lock(repos, pool);
269 #define HOOKS_ENVIRONMENT_TEXT \
270 "# The hook program runs in an empty environment, unless the server is" NL \
271 "# explicitly configured otherwise. For example, a common problem is for" NL \
272 "# the PATH environment variable to not be set to its usual value, so" NL \
273 "# that subprograms fail to launch unless invoked via absolute path." NL \
274 "# If you're having unexpected problems with a hook program, the" NL \
275 "# culprit may be unusual (or missing) environment variables." NL
277 #define PREWRITTEN_HOOKS_TEXT \
278 "# For more examples and pre-written hooks, see those in" NL \
279 "# the Subversion repository at" NL \
280 "# http://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/ and" NL \
281 "# http://svn.apache.org/repos/asf/subversion/trunk/contrib/hook-scripts/" NL
283 #define HOOKS_QUOTE_ARGUMENTS_TEXT \
285 "# For security reasons, you MUST always properly quote arguments when" NL \
286 "# you use them, as those arguments could contain whitespace or other" NL \
287 "# problematic characters. Additionally, you should delimit the list" NL \
288 "# of options with \"--\" before passing the arguments, so malicious" NL \
289 "# clients cannot bootleg unexpected options to the commands your" NL \
290 "# script aims to execute." NL \
291 "# For similar reasons, you should also add a trailing @ to URLs which" NL \
292 "# are passed to SVN commands accepting URLs with peg revisions." NL
294 /* Return template text for a hook script named SCRIPT_NAME. Include
295 * DESCRIPTION and SCRIPT in the template text.
298 hook_template_text(const char *script_name,
299 const char *description,
301 apr_pool_t *result_pool)
303 return apr_pstrcat(result_pool,
308 "# The default working directory for the invocation is undefined, so" NL
309 "# the program should set one explicitly if it cares." NL
311 "# On a Unix system, the normal procedure is to have '", script_name, "'" NL
312 "# invoke other programs to do the real work, though it may do the" NL
313 "# work itself too." NL
315 "# Note that '", script_name, "' must be executable by the user(s) who will" NL
316 "# invoke it (typically the user httpd runs as), and that user must" NL
317 "# have filesystem-level permission to access the repository." NL
319 "# On a Windows system, you should name the hook program" NL
320 "# '", script_name, ".bat' or '", script_name, ".exe'," NL
321 "# but the basic idea is the same." NL
323 HOOKS_ENVIRONMENT_TEXT
325 HOOKS_QUOTE_ARGUMENTS_TEXT
327 "# Here is an example hook script, for a Unix /bin/sh interpreter." NL
328 PREWRITTEN_HOOKS_TEXT
335 /* Write a template file for a hook script named SCRIPT_NAME (appending
336 * '.tmpl' to that name) in REPOS. Include DESCRIPTION and SCRIPT in the
340 write_hook_template_file(svn_repos_t *repos, const char *script_name,
341 const char *description,
345 const char *template_path
346 = svn_dirent_join(repos->hook_path,
347 apr_psprintf(pool, "%s%s",
348 script_name, SVN_REPOS__HOOK_DESC_EXT),
351 = hook_template_text(script_name, description, script, pool);
353 SVN_ERR(svn_io_file_create(template_path, contents, pool));
354 SVN_ERR(svn_io_set_file_executable(template_path, TRUE, FALSE, pool));
358 /* Write the hook template files in REPOS.
361 create_hooks(svn_repos_t *repos, apr_pool_t *pool)
363 const char *description, *script;
365 /* Create the hook directory. */
366 SVN_ERR_W(create_repos_dir(repos->hook_path, pool),
367 _("Creating hook directory"));
369 /*** Write a default template for each standard hook file. */
371 /* Start-commit hook. */
372 #define SCRIPT_NAME SVN_REPOS__HOOK_START_COMMIT
375 "# START-COMMIT HOOK" NL
377 "# The start-commit hook is invoked immediately after a Subversion txn is" NL
378 "# created and populated with initial revprops in the process of doing a" NL
379 "# commit. Subversion runs this hook by invoking a program (script, " NL
380 "# executable, binary, etc.) named '"SCRIPT_NAME"' (for which this file" NL
381 "# is a template) with the following ordered arguments:" NL
383 "# [1] REPOS-PATH (the path to this repository)" NL
384 "# [2] USER (the authenticated user attempting to commit)" NL
385 "# [3] CAPABILITIES (a colon-separated list of capabilities reported" NL
386 "# by the client; see note below)" NL
387 "# [4] TXN-NAME (the name of the commit txn just created)" NL
389 "# Note: The CAPABILITIES parameter is new in Subversion 1.5, and 1.5" NL
390 "# clients will typically report at least the \"" \
391 SVN_RA_CAPABILITY_MERGEINFO "\" capability." NL
392 "# If there are other capabilities, then the list is colon-separated," NL
393 "# e.g.: \"" SVN_RA_CAPABILITY_MERGEINFO ":some-other-capability\" " \
394 "(the order is undefined)." NL
396 "# Note: The TXN-NAME parameter is new in Subversion 1.8. Prior to version" NL
397 "# 1.8, the start-commit hook was invoked before the commit txn was even" NL
398 "# created, so the ability to inspect the commit txn and its metadata from" NL
399 "# within the start-commit hook was not possible." NL
401 "# The list is self-reported by the client. Therefore, you should not" NL
402 "# make security assumptions based on the capabilities list, nor should" NL
403 "# you assume that clients reliably report every capability they have." NL
405 "# If the hook program exits with success, the commit continues; but" NL
406 "# if it exits with failure (non-zero), the commit is stopped before" NL
407 "# a Subversion txn is created, and STDERR is returned to the client." NL;
412 "commit-allower.pl --repository \"$REPOS\" --user \"$USER\" || exit 1" NL
413 "special-auth-check.py --user \"$USER\" --auth-level 3 || exit 1" NL
415 "# All checks passed, so allow the commit." NL
418 SVN_ERR_W(write_hook_template_file(repos, SCRIPT_NAME,
419 description, script, pool),
420 _("Creating start-commit hook"));
425 /* Pre-commit hook. */
426 #define SCRIPT_NAME SVN_REPOS__HOOK_PRE_COMMIT
429 "# PRE-COMMIT HOOK" NL
431 "# The pre-commit hook is invoked before a Subversion txn is" NL
432 "# committed. Subversion runs this hook by invoking a program" NL
433 "# (script, executable, binary, etc.) named '"SCRIPT_NAME"' (for which" NL
434 "# this file is a template), with the following ordered arguments:" NL
436 "# [1] REPOS-PATH (the path to this repository)" NL
437 "# [2] TXN-NAME (the name of the txn about to be committed)" NL
439 "# [STDIN] LOCK-TOKENS ** the lock tokens are passed via STDIN." NL
441 "# If STDIN contains the line \"LOCK-TOKENS:\\n\" (the \"\\n\" denotes a" NL
442 "# single newline), the lines following it are the lock tokens for" NL
443 "# this commit. The end of the list is marked by a line containing" NL
444 "# only a newline character." NL
446 "# Each lock token line consists of a URI-escaped path, followed" NL
447 "# by the separator character '|', followed by the lock token string," NL
448 "# followed by a newline." NL
450 "# If the hook program exits with success, the txn is committed; but" NL
451 "# if it exits with failure (non-zero), the txn is aborted, no commit" NL
452 "# takes place, and STDERR is returned to the client. The hook" NL
453 "# program can use the 'svnlook' utility to help it examine the txn." NL
455 "# *** NOTE: THE HOOK PROGRAM MUST NOT MODIFY THE TXN, EXCEPT ***" NL
456 "# *** FOR REVISION PROPERTIES (like svn:log or svn:author). ***" NL
458 "# This is why we recommend using the read-only 'svnlook' utility." NL
459 "# In the future, Subversion may enforce the rule that pre-commit" NL
460 "# hooks should not modify the versioned data in txns, or else come" NL
461 "# up with a mechanism to make it safe to do so (by informing the" NL
462 "# committing client of the changes). However, right now neither" NL
463 "# mechanism is implemented, so hook writers just have to be careful." NL;
468 "# Make sure that the log message contains some text." NL
469 "SVNLOOK=" SVN_BINDIR "/svnlook" NL
470 "$SVNLOOK log -t \"$TXN\" \"$REPOS\" | \\" NL
471 " grep \"[a-zA-Z0-9]\" > /dev/null || exit 1" NL
473 "# Check that the author of this commit has the rights to perform" NL
474 "# the commit on the files and directories being modified." NL
475 "commit-access-control.pl \"$REPOS\" \"$TXN\" commit-access-control.cfg || exit 1"
478 "# All checks passed, so allow the commit." NL
481 SVN_ERR_W(write_hook_template_file(repos, SCRIPT_NAME,
482 description, script, pool),
483 _("Creating pre-commit hook"));
488 /* Pre-revprop-change hook. */
489 #define SCRIPT_NAME SVN_REPOS__HOOK_PRE_REVPROP_CHANGE
492 "# PRE-REVPROP-CHANGE HOOK" NL
494 "# The pre-revprop-change hook is invoked before a revision property" NL
495 "# is added, modified or deleted. Subversion runs this hook by invoking" NL
496 "# a program (script, executable, binary, etc.) named '"SCRIPT_NAME"'" NL
497 "# (for which this file is a template), with the following ordered" NL
500 "# [1] REPOS-PATH (the path to this repository)" NL
501 "# [2] REV (the revision being tweaked)" NL
502 "# [3] USER (the username of the person tweaking the property)" NL
503 "# [4] PROPNAME (the property being set on the revision)" NL
504 "# [5] ACTION (the property is being 'A'dded, 'M'odified, or 'D'eleted)"
507 "# [STDIN] PROPVAL ** the new property value is passed via STDIN." NL
509 "# If the hook program exits with success, the propchange happens; but" NL
510 "# if it exits with failure (non-zero), the propchange doesn't happen." NL
511 "# The hook program can use the 'svnlook' utility to examine the " NL
512 "# existing value of the revision property." NL
514 "# WARNING: unlike other hooks, this hook MUST exist for revision" NL
515 "# properties to be changed. If the hook does not exist, Subversion " NL
516 "# will behave as if the hook were present, but failed. The reason" NL
517 "# for this is that revision properties are UNVERSIONED, meaning that" NL
518 "# a successful propchange is destructive; the old value is gone" NL
519 "# forever. We recommend the hook back up the old value somewhere." NL;
527 "if [ \"$ACTION\" = \"M\" -a \"$PROPNAME\" = \"svn:log\" ]; then exit 0; fi" NL
529 "echo \"Changing revision properties other than svn:log is prohibited\" >&2" NL
532 SVN_ERR_W(write_hook_template_file(repos, SCRIPT_NAME,
533 description, script, pool),
534 _("Creating pre-revprop-change hook"));
540 #define SCRIPT_NAME SVN_REPOS__HOOK_PRE_LOCK
545 "# The pre-lock hook is invoked before an exclusive lock is" NL
546 "# created. Subversion runs this hook by invoking a program " NL
547 "# (script, executable, binary, etc.) named '"SCRIPT_NAME"' (for which" NL
548 "# this file is a template), with the following ordered arguments:" NL
550 "# [1] REPOS-PATH (the path to this repository)" NL
551 "# [2] PATH (the path in the repository about to be locked)" NL
552 "# [3] USER (the user creating the lock)" NL
553 "# [4] COMMENT (the comment of the lock)" NL
554 "# [5] STEAL-LOCK (1 if the user is trying to steal the lock, else 0)" NL
556 "# If the hook program outputs anything on stdout, the output string will" NL
557 "# be used as the lock token for this lock operation. If you choose to use" NL
558 "# this feature, you must guarantee the tokens generated are unique across" NL
559 "# the repository each time." NL
561 "# If the hook program exits with success, the lock is created; but" NL
562 "# if it exits with failure (non-zero), the lock action is aborted" NL
563 "# and STDERR is returned to the client." NL;
571 "# If a lock exists and is owned by a different person, don't allow it" NL
572 "# to be stolen (e.g., with 'svn lock --force ...')." NL
574 "# (Maybe this script could send email to the lock owner?)" NL
575 "SVNLOOK=" SVN_BINDIR "/svnlook" NL
579 "LOCK_OWNER=`$SVNLOOK lock \"$REPOS\" \"$PATH\" | \\" NL
580 " $GREP '^Owner: ' | $SED 's/Owner: //'`" NL
582 "# If we get no result from svnlook, there's no lock, allow the lock to" NL
584 "if [ \"$LOCK_OWNER\" = \"\" ]; then" NL
588 "# If the person locking matches the lock's owner, allow the lock to" NL
590 "if [ \"$LOCK_OWNER\" = \"$USER\" ]; then" NL
594 "# Otherwise, we've got an owner mismatch, so return failure:" NL
595 "echo \"Error: $PATH already locked by ${LOCK_OWNER}.\" 1>&2" NL
598 SVN_ERR_W(write_hook_template_file(repos, SCRIPT_NAME,
599 description, script, pool),
600 _("Creating pre-lock hook"));
605 /* Pre-unlock hook. */
606 #define SCRIPT_NAME SVN_REPOS__HOOK_PRE_UNLOCK
609 "# PRE-UNLOCK HOOK" NL
611 "# The pre-unlock hook is invoked before an exclusive lock is" NL
612 "# destroyed. Subversion runs this hook by invoking a program " NL
613 "# (script, executable, binary, etc.) named '"SCRIPT_NAME"' (for which" NL
614 "# this file is a template), with the following ordered arguments:" NL
616 "# [1] REPOS-PATH (the path to this repository)" NL
617 "# [2] PATH (the path in the repository about to be unlocked)" NL
618 "# [3] USER (the user destroying the lock)" NL
619 "# [4] TOKEN (the lock token to be destroyed)" NL
620 "# [5] BREAK-UNLOCK (1 if the user is breaking the lock, else 0)" NL
622 "# If the hook program exits with success, the lock is destroyed; but" NL
623 "# if it exits with failure (non-zero), the unlock action is aborted" NL
624 "# and STDERR is returned to the client." NL;
632 "# If a lock is owned by a different person, don't allow it be broken." NL
633 "# (Maybe this script could send email to the lock owner?)" NL
635 "SVNLOOK=" SVN_BINDIR "/svnlook" NL
639 "LOCK_OWNER=`$SVNLOOK lock \"$REPOS\" \"$PATH\" | \\" NL
640 " $GREP '^Owner: ' | $SED 's/Owner: //'`" NL
642 "# If we get no result from svnlook, there's no lock, return success:" NL
643 "if [ \"$LOCK_OWNER\" = \"\" ]; then" NL
647 "# If the person unlocking matches the lock's owner, return success:" NL
648 "if [ \"$LOCK_OWNER\" = \"$USER\" ]; then" NL
652 "# Otherwise, we've got an owner mismatch, so return failure:" NL
653 "echo \"Error: $PATH locked by ${LOCK_OWNER}.\" 1>&2" NL
656 SVN_ERR_W(write_hook_template_file(repos, SCRIPT_NAME,
657 description, script, pool),
658 _("Creating pre-unlock hook"));
663 /* Post-commit hook. */
664 #define SCRIPT_NAME SVN_REPOS__HOOK_POST_COMMIT
667 "# POST-COMMIT HOOK" NL
669 "# The post-commit hook is invoked after a commit. Subversion runs" NL
670 "# this hook by invoking a program (script, executable, binary, etc.)" NL
671 "# named '"SCRIPT_NAME"' (for which this file is a template) with the " NL
672 "# following ordered arguments:" NL
674 "# [1] REPOS-PATH (the path to this repository)" NL
675 "# [2] REV (the number of the revision just committed)" NL
676 "# [3] TXN-NAME (the name of the transaction that has become REV)" NL
678 "# Because the commit has already completed and cannot be undone," NL
679 "# the exit code of the hook program is ignored. The hook program" NL
680 "# can use the 'svnlook' utility to help it examine the" NL
681 "# newly-committed tree." NL;
687 "mailer.py commit \"$REPOS\" \"$REV\" /path/to/mailer.conf" NL;
689 SVN_ERR_W(write_hook_template_file(repos, SCRIPT_NAME,
690 description, script, pool),
691 _("Creating post-commit hook"));
696 /* Post-lock hook. */
697 #define SCRIPT_NAME SVN_REPOS__HOOK_POST_LOCK
700 "# POST-LOCK HOOK" NL
702 "# The post-lock hook is run after a path is locked. Subversion runs" NL
703 "# this hook by invoking a program (script, executable, binary, etc.)" NL
704 "# named '"SCRIPT_NAME"' (for which this file is a template) with the " NL
705 "# following ordered arguments:" NL
707 "# [1] REPOS-PATH (the path to this repository)" NL
708 "# [2] USER (the user who created the lock)" NL
710 "# The paths that were just locked are passed to the hook via STDIN." NL
712 "# Because the locks have already been created and cannot be undone," NL
713 "# the exit code of the hook program is ignored. The hook program" NL
714 "# can use the 'svnlook' utility to examine the paths in the repository" NL
715 "# but since the hook is invoked asyncronously the newly-created locks" NL
716 "# may no longer be present." NL;
721 "# Send email to interested parties, let them know a lock was created:" NL
722 "mailer.py lock \"$REPOS\" \"$USER\" /path/to/mailer.conf" NL;
724 SVN_ERR_W(write_hook_template_file(repos, SCRIPT_NAME,
725 description, script, pool),
726 _("Creating post-lock hook"));
731 /* Post-unlock hook. */
732 #define SCRIPT_NAME SVN_REPOS__HOOK_POST_UNLOCK
735 "# POST-UNLOCK HOOK" NL
737 "# The post-unlock hook runs after a path is unlocked. Subversion runs" NL
738 "# this hook by invoking a program (script, executable, binary, etc.)" NL
739 "# named '"SCRIPT_NAME"' (for which this file is a template) with the " NL
740 "# following ordered arguments:" NL
742 "# [1] REPOS-PATH (the path to this repository)" NL
743 "# [2] USER (the user who destroyed the lock)" NL
745 "# The paths that were just unlocked are passed to the hook via STDIN." NL
747 "# Because the lock has already been destroyed and cannot be undone," NL
748 "# the exit code of the hook program is ignored." NL;
753 "# Send email to interested parties, let them know a lock was removed:" NL
754 "mailer.py unlock \"$REPOS\" \"$USER\" /path/to/mailer.conf" NL;
756 SVN_ERR_W(write_hook_template_file(repos, SCRIPT_NAME,
757 description, script, pool),
758 _("Creating post-unlock hook"));
763 /* Post-revprop-change hook. */
764 #define SCRIPT_NAME SVN_REPOS__HOOK_POST_REVPROP_CHANGE
767 "# POST-REVPROP-CHANGE HOOK" NL
769 "# The post-revprop-change hook is invoked after a revision property" NL
770 "# has been added, modified or deleted. Subversion runs this hook by" NL
771 "# invoking a program (script, executable, binary, etc.) named" NL
772 "# '"SCRIPT_NAME"' (for which this file is a template), with the" NL
773 "# following ordered arguments:" NL
775 "# [1] REPOS-PATH (the path to this repository)" NL
776 "# [2] REV (the revision that was tweaked)" NL
777 "# [3] USER (the username of the person tweaking the property)" NL
778 "# [4] PROPNAME (the property that was changed)" NL
779 "# [5] ACTION (the property was 'A'dded, 'M'odified, or 'D'eleted)" NL
781 "# [STDIN] PROPVAL ** the old property value is passed via STDIN." NL
783 "# Because the propchange has already completed and cannot be undone," NL
784 "# the exit code of the hook program is ignored. The hook program" NL
785 "# can use the 'svnlook' utility to help it examine the" NL
786 "# new property value." NL;
794 "mailer.py propchange2 \"$REPOS\" \"$REV\" \"$USER\" \"$PROPNAME\" "
795 "\"$ACTION\" /path/to/mailer.conf" NL;
797 SVN_ERR_W(write_hook_template_file(repos, SCRIPT_NAME,
798 description, script, pool),
799 _("Creating post-revprop-change hook"));
807 create_conf(svn_repos_t *repos, apr_pool_t *pool)
809 SVN_ERR_W(create_repos_dir(repos->conf_path, pool),
810 _("Creating conf directory"));
812 /* Write a default template for svnserve.conf. */
814 static const char * const svnserve_conf_contents =
815 "### This file controls the configuration of the svnserve daemon, if you" NL
816 "### use it to allow access to this repository. (If you only allow" NL
817 "### access through http: and/or file: URLs, then this file is" NL
818 "### irrelevant.)" NL
820 "### Visit http://subversion.apache.org/ for more information." NL
823 "### The anon-access and auth-access options control access to the" NL
824 "### repository for unauthenticated (a.k.a. anonymous) users and" NL
825 "### authenticated users, respectively." NL
826 "### Valid values are \"write\", \"read\", and \"none\"." NL
827 "### Setting the value to \"none\" prohibits both reading and writing;" NL
828 "### \"read\" allows read-only access, and \"write\" allows complete " NL
829 "### read/write access to the repository." NL
830 "### The sample settings below are the defaults and specify that anonymous" NL
831 "### users have read-only access to the repository, while authenticated" NL
832 "### users have read and write access to the repository." NL
833 "# anon-access = read" NL
834 "# auth-access = write" NL
835 "### The password-db option controls the location of the password" NL
836 "### database file. Unless you specify a path starting with a /," NL
837 "### the file's location is relative to the directory containing" NL
838 "### this configuration file." NL
839 "### If SASL is enabled (see below), this file will NOT be used." NL
840 "### Uncomment the line below to use the default password file." NL
841 "# password-db = passwd" NL
842 "### The authz-db option controls the location of the authorization" NL
843 "### rules for path-based access control. Unless you specify a path" NL
844 "### starting with a /, the file's location is relative to the" NL
845 "### directory containing this file. The specified path may be a" NL
846 "### repository relative URL (^/) or an absolute file:// URL to a text" NL
847 "### file in a Subversion repository. If you don't specify an authz-db," NL
848 "### no path-based access control is done." NL
849 "### Uncomment the line below to use the default authorization file." NL
850 "# authz-db = " SVN_REPOS__CONF_AUTHZ NL
851 "### The groups-db option controls the location of the file with the" NL
852 "### group definitions and allows maintaining groups separately from the" NL
853 "### authorization rules. The groups-db file is of the same format as the" NL
854 "### authz-db file and should contain a single [groups] section with the" NL
855 "### group definitions. If the option is enabled, the authz-db file cannot" NL
856 "### contain a [groups] section. Unless you specify a path starting with" NL
857 "### a /, the file's location is relative to the directory containing this" NL
858 "### file. The specified path may be a repository relative URL (^/) or an" NL
859 "### absolute file:// URL to a text file in a Subversion repository." NL
860 "### This option is not being used by default." NL
861 "# groups-db = " SVN_REPOS__CONF_GROUPS NL
862 "### This option specifies the authentication realm of the repository." NL
863 "### If two repositories have the same authentication realm, they should" NL
864 "### have the same password database, and vice versa. The default realm" NL
865 "### is repository's uuid." NL
866 "# realm = My First Repository" NL
867 "### The force-username-case option causes svnserve to case-normalize" NL
868 "### usernames before comparing them against the authorization rules in the" NL
869 "### authz-db file configured above. Valid values are \"upper\" (to upper-" NL
870 "### case the usernames), \"lower\" (to lowercase the usernames), and" NL
871 "### \"none\" (to compare usernames as-is without case conversion, which" NL
872 "### is the default behavior)." NL
873 "# force-username-case = none" NL
874 "### The hooks-env options specifies a path to the hook script environment " NL
875 "### configuration file. This option overrides the per-repository default" NL
876 "### and can be used to configure the hook script environment for multiple " NL
877 "### repositories in a single file, if an absolute path is specified." NL
878 "### Unless you specify an absolute path, the file's location is relative" NL
879 "### to the directory containing this file." NL
880 "# hooks-env = " SVN_REPOS__CONF_HOOKS_ENV NL
883 "### This option specifies whether you want to use the Cyrus SASL" NL
884 "### library for authentication. Default is false." NL
885 "### This section will be ignored if svnserve is not built with Cyrus" NL
886 "### SASL support; to check, run 'svnserve --version' and look for a line" NL
887 "### reading 'Cyrus SASL authentication is available.'" NL
888 "# use-sasl = true" NL
889 "### These options specify the desired strength of the security layer" NL
890 "### that you want SASL to provide. 0 means no encryption, 1 means" NL
891 "### integrity-checking only, values larger than 1 are correlated" NL
892 "### to the effective key length for encryption (e.g. 128 means 128-bit" NL
893 "### encryption). The values below are the defaults." NL
894 "# min-encryption = 0" NL
895 "# max-encryption = 256" NL;
897 SVN_ERR_W(svn_io_file_create(svn_repos_svnserve_conf(repos, pool),
898 svnserve_conf_contents, pool),
899 _("Creating svnserve.conf file"));
903 static const char * const passwd_contents =
904 "### This file is an example password file for svnserve." NL
905 "### Its format is similar to that of svnserve.conf. As shown in the" NL
906 "### example below it contains one section labelled [users]." NL
907 "### The name and password for each user follow, one account per line." NL
910 "# harry = harryssecret" NL
911 "# sally = sallyssecret" NL;
913 SVN_ERR_W(svn_io_file_create(svn_dirent_join(repos->conf_path,
914 SVN_REPOS__CONF_PASSWD,
916 passwd_contents, pool),
917 _("Creating passwd file"));
921 static const char * const authz_contents =
922 "### This file is an example authorization file for svnserve." NL
923 "### Its format is identical to that of mod_authz_svn authorization" NL
925 "### As shown below each section defines authorizations for the path and" NL
926 "### (optional) repository specified by the section name." NL
927 "### The authorizations follow. An authorization line can refer to:" NL
928 "### - a single user," NL
929 "### - a group of users defined in a special [groups] section," NL
930 "### - an alias defined in a special [aliases] section," NL
931 "### - all authenticated users, using the '$authenticated' token," NL
932 "### - only anonymous users, using the '$anonymous' token," NL
933 "### - anyone, using the '*' wildcard." NL
935 "### A match can be inverted by prefixing the rule with '~'. Rules can" NL
936 "### grant read ('r') access, read-write ('rw') access, or no access" NL
940 "# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average" NL
943 "# harry_and_sally = harry,sally" NL
944 "# harry_sally_and_joe = harry,sally,&joe" NL
951 "# [repository:/baz/fuz]" NL
952 "# @harry_and_sally = rw" NL
955 SVN_ERR_W(svn_io_file_create(svn_dirent_join(repos->conf_path,
956 SVN_REPOS__CONF_AUTHZ,
958 authz_contents, pool),
959 _("Creating authz file"));
963 static const char * const hooks_env_contents =
964 "### This file is an example hook script environment configuration file." NL
965 "### Hook scripts run in an empty environment by default." NL
966 "### As shown below each section defines environment variables for a" NL
967 "### particular hook script. The [default] section defines environment" NL
968 "### variables for all hook scripts, unless overridden by a hook-specific" NL
971 "### This example configures a UTF-8 locale for all hook scripts, so that " NL
972 "### special characters, such as umlauts, may be printed to stderr." NL
973 "### If UTF-8 is used with a mod_dav_svn server, the SVNUseUTF8 option must" NL
974 "### also be set to 'yes' in httpd.conf." NL
975 "### With svnserve, the LANG environment variable of the svnserve process" NL
976 "### must be set to the same value as given here." NL
978 "LANG = en_US.UTF-8" NL
980 "### This sets the PATH environment variable for the pre-commit hook." NL
982 "PATH = /usr/local/bin:/usr/bin:/usr/sbin" NL;
984 SVN_ERR_W(svn_io_file_create(svn_dirent_join(repos->conf_path,
985 SVN_REPOS__CONF_HOOKS_ENV \
986 SVN_REPOS__HOOK_DESC_EXT,
988 hooks_env_contents, pool),
989 _("Creating hooks-env file"));
996 svn_repos_hooks_setenv(svn_repos_t *repos,
997 const char *hooks_env_path,
998 apr_pool_t *scratch_pool)
1000 if (hooks_env_path == NULL)
1001 repos->hooks_env_path = svn_dirent_join(repos->conf_path,
1002 SVN_REPOS__CONF_HOOKS_ENV,
1004 else if (!svn_dirent_is_absolute(hooks_env_path))
1005 repos->hooks_env_path = svn_dirent_join(repos->conf_path,
1009 repos->hooks_env_path = apr_pstrdup(repos->pool, hooks_env_path);
1011 return SVN_NO_ERROR;
1014 /* Allocate and return a new svn_repos_t * object, initializing the
1015 directory pathname members based on PATH, and initializing the
1016 REPOSITORY_CAPABILITIES member.
1017 The members FS, FORMAT, and FS_TYPE are *not* initialized (they are null),
1018 and it is the caller's responsibility to fill them in if needed. */
1019 static svn_repos_t *
1020 create_svn_repos_t(const char *path, apr_pool_t *pool)
1022 svn_repos_t *repos = apr_pcalloc(pool, sizeof(*repos));
1024 repos->path = apr_pstrdup(pool, path);
1025 repos->db_path = svn_dirent_join(path, SVN_REPOS__DB_DIR, pool);
1026 repos->conf_path = svn_dirent_join(path, SVN_REPOS__CONF_DIR, pool);
1027 repos->hook_path = svn_dirent_join(path, SVN_REPOS__HOOK_DIR, pool);
1028 repos->lock_path = svn_dirent_join(path, SVN_REPOS__LOCK_DIR, pool);
1029 repos->hooks_env_path = NULL;
1030 repos->repository_capabilities = apr_hash_make(pool);
1037 static svn_error_t *
1038 create_repos_structure(svn_repos_t *repos,
1040 apr_hash_t *fs_config,
1043 /* Create the top-level repository directory. */
1044 SVN_ERR_W(create_repos_dir(path, pool),
1045 _("Could not create top-level directory"));
1047 /* Create the DAV sandbox directory if pre-1.4 or pre-1.5-compatible. */
1049 && (svn_hash_gets(fs_config, SVN_FS_CONFIG_PRE_1_4_COMPATIBLE)
1050 || svn_hash_gets(fs_config, SVN_FS_CONFIG_PRE_1_5_COMPATIBLE)))
1052 const char *dav_path = svn_dirent_join(repos->path,
1053 SVN_REPOS__DAV_DIR, pool);
1054 SVN_ERR_W(create_repos_dir(dav_path, pool),
1055 _("Creating DAV sandbox dir"));
1058 /* Create the lock directory. */
1059 SVN_ERR(create_locks(repos, pool));
1061 /* Create the hooks directory. */
1062 SVN_ERR(create_hooks(repos, pool));
1064 /* Create the conf directory. */
1065 SVN_ERR(create_conf(repos, pool));
1067 /* Write the top-level README file. */
1069 const char * const readme_header =
1070 "This is a Subversion repository; use the 'svnadmin' and 'svnlook' " NL
1071 "tools to examine it. Do not add, delete, or modify files here " NL
1072 "unless you know how to avoid corrupting the repository." NL
1074 const char * const readme_bdb_insert =
1075 "The directory \"" SVN_REPOS__DB_DIR "\" contains a Berkeley DB environment." NL
1076 "you may need to tweak the values in \"" SVN_REPOS__DB_DIR "/DB_CONFIG\" to match the" NL
1077 "requirements of your site." NL
1079 const char * const readme_footer =
1080 "Visit http://subversion.apache.org/ for more information." NL;
1084 SVN_ERR(svn_io_file_open(&f,
1085 svn_dirent_join(path, SVN_REPOS__README, pool),
1086 (APR_WRITE | APR_CREATE | APR_EXCL),
1087 APR_OS_DEFAULT, pool));
1089 SVN_ERR(svn_io_file_write_full(f, readme_header, strlen(readme_header),
1091 if (strcmp(repos->fs_type, SVN_FS_TYPE_BDB) == 0)
1092 SVN_ERR(svn_io_file_write_full(f, readme_bdb_insert,
1093 strlen(readme_bdb_insert),
1095 SVN_ERR(svn_io_file_write_full(f, readme_footer, strlen(readme_footer),
1098 return svn_io_file_close(f, pool);
1103 /* There is, at present, nothing within the direct responsibility
1104 of libsvn_repos which requires locking. For historical compatibility
1105 reasons, the BDB libsvn_fs backend does not do its own locking, expecting
1106 libsvn_repos to do the locking for it. Here we take care of that
1107 backend-specific requirement.
1108 The kind of lock is controlled by EXCLUSIVE and NONBLOCKING.
1109 The lock is scoped to POOL. */
1110 static svn_error_t *
1111 lock_repos(svn_repos_t *repos,
1112 svn_boolean_t exclusive,
1113 svn_boolean_t nonblocking,
1116 if (strcmp(repos->fs_type, SVN_FS_TYPE_BDB) == 0)
1119 const char *lockfile_path = svn_repos_db_lockfile(repos, pool);
1121 err = svn_io_file_lock2(lockfile_path, exclusive, nonblocking, pool);
1122 if (err != NULL && APR_STATUS_IS_EAGAIN(err->apr_err))
1123 return svn_error_trace(err);
1124 SVN_ERR_W(err, _("Error opening db lockfile"));
1126 return SVN_NO_ERROR;
1131 svn_repos_create(svn_repos_t **repos_p,
1133 const char *unused_1,
1134 const char *unused_2,
1136 apr_hash_t *fs_config,
1137 apr_pool_t *result_pool)
1141 apr_pool_t *scratch_pool = svn_pool_create(result_pool);
1142 const char *root_path;
1143 const char *local_abspath;
1145 /* Allocate a repository object, filling in the format we will create. */
1146 repos = create_svn_repos_t(path, result_pool);
1147 repos->format = SVN_REPOS__FORMAT_NUMBER;
1149 /* Discover the type of the filesystem we are about to create. */
1150 repos->fs_type = svn_hash__get_cstring(fs_config, SVN_FS_CONFIG_FS_TYPE,
1152 if (svn_hash__get_bool(fs_config, SVN_FS_CONFIG_PRE_1_4_COMPATIBLE, FALSE))
1153 repos->format = SVN_REPOS__FORMAT_NUMBER_LEGACY;
1155 /* Don't create a repository inside another repository. */
1156 SVN_ERR(svn_dirent_get_absolute(&local_abspath, path, scratch_pool));
1157 root_path = svn_repos_find_root_path(local_abspath, scratch_pool);
1158 if (root_path != NULL)
1160 if (strcmp(root_path, local_abspath) == 0)
1161 return svn_error_createf(SVN_ERR_REPOS_BAD_ARGS, NULL,
1162 _("'%s' is an existing repository"),
1163 svn_dirent_local_style(root_path,
1166 return svn_error_createf(SVN_ERR_REPOS_BAD_ARGS, NULL,
1167 _("'%s' is a subdirectory of an existing "
1168 "repository " "rooted at '%s'"),
1169 svn_dirent_local_style(local_abspath,
1171 svn_dirent_local_style(root_path,
1175 /* Create the various files and subdirectories for the repository. */
1176 SVN_ERR_W(create_repos_structure(repos, path, fs_config, scratch_pool),
1177 _("Repository creation failed"));
1179 /* Lock if needed. */
1180 SVN_ERR(lock_repos(repos, FALSE, FALSE, scratch_pool));
1182 /* Create an environment for the filesystem. */
1183 if ((err = svn_fs_create(&repos->fs, repos->db_path, fs_config,
1186 /* If there was an error making the filesytem, e.g. unknown/supported
1187 * filesystem type. Clean up after ourselves. Yes this is safe because
1188 * create_repos_structure will fail if the path existed before we started
1189 * so we can't accidentally remove a directory that previously existed.
1191 svn_pool_destroy(scratch_pool); /* Release lock to allow deleting dir */
1193 return svn_error_trace(
1194 svn_error_compose_create(
1196 svn_io_remove_dir2(path, FALSE, NULL, NULL,
1200 /* This repository is ready. Stamp it with a format number. */
1201 SVN_ERR(svn_io_write_version_file
1202 (svn_dirent_join(path, SVN_REPOS__FORMAT, scratch_pool),
1203 repos->format, scratch_pool));
1205 svn_pool_destroy(scratch_pool); /* Release lock */
1208 return SVN_NO_ERROR;
1212 /* Check if @a path is the root of a repository by checking if the
1213 * path contains the expected files and directories. Return TRUE
1214 * on errors (which would be permission errors, probably) so that
1215 * we the user will see them after we try to open the repository
1217 static svn_boolean_t
1218 check_repos_path(const char *path,
1221 svn_node_kind_t kind;
1224 err = svn_io_check_path(svn_dirent_join(path, SVN_REPOS__FORMAT, pool),
1228 svn_error_clear(err);
1231 if (kind != svn_node_file)
1234 /* Check the db/ subdir, but allow it to be a symlink (Subversion
1235 works just fine if it's a symlink). */
1236 err = svn_io_check_resolved_path
1237 (svn_dirent_join(path, SVN_REPOS__DB_DIR, pool), &kind, pool);
1240 svn_error_clear(err);
1243 if (kind != svn_node_dir)
1250 /* Verify that REPOS's format is suitable.
1251 Use POOL for temporary allocation. */
1252 static svn_error_t *
1253 check_repos_format(svn_repos_t *repos,
1257 const char *format_path;
1259 format_path = svn_dirent_join(repos->path, SVN_REPOS__FORMAT, pool);
1260 SVN_ERR(svn_io_read_version_file(&format, format_path, pool));
1262 if (format != SVN_REPOS__FORMAT_NUMBER &&
1263 format != SVN_REPOS__FORMAT_NUMBER_LEGACY)
1265 return svn_error_createf
1266 (SVN_ERR_REPOS_UNSUPPORTED_VERSION, NULL,
1267 _("Expected repository format '%d' or '%d'; found format '%d'"),
1268 SVN_REPOS__FORMAT_NUMBER_LEGACY, SVN_REPOS__FORMAT_NUMBER,
1272 repos->format = format;
1274 return SVN_NO_ERROR;
1278 /* Set *REPOS_P to a repository at PATH which has been opened.
1279 See lock_repos() above regarding EXCLUSIVE and NONBLOCKING.
1280 OPEN_FS indicates whether the Subversion filesystem should be opened,
1281 the handle being placed into repos->fs.
1282 Do all allocation in POOL. */
1283 static svn_error_t *
1284 get_repos(svn_repos_t **repos_p,
1286 svn_boolean_t exclusive,
1287 svn_boolean_t nonblocking,
1288 svn_boolean_t open_fs,
1289 apr_hash_t *fs_config,
1290 apr_pool_t *result_pool,
1291 apr_pool_t *scratch_pool)
1294 const char *fs_type;
1296 /* Allocate a repository object. */
1297 repos = create_svn_repos_t(path, result_pool);
1299 /* Verify the validity of our repository format. */
1300 SVN_ERR(check_repos_format(repos, scratch_pool));
1302 /* Discover the FS type. */
1303 SVN_ERR(svn_fs_type(&fs_type, repos->db_path, scratch_pool));
1304 repos->fs_type = apr_pstrdup(result_pool, fs_type);
1306 /* Lock if needed. */
1307 SVN_ERR(lock_repos(repos, exclusive, nonblocking, result_pool));
1309 /* Open up the filesystem only after obtaining the lock. */
1311 SVN_ERR(svn_fs_open2(&repos->fs, repos->db_path, fs_config,
1312 result_pool, scratch_pool));
1314 #ifdef SVN_DEBUG_CRASH_AT_REPOS_OPEN
1315 /* If $PATH/config/debug-abort exists, crash the server here.
1316 This debugging feature can be used to test client recovery
1317 when the server crashes.
1321 svn_node_kind_t kind;
1322 svn_error_t *err = svn_io_check_path(
1323 svn_dirent_join(repos->conf_path, "debug-abort", scratch_pool),
1324 &kind, scratch_pool);
1325 svn_error_clear(err);
1326 if (!err && kind == svn_node_file)
1327 SVN_ERR_MALFUNCTION_NO_RETURN();
1329 #endif /* SVN_DEBUG_CRASH_AT_REPOS_OPEN */
1332 return SVN_NO_ERROR;
1338 svn_repos_find_root_path(const char *path,
1341 const char *candidate = path;
1342 const char *decoded;
1347 /* Try to decode the path, so we don't fail if it contains characters
1348 that aren't supported by the OS filesystem. The subversion fs
1349 isn't restricted by the OS filesystem character set. */
1350 err = svn_path_cstring_from_utf8(&decoded, candidate, pool);
1351 if (!err && check_repos_path(candidate, pool))
1353 svn_error_clear(err);
1355 if (svn_path_is_empty(candidate) ||
1356 svn_dirent_is_root(candidate, strlen(candidate)))
1359 candidate = svn_dirent_dirname(candidate, pool);
1366 svn_repos_open3(svn_repos_t **repos_p,
1368 apr_hash_t *fs_config,
1369 apr_pool_t *result_pool,
1370 apr_pool_t *scratch_pool)
1372 /* Fetch a repository object initialized with a shared read/write
1373 lock on the database. */
1375 return get_repos(repos_p, path, FALSE, FALSE, TRUE, fs_config,
1376 result_pool, scratch_pool);
1379 /* Baton used with fs_upgrade_notify, specifying the svn_repos layer
1380 * notification parameters.
1382 struct fs_upgrade_notify_baton_t
1384 svn_repos_notify_func_t notify_func;
1388 /* Implements svn_fs_upgrade_notify_t as forwarding to a
1389 * svn_repos_notify_func_t passed in a fs_upgrade_notify_baton_t* BATON.
1391 static svn_error_t *
1392 fs_upgrade_notify(void *baton,
1393 apr_uint64_t number,
1394 svn_fs_upgrade_notify_action_t action,
1397 struct fs_upgrade_notify_baton_t *fs_baton = baton;
1399 svn_repos_notify_t *notify = svn_repos_notify_create(
1400 svn_repos_notify_mutex_acquired, pool);
1403 case svn_fs_upgrade_pack_revprops:
1404 notify->shard = number;
1405 notify->action = svn_repos_notify_pack_revprops;
1408 case svn_fs_upgrade_cleanup_revprops:
1409 notify->shard = number;
1410 notify->action = svn_repos_notify_cleanup_revprops;
1413 case svn_fs_upgrade_format_bumped:
1414 notify->revision = number;
1415 notify->action = svn_repos_notify_format_bumped;
1419 /* unknown notification */
1420 SVN_ERR_MALFUNCTION();
1423 fs_baton->notify_func(fs_baton->notify_baton, notify, pool);
1425 return SVN_NO_ERROR;
1429 svn_repos_upgrade2(const char *path,
1430 svn_boolean_t nonblocking,
1431 svn_repos_notify_func_t notify_func,
1436 const char *format_path;
1438 apr_pool_t *subpool = svn_pool_create(pool);
1440 struct fs_upgrade_notify_baton_t fs_notify_baton;
1441 fs_notify_baton.notify_func = notify_func;
1442 fs_notify_baton.notify_baton = notify_baton;
1444 /* Fetch a repository object; for the Berkeley DB backend, it is
1445 initialized with an EXCLUSIVE lock on the database. This will at
1446 least prevent others from trying to read or write to it while we
1447 run recovery. (Other backends should do their own locking; see
1449 SVN_ERR(get_repos(&repos, path, TRUE, nonblocking, FALSE, NULL, subpool,
1454 /* We notify *twice* here, because there are two different logistical
1455 actions occuring. */
1456 svn_repos_notify_t *notify = svn_repos_notify_create(
1457 svn_repos_notify_mutex_acquired, subpool);
1458 notify_func(notify_baton, notify, subpool);
1460 notify->action = svn_repos_notify_upgrade_start;
1461 notify_func(notify_baton, notify, subpool);
1464 /* Try to overwrite with its own contents. We do this only to
1465 verify that we can, because we don't want to actually bump the
1466 format of the repository until our underlying filesystem claims
1467 to have been upgraded correctly. */
1468 format_path = svn_dirent_join(repos->path, SVN_REPOS__FORMAT, subpool);
1469 SVN_ERR(svn_io_read_version_file(&format, format_path, subpool));
1470 SVN_ERR(svn_io_write_version_file(format_path, format, subpool));
1472 /* Try to upgrade the filesystem. */
1473 SVN_ERR(svn_fs_upgrade2(repos->db_path,
1474 notify_func ? fs_upgrade_notify : NULL,
1475 &fs_notify_baton, NULL, NULL, subpool));
1477 /* Now overwrite our format file with the latest version. */
1478 SVN_ERR(svn_io_write_version_file(format_path, SVN_REPOS__FORMAT_NUMBER,
1481 /* Close shop and free the subpool, to release the exclusive lock. */
1482 svn_pool_destroy(subpool);
1484 return SVN_NO_ERROR;
1489 svn_repos_delete(const char *path,
1492 const char *db_path = svn_dirent_join(path, SVN_REPOS__DB_DIR, pool);
1494 /* Delete the filesystem environment... */
1495 SVN_ERR(svn_fs_delete_fs(db_path, pool));
1497 /* ...then blow away everything else. */
1498 return svn_error_trace(svn_io_remove_dir2(path, FALSE, NULL, NULL, pool));
1502 /* Repository supports the capability. */
1503 static const char *capability_yes = "yes";
1504 /* Repository does not support the capability. */
1505 static const char *capability_no = "no";
1508 svn_repos_has_capability(svn_repos_t *repos,
1510 const char *capability,
1513 const char *val = svn_hash_gets(repos->repository_capabilities, capability);
1515 if (val == capability_yes)
1519 else if (val == capability_no)
1523 /* Else don't know, so investigate. */
1524 else if (strcmp(capability, SVN_REPOS_CAPABILITY_MERGEINFO) == 0)
1527 svn_fs_root_t *root;
1528 svn_mergeinfo_catalog_t ignored;
1529 apr_array_header_t *paths = apr_array_make(pool, 1,
1532 SVN_ERR(svn_fs_revision_root(&root, repos->fs, 0, pool));
1533 APR_ARRAY_PUSH(paths, const char *) = "";
1534 err = svn_fs_get_mergeinfo2(&ignored, root, paths, FALSE, FALSE,
1539 if (err->apr_err == SVN_ERR_UNSUPPORTED_FEATURE)
1541 svn_error_clear(err);
1542 svn_hash_sets(repos->repository_capabilities,
1543 SVN_REPOS_CAPABILITY_MERGEINFO, capability_no);
1546 else if (err->apr_err == SVN_ERR_FS_NOT_FOUND)
1548 /* Mergeinfo requests use relative paths, and anyway we're
1549 in r0, so we're likely to get this error -- but it
1550 means the repository supports mergeinfo! */
1551 svn_error_clear(err);
1552 svn_hash_sets(repos->repository_capabilities,
1553 SVN_REPOS_CAPABILITY_MERGEINFO, capability_yes);
1558 return svn_error_trace(err);
1563 svn_hash_sets(repos->repository_capabilities,
1564 SVN_REPOS_CAPABILITY_MERGEINFO, capability_yes);
1570 return svn_error_createf(SVN_ERR_UNKNOWN_CAPABILITY, 0,
1571 _("unknown capability '%s'"), capability);
1574 return SVN_NO_ERROR;
1578 svn_repos_capabilities(apr_hash_t **capabilities,
1580 apr_pool_t *result_pool,
1581 apr_pool_t *scratch_pool)
1583 static const char *const queries[] = {
1584 SVN_REPOS_CAPABILITY_MERGEINFO,
1587 const char *const *i;
1589 *capabilities = apr_hash_make(result_pool);
1591 for (i = queries; *i; i++)
1594 SVN_ERR(svn_repos_has_capability(repos, &has, *i, scratch_pool));
1596 svn_hash_sets(*capabilities, *i, *i);
1599 return SVN_NO_ERROR;
1603 svn_repos_info_format(int *repos_format,
1604 svn_version_t **supports_version,
1606 apr_pool_t *result_pool,
1607 apr_pool_t *scratch_pool)
1609 *repos_format = repos->format;
1610 *supports_version = apr_palloc(result_pool, sizeof(svn_version_t));
1612 (*supports_version)->major = SVN_VER_MAJOR;
1613 (*supports_version)->minor = 0;
1614 (*supports_version)->patch = 0;
1615 (*supports_version)->tag = "";
1617 switch (repos->format)
1619 case SVN_REPOS__FORMAT_NUMBER_LEGACY:
1621 case SVN_REPOS__FORMAT_NUMBER_1_4:
1622 (*supports_version)->minor = 4;
1625 # if SVN_REPOS__FORMAT_NUMBER != SVN_REPOS__FORMAT_NUMBER_1_4
1626 # error "Need to add a 'case' statement here"
1631 return SVN_NO_ERROR;
1635 svn_repos_fs(svn_repos_t *repos)
1643 svn_repos_fs_type(svn_repos_t *repos,
1644 apr_pool_t *result_pool)
1646 return apr_pstrdup(result_pool, repos->fs_type);
1649 /* For historical reasons, for the Berkeley DB backend, this code uses
1650 * repository locking, which is motivated by the need to support the
1651 * Berkeley DB error DB_RUN_RECOVERY. (FSFS takes care of locking
1652 * itself, inside its implementation of svn_fs_recover.) Here's how
1655 * Every accessor of a repository's database takes out a shared lock
1656 * on the repository -- both readers and writers get shared locks, and
1657 * there can be an unlimited number of shared locks simultaneously.
1659 * Sometimes, a db access returns the error DB_RUN_RECOVERY. When
1660 * this happens, we need to run svn_fs_recover() on the db
1661 * with no other accessors present. So we take out an exclusive lock
1662 * on the repository. From the moment we request the exclusive lock,
1663 * no more shared locks are granted, and when the last shared lock
1664 * disappears, the exclusive lock is granted. As soon as we get it,
1665 * we can run recovery.
1667 * We assume that once any berkeley call returns DB_RUN_RECOVERY, they
1668 * all do, until recovery is run.
1672 svn_repos_recover4(const char *path,
1673 svn_boolean_t nonblocking,
1674 svn_repos_notify_func_t notify_func,
1676 svn_cancel_func_t cancel_func,
1677 void * cancel_baton,
1681 apr_pool_t *subpool = svn_pool_create(pool);
1683 /* Fetch a repository object; for the Berkeley DB backend, it is
1684 initialized with an EXCLUSIVE lock on the database. This will at
1685 least prevent others from trying to read or write to it while we
1686 run recovery. (Other backends should do their own locking; see
1688 SVN_ERR(get_repos(&repos, path, TRUE, nonblocking,
1689 FALSE, /* don't try to open the db yet. */
1695 /* We notify *twice* here, because there are two different logistical
1696 actions occuring. */
1697 svn_repos_notify_t *notify = svn_repos_notify_create(
1698 svn_repos_notify_mutex_acquired, subpool);
1699 notify_func(notify_baton, notify, subpool);
1701 notify->action = svn_repos_notify_recover_start;
1702 notify_func(notify_baton, notify, subpool);
1705 /* Recover the database to a consistent state. */
1706 SVN_ERR(svn_fs_recover(repos->db_path, cancel_func, cancel_baton, subpool));
1708 /* Close shop and free the subpool, to release the exclusive lock. */
1709 svn_pool_destroy(subpool);
1711 return SVN_NO_ERROR;
1714 struct freeze_baton_t {
1715 apr_array_header_t *paths;
1717 svn_repos_freeze_func_t freeze_func;
1720 /* Scratch pool used for every freeze callback invocation. */
1721 apr_pool_t *scratch_pool;
1724 static svn_error_t *
1725 multi_freeze(void *baton,
1728 struct freeze_baton_t *fb = baton;
1730 svn_pool_clear(fb->scratch_pool);
1731 if (fb->counter == fb->paths->nelts)
1733 SVN_ERR(fb->freeze_func(fb->freeze_baton, pool));
1734 return SVN_NO_ERROR;
1738 /* Using a subpool as the only way to unlock the repos lock used
1739 by BDB is to clear the pool used to take the lock. */
1740 apr_pool_t *subpool = svn_pool_create(pool);
1741 const char *path = APR_ARRAY_IDX(fb->paths, fb->counter, const char *);
1746 SVN_ERR(get_repos(&repos, path,
1747 TRUE /* exclusive (only applies to BDB) */,
1748 FALSE /* non-blocking */,
1749 FALSE /* open-fs */,
1750 NULL, subpool, fb->scratch_pool));
1753 if (strcmp(repos->fs_type, SVN_FS_TYPE_BDB) == 0)
1755 svn_error_t *err = multi_freeze(fb, subpool);
1757 svn_pool_destroy(subpool);
1763 SVN_ERR(svn_fs_open2(&repos->fs, repos->db_path, NULL, subpool,
1765 SVN_ERR(svn_fs_freeze(svn_repos_fs(repos), multi_freeze, fb,
1769 svn_pool_destroy(subpool);
1772 return SVN_NO_ERROR;
1775 /* For BDB we fall back on BDB's repos layer lock which means that the
1776 repository is unreadable while frozen.
1778 For FSFS we delegate to the FS layer which uses the FSFS write-lock
1779 and an SQLite reserved lock which means the repository is readable
1782 svn_repos_freeze(apr_array_header_t *paths,
1783 svn_repos_freeze_func_t freeze_func,
1787 struct freeze_baton_t fb;
1791 fb.freeze_func = freeze_func;
1792 fb.freeze_baton = freeze_baton;
1793 fb.scratch_pool = svn_pool_create(pool);
1795 SVN_ERR(multi_freeze(&fb, pool));
1797 svn_pool_destroy(fb.scratch_pool);
1798 return SVN_NO_ERROR;
1801 svn_error_t *svn_repos_db_logfiles(apr_array_header_t **logfiles,
1803 svn_boolean_t only_unused,
1809 SVN_ERR(get_repos(&repos, path,
1811 FALSE, /* Do not open fs. */
1815 SVN_ERR(svn_fs_berkeley_logfiles(logfiles,
1816 svn_repos_db_env(repos, pool),
1820 /* Loop, printing log files. */
1821 for (i = 0; i < (*logfiles)->nelts; i++)
1823 const char ** log_file = &(APR_ARRAY_IDX(*logfiles, i, const char *));
1824 *log_file = svn_dirent_join(SVN_REPOS__DB_DIR, *log_file, pool);
1827 return SVN_NO_ERROR;
1830 /* Baton for hotcopy_structure(). */
1831 struct hotcopy_ctx_t {
1832 const char *dest; /* target location to construct */
1833 size_t src_len; /* len of the source path*/
1835 /* As in svn_repos_hotcopy2() */
1836 svn_boolean_t incremental;
1837 svn_cancel_func_t cancel_func;
1841 /* Copy the repository structure of PATH to BATON->DEST, with exception of
1842 * @c SVN_REPOS__DB_DIR, @c SVN_REPOS__LOCK_DIR and @c SVN_REPOS__FORMAT;
1843 * those directories and files are handled separately.
1845 * BATON is a (struct hotcopy_ctx_t *). BATON->SRC_LEN is the length
1848 * Implements svn_io_walk_func_t.
1850 static svn_error_t *hotcopy_structure(void *baton,
1852 const apr_finfo_t *finfo,
1855 const struct hotcopy_ctx_t *ctx = baton;
1856 const char *sub_path;
1859 if (ctx->cancel_func)
1860 SVN_ERR(ctx->cancel_func(ctx->cancel_baton));
1862 if (strlen(path) == ctx->src_len)
1868 sub_path = &path[ctx->src_len+1];
1870 /* Check if we are inside db directory and if so skip it */
1871 if (svn_path_compare_paths
1872 (svn_dirent_get_longest_ancestor(SVN_REPOS__DB_DIR, sub_path, pool),
1873 SVN_REPOS__DB_DIR) == 0)
1874 return SVN_NO_ERROR;
1876 if (svn_path_compare_paths
1877 (svn_dirent_get_longest_ancestor(SVN_REPOS__LOCK_DIR, sub_path,
1879 SVN_REPOS__LOCK_DIR) == 0)
1880 return SVN_NO_ERROR;
1882 if (svn_path_compare_paths
1883 (svn_dirent_get_longest_ancestor(SVN_REPOS__FORMAT, sub_path, pool),
1884 SVN_REPOS__FORMAT) == 0)
1885 return SVN_NO_ERROR;
1888 target = svn_dirent_join(ctx->dest, sub_path, pool);
1890 if (finfo->filetype == APR_DIR)
1894 err = create_repos_dir(target, pool);
1895 if (ctx->incremental && err && err->apr_err == SVN_ERR_DIR_NOT_EMPTY)
1897 svn_error_clear(err);
1900 return svn_error_trace(err);
1902 else if (finfo->filetype == APR_REG)
1903 return svn_io_copy_file(path, target, TRUE, pool);
1904 else if (finfo->filetype == APR_LNK)
1905 return svn_io_copy_link(path, target, pool);
1907 return SVN_NO_ERROR;
1911 /** Obtain a lock on db logs lock file. Create one if it does not exist.
1913 static svn_error_t *
1914 lock_db_logs_file(svn_repos_t *repos,
1915 svn_boolean_t exclusive,
1918 const char * lock_file = svn_repos_db_logs_lockfile(repos, pool);
1920 /* Try to create a lock file, in case if it is missing. As in case of the
1921 repositories created before hotcopy functionality. */
1922 svn_error_clear(create_db_logs_lock(repos, pool));
1924 return svn_io_file_lock2(lock_file, exclusive, FALSE, pool);
1928 /* Baton used with fs_hotcopy_notify(), specifying the svn_repos layer
1929 * notification parameters.
1931 struct fs_hotcopy_notify_baton_t
1933 svn_repos_notify_func_t notify_func;
1937 /* Implements svn_fs_hotcopy_notify_t as forwarding to a
1938 * svn_repos_notify_func_t passed in a fs_hotcopy_notify_baton_t* BATON.
1941 fs_hotcopy_notify(void *baton,
1942 svn_revnum_t start_revision,
1943 svn_revnum_t end_revision,
1946 struct fs_hotcopy_notify_baton_t *fs_baton = baton;
1947 svn_repos_notify_t *notify;
1949 notify = svn_repos_notify_create(svn_repos_notify_hotcopy_rev_range, pool);
1950 notify->start_revision = start_revision;
1951 notify->end_revision = end_revision;
1953 fs_baton->notify_func(fs_baton->notify_baton, notify, pool);
1956 /* Make a copy of a repository with hot backup of fs. */
1958 svn_repos_hotcopy3(const char *src_path,
1959 const char *dst_path,
1960 svn_boolean_t clean_logs,
1961 svn_boolean_t incremental,
1962 svn_repos_notify_func_t notify_func,
1964 svn_cancel_func_t cancel_func,
1966 apr_pool_t *scratch_pool)
1968 svn_fs_hotcopy_notify_t fs_notify_func;
1969 struct fs_hotcopy_notify_baton_t fs_notify_baton;
1970 struct hotcopy_ctx_t hotcopy_context;
1971 const char *src_abspath;
1972 const char *dst_abspath;
1973 svn_repos_t *src_repos;
1974 svn_repos_t *dst_repos;
1977 SVN_ERR(svn_dirent_get_absolute(&src_abspath, src_path, scratch_pool));
1978 SVN_ERR(svn_dirent_get_absolute(&dst_abspath, dst_path, scratch_pool));
1979 if (strcmp(src_abspath, dst_abspath) == 0)
1980 return svn_error_create(SVN_ERR_INCORRECT_PARAMS, NULL,
1981 _("Hotcopy source and destination are equal"));
1983 /* Try to open original repository */
1984 SVN_ERR(get_repos(&src_repos, src_abspath,
1986 FALSE, /* don't try to open the db yet. */
1988 scratch_pool, scratch_pool));
1990 /* If we are going to clean logs, then get an exclusive lock on
1991 db-logs.lock, to ensure that no one else will work with logs.
1993 If we are just copying, then get a shared lock to ensure that
1994 no one else will clean logs while we copying them */
1996 SVN_ERR(lock_db_logs_file(src_repos, clean_logs, scratch_pool));
1998 /* Copy the repository to a new path, with exception of
1999 specially handled directories */
2001 hotcopy_context.dest = dst_abspath;
2002 hotcopy_context.src_len = strlen(src_abspath);
2003 hotcopy_context.incremental = incremental;
2004 hotcopy_context.cancel_func = cancel_func;
2005 hotcopy_context.cancel_baton = cancel_baton;
2006 SVN_ERR(svn_io_dir_walk2(src_abspath,
2012 /* Prepare dst_repos object so that we may create locks,
2013 so that we may open repository */
2015 dst_repos = create_svn_repos_t(dst_abspath, scratch_pool);
2016 dst_repos->fs_type = src_repos->fs_type;
2017 dst_repos->format = src_repos->format;
2019 err = create_locks(dst_repos, scratch_pool);
2022 if (incremental && err->apr_err == SVN_ERR_DIR_NOT_EMPTY)
2023 svn_error_clear(err);
2025 return svn_error_trace(err);
2028 err = svn_io_dir_make_sgid(dst_repos->db_path, APR_OS_DEFAULT,
2032 if (incremental && APR_STATUS_IS_EEXIST(err->apr_err))
2033 svn_error_clear(err);
2035 return svn_error_trace(err);
2038 /* Exclusively lock the new repository.
2039 No one should be accessing it at the moment */
2040 SVN_ERR(lock_repos(dst_repos, TRUE, FALSE, scratch_pool));
2042 fs_notify_func = notify_func ? fs_hotcopy_notify : NULL;
2043 fs_notify_baton.notify_func = notify_func;
2044 fs_notify_baton.notify_baton = notify_baton;
2046 SVN_ERR(svn_fs_hotcopy3(src_repos->db_path, dst_repos->db_path,
2047 clean_logs, incremental,
2048 fs_notify_func, &fs_notify_baton,
2049 cancel_func, cancel_baton, scratch_pool));
2051 /* Destination repository is ready. Stamp it with a format number. */
2052 return svn_io_write_version_file
2053 (svn_dirent_join(dst_repos->path, SVN_REPOS__FORMAT, scratch_pool),
2054 dst_repos->format, scratch_pool);
2057 /* Return the library version number. */
2058 const svn_version_t *
2059 svn_repos_version(void)
2067 svn_repos_stat(svn_dirent_t **dirent,
2068 svn_fs_root_t *root,
2072 svn_node_kind_t kind;
2074 const char *datestring;
2076 SVN_ERR(svn_fs_check_path(&kind, root, path, pool));
2078 if (kind == svn_node_none)
2081 return SVN_NO_ERROR;
2084 ent = svn_dirent_create(pool);
2087 if (kind == svn_node_file)
2088 SVN_ERR(svn_fs_file_length(&(ent->size), root, path, pool));
2090 SVN_ERR(svn_fs_node_has_props(&ent->has_props, root, path, pool));
2092 SVN_ERR(svn_repos_get_committed_info(&(ent->created_rev),
2094 &(ent->last_author),
2097 SVN_ERR(svn_time_from_cstring(&(ent->time), datestring, pool));
2100 return SVN_NO_ERROR;
2104 svn_repos_remember_client_capabilities(svn_repos_t *repos,
2105 const apr_array_header_t *capabilities)
2107 repos->client_capabilities = capabilities;
2108 return SVN_NO_ERROR;
2112 svn_repos__fs_type(const char **fs_type,
2113 const char *repos_path,
2117 repos.path = (char*)repos_path;
2119 SVN_ERR(check_repos_format(&repos, pool));
2121 return svn_fs_type(fs_type,
2122 svn_dirent_join(repos_path, SVN_REPOS__DB_DIR, pool),