These are the questions related to the currently supported versions. For older questions, see below.
Subversion is an open-source, centralized version control system. See Our Vision on our front page to know why Subversion exists. Want to take a quick look? See Quick Start.
No, Subversion is open source / free software. Several companies (CollabNet, WANdisco, VisualSVN, elego, ...) pay or have paid the salaries of some full-time developers, but the software carries an Apache License which is fully compliant with the Debian Free Software Guidelines. In other words, you are free to download, modify, and redistribute Subversion as you please; no permission from any company or any person is required.
Subversion is very stable. It is mature software, with strong compatibility guarantees. The Subversion development community cares deeply about its stability and robustness.
Subversion has been in development since 2000, and became self-hosting after one year. A year later when we declared "alpha", Subversion was already being used by dozens of private developers and shops for real work. After that, it was two more years of bugfixing and stabilization until we reached 1.0. Most other projects probably would have called the product "1.0" much earlier, but we deliberately decided to delay that label as long as possible. We were aware that many people were waiting for a 1.0 before using Subversion, and had very specific expectations about the meaning of that label. So we stuck to that same standard.
The client and server are designed to work as long as they aren't more than one major release version apart. For example, any 1.X client will work with a 1.Y server. However, if the client and server versions don't match, certain features may not be available. Such limitations are always documented in the release notes of our releases.
Our client/server interoperability policy is documented in the "Compatibility" section of the Subversion Community Guide.
All modern flavors of Unix, Windows, BeOS, OS/2, macOS.
Subversion is written in ANSI C and uses APR, the Apache Portable Runtime library, as a portability layer. The Subversion client will run anywhere APR runs, which is most places. The Subversion server (i.e., the repository side) is the same, except that it will not host a Berkeley DB repository on Win9x platforms (Win95/Win98/WinME), because Berkeley DB has shared-memory segment problems on Win9x. FSFS repositories (introduced in version 1.1) do not have this restriction; however, due to a limitation in Win9x's file-locking support, they also don't work in Win9x.
To reiterate, the Subversion client can be run on any platform where APR runs. The Subversion server can also be run on any platform where APR runs, but cannot host a repository on Win95/Win98/WinMe.
No. The "Subversion Filesystem" is not a kernel-level filesystem that one would install in an operating system. Instead, it is Subversion's repository interface, which is a "versioned filesystem" in the sense that it stores a directory tree whose state is remembered from revision to revision. Writing programs to access the repository is similar to writing programs that use other filesystem APIs. The main difference is that this particular filesystem doesn't lose data when written to; old tree states can be retrieved as easily the most recent state.
Server requirements depend on many factors, such as number of users, frequency of commits and other server related operations, repository size, and the load generated by custom repository hooks. When using Apache, it is likely that Apache itself will be the biggest factor in memory usage.
Remember to take in account other applications running on the same server; for example, repository browsers use resources too, independently of Subversion itself.
In general, you can expect to need much less server memory than you would for comparable CVS repositories.
No. Subversion is a set of libraries. It comes with a command-line client that uses them. There are two different Subversion server processes: either svnserve, which is small standalone program similar to cvs pserver, or Apache httpd-2.0 using a special mod_dav_svn module. svnserve speaks a custom protocol, while mod_dav_svn uses WebDAV as its network protocol. See chapter 6 in the Subversion book to learn more.
The short answer: no.
The long answer: if you just want to access a repository, then you only need to build a Subversion client. If you want to host a networked repository, then you need to set up either Apache2 or an "svnserve" server.
For more details about setting up a network accessible Subversion server, see chapter 6 in the Subversion book.
No, you can run svnserve as a Subversion server. It works extremely well.
If you want WebDAV and all the other "goodies" that come with the Apache server, then yes, you'll need Apache 2.0. It's always an option to run Apache 2.0 on a different port while continuing to run Apache 1.x on port 80. Different versions of Apache can happily coexist on the same machine. Just change the Listen directive in httpd.conf from "Listen 80" to "Listen 8080" or whatever port number you want, and make sure to specify that port when you publish your repository URL (e.g., http://svn.mydomain.com:8080/repos/blah/trunk/).
Subversion is not attempting to imitate all the features of every SCM system out there. See Our Vision.
First, note that Subversion has no concept of projects. The repository just stores a versioned directory tree — you may consider certain sub-trees to be projects, but Subversion doesn't treat them differently from any other sub-tree. Thus, the interpretation of what constitutes a project in the repository is left entirely up to the users. (This is similar to how branches and tags are conventions built on top of copies, instead of being basic concepts built into Subversion itself.)
Each time you commit a change, the repository stores a new revision of that overall repository tree, and labels the new tree with a new revision number. Of course, most of the tree is the same as the revision before, except for the parts you changed.
The new revision number is a sequential label that applies to the entire new tree, not just to the files and directories you touched in that revision. However, colloquially, a revision number is used to refer to the change committed in that revision; for example, "the change in r588" ("r588" is shorthand for "revision 588") really means "the difference between repository trees 587 and 588", or put another way, "the change made to tree 587 to produce tree 588".
Thus, the advancing revision number marks the progress of the repository as a whole; you generally can't gauge the progress of a particular project within the repository by watching the revision number. Also, the revision number should not be used as the publicly-visible release number of a particular project in the repository. For that, you should devise some other mechanism of distinguishing releases, such as using tags.
The question is a bit loaded, because everyone seems to have a slightly different definition of "changeset", or a least a slightly different expectation of what it means for a version control system to have "changeset features".
For the purposes of this discussion, here's a simple definition of changeset: it's a collection of changes with a unique name. The changes might include textual edits to file contents, modifications to tree structure, or tweaks to metadata. In more common speak, a changeset is just a patch with a name you can refer to.
Subversion manages versioned trees as first order objects (the repository is an array of trees), and the changesets are things that are derived (by comparing adjacent trees.) Systems like Arch or Bitkeeper are built the other way around: they're designed to manage changesets as first order objects (the repository is a bag of patches), and trees are derived by composing sets of patches together.
Neither philosophy is better in absolute terms: the debate goes back at least 30 years. The two designs are better or worse for different types of software development. We're not going to discuss that here. Instead, here's an explanation of what you can do with Subversion.
In Subversion, a global revision number 'N' names a tree in the repository: it's the way the repository looked after the Nth commit. It's also the name of an implicit changeset: if you compare tree N with tree N-1, you can derive the exact patch that was committed.
For this reason, it's easy to think of "revision N" as not just a tree, but a changeset as well. If you use an issue tracker to manage bugs, you can use the revision numbers to refer to particular patches that fix bugs -- for example, "this issue was fixed by revision 9238." Somebody can then run 'svn log -r9238' to read about the exact changeset which fixed the bug, and run 'svn diff -r9237:9238' to see the patch itself. And svn's merge command also uses revision numbers. You can merge specific changesets from one branch to another by naming them in the merge arguments: 'svn merge -r9237:9238 branchURL' would merge changeset #9238 into your working copy.
This is nowhere near as complicated as a system built around changesets as primary objects, but it's still a vast convenience over CVS.
See our Roadmap page.
Subversion 1.1 (and later) has the ability to put a (unix) symlink under version control, via the usual svn add command.
Details: the Subversion repository has no internal concept of a symlink. It stores a "versioned symlink" as an ordinary file with an 'svn:special' property attached. The svn client (on unix) sees the property and translates the file into a symlink in the working copy.
On Windows, the svn client currently has no support for translating a versioned symlink into one of the Windows symlink variants (junction points etc.). The checked out object appears as a normal file. One of the issues that make this difficult to support in general is that by default only Administrators can create symlinks on Windows. For more information, see issue SVN-3570.
The following versions of the Subversion logo are available:
Some additional artwork is available in Subversion's source tree under notes/logo and in this Web site.
If you don't find an answer after browsing this FAQ, there are several other resources available:
Our mailing lists are moderated to prevent spam from getting through, so your first post to any list may be delayed, until the moderator has a chance to let it through. Once that post is allowed through, all subsequent posts from the same address are automatically approved, so you should experience no more delay. Of course, if your sending address changes, then you'll have to go through moderation again.
Changes to DST do not require any special changes or fixes to the Subversion code. Subversion primarily uses dates/times to record when changes have been committed to the repository. This code runs on the server and gets the current date/time from the operating system and converts it to UTC using routines provided by the operating system. The Subversion client receives these dates from the server and converts them to the local time zone for display using routines provided by the client operating system. As such, you should only need to install the patches provided for your operating system and really you should only need to make sure the time on the server is properly adjusted for DST.
Publication of the first known SHA-1 collision by Google and CWI unveiled a couple of related issues in Subversion's use of SHA-1. Subversion's core does not rely on SHA-1 for content indexing, but it was being used for such purposes in the following supplementary features:
Speaking of the repository data deduplication feature, this can result in inability to access files with colliding SHA-1 values or cause data loss for such files. To prevent different content with identical SHA-1 from being stored in a repository, upgrade to 1.9.6 or 1.8.18 which, by default, prevent storing data with such collisions. See our SHA-1 advisory for details.
Until the upgrade to these new releases is available, Unix-based servers can use the pre-commit hook found here. As an aside, we welcome Windows developers to submit a pre-commit script for the Windows platform. More information on submission can be found here.
The working copy uses SHA-1 for deduplication of the stored content, and for performance reasons a client will avoid fetching content with the same SHA-1 checksum. The workaround for this issue is to prevent storage of the colliding objects in the first place, via upgrade to 1.9.6 or installation of the aforementioned pre-commit script.
Storing content with SHA-1 collisions is not a supported use case. If you have content with colliding SHA-1 hash values, we suggest you transform it via gzip before committing it to avoid the collision altogether. Moreover, an upgrade to 1.9.6 to prevent future insertion of duplicates is highly recommended.
Use the Subversion client:
$ svn co https://svn.apache.org/repos/asf/subversion/trunk subversion
That will check out a copy of the Subversion source tree into a directory named subversion on your local machine.
See Quick Start. For some more detail, see the quick start instructions in The Subversion Book.
For even more detail about repository setup and administration, read chapter 5 in The Subversion Book.
The cvs2svn conversion tool seems to be what most people use. The sources are hosted at https://github.com/mhagger/cvs2svn. If you are running a Linux or BSD-based system, your distribution might have a cvs2svn package.
If cvs2svn doesn't meet your needs, you might try refinecvs written by Lev Serebryakov at http://lev.serebryakov.spb.ru/refinecvs/.
The Subversion client can go through a proxy, if you configure it to do so. First, edit your "servers" configuration file to indicate which proxy to use. The files location depends on your operating system. On Linux or Unix it is located in the directory "~/.subversion". On Windows it is in "%APPDATA%\Subversion". (Try "echo %APPDATA%", note this is a hidden directory.)
There are comments in the file explaining what to do. If you don't have that file, get the latest Subversion client and run any command; this will cause the configuration directory and template files to be created.
Next, you need to make sure the proxy server itself supports all the HTTP methods Subversion uses. Some proxy servers do not support these methods by default: PROPFIND, REPORT, MERGE, MKACTIVITY, CHECKOUT. In general, solving this depends on the particular proxy software. For Squid, the config option is
# TAG: extension_methods # Squid only knows about standardized HTTP request methods. # You can add up to 20 additional "extension" methods here. # #Default: # none extension_methods REPORT MERGE MKACTIVITY CHECKOUT
(Squid 2.4 and later already knows about PROPFIND.)
See also "What are all the HTTP methods Subversion uses?" for advice on additional HTTP methods to allow through your proxy.
If it's difficult or impossible to get the proxy to allow Subversion traffic, but you want to check out the Subversion sources, you may be able to go around the proxy. Some proxies that filter port 80 nevertheless allow anything on port 81. In many other cases proxies don't filter https as strict as they filter http. The svn.apache.org repository server listens on https as well as http. Try:
svn checkout https://svn.apache.org/repos/asf/subversion/trunk subversion
and maybe the proxy will let you through.
Of course, your svn client will have to have been built with ssl support. You can check to see whether the 'https' scheme is supported by running svn --version.
A reverse proxy can be used if the Subversion server is not directly connected to the internet. It will forward HTTP/HTTPS traffic from a public facing server to the Subversion server, potentially removing HTTPS encryption. It can also be useful if several different HTTP servers must be served on the same port.
Subversion uses a subset of the WebDAV/DeltaV protocol; see this FAQ item for the details. As far as the proxy server is concerned, Subversion uses plain WebDAV protocol. For the svn copy and svn move commands, an extra HTTP_DESTINATION header is used; this must be rewritten separately.
Detailed instructions are provided for a few different proxy servers. It should be fairly easy to copy the ideas from these examples.
The information below is based on an article written by Konrad Rosenbaum, originally found on http://silmor.de/proxysvn.php. Copied with permission.
The proxy side of Apache requires mod_proxy to work. In many Linux distributions there are ready-made configuration files that can be activated, otherwise insert this configuration in httpd.conf:
#load the module LoadModule proxy_module modules/mod_proxy.so #per default disallow all requests (for security) ProxyRequests Off <Proxy *> Order deny,allow Deny from all </Proxy> ProxyVia On
In the VirtualHost directive for the proxying virtual host, configure requests for your subversion directory (we'll assume it is called svn) to be relayed to the real subversion server:
ProxyPass /svn/ http://realsvnserver/svn/ <Location /svn/> ProxyPassReverse /svn/ http://realsvnserver/svn/ <Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE> Order Deny,Allow Allow from all Satisfy Any </Limit> RewriteCond %{HTTP:Destination} .+/(svn/.*$) RewriteRule ^/svn/.* - [E=MyDestination:http://realsvnserver/%1,PT] RequestHeader set Destination %{MyDestination}e env=MyDestination </Location>
The ProxyPass directive tells Apache to redirect requests below /svn to the subversion-Apache (http://realsvnserver/svn). The ProxyPassReverse directive tells it to alter the request headers (Location, Content-Location, and URI) to match the target server — depending on your version of Apache and its configuration you may need to leave out either /svn/ or http://realsvnserver/svn/. If possible the same path should be used on both servers (otherwise DAV might make trouble). The Limit directive tells Apache to let all DAV requests from all clients (Allow) through and let the real subversion server handle authentication (Satisfy). The Rewrite rules update the HTTP_DESTINATION header to the correct server/protocol.
First download and install the URL Rewrite module from iis.net. The
example below has been tested with IIS 10 and URL Rewrite 2.1.
Next configure URL Rewrite to allow the HTTP_DESTINATION server variable: In
IIS Manager under URL Rewrite, in the right hand pane click View Server
Variables and add HTTP_DESTINATION.
Finally create a few rewrite rules:
<system.webServer> <rewrite> <rules> <clear /> <rule name="ToHttps" stopProcessing="true"> <match url="(.*)" /> <conditions logicalGrouping="MatchAll" trackAllCaptures="false"> <add input="{HTTPS}" pattern="^OFF$" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"/> </rule> <rule name="ProxyWithDestination" enabled="true" patternSyntax="ECMAScript" stopProcessing="true"> <match url="(.*)" /> <conditions logicalGrouping="MatchAll" trackAllCaptures="false"> <add input="{HTTP_DESTINATION}" pattern="https://(.*)"/> </conditions> <serverVariables> <set name="HTTP_DESTINATION" value="http://{C:1}" /> </serverVariables> <action type="Rewrite" url="http://127.0.0.1:81/{R:0}" logRewrittenUrl="true" /> </rule> <rule name="ProxyRest" patternSyntax="ECMAScript" stopProcessing="true"> <match url="(.*)" negate="false" /> <conditions logicalGrouping="MatchAll" trackAllCaptures="false" /> <action type="Rewrite" url="http://127.0.0.1:81/{R:0}" logRewrittenUrl="true" /> </rule> </rules> </rewrite> <security> <requestFiltering allowDoubleEscaping="true" /> </security> </system.webServer>
A simple option is to use the svnserve server instead of Apache. See chapter 6 in the Subversion book for details.
However, if your admins don't want you to run Apache, it's very likely they don't want you to run a custom server process on port 3690 either! So the rest of this answer assumes that your admins are okay with you using an existing SSH infrastructure.
If you previously used CVS, you may have used SSH to login to the CVS server. The ra_svn Subversion access method is the equivalent way of doing this with Subversion. Just use the "svn+ssh" prefix to your Subversion repository URL.
$ svn checkout svn+ssh://your.domain.com/full/path/to/repository
This makes your SSH program launch a private 'svnserve' process on the remote box, which accesses the repository as your UID and tunnels the information back over the encrypted link.
However, another solution that can be used instead is to leverage SSH port forwarding to connect to the protected server via ra_dav. You would connect via SSH to a machine behind your firewall that can access your Subversion server. Note that this SSH server does not have to be the same as where Subversion is installed. It can be, but it doesn't have to be.
Then, you create a local port forward that connects to the HTTP server that houses your Subversion repository. You would then 'connect' to the Subversion repository via this local port. Then, the request will be sent 'tunneled' via SSH server to your Subversion server.
An example: a Subversion ra_dav setup is behind your company firewall at 10.1.1.50 (call it svn-server.example.com). Your company allows SSH access via publicly accessible ssh-server.example.com. Internally, you can access the Subversion repository via http://svn-server.example.com/repos/ours.
Example: client connecting to ssh-server with port-forwarding and checking out via the port forward
% ssh -L 8888:svn-server.example.com:80 [email protected] % svn checkout https://127.0.0.1:8888/repos/ours
Note that your svn-server.example.com could also have its httpd instance running on an unprivileged port by a non-trusted user. This will allow your Subversion server not to require root access.
Joe Orton notes
The server is sensitive to the hostname used in the Destination header in MOVE and COPY requests, so you have to be a little careful here - a "ServerAlias localhost" may be required to get this working properly.
Some links on SSH port forwarding
It depends upon the projects involved. If the projects are related, and are likely to share data, then it's best to create one repository with several subdirectories like this:
$ svnadmin create /repo/svn $ svn mkdir file:///repo/svn/projA $ svn mkdir file:///repo/svn/projB $ svn mkdir file:///repo/svn/projC
If the projects are completely unrelated, and not likely to share data between them, then it's probably best to create separate and unrelated repositories.
$ mkdir /repo/svn $ svnadmin create /repo/svn/projA $ svnadmin create /repo/svn/projB $ svnadmin create /repo/svn/projC
The difference between these two approaches is this (as explained by Ben Collins-Sussman <[email protected]>):
If you don't care about retaining all the history of one of the repositories, you can just create a new directory under one project's repository, then import the other.
If you care about retaining the history of both, then you can use 'svnadmin dump' to dump one repository, and 'svnadmin load' to load it into the other repository. The revision numbers will be off, but you'll still have the history.
Peter Davis <[email protected]> also explains a method using svn's equivalent to CVS modules:
As long as the merging takes place in separate directory trees, you can use svn's version of CVS modules.
Set the svn:externals property on a directory to checkout directories from other repositories whenever the original directory is checked out. The repository remains separate, but in the working copy it appears that they have been merged. If you commit to the imported directory, it will affect the external repository.
The merge isn't completely clean: the import only affects working copies, so you won't be able to use a URL in the first repository to access modules imported from the second. They remain separate URLs.
There are also some helpful tools floating around on the internet, to select and reorder revisions when merging several repositories. For instance the svn-merge-repos.pl perl script for basic operations and the SvnDumpTool python classes for advanced reorganisations.
If you are using the FSFS repository back end (which has been the default since Subversion 1.2), then storing the repository on a modern NFS server (i.e., one that supports locking) should be fine.
If you are using a repository with the Berkeley DB back end (default for repositories created with Subversion 1.0 and 1.1, not the default thereafter), we recommend not storing the repository on a remote filesystem (for example, NFS). While Berkeley DB databases and log files can be stored on remote filesystems, the Berkeley DB shared region files cannot be stored on a remote filesystem, so the repository may be safely accessed by only a single filesystem client, and not all Subversion functionality will be available to even that one client.
Working copies can be stored on NFS (one common scenario is when your home directory is on a NFS server). On Linux NFS servers, due to the volume of renames used internally in Subversion when checking out files, some users have reported that 'subtree checking' should be disabled (it's enabled by default). Please see NFS Howto Server Guide and exports(5) for more information on how to disable subtree checking.
We've had at least one report of working copies getting wedged after being accessed via SMB. The server in question was running a rather old version of Samba (2.2.7a). The problem didn't recur with a newer Samba (3.0.6).
Try to have as few users access the repository as possible. For example, run apache or 'svnserve -d' as a specific user, and make the repository wholly owned by that user. Don't allow any other users to access the repository via file:/// urls, and be sure to run 'svnlook' and 'svnadmin' only as the user which owns the repository.
If your clients are accessing via file:/// or svn+ssh://, then there's no way to avoid access by multiple users. In that case, read the last section in chapter 6, and pay particular attention to the "checklist" sidebar at the bottom. It outlines a number of steps to make this scenario safer.
Note for SELinux / Fedora Core 3+ / Red Hat Enterprise users:In addition to regular Unix permissions, under SELinux every file, directory, process, etc. has a 'security context'. When a process attempts to access a file, besides checking the Unix permissions the system also checks to see if the security context of the process is compatible with the security context of the file.
Fedora Core 3, among other systems, comes with SELinux installed by default, configured so that Apache runs in a fairly restricted security context. To run Subversion under Apache, you have to set the security context of the repository to allow Apache access (or turn off the restrictions on Apache, if you think all this is overkill). The chcon command is used to set the security context of files (similarly to how the chmod sets the traditional Unix permissions). For example, one user had to issue this command
$ chcon -R -h -t httpd_sys_content_t PATH_TO_REPOSITORY
to set the security context to be able to successfully access the repository.
There are special cases where you might want to destroy all evidence of a file or commit. (Perhaps somebody accidentally committed a confidential document.) This isn't so easy, because Subversion is deliberately designed to never lose information. Revisions are immutable trees which build upon one another. Removing a revision from history would cause a domino effect, creating chaos in all subsequent revisions and possibly invalidating all working copies.
The project has plans, however, to someday implement an svnadmin obliterate command which would accomplish the task of permanently deleting information. (See issue 516.)
In the meantime, your only recourse is to svnadmin dump your repository, then pipe the dumpfile through svndumpfilter (excluding the bad path) into an svnadmin load command. See chapter 5 of the Subversion book for details about this.
An alternative approach is to replicate the repository with svnsync after configuring path-based authorization rules that deny read access to any paths that need to be filtered from history. Unlike svndumpfilter, svnsync will automatically translate copy operations with an unreadable source path into normal additions, which is useful if history involving copy operations needs to be filtered.
Log messages are kept in the repository as properties attached to each revision. By default, the log message property (svn:log) cannot be edited once it is committed. That is because changes to revision properties (of which svn:log is one) cause the property's previous value to be permanently discarded, and Subversion tries to prevent you from doing this accidentally. However, there are a couple of ways to get Subversion to change a revision property.
The first way is for the repository administrator to enable revision property modifications. This is done by creating a hook called "pre-revprop-change" (see this section in the Subversion book for more details about how to do this). The "pre-revprop-change" hook has access to the old log message before it is changed, so it can preserve it in some way (for example, by sending an email). Once revision property modifications are enabled, you can change a revision's log message by passing the --revprop switch to svn propedit or svn propset, like either one of these:
$ svn propedit -r N --revprop svn:log URL $ svn propset -r N --revprop svn:log "new log message" URL
where N is the revision number whose log message you wish to change, and URL is the location of the repository. If you run this command from within a working copy, you can leave off the URL.
The second way of changing a log message is to use svnadmin setlog. This must be done by referring to the repository's location on the filesystem. You cannot modify a remote repository using this command.
$ svnadmin setlog REPOS_PATH -r N FILE
where REPOS_PATH is the repository location, N is the revision number whose log message you wish to change, and FILE is a file containing the new log message. If the "pre-revprop-change" hook is not in place (or you want to bypass the hook script for some reason), you can also use the --bypass-hooks option. However, if you decide to use this option, be very careful. You may be bypassing such things as email notifications of the change, or backup systems that keep track of revision properties.
FIRST, read the Subversion Community Guide.
Once you've digested that, send a mail to the dev list with the word [PATCH] and a one-line description in the subject, and include the patch inline in your mail (unless your MUA munges it up totally). Then a committer will pick it up, apply it (making any formatting or content changes necessary), and check it in.
The basic process looks like this:
$ svn co https://svn.apache.org/repos/asf/subversion/site subversion-site $ cd subversion-site/publish [ make changes to faq.html ] $ svn diff faq.html > /tmp/foo $ Mail -s "[PATCH] FAQ updates" < /tmp/foo
Of course, the email you send should contain a nice long explanation about what the patch does, as per the Subversion Community Guide, but you already know that, since you read and completely understood it before actually hacking the code, right? :)
Looking for something to do? Take a look at our ideas page.
Suppose, for example, that you wanted to put some of /etc under version control inside your repository:
# svn mkdir file:///root/svn-repository/etc \ -m "Make a directory in the repository to correspond to /etc" # cd /etc # svn checkout file:///root/svn-repository/etc ./ # svn add apache samba alsa X11 # svn commit -m "Initial version of my config files"
This takes advantage of a not-immediately-obvious feature of svn checkout: you can check out a directory from the repository directly into an existing directory. Here, we first make a new empty directory in the repository, and then check it out into /etc, transforming /etc into a working copy. Once that is done, you can use normal svn add commands to select files and subtrees to add to the repository.
If the entire contents of the directory shall be imported, rather than a subset of contents, this shorter sequence of commands can be used to perform the import and then transform the directory into a Subversion working copy:
# cd /etc # svn import file:///root/svn-repository/etc # svn checkout --force file:///root/svn-repository/etc .
There is an issue filed for enhancing svn import to be able to convert the imported tree to a working copy automatically; see issue 1328.
Subversion's repository database schema has changed occasionally during development. To take advantage of new features, you may have to dump and load the repository to recreate the back-end database. However, most upgrades of Subversion do not involve a dump and load. When one is required, the release notes and the CHANGES file for the new version will carry prominent notices about it. If you don't see such a notice, then there has been no schema change, and no dump/load is necessary.
An alternative to dump/load is using svnsync to replicate the repository into a new one. This is a bit slower, but is more flexible, and has some extra normalization-features which are not (yet) available with dump/load (svnsync normalizes properties to LF line-endings on the fly and has a --source-prop-encoding option to convert them to UTF-8, which is required in newer repository formats --- see below for how to handle this with dump/load).
Note: Both dump/load and svnsync only cover the repository database, not the repository hook scripts, configuration files and locks. These need to be copied over manually from source to target (see below in the "complex procedure"). If you need to copy the complete repository, without rebuilding the back-end database, svnadmin hotcopy may be a better option.
For small repositories that can afford some downtime, this is a simple dump/load procedure to upgrade from Subversion version X to Y ( see below for a more complex procedure with minimal downtime for larger repositories):
For larger repositories, where you want to minimize the maintenance window, a slightly more complex procedure can be used. The trick is to dump+load to a new location, while the old repository is still accessible (for checkouts and commits). After this is done (can take hours, or even days, weeks) you note the last revision which was loaded (or check the revision number with 'svnlook youngest newrepos'), and start another dump+load where you dump with '--incremental -rNEXTREV:HEAD' (where NEXTREV is the next revision that needs to be dumped). You can iterate over this as long as you keep the old repository open ... At the end you make the original repository inaccessible for a couple of minutes, while you enable the new one (Caveat: if you move your new repos in the same disk location as the old one, and you use Apache httpd to serve it, make sure you restart httpd to reset its caches).
Tip: for a large repo I strongly suggest building the new repository (the target of your 'svnadmin load') on very fast storage, even ramdisk if possible, and running 'svnadmin pack' while on fast storage (and copy it over to the final disk afterwards). It's the 'svnadmin load' part that is very time-consuming right now (this will probably be much improved in svn 1.10, with the --no-flush-to-disk option for 'svnadmin load').
Your commands will look like the following:
Some things to watch out for:
svnadmin: E125005: Invalid property value found in dumpstream; consider repairing the source or using --bypass-prop-validation while loading. svnadmin: E125005: Cannot accept non-LF line endings in 'svn:log' propertyThis means the svn:log message of the revision has non-LF line endings (these were accepted by older servers, but no longer as of Subversion 1.6). You can ignore this minor corruption by adding --bypass-prop-validation to your 'svnadmin load' command (you can always repair this later in the new repository). Or you can try to repair this in the source repository before executing the dump+load (since svn:log is a revision property it can easily be fixed without "rewriting history").
svnadmin: E125005: Invalid property value found in dumpstream; consider repairing the source or using --bypass-prop-validation while loading. svnadmin: E125005: Cannot accept non-LF line endings in 'svn:ignore' propertyThis is more difficult to repair, because 'svn:ignore' is not a revision property (unlike svn:log, which can be manipulated with svnadmin setrevprop), but a versioned property (so it's part of history). Again, you can ignore this with --bypass-prop-validation. But since this is a corruption "in history", this can only be repaired with a dump+load, so this might be a good time to try and fix this (or you'll run into this again in the future). To repair it you can use a tool like svndumptool. But it only works on dump files, not as part of a pipe. So a possible way to go about it is: dump that single (corrupt) revision to a file, repair it ('svndumptool.py eolfix-prop svn:ignore svn.dump svn.dump.repaired'), load that single dumpfile, and then continue with a new "piped" command (like step (6) above).
See this section of the Subversion book for more details on dumping and loading.
This error means the svn:log message of the revision in your dumpfile / dumpstream has non-LF line endings (these were accepted by older servers, but no longer as of Subversion 1.6). You can ignore this minor corruption while loading into your new repository by adding --bypass-prop-validation to your 'svnadmin load' command (you can always repair this later in the new repository). Or you can try to repair this in the source repository before executing the dump+load (since svn:log is a revision property it can easily be fixed without "rewriting history"). Also note that svnsync normalizes this on the fly, so it might be an easier alternative than dump+load.
There is no standard procedure for normalizing the line endings in the svn:log property, but using the administrative commands 'svnlook propget', 'svnlook log' and 'svnadmin setlog' can get you there:
You can stitch them together into a script to handle all revisions in a repository, like in these bash oneliners:
Find the "broken" revisions and echo the revision numbers: bash$ YOUNGEST=`svnlook youngest $REPOS`; for (( i=1; i<=$YOUNGEST; i++ )); \ do svnlook propget -r $i --revprop $REPOS svn:log | xxd -ps -c1 | fgrep '0d' > /dev/null \ && echo "$i" ; done; echo "Verified until revision $YOUNGEST"
Find and immediately fix the "broken" revisions with 'svnadmin setlog': bash$ YOUNGEST=`svnlook youngest $REPOS`; for (( i=1; i<=$YOUNGEST; i++ )); \ do svnlook propget -r $i --revprop $REPOS svn:log | xxd -ps -c1 | fgrep '0d' > /dev/null \ && echo "Fixing r$i" && svnadmin setlog $REPOS --bypass-hooks -r$i \ <( svnlook log -r$i $REPOS | sed '$d' ); done; echo "Verified until revision $YOUNGEST" (the "sed '$d'" strips off the extra newline that's added by "svnlook log")
This FAQ entry has not been updated since 2003 and is known to contain information no longer accurate or relevant.
TortoiseSVN has an excellent document that describes setting up a Subversion server on Windows. Go to https://tortoisesvn.net.cn/docs/release/TortoiseSVN_en/tsvn-serversetup.html#tsvn-serversetup-apache-5, to see the section on SSPI authentication.
An important part of the configuration is the line:
SSPIOfferBasic On
Without this line, browsers that support SSPI will prompt for the user's credentials, but clients that do not support SSPI such as Subversion will not prompt. (The current release of Neon - Subversion's HTTP library - handles only basic authentication.) Because the client never asks for credentials, any action that requires authentication will fail. Adding this line tells mod_auth_sspi to use basic authentication with the client, but to use the Windows domain controller to authenticate the credentials.
We recommend that you live with ".svn" if you possibly can. However, if you are using Visual Studio 2002 or 2003 under Windows, you might need to set the environment variable SVN_ASP_DOT_NET_HACK, as described here.
Or you could use a completely custom name for the administrative directory. We recommend against this, because your working copy would probably not work with Subversion clients other than the one you customized. However, if you absolutely must do this, just change this line in subversion/include/svn_wc.h from
#define SVN_WC_ADM_DIR_NAME ".svn"
to (for example)
#define SVN_WC_ADM_DIR_NAME "SVN"
then recompile your client.
This problem comes up in two situations. If you're adding files on an operating system with a case-insensitive filesystem, such as Windows, you might find you accidentally add a file with the wrong case in the filename. Alternatively, you may just decide to change the case of an existing file in the repository.
If you're working in a case-sensitive file system, this is no problem at all. Just move the file to the new name, e.g.,
svn mv file.java File.java
From Subversion 1.7 onwards, this also works on Windows, even though it's using a case-insensitive filesystem.
If you are using Subversion 1.6 or older on Windows, or if you're using a case-insensitive filesystem with an operating system other than Windows, this technique won't work. In this case, you can accomplish this by copying the file somewhere temporary, deleting the file from Subversion, then adding the copy with the correct case. Or a better way is to perform a move operation with Subversion URLs. Using URLs is recommended, because it will preserve history for the file, and will take effect immediately.
Both ways will leave Windows working copies with problems, however, because Windows can still get confused when trying to update the conflicting filenames. (You'll get a message like svn: Failed to add file 'File.java': object of the same name already exists). One way of fixing the problem is to delete your working copy and check out again. If you do not want to do this, you must perform a two step update.
For each file with the wrong case, the following command will change the case:
svn mv svn://svnserver/path/to/file.java svn://svnserver/path/to/File.java
To update the working copy, change to the relevant directory and do:
svn update file.java svn update
The first update will remove file.java from your working copy, the second update will add File.java, leaving you with a correct working copy. Or if you had a lot of problematic files, you can update the working copy this way:
svn update * svn update
As you can see, adding a file with the wrong case is tricky to fix on an operating system that has a case insensitive filesystem. Do try to get it right when you add the file the first time! To prevent the problem from occurring in the first place, you can create a pre-commit hook that calls the file check-case-insensitive.pl. That file lives in the Subversion source tarball, in the directory contrib/hook-scripts.
As shown below it is possible to merge from a branch to the trunk without remembering one revision number. Or vice versa (not shown in the example).
The example below presumes an existing repository in /home/repos in which you want to start a branch named bar containing a file named foo you are going to edit.
For the purpose of tracing branch merges, this repository has set up tags/branch_traces/ to keep tags.
# setup branch and tags $ svn copy file:///home/repos/trunk \ file:///home/repos/branches/bar_branch \ -m "start of bar branch" $ svn copy file:///home/repos/branches/bar_branch \ file:///home/repos/tags/branch_traces/bar_last_merge \ -m "start" # checkout branch working copy $ svn checkout file:///home/repos/branches/bar_branch wc $ cd wc # edit foo.txt file and commit $ echo "some text" >>foo.txt $ svn commit -m "edited foo" # switch to trunk and merge changes from branch $ svn switch file:///home/repos/trunk $ svn merge file:///home/repos/tags/branch_traces/bar_last_merge \ file:///home/repos/branches/bar_branch # Now check the file content of 'foo.txt', it should contain the changes. # commit the merge $ svn commit -m "Merge change X from bar_branch." # finally, update the trace branch to reflect the new state of things $ svn delete -m "Remove old trace branch in preparation for refresh." \ file:///home/repos/tags/branch_traces/bar_last_merge $ svn copy file:///home/repos/branches/bar_branch \ file:///home/repos/tags/branch_traces/bar_last_merge \ -m "Reflect merge of change X."
Subversion increments the revision number of the repository as a whole, so it can't expand any keyword to be that number - it would have to search and possibly modify every file in your working copy on every update and commit.
The information you want (the revision of your working copy) is available from the command svnversion; it gives you information on the revision level of a working copy given a path (see svnversion --help for details).
You can incorporate it into your build or release process to get the information you need into the source itself. For example, in a build environment based on GNU make, add something like this to your Makefile:
## ## To use this, in yourfile.c do something like this: ## printf("this program was compiled from SVN revision %s\n",SVN_REV); ## SVNDEF := -D'SVN_REV="$(shell svnversion -n .)"' CFLAGS := $(SVNDEF) ... continue with your other flags ...
(Note that this will not work on non-GNU versions of make. Don't use it if your build process needs to be portable.)
Or try this recipe:
## ## on every build, record the working copy revision string ## svn_version.c: FORCE echo -n 'const char* svn_version(void) { const char* SVN_Version = "' \ > svn_version.c svnversion -n . >> svn_version.c echo '"; return SVN_Version; }' >> svn_version.c ## ## Then any executable that links in svn_version.o will be able ## to call the function svn_version() to get a string that ## describes exactly what revision was built. ##
Windows users may want to use SubWCRev.exe, available from the TortoiseSVN download page; it replaces all $WCREV$ tags in a given file with the current working copy revision.
Another alternative is creating a wrapper for 'svn commit', which does some automatic replacement in files before commit (be careful not to mess things up though -- silent manipulation of files right before commit can be scary for a user). That way you can inject any metadata you want (and it will be committed with the regular content of the file into the repository).
No. There is no equivalent for the $Log$ keyword in CVS. If you want to retrieve a log for a specific file, you can run 'svn log your-file-name' or 'svn log url-to-your-file'. From the mailing list some explanations why $Log$ is bad:
"$Log$ is a total horror the moment you start merging changes between branches. You're practically guaranteed to get conflicts there, which -- because of the nature of this keyword -- simply cannot be resolved automatically."
And:
Subversion log messages are mutable, they can be changed by setting the svn:log revision property. So the expansion of $Log:$ in any given file could be out of date. Update may well need to retrieve the appropriate log message for each occurrence of the $Log:$ keyword, even if the file that contained it was not otherwise updated.
I don't care about that. I want to use it anyway. Will you implement it?
No. There are no plans to implement it ourselves or accept patches which implement this feature. If you want to distribute your files with some kind of changelog included, you might be able to work around this limitation in your build system.
The answer is: don't put that file under version control. Instead, put a template of the file under version control, something like "file.tmpl".
Then, after the initial 'svn checkout', have your users (or your build system) do a normal OS copy of the template to the proper filename, and have users customize the copy. The file is unversioned, so it will never be committed. And if you wish, you can add the file to its parent directory's svn:ignore property, so it doesn't show up as '?' in the 'svn status' command.
ssh has its own passphrases and its own authentication-caching scheme. Its auth caching is external to Subversion, and must be set up independently of Subversion.
OpenSSH includes ssh-keygen to create the keys, ssh-agent to cache passphrases, and ssh-add to add passphrases to the agent's cache. A popular script to simplify usage of ssh-agent is keychain. On Windows, PuTTY is a popular alternative ssh client; see PuTTYgen to import OpenSSH keys and pageant to cache passphrases.
Setting up ssh-agent is outside the scope of this document, but a Google search for "ssh-agent" will quickly get you answers.
Note: this all assumes you're using OpenSSH. There are other ssh implementations out there, and presumably they will allow you to do something similar, but we don't yet know the details.
You've tried fiddling with their various login files, like .bash_profile, and nothing works! That's because ssh ignores those files when the Subversion client invokes it. But there's no need to modify PATH; instead, you can directly give ssh the full name of the svnserve command. Here's how to do it:
For each user who needs svn+ssh access, generate a new ssh public-key pair which they will use only for Subversion—not for logging in normally. Have them give the keypair a distinctive name, like ~/.ssh/id_dsa.subversion. Add the public part of the key to their ~/.ssh/authorized_keys file on the server machine, after first inserting a bit of magic at the beginning of the line before the word ssh-rsa or ssh-dss, like this:
before |
---|
ssh-dss AAAAB3Nblahblahblahblah |
after |
command="/opt/subversion/bin/svnserve -t" ssh-dss AAAAB3Nblahblahblahblah |
Obviously, replace /opt/subversion/bin/svnserve with whatever is appropriate for your system. You also might want to specify the full path to the Subversion repository in the command (by using the -r option), to save your users some typing.
The command= magic causes sshd on the remote machine to invoke svnserve, even if your user tries to run some other command. See the sshd(8) man page (section AUTHORIZED_KEYS FILE FORMAT) for details.
Now when your users run the Subversion client, make sure they have an SVN_SSH environment variable that "points to" the private half of their keypair, by doing something like this (for the Bourne Again shell):
SVN_SSH="ssh -i $HOME/.ssh/id_dsa.subversion" export SVN_SSH
This file discusses this topic in more detail.
See the section about hacking the ~/.ssh/authorized_keys file in the answer to this other question; ignore the stuff about getting svnserve on your PATH.
Subversion will not change a file's contents by default; you have to deliberately set the svn:eol-style or svn:keywords property on a file for that to happen. That makes Subversion a lot safer than CVS's default behavior, but with that safety comes some inconvenience.
Answering the first question: to set properties on all files already in the repository, you'll need to do it the hard way. All you can do is run svn propset on every file (in a working copy), and then svn commit. Scripting can probably help you with this.
But what about future files? Unfortunately, there's no server mechanism to automatically set properties on files being committed. This means that all of your users need to remember to set certain properties whenever they svn add a file. Fortunately, there's a client-side tool to help with this. Read about the auto-props feature in the book. You need to make sure all your users configure their clients' auto-props settings appropriately.
You could write a pre-commit hook script to reject any commit which forgets to add properties to new files (see https://svn.apache.org/repos/asf/subversion/trunk/contrib/hook-scripts/check-mime-type.pl for example). However, this approach may be overkill. If somebody forgets to set svn:eol-style, for example, it will be noticed the minute somebody else opens the file on a different OS. Once noticed, it's easy to fix: just set the property and commit.
Note: many users have asked for a feature whereby the server automatically "broadcasts" run-time settings to clients, such as auto-props settings. There's already a feature request filed for this (issue 1974), though this feature is still being debated by developers, and isn't being worked on yet.
The Subversion command line client will invoke the editor defined in the environment variable SVN_EDITOR. This environment variable is passed directly to the operating system along with the name of a temporary file used to enter/edit the log message.
Due to the fact that the SVN_EDITOR string is passed as-is to the system's command shell, spaces in the editor name, or in the path name to the editor, will not work unless the editor name is in quotes.
For example, on Windows if your editor is in
C:\Program Files\Posix Tools\bin\vi
you would
want to set the variable as follows:
set SVN_EDITOR="C:\Program Files\Posix Tools\bin\vi"
Note that there is no need to escape the quotes in the Windows
shell as they are not part of the syntax for the set
command.
On UNIX systems you would need to follow your shell's specific methods for setting the variable. For example, in a bash shell, the following should work:
SVN_EDITOR='"/usr/local/more editors/bin/xemacs"' export SVN_EDITOR
In case a command line option would be needed for the invocation
of the editor, just add that after the editor name in the SVN_EDITOR
environment variable just like you would use on the command line.
For example, if the options -nx -r
would be wanted for
the above editors, the following will provide those options:
For Windows:
set SVN_EDITOR="C:\Program Files\Posix Tools\bin\vi" -nx -r
For UNIX/bash:
SVN_EDITOR='"/usr/local/more editors/bin/xemacs" -nx -r' export SVN_EDITOR
Note that SVN_EDITOR is the Subversion specific environment variable setting for the editor selection. Subversion also supports using the more generic EDITOR variable but if you need special behaviors with Subversion it is best to use the SVN_EDITOR variable.
This is done all the time, and is easily accomplished by adding a post-commit hook script to your repository. Read about hook scripts in Chapter 5 of the book. The basic idea is to make the "live site" just an ordinary working copy, and then have your post-commit hook script run 'svn update' on it.
In practice, there are a couple of things to watch out for. The server program performing the commit (svnserve or apache) is the same program that will be running the post-commit hook script. That means that this program must have proper permissions to update the working copy. In other words, the working copy must be owned by the same user that svnserve or apache runs as -- or at least the working copy must have appropriate permissions set.
If the server needs to update a working copy that it doesn't own (for example, user joe's ~/public_html/ area), one technique is create a +s binary program to run the update, since Unix won't allow scripts to run +s. Compile a tiny C program:
#include <stddef.h> #include <stdlib.h> #include <unistd.h> int main(void) { execl("/usr/local/bin/svn", "svn", "update", "/home/joe/public_html/", (const char *) NULL); return(EXIT_FAILURE); }
... and then chmod +s the binary, and make sure it's owned by user 'joe'. Then in the post-commit hook, add a line to run the binary.
If you have problems getting the hook to work, see "Why aren't my repository hooks working?".
Also, you'll probably want to prevent apache from exporting the .svn/ directories in the live working copy. Add this to your httpd.conf:
# Disallow browsing of Subversion working copy administrative dirs. <DirectoryMatch "^/.*/\.svn/"> Order deny,allow Deny from all </DirectoryMatch>
Finally, if the working copy to be updated isn't on the same machine as the Subversion server, svnpubsub can be used on the Subversion server to advertise the commit to a listening svnwcsub client on the Web server.
Subversion does not support checkout of a single file, it only supports checkout of directory structures.
However, you can use 'svn export' to export a single file. This will retrieve the file's contents, it just won't create a versioned working copy.
You don't. It's a bad idea to try.
The basic design of the working copy has two rules: (1) edit files as you please, and (2) use a Subversion client to make any tree-changes (add, delete, move, copy). If these rules are followed, the client can sucessfully manage the working copy. If renames or other rearrangements happen outside of Subversion, then the UI has been violated and the working copy might be broken. The client cannot guess what happened.
People sometimes run into this problem because they want to make version control "transparent". They trick users into using a working copy, then have a script run later that tries to guess what happened and run appropriate client commands. Unfortunately, this technique only goes a short distance. 'svn status' will show missing items and unversioned items, which the script can then automatically 'svn rm' or 'svn add'. But if a move or copy has happened, you're out of luck. Even if the script has a foolproof way of detecting these things, 'svn mv' and 'svn cp' can't operate after the action has already occurred.
In summary: a working copy is wholly under Subversion's control, and Subversion wasn't designed to be transparent. If you're looking for transparency, try setting up an apache server and using the "SVNAutoversioning" feature described in appendix C of the book. This will allow users to mount the repository as a network disk, and any changes made to the volume cause automatic commits on the server.
For versions 1.4.0 and later, you can find instructions here.
There are three steps:
Say you have a repository /svn/myrepos which is using the BDB backend and you would like to switch to using the FSFS backend:
Once you are happy that all is well with your new repository delete the old one.
To do the reverse and migrate from FSFS to BDB change the svnadmin create command to specify BDB.
When you first add or import a file into Subversion, the file is examined to determine if it is a binary file. Currently, Subversion just looks at the first 1024 bytes of the file; if any of the bytes are zero, or if more than 15% are not ASCII printing characters, then Subversion calls the file binary.
If Subversion determines that the file is binary, the file receives an svn:mime-type property set to "application/octet-stream". (You can always override this by using the auto-props feature or by setting the property manually with svn propset.)
Subversion 1.7 and later can optionally be compiled with support for libmagic to detect MIME types of binary files which are added to version control. This feature is used only for binary files for which no MIME type is found via auto-props or the mime-types-file configuration option. If libmagic identifies a file as a text file, Subversion will treat the file as a text file by default.
Subversion treats the following files as text:
All other files are treated as binary, meaning that Subversion will:
In all other respects, Subversion treats binary files the same as text files, e.g. if you set the svn:keywords or svn:eol-style properties, Subversion will perform keyword substitution or newline conversion on binary files.
Note that whether or not a file is binary does not affect the amount of repository space used to store changes to that file, nor does it affect the amount of traffic between client and server. For storage and transmission purposes, Subversion uses a diffing method that works equally well on binary and text files; this is completely unrelated to the diffing method used by the 'svn diff' command.
svn diff doesn't have an option to do this, but
svn log -vq -r10does exactly what you want;
svn log -vq -r123:456 | egrep '^ {3}[ADMR] ' | cut -c6- | sort | uniq
You want to do something like
svn mv svn://server/trunk/stuff/* svn://server/trunk/some-other-dir
but it fails with
svn: Path 'svn://server/trunk/stuff/*' does not exist in revision 123
... or some other inscrutable error message.
Subversion doesn't expand wildcards like "*" in URL arguments. (Technically speaking, Subversion does not expand wildcards in local paths either, but on most operating systems the shell expands wildcards in local paths in the command line before passing the resulting list to Subversion.)
You have to generate the list of source URLs yourself. You could do it like this (in Bash):
s=svn://server/trunk/stuff items=$(svn ls "$s") urls=$(for item in $items; do echo $s/$item; done) svn mv $urls svn://server/trunk/some-other-dir -m "Moved all at once"
In Subversion v1.4 and earlier, Subversion did not allow you to "cp" and "mv" multiple paths or URLs in one command. You have to issue multiple commands. If you happen to have a working copy that contains all the source files as well as the destination directory, then you can exploit your shell's wildcard feature to do the move, like this (for Bash):
for i in stuff/*; do svn mv $i some-other-dir; done svn ci -m "moved all the stuff into some other dir"
In any case, you can always accumulate a list of the names of the source files, and then run "svn mv" on each item in that list, like this:
s=svn://server/trunk/stuff svn ls "$s" | \ while read f do svn mv "$s/$f" svn://server/trunk/some-other-dir -m "Moved just one file" done
Note, however, that this will generate one commit per source file; that's in contrast to the above method (using a working copy) which generates just one commit total.
There is a program called "svnmucc" (previously "mucc"), whose source is distributed with Subversion, that enables you to combine multiple commands into one commit. See the Tools and Contrib page.
People frequently want to use Subversion to track their local changes to third-party code, even across upgrades from the third-party — that is, they want to maintain their own divergent branch, while still incorporating new releases from the upstream source. This is commonly called a vendor branch (the term long predates Subversion), and the techniques for maintaining one in Subversion are described here.
If the vendor code is hosted in a remote Subversion repository, then you can use Piston to manage your copy of the vendor's code.
Use 'svn merge' or 'svn copy', as described in the Subversion book.
Your working copy is not corrupt, nor is your data lost. Subversion's working copy is a journaling system, meaning that it logs everything it is about to do before it does so. If the svn client program is interrupted violently (segfault or killed, not with Control-C), then one or more lockfiles are left behind, along with logfiles describing unfinished business. (The `svn status' command will show an 'L' next to locked directories.) Any other process that attempts to access the working copy will fail when it sees the locks. To awaken your working copy, you need to tell the svn client to finish the work. Simply run:
svn cleanup working-copy
Three kinds of situation that can cause this:
Debris from a failed commit is littering your working copy.
You may have had a commit that went sour between the time the new revision was added in the server and the time your client performed its post-commit admin tasks (including refreshing your local text-base copy). This might happen for various reasons including (rarely) problems in the database back end or (more commonly) network dropouts at exactly the wrong time.
If this happens, it's possible that you have already committed the very changes you are trying now to commit. You can use 'svn log -rHEAD' to see if your supposed-failed commit actually succeeded. If it did, run 'svn revert' to revert your local changes, then run 'svn update' to get your own changes back from the server. (Note that only 'svn update' brings your local copies up-to-date; revert doesn't do that.)
Mixed revisions.
When Subversion commits, the client only bumps the revision numbers of the nodes the commit touches, not all nodes in the working copy. This means that in a single working copy, the files and subdirectories might be at different revisions, depending on when you last committed them. In certain operations (for example, directory property modifications), if the repository has a more recent version of the node, the commit will be rejected, to prevent data loss. See Mixed revisions have limitations in the Version Control with Subversion book for details.
You can fix the problem by running 'svn update' in the working copy.
You might be genuinely out of date — that is, you're trying to commit a change to a file that has been changed by someone else since you last updated your copy of that file. Again, 'svn update' is the way to fix this.
In order to include your new file in the patch you likely ran the svn add command so that the svn diff command would include the new file in the patch. If your patch is committed to the code base and you run an svn update, then you might receive an error message of: "svn: Failed to add file 'my.new.file': object of the same name already exists".
The reason that you received this error is that you still have your local copy of the file in your working copy. The steps to correct this problem are:
You might want to compare the new file from the repository with your original file.
Subversion uses a plugin system to allow access to repositories. Currently there are three of these plugins: ra_local allows access to a local repository, ra_neon or ra_serf which allow access to a repository via WebDAV, and ra_svn allows local or remote access via the svnserve server. When you attempt to perform an operation in Subversion, the program tries to dynamically load a plugin based on the URL scheme. A `file://' URL will try to load ra_local, and an `http://' URL will try to load ra_neon or ra_serf.
The error you are seeing means that the dynamic linker/loader can't find the plugins to load. For `http://' access, this normally means that you have not linked Subversion to neon or serf when compiling it (check the configure script output and the config.log file for information about this). It also happens when you build Subversion with shared libraries, then attempt to run it without first running 'make install'. Another possible cause is that you ran make install, but the libraries were installed in a location that the dynamic linker/loader doesn't recognize. Under Linux, you can allow the linker/loader to find the libraries by adding the library directory to /etc/ld.so.conf and running ldconfig. If you don't wish to do this, or you don't have root access, you can also specify the library directory in the LD_LIBRARY_PATH environment variable.
See this faq.
You probably have old copies of /usr/local/bin/apr-config and /usr/local/bin/apu-config on your system. Remove them, make sure the apr/ and apr-util/ that you're building with are completely up-to-date, and try again.
Probably you just need to get the latest platform SDK. The one that ships with VC++ 6.0 is not recent enough.
Like this:
svn import file:///d:/some/path/to/repos/on/d/drive
See Subversion Repository URLs in the Subversion Book for more details.
Visual Studio can use a web subsystem for ASP.Net, which uses frontpage server extensions to do remote publishing through IIS. This subsystem rejects any pathname that starts with ".". This causes a problem when you try to remotely publish a Subversion working copy, because of the ".svn" subdirectories. The error message says something like "unable to read project information".
To work around this, set the environment variable SVN_ASP_DOT_NET_HACK to any value — this will tell Windows clients to use "_svn" as a directory name in your working copy. See the relevant section of the Subversion 1.3 release notes for more details, and see this question for other ways to customize the administrative directory name.
For example, one user reported that imports worked fine over local access:
$ mkdir test $ touch test/testfile $ svn import test file:///var/svn/test -m "Initial import" Adding test/testfile Transmitting file data . Committed revision 1.But not from a remote host:
$ svn import http://svn.sabi.net/test testfile -m "import" nicholas's password: xxxxxxx svn_error: #21110 : <Activity not found> The specified activity does not exist.
We've seen this when the REPOS/dav/ directory is not writable by the httpd process. Check the permissions to ensure Apache can write to the dav/ directory (and to db/, of course).
Please see /docs/community-guide/debugging.html#net-trace.
The short answer: it's for your own good.
Subversion places a very high priority on protecting your data, and not just your versioned data. Modifications that you make to already-versioned files, and new files scheduled for addition to the version control system, must be treated with care.
Making the svn revert command require an explicit target—even if that target is just '.'—is one way of accomplishing that. This requirement (as well as requiring you to supply the --recursive (-R) flag if you want that behavior) is intended to make you really think about what you're doing, because once your files are reverted, your local modifications are gone forever.
If you allow anonymous write access to the repository via Apache, the Apache server never challenges the SVN client for a username, and instead permits the write operation without authentication. Since Subversion has no idea who did the operation, this results in a log like this:
$ svn log ------------------------------------------------------------------------ rev 24: (no author) | 2003-07-29 19:28:35 +0200 (Tue, 29 Jul 2003)
See the Subversion book to learn about configuring access restrictions in Apache.
These appear to be due to the various Windows services that monitor the filesystem for changes (anti-virus software, indexing services, the COM+ Event Notification Service). This is not really a bug in Subversion, which makes it difficult for us to fix. A summary of the current state of the investigation is available here. A workaround that should reduce the incidence rate for most people was implemented in revision 7598; if you have an earlier version, please update to the latest release.
This is usually due to a lack of available entropy on the system. You probably need to configure the system to gather entropy from sources such as hard-disk and network interrupts. Consult your system manpages, specifically random(4) and rndcontrol(8) on how to effect this change.
It means your httpd.conf is misconfigured. Usually this error happens when you've defined the Subversion virtual "location" to exist within two different scopes at the same time.
For example, if you've exported a repository as <Location /www/foo>, but you've also set your DocumentRoot to be /www, then you're in trouble. When the request comes in for /www/foo/bar, apache doesn't know whether to find a real file named /foo/bar within your DocumentRoot, or whether to ask mod_dav_svn to fetch a file /bar from the /www/foo repository. Usually the former case wins, and hence the "Moved Permanently" error.
The solution is to make sure your repository <Location> does not overlap or live within any areas already exported as normal web shares.
It's also possible that you have an object in the web root which has the same name as your repository URL. For example, imagine your web server's document root is /var/www and your Subversion repository is located at /home/svn/repo. You then configure Apache to serve the repository at https://127.0.0.1/myrepo. If you then create the directory /var/www/myrepo/ this will cause a 301 error to occur.
Adding -qlanglvl=extended to the environment variable CFLAGS for configuration and build will make xlc a bit more flexible and the code should compile without error. See https://svn.haxx.se/dev/archive-2004-01/0922.shtml and its associated thread for more details.
See issue 695. The current implementation of svn checkout -N is quite broken. It results in a working copy which has missing entries, yet is ignorant of its "incompleteness". Apparently a whole bunch of CVS users are fairly dependent on this paradigm, but none of the Subversion developers were. For now, there's really no workaround other than to change your process: try checking out separate subdirectories of the repository and manually nesting your working copies.
The error message in this case is a little misleading. Most likely Apache is unable to load one or more DLLs that mod_dav_svn.so relies on. If Apache is running as a service it will not have the same PATH as a regular user. Make sure that libdb4*.dll, intl3_svn.dll, libeay32.dll and ssleay32.dll are present in either \Apache\bin or \Apache\modules. You can copy them from your Subversion installation directory if they are not there.
If this still does not resolve the problem, you should use a tool like Dependency Walker on mod_dav_svn.so to see if there are any other unresolved dependencies.
They're supposed to invoke external programs, but the invocations never seem to happen.
Before Subversion calls a hook script, it removes all variables -- including $PATH on Unix, and %PATH% on Windows -- from the environment. Therefore, your script can only run another program if you spell out that program's absolute name.
Make sure the hook script is named correctly: for example, the post-commit hook should be named post-commit (without extension) on Unix, and post-commit.bat or post-commit.exe on Windows.
Debugging tips:
If you're using Linux or Unix, try running the script "by hand", by following these steps:
Note the first argument to "env" is a dash; that's what ensures the environment is empty.$ env - ./post-commit /var/lib/svn-repos 1234
When using an external diff command, Subversion builds a fairly complicated command line. First is the specified --diff-cmd. Next comes the specified --extensions (although empty --extensions are ignored), or '-u' if --extensions is unspecified (or specified as ''). Third and fourth, Subversion passes a '-L' and the first file's label (e.g. "project_issues.html (revision 11209)"). Fifth and sixth are another '-L' and the second label. Seventh and eighth are the first and second file names (e.g. ".svn/text-base/project_issues.html.svn-base" and ".svn/tmp/project_issues.html.tmp").
If your preferred diff command does not support these arguments, you may need to create a small wrapper script to discard arguments and just use the last couple file paths.
Warning: Beware that Subversion does not expect the external diff program to change the files it receives, and doing so may scramble the working copy.
For further information, see issue #2044.
To avoid having to type a password for each server operation, Subversion can cache credentials.
Passwords may have been cached unencrypted by older versions of Subversion ("grandfathered in") and Subversion always supports reading these. Whether and how Subversion caches new credentials depends on several factors, including the access method, operating system, compile-time options, and settings in the client's run-time config file.
To show the credentials in your cache, use svn auth. Credentials are never removed automatically but may be removed manually using svn auth --remove.
On Windows, Subversion uses standard Windows APIs to encrypt the data, so only the user can decrypt the cached password. (Since Subversion 1.2.)
On macOS, Subversion uses the system Keychain facility to encrypt/store the user's svn password. (Since Subversion 1.4.)
On UNIX/Linux, Subversion supports up to four credential caches:
To determine which credential caches your Subversion client supports, run the svn --version command and look for "The following authentication credential caches are available" toward the end of its output.
GNOME Keyring and KWallet both facilitate storing passwords on disk encrypted. For Subversion to support these programs (since Subversion 1.6), they need to be available at compile-time and at run-time.
TODO: Discuss GPG-Agent.
Depending on a compile-time option (--enable-plaintext-password-storage) and runtime configurations (see below) Subversion may fallback to storing passwords in the Plaintext cache.
The default value of --enable-plaintext-password-storage was changed from True to False in Subversion 1.12, thus disabling the Plaintext cache unless explicitly enabled.
The directory which contains cached Plaintext passwords (usually ~/.subversion/auth/) has permissions of 700, meaning only the user (and root) can read them.
The following options are available in your run-time config file (per user ~/.subversion/config and ~/.subversion/servers, systemwide /etc/subversion/config and /etc/subversion/servers):
In response to various questions and requests, the Subversion developers have written a Python script that can store a plain-text password to the cache. If you understand the security implications, have ruled out other alternatives, and still want to cache your password in plain-text on disk, you may find the script in the tools/client-side/ directory in (as of this writing) our trunk.
More information on password caching is in Chapter 6 of the Subversion book, under "Client Credentials Caching".
Early versions of APR on its 0.9 branch, which Apache 2.0.x and Subversion 1.x use, have no support for copying large files (2Gb+). A fix which solves the 'svnadmin hotcopy' problem has been applied and is included in APR 0.9.5+ and Apache 2.0.50+. The fix doesn't work on all platforms, but works on Linux.
Note: this assumes the repository is being served by Apache 2.0.x.
There is a bug in APR 0.9.6 that is present when it is running on Tiger, and shows up when you attempt to check out a file larger than 64Kb. The resulting checkout fails, often with unpredictable error messages. Here are some examples of what you might see on the client side, the specific errors may differ for you:
svn: Invalid diff stream: [tgt] insn 1 starts beyond the target view position
svn: Unexpected end of svndiff input
svn: REPORT request failed on '/path/to/repository' svn: REPORT of '/path/to/repository/!svn/vcc/default': Chunk delimiter was invalid
There may also be errors in the Apache error_log, such as:
[error] Provider encountered an error while streaming a REPORT response. [500, #0] [error] A failure occurred while driving the update report editor [500, #190004]
To confirm the presence of this bug — assuming you have access to the machine that the repository is being served from — try checking out using a file:// URL, which will access the filesystem directly instead of going through Apache. If the resulting checkout completes successfully, then it is almost certain that this is the problem.
Currently, the best solution is to upgrade to APR 1.2.0+.
Alternately, you can rebuild Apache and Subversion from their respective sources, setting the following environment variable before running configure for Apache:
setenv ac_cv_func_poll no
or in Bourne shell syntax, like this:
ac_cv_func_poll=no; export ac_cv_func_poll
If you built APR / APRUTIL separately (i.e., you did not use the ones that come as part of the Apache tarball), you must set that environment variable before running configure for APR, as this is where the problem lies.
If you see errors like this in the final link stage of a Subversion trunk source build:
/usr/local/apache2/lib/libaprutil-0.so.0: undefined reference to `db_create' /usr/local/apache2/lib/libaprutil-0.so.0: undefined reference to `db_strerror'
it might be because you're on a Debian GNU/Linux system and need to upgrade 'libtool'. (I've also heard that the Debian packagers had to tweak 'libtool' and that this may cause some problems for Subversion builds. But that's hearsay — I didn't have time to verify the details before writing this FAQ entry. However, see https://svn.haxx.se/dev/archive-2006-02/1214.shtml and the thread it spawned for a detailed discussion.)
In any case, after encountering this problem on a Debian GNU/Linux system running a newly-dist-upgraded 'testing' distribution on 15 Nov 2005, the solution was to build libtool 1.5.20 from source, using the standard "./configure && make && sudo make install" recipe. After that, I did a 'make clean' in my Subversion working copy tree, './autogen.sh', './configure', 'make', and everything worked fine.
Note that another report of these symptoms appeared at https://svn.haxx.se/dev/archive-2003-01/1125.shtml, though the solution described here was not mentioned in that thread.
Invoke svnserve with the --listen-host=0.0.0.0 option. Svnserve does not properly support IPv4/IPv6 dual-stack operation. See issue #2382.
The directory you're trying to add already contains a .svn subdirectory — it is a working copy — but it's from a different repository location than the directory to which you're trying to add it. This probably happened because you used your operating system's "copy" command (instead of svn copy) to copy a subdirectory in this working copy, or to copy some other working copy into this one.
The quick and dirty solution is to delete all .svn directories contained in the directory you're trying to add; this will let the "add" command complete. If you're using Unix, this command will delete .svn directories under dir:
find dir -type d -name .svn -exec rm -rf {} \;
However, if the copy was from the same repository, you should ideally delete or move aside the copy, and use svn copy to make a proper copy, which will know its history and save space in the repository.
If it was from a different repository, you should ask yourself why you made this copy; and you should ensure that by adding this directory, you won't be making an unwanted copy of it in your repository.
This often happens when APR is compiled to use /dev/random and the server is unable to gather enough entropy. If Subversion is the only application using APR on the server, you can safely recompile APR with the --with-devrandom=/dev/urandom option passed to configure. This should not be done on systems that use APR for other processes, however, as it could make other services insecure.
This can occur due to a problem with OpenSSL 0.9.8. Downgrading to an older version (or possibly upgrading to a newer version) is known to fix this issue.
svn: This client is too old to work with working copy '/path/to/your/working/copy'; please get a newer Subversion clientThis happened because Subversion's working-copy format changed incompatibly—the new version of Subclipse upgraded your working copy, so now your command-line program, which is old, cannot read it. (This problem isn't specific to Subclipse; it would also have happened if you'd used a command-line client that was 1.4 or newer, along with your older command-line client.) The fix is simply to upgrade your command-line client to 1.4 or newer. As of Subversion 1.5, a helper script is provided to downgrade working copies to formats compatible with earlier releases of Subversion; see this faq.
In some cases where there are unversioned (and maybe ignored) items in the working copy, svn switch can get an error. The switch stops, leaving the working copy half-switched.
Unfortunately, if you take the wrong corrective action you can end up with an unusable working copy. Sometimes with these situations, the user is directed to do svn cleanup. But the svn cleanup may also encounter an error. See issue #2505.
The user can manually remove the directories or files causing the problem, and then run svn cleanup, and continue the switch, to recover from this situation.
Note that a switch from a pristine clean checkout always works without error. There are three ways of working if you are using svn switch as part of your development process:
# Check and delete svn unversioned files: svn status --no-ignore | grep '^[I?]' | sed 's/^[I?]//' svn status --no-ignore | grep '^[I?]' | sed 's/^[I?]//' | xargs rm -rf
Some examples are detailed here in issue 2505. The problem is that the svn client plays it safe and doesn't want to delete anything unversioned.
Two specific examples are detailed here to illustrate a problem like this. There are also other svn switch errors, not covered here, which you can avoid by switching only from a pristine checkout.
wc/$ svn switch $SVNROOT/$project/branches/$ticket-xxx svn: Won't delete locally modified directory '<dir>' svn: Left locally modified or unversioned files
Removing all unversioned files, and continuing the switch will recover from this.
wc/$ svn switch $SVNROOT/$project/branches/$ticket-xxx svn: Won't delete locally modified directory '<dir>' svn: Left locally modified or unversioned files
In this case, just removing the unversioned items will not recover. A cleanup fails, but "svn switch" directs you to run "svn cleanup".
wc/$ svn switch $SVNROOT/$project/branches/$ticket-xxx svn: Directory '<dir>/.svn' containing working copy admin area is missing wc/$ svn cleanup svn: '<dir>' is not a working copy directory wc/$ svn switch $SVNROOT/$project/branches/$ticket-xxx svn: Working copy '.' locked svn: run 'svn cleanup' to remove locks (type 'svn help cleanup' for details)
Removing the directory (and all other unversioned files, to prevent "switch" from breaking on a similar error repeatedly), and continuing the switch will recover from this.
The TortoiseSVN cleanup error is a bit different. You might encounter this:
Subversion reported an error while doing a cleanup! <dir>/<anotherdir> is not a working copy directory
In each case here, the "svn switch" breaks leaving you with a half-switched working copy. "svn status" will show items with S for switched items (different from top directory), ! for directories with problems, and ~ for the files that are the problem (and with maybe L for locked). Like this:
wc/$ svn status ! . ! <dir> S <switched_things> ~ <dir>/<thing_that_is_now_unversioned>
A careful examination of the Windows API documentation regarding Naming a File reveals the most common reason why this happens. In short, you can address significantly longer path names when using the Unicode versions of the Windows path functions, and providing absolute path specifiers instead of relative path specifiers. Fortunately, the Apache Portable Runtime (APR) library that Subversion uses transparently converts absolute paths (like C:\WorkingCopy\file.txt) into the form required by the Windows APIs (\\?\C:\WorkingCopy\file.txt), and back again. Unfortunately, you only get these long-path benefits when using absolute paths.
To see if path length is the reason for the problem you're seeing, try providing an absolute target path to the Subversion command-line client instead of a relative one (or none at all). In other words, instead of doing this:
C:\> svn up WorkingCopy
or this:
C:\> cd C:\WorkingCopy C:\WorkingCopy> svn up
do this:
C:\> svn update C:\WorkingCopy
If the problem goes away, congratulations — you've hit a Windows path length limitation. And now you know the workaround.
Why does this problem not affect TortoiseSVN? Because TortoiseSVN always provides absolute paths to the Subversion APIs.
Why, then, does the Subversion command-line client not always convert its input into absolute paths and use those? It does, as of Subversion 1.7.
Sometimes the working copy metadata format changes incompatibly between minor releases. For example, say you have a working copy created with Subversion 1.4.4, but one day you decide to try out Subversion 1.5.0. Afterwards, you attempt to switch back to 1.4.4, but it doesn't work — it just gives the above error.
This is because 1.5.0 upgraded your working copy format to support some new features (in this case, changelists, the keep-local flag, and variable-depth directories). Although 1.4.4 doesn't know anything about these new features, it can at least recognize that the working copy format has been upgraded to something higher than it can handle.
1.5.0 upgraded the working copy for a good reason: it realizes that 1.4.4 does not know about these new features, and that if 1.4.4 were to meddle with the working copy metadata now, important information might be lost, possibly causing corruption (see issue #2961, for example).
Subversion 1.7.0 and newer will not upgrade working copies unless you explicitly ask them to do so. (Upgrading the working copies is, however, required; Subversion 1.7.0 cannot operate on working copies created or used by earlier Subversions.)
Subversion 1.6.x and earlier automatically upgrade working copies when they first touch them. This behavior can be annoying, if you just want to try out a new release of Subversion without installing it permanently. For this reason, we distribute a script that can downgrade working copies when doing so is safe:
https://svn.apache.org/repos/asf/subversion/trunk/tools/client-side/change-svn-wc-format.py
Run that script with the "--help" option to see how to use it. (It can downgrade 1.6.x working copies to formats usable by Subversion 1.4.x and 1.5.x, but cannot downgrade 1.7.x working copies.)
As future versions of Subversion are released, we will try to keep this FAQ entry up-to-date with potential downgrade scenarios and their implications.
The Neon library, used for communication between a Subversion server and client over HTTP, is usually built as a static library. But it is subsequently linked into a different shared library. This causes an error during the build process on 64-bit AMD systems similar to this:
subversion-1.4.6/neon/src/.libs/libneon.a(ne_request.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC /home/jrandom/subversion/subversion-1.4.6/neon/src/.libs/libneon.a: could not read symbols: Bad value
There was a thread on the developers' list about this.
The solution is to supply the "--enable-shared" option to Subversion's configure script.
In short, this error is representative of a class of problems which can occur when Apache erroneously believes that your Subversion client is no longer tending to the network connection it has made with Apache. Other error messages have been reported in similar circumstances, depending on whether or not SSL was in use for the connection, or when exactly Apache decided that the connection should be terminated.
The Subversion client tries to keep working copies in a sane state at all times. One way it does this during checkouts is by squirreling away the pristine versions of checked-out files until all the files and subdirectories for a given directory have been fetched. Once all the data for a directory has been downloaded, the client "finalizes" that directory, copying the pristine versions of files out into the working area, diddling administrative data, and so on. While this directory finalization is happening, the client is focused on that task and is not tending to the checkout network stream. Sometimes — typically in situations where a versioned directory contains an abnormally large number of files, or a bunch of abnormally large files — the client can spend so much time finalizing a directory (and ignoring the network stream) that Apache thinks the client has gone away for good, so Apache terminates the connection. When the client finally turns its attention back to the network stream, it finds that the server has given up on the connection, and it reports this as an error.
One workaround for this situation is to increase the amount of time Apache is willing to wait for a client to prove it is still listening to the network stream. You do this by adjusting upward the Apache Timeout configuration value. You are encouraged, however, to evaluate your data set. If having a huge number of files in a single directory is causing problems for you during checkouts, there is some chance that it will cause additional problems elsewhere, too. If it is possible for you to split your collection of files up into a few subdirectories with smaller file counts, this could prove universally beneficial.
When you commit, only the files/directories that are actually changed by the commit get their base revisions bumped to HEAD in the working copy. The other files/directories (possibly including the directory you committed from!) don't get their base revisions bumped, which means Subversion still considers them to be based on outdated revisions. See also this question and this section of the Subversion book.
This can be confusing, in particular because of tree conflicts you can inflict upon yourself. E.g. if you add a file to a directory and commit, and then locally move that directory somewhere else, and then try to commit, this second commit will fail with an out-of-date error since the directory itself is still based on an out-of-date revision. When updating, a tree conflict will be flagged.
Subversion has currently no way of knowing that you yourself just committed the change which caused the directory to be out-of-date during the second commit. And allowing an out-of-date directory to be committed may cause certain tree conflicts not to be detected, so Subversion can't allow you to do this.
To avoid this problem, make sure to update your entire working copy before making structural changes such as deleting, adding, or moving files or directories.
This can happen when the hostname reported by the server does not the match hostname given in the SSL certificate. Make sure your server configuration uses correct values for ServerName and NameVirtualHost.
A client-side fix is to update OpenSSL to version 1.0.0d. See this post to the Subversion developer mailing list for details.
This error occurs if the
certificate issuer is not recognized as 'Trusted'
by the SVN client. Subversion will ask you whether you trust the certificate and if you want to store this certificate.
$ svn info https://mysite.com/svn/repo
Error validating server certificate for 'https://mysite.com:443':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
Certificate information:
- Hostname: mysite.com
- Valid: from Wed, 18 Jan 2012 00:00:00 GMT until Fri, 18 Jan 2013
23:59:59 GMT
- Issuer: Google Inc, US
- Fingerprint:
34:4b:90:e7:e3:36:81:0d:53:1f:10:c0:4c:98:66:90:4a:9e:05:c9
(R)eject, accept (t)emporarily or accept (p)ermanently?
In some cases, even if you accept this by entering 'p' option, the
next time you access SVN, the same error appears again. There can
be multiple reasons. The problem may be your ~/.subversion directory has
wrong permissions, so that each time you want to permanently add the
credentials, svn actually cannot do so, and also doesn't inform you
that it can't.
This can be solved by either fixing the permissions with chmod 644 in
~/.subversion/auth/svn.ssl.server
directory or by deleting the directory contents. If deleted, the directory gets populated automatically the next time you access the repository.
The files are in the repository; you can verify this by running commands such as svn ls -R, or by trying to checkout a working copy from the repository:
$ pwd /var/srv/repositories/foo $ ls -1 conf db format hooks locks README.txt $ svnlook youngest /var/srv/repositories/foo 1 $ svn ls file:///var/srv/repositories/foo trunk/ tags/ branches/
The versioned files and directories are simply not stored on-disk in a tree format (like CVS repositories used to), but instead are stored in database files. The BDB backend uses Berkeley DB databases, and the FSFS backend uses both a custom file format and may in the future use SQLite databases.
In general, to avoid some kinds of spurious merge conflicts, the following rules can be kept in mind:
During copies where the source is a URL, and the target is either a URL or in a working copy, explicit mergeinfo is created on the copy target. This is done so that when a branch is created with
svn copy ^/trunk ^/branches/mybranchand later an ancestrally unrelated subtree is copied into the branch using an invocation such as
svn copy ^/branches/another-branch/foo ^/branches/mybranch/barthe directory /branches/mybranch/bar does not inherit mergeinfo from its parent /branches/mybranch. Mergeinfo inherited from the parent might not reflect the factually correct merge history of the new child.
During copies where both the source and the target are within a working copy, no mergeinfo is created on the copy target (as of Subversion 1.5.5). This assumes the case where a new child is added on the trunk (or a branch), and this addition is merged to another branch which is kept in sync using periodic catch-up merges. In this case, the inherited mergeinfo of the branch's new child is correct, and the creation of explicit mergeinfo could cause spurious merge conflicts due to apparent, but factually inaccurate, differences in the child's and parent's merge histories.
For additional details and discussion about this behaviour, see this post on the users mailing list.
Passwords which contain non-ASCII characters may not work reliably with the basic authentication mechanisms Subversion supports. This is due to potential character encoding differences between the client and server systems. See this mailing list post for details.
As a workaround, you can configure your Subversion server to use a single-sign-on mechanism, such as Kerberos or SSPI. See the Apache HTTPD server documentation for details. If you are using svnserve, see the 'Using svnserve with SASL' chapter in the Subversion book.
When using svnserve with SSH authentication SSH keys can be used to work around this limitation of passwords.
If you are seeing slow server-side copying (a.k.a. branching or tagging) with a Subversion repository served over HTTP(S), you might be running into issue 4531. This problem is caused by a crawl of the “tree-to-copy” by httpd's mod_dav module on the server (giving the copy a performance cost of O(sizeof(tree)) instead of SVN's usual O(1) for branching/tagging). This behaviour is present in Apache httpd version 2.2.25 (or higher) and 2.4.6 (or higher) – older versions of httpd are not affected. Branching/tagging a large tree may take several minutes because of this.
This problem has been fixed in mod_dav_svn in Subversion 1.8.14. You can also use the following workaround to make mod_dav skip the unnecessary work; add the following directives to the Apache configuration on the server, preferably only inside the Location blocks configured for SVN:
SetEnvIf Request_Method COPY method_is_copy RequestHeader set Depth 0 env=method_is_copy
This adds a request header "Depth" with value 0 to each COPY request. This makes mod_dav avoid the crawl of the tree being copied (yet still lets Subversion perform a normal recursive copy).
See this mailing list thread for more details.
SSL communication errors can have various reasons. You can use the openssl binary to debug the ssl connection.
openssl s_client -connect example.com:443 -servername example.comIf you use a client certificate, then you need to convert Subversion's client certificate from pkcs12 to pem first:
openssl pkcs12 -in path/to/svn/cert.p12 -out cert.pemThen you can use:
openssl s_client -connect example.com:443 -servername example.com -cert cert.pemIf you are using ssl-authority-files in .subversion/servers to verify the server cert you can get s_client to do the same with the additional parameter:
openssl s_client ... -CAfile path/to/authority.pemThe s_client output may indicate what problem is occurring.
For example, if s_client reports
error setting certificate 140258270184704:error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak:../ssl/ssl_rsa.c:303:then creating new CA keys with sha256 instead of md5 should solve the problem.
Before the make install
step on unix-y systems,
dynamically built "executables" in a Subversion source tree are
actually libtool-generated shell scripts which re-link and run the
real binary. As shown below, this complicates debugging:
subversion$ gdb subversion/svn/svn
... "/path/to/subversion/subversion/svn/svn": not in executable format: File format not recognized
You can work around this by running gdb via the libtool command. The libtool command in execute mode will detect that the svn command is a libtool wrapper script and handle setting the appropriate environment variables and replace the script with the path to the real file before running gdb..
Your command line would look something like this:
$ libtool execute gdb subversion/svn/svn
By default, gcc will often optimize away private variables and functions, inlining the associated operations. This can complicate stepping through the code in a debugger.
Work around this by turning off optimization during the
make
step on unix-y systems:
subversion$ make EXTRA_CFLAGS=-O0
(That's "dash ohh zero".) Alternately, you can make this change
more permanent by running configure
as follows:
subversion$ ./configure --enable-debug
For a production install, remember to undo this operation before
installing Subversion from source, by re-running make
or
configure
without the extra flag.
The Subversion client speaks a subset the WebDAV/DeltaV protocol to the mod_dav_svn server module. The short answer is:
OPTIONS, PROPFIND, GET, REPORT, MKACTIVITY, PROPPATCH, PUT, CHECKOUT, MKCOL, MOVE, COPY, DELETE, LOCK, UNLOCK, MERGE
Note that this list may grow over time: Subversion 1.7+ started using the POST method when speaking to 1.7+ servers, and it's possible that Subversion 1.9+ might start using yet another method when talking to 1.9+ servers.
The details of the protocol are documented here:
https://svn.apache.org/repos/asf/subversion/trunk/notes/http-and-webdav/webdav-protocolSee Poul-Henning Kamp's post to freebsd-hackers: https://docs.freebsd.ac.cn/en/books/faq/#bikeshed-painting.
Jim Blandy, who gave Subversion both its name and repository design, pronounces "Subversion" "Subversion".
Throughout Subversion's source code there are many references to 'baton' objects. These are just void * data structures that provide context to a function. In other APIs, they're often called void *ctx or void *userdata Subversion developers call the structures "batons" because they're passed around quite a bit.
wedged repository:
A Subversion repository consists of two different internal parts, a working compartment and a storage compartment. A wedged repository is a repository where the working compartment is unaccessible for some reason, but the storage compartment is intact. Therefore, a wedged repository has not suffered any loss of data, but the working compartment has to be corrected before you can access the repository. See this entry for details how to do that.
corrupted repository:
A corrupted Subversion repository is a repository where the storage compartment has been damaged, and therefore there is some degree of real data loss in the repository.
You might also like to check The Jargon File's definition for 'wedged'.
Subversion is using CVSSv3 in our security advisories so you will see a CVSSv3 Base Score and Vector in the Severity section of our advisories. CVSSv3 is the current version of the Common Vulnerability Scoring System which is an open industry standard for assessing the severity of computer system security vulnerabilities. FIRST maintains the documentation for the standard.
The score is a number in the range of 0 to 10 with less risky vulnerabilities scoring lower and more risky vunerabilities scoring higher. The score is calculated by determining the metrics of the vunerability and then calculating the score based on those metrics. If you want to understand how a score was determined you would need the vector and an understanding of the formula as specified by the standard.
The vector is an abbreviated description of the metrics that apply to the vulnerability.
CVSSv3 provides for 3 types of metrics and scores; base, temporal and environmental. The Subversion project will only ever provide the base score and metrics. As a project we cannot determine the environmental risks of the various installations so it is not possible for us to calculate the environmental metrics. The temporal metrics are for factors that may change over time. We do not update our advisories once published so it's not possible for us to track these changing values.
Some vulnerabilities require specific configurations or environmental factors in order to be exploited. CVSSv3 specifies that the Access Complexity metric consider how common such a configuration is. As a result, a vulnerability that requires an unusual configuration will have a low score. The scores can help you prioritize how quickly you need to react to an advisory but as a result of the Access Complexity metric you should still consider how the vulnerability impacts your installation.
When calculating the Availability Impact metric of server vulnerabilities the Subversion project will use the value of Complete within the context of Subversion and not the host system. For example when considering a Denial of Service attack the Availability Impact metric will be calculated as High if the vulnerability allows an attacker to make the Subversion server completely inaccessible. On the other hand if the attack only made the Subversion server slow or limited the number of successful connections it would be rated as Low.
When calculating the Integrity Impact metric of server vulnerabilities the Subversion project will use the value of High when history of the Subversion repositories may be changed or when the ability to modify any file on the host system occurs. The ability to change any file (while leaving the appropriate history trail) in violation of any authentication or authorization requirements will be treated as Low.
When calculating the Confidentiality Impact metric of server vulnerabilities the Subversion project will use the value of High when all files in the repository may be read regardless of any authentiation or authorizaiton requirements. If only some files may be read it will be considered Low.
As a result of how we calculate these impact metrics you may see advisories in vulnerability databases or vendor advisories that have a different score. For instance an Linux distribution that provides a binary package of Subversion may score the full exposure of the contents of the Subversion repository hosted on the system as only a Low Confidentiality Impact, resulting in a lower score.
This is probably due to a known bug in Apache HTTP Server (versions 2.0.48 and earlier), for which a patch is available, see https://bz.apache.org/bugzilla/show_bug.cgi?id=25040. You may also want to read over https://issues.apache.org/jira/browse/SVN-1608 to see if the description there matches your symptoms.
You need to install Window XP Service Pack 1.
If it's a live repository, then the easy answer is "Whatever version of Berkeley DB you have installed". If, however, it is a repository from a backup, or some unknown source, and you have no idea which version of Berkeley DB it was made with, here's how you find out:
Run some command to view the two 4-byte integers at offsets 12 and 16 (decimal) in the highest-numbered db/log.* file in the repository. Here is an example using GNU od: "od -j12 -N8 -tx4 log.<number>". Here is an example using Mac OS X hexdump: "hexdump -s12 -n8 -x log.<number>". The first integer should be the magic number 0x00040988, which identifies the file as a Berkeley DB logfile. The second number is the log format version - match it to a Berkeley DB version using the table below:
Log format version | Berkeley DB version |
---|---|
5 (0x00000005) | 4.0 |
7 (0x00000007) | 4.1 |
8 (0x00000008) | 4.2 |
10 (0x0000000a) | 4.3 |
11 (0x0000000b) | 4.4 |
12 (0x0000000c) | 4.5 |
13 (0x0000000d) | 4.6 |
The repository stores all your data in a Berkeley DB "environment" in the repos/db/ subdirectory. The environment contains a collection of tables and bunch of logfiles (log.*). Berkeley DB journals all changes made to the tables, so that the tables can be recovered to a consistent state in case of interruptions (more info).
The logfiles will grow forever, eating up disk space, unless you, (as the repository administrator) do something about it. At any given moment, Berkeley DB is only using a few logfiles actively (see this post and its associated thread); the rest can be safely deleted. If you keep all the logfiles around forever, then in theory Berkeley DB can replay every change to your repository from the day it was born. But in practice, if you're making backups, it's probably not worth the cost in disk space.
Use svnadmin
to see
which log files can be deleted. You may want a cron job to do this.
$ svnadmin list-unused-dblogs /repos /repos/db/log.000003 /repos/db/log.000004 [...] $ svnadmin list-unused-dblogs /repos | xargs rm # disk space reclaimed!
You could instead use Berkeley DB's db_archive
command:
$ db_archive -a -h /repos/db | xargs rm # disk space reclaimed!
See also svnadmin hotcopy
or hotbackup.py
.
Note: If you use Berkeley DB 4.2, Subversion will
create new repositories with automatic log file removal enabled. You
can change this by passing the --bdb-log-keep
option to
svnadmin create
. Refer to the DB_LOG_AUTOREMOVE
flag
in the Berkeley DB manual located under
docs/api_c/env_set_flags.html#DB_LOG_AUTOREMOVE on the
Berkeley DB 4.2.x download package.
The Berkeley DB database in your repository is sensitive to interruptions. If a process accessing the database exits without "cleanly" closing the environment, then the database is left in an inconsistent state. Common causes of this include:
For most of these cases, you should run "svnadmin recover", which rewinds the repository back to a consistent state; see this question for details. Note that running out of disk space, combined with frequent checkouts or updates, can cause the repository to crash in a way where recovery is not possible (so keep backups).
Segfaults, forced killings, and running out of disk space are pretty rare. Permission problems are far more common: one process accesses the repository and accidentally changes ownership or permissions, then another process tries to access and chokes on the permissions.
The best way to prevent this is to get your repository permissions and ownership set up correctly. See here for our recommendations.
Your repository is not corrupt, nor is your data lost. If your process accesses the repository directly (mod_dav_svn, svnlook, svnadmin, or if you access a `file://' URL), then it's using Berkeley DB to access your data. Berkeley DB is a journaling system, meaning that it logs everything it is about to do before it does so. If your process is interrupted (Control-C, or segfault), then a lockfile is left behind, along with a logfile describing unfinished business. Any other process that attempts to access the database will just hang, waiting for the lockfile to disappear. To awaken your repository, you need to ask Berkeley DB to either finish the work, or rewind the database to a previous state that is known to be consistent.
WARNING: you can seriously corrupt your repository if you run recover and another process accesses the repository.
Make absolutely sure you disable all access to the repository before doing this (by shutting down Apache, removing executable permissions from 'svn'). Make sure you run this command as the user that owns and manages the database, and not as root, else it will leave root-owned files in the db directory which cannot be opened by the non-root user that manages the database, which is typically either you or your Apache process. Also be sure to have the correct umask set when you run recover, since failing to do so will lock out users that are in the group allowed to access the repository.
Simply run:
svnadmin recover /path/to/repos
Once the command has completed, check the permissions in the
db
directory of the repository.
Sometimes "svnadmin recover" doesn't work. You may see it give errors like this:
Repository lock acquired. Please wait; recovering the repository may take some time... svnadmin: DB_RUNRECOVERY: Fatal error, run database recovery svnadmin: bdb: Recovery function for LSN 175 7066018 failed on backward pass svnadmin: bdb: PANIC: No such file or directory svnadmin: bdb: PANIC: fatal region error detected; run recovery
or like this:
Repository lock acquired. Please wait; recovering the repository may take some time... svn: DB_RUNRECOVERY: Fatal error, run database recovery svn: bdb: DB_ENV->log_flush: LSN of 115/802071 past current end-of-log of 115/731460 svn: bdb: Database environment corrupt; the wrong log files may have been removed or incompatible database files imported from another environment [...] svn: bdb: changes: unable to flush page: 0 svn: bdb: txn_checkpoint: failed to flush the buffer cache Invalid argument svn: bdb: PANIC: Invalid argument svn: bdb: PANIC: fatal region error detected; run recovery svn: bdb: PANIC: fatal region error detected; run recovery [...]
In that case, try Berkeley DB's native db_recover utility (see the Berkeley DB db_recover documentation located under docs/utility/db_recover.html on the Berkeley DB 4.2.x download package). It usually lives in a "bin/" subdirectory of the Berkeley DB installation, for example if you installed Berkeley DB from source, it might be /usr/local/BerkeleyDB.4.2/bin/db_recover; or on systems where Berkeley DB comes prepackaged it might just be /usr/bin/db_recover. If you have multiple versions of Berkeley DB installed, make sure that the version of db_recover you use matches the version of Berkeley DB with which your repository was created.
Run db_recover with the "-c" ("catastrophic recovery") flag. You can also add "-v" for verbosity, and "-h" with an argument telling it what db environment to recover (so you don't have to cd into that directory). Thus:
db_recover -c -v -h /path/to/repos/db
Run this command as the same user that owns the repository, and again, make absolutely sure that no other processes are accessing the repository while you do this (e.g., shut down svnserve or Apache).
If you're using http:// access, "Cannot allocate memory" errors show up in the httpd error log and look something like this:
[Wed Apr 07 04:26:10 2004] [error] [client 212.151.130.227] (20014) Error string not specified yet: Berkeley DB error while opening 'strings' table for filesystem /usr/local/svn/repositories/svn/db: Cannot allocate memory [Wed Apr 07 04:26:10 2004] [error] [client 212.151.130.227] Could not fetch resource information. [500, #0] [Wed Apr 07 04:26:10 2004] [error] [client 212.151.130.227] Could not open the requested SVN filesystem [500, #160029] [Wed Apr 07 04:26:10 2004] [error] [client 212.151.130.227] (17) File exists: Could not open the requested SVN filesystem [500, #160029]
It usually means that a Berkeley DB repository has run out of database locks (this does not happen with FSFS repositories). It shouldn't happen in the course of normal operations, but if it does, the solution is to run database recovery as described here. If it happens often, you probably need to raise the default lock parameters (set_lk_max_locks, set_lk_max_lockers, and set_lk_max_objects) in the db/DB_CONFIG file. When changing DB_CONFIG in an existing repository, remember to run recovery afterwards.
Your apr-util linked against DB-3, and svn linked against DB-4. Unfortunately, the DB symbols aren't different. When mod_dav_svn is loaded into Apache's process-space, it ends up resolving the symbol names against apr-util's DB-3 library.
The solution is to make sure apr-util compiles against DB-4. You can do this by passing specific switches to either apr-util's or apache's configure: "--with-dbm=db4 --with-berkeley-db=/the/db/prefix".
This is not really a problem with Subversion, but it often affects Subversion users.
Red Hat 9 and Fedora ship with a Berkeley DB library that relies on the kernel support for NPTL (the Native Posix Threads Library).
The kernels that Red Hat provides have this support built in, but if you compile your own kernel, then you may well not have the NPTL support. If that is the case, then you will see errors like this:
svn: Berkeley DB error svn: Berkeley DB error while creating environment for filesystem tester/db: Function not implemented
This can be fixed in one of several ways:
LD_ASSUME_KERNEL
is set
to 2.2.5
, and if so, unset it before starting
Subversion (Apache). (You usually would set this variable to run
Wine or Winex on Red Hat 9)To use the NPTL version of Berkeley DB you also need to use a glibc library with NPTL support, which probably means the i686 version. See https://svn.haxx.se/users/archive-2004-03/0488.shtml for details.
Berkeley DB 4.1 has shown itself to be rather unstable - both 4.0 and 4.2 are better. This error message is a symptom of one unique way in which 4.1 will sometimes break.
The problem is that the database format field for one of the tables that make up a Subversion repository using the Berkeley DB backend has become corrupted. For unknown reasons, this is almost always the 'copies' table, which switches from the 'btree' type to the 'recno' type. Simple recovery procedures are outlined below - if they do not succeed, you should contact the Subversion Users mailing list.
Prior to Berkeley DB 4.3, svnadmin recover worked to upgrade a Berkeley DB repository in-place. However, due to a change in the behaviour of Berkeley DB in version 4.3, this now fails.
Use this procedure to upgrade your repository in-place to Berkeley DB 4.3 or later:
The repository is now usable by Berkeley DB 4.3.
Certain client operations are "read-only", like checkouts and updates. From an access-control standpoint, Apache treats them as such. But libsvn_fs (the repository filesystem API) still has to write temporary data in order to produce tree-deltas. So the process accessing the repository always requires both read and write access to the Berkeley DB files in order to function.
In particular, the repository responds to many "read-only" operations by comparing two trees. One tree is the usually the HEAD revision, and the other is often a temporary transaction-tree -- thus the need for write access.
This limitation only applies to the Berkeley DB backend; the FSFS backend does not exhibit this behaviour.