Monday, April 03, 2006

Nastier Than a Bear Holding a Shark

I have just finished setting up a Windows XP Pro box as a Subversion server.
This is not a fun way to spend an evening. Before you read this let me say
the following things as loudly as possible:


USE LINUX OR, what the hell, OS X would probably be okay too.

I will talk a little about why Windows is so bad later on. However, Windows
is what we had, and we needed a repo up ASAP, so I made do. Fortunately
Subversion keeps a database, and we will be able to copy that database to a
non-toy computer in the future. In the meantime, here's how to make it

Install SSHd

  1. Install Cygwin. Make sure the OpenSSH [1] package is checked. You
    probably want to add a few other things. My list of extras usually
    includes zsh, zip, unzip, gcc-mingw, patch, and
  1. Create local user accounts (or domain user accounts) for all the people
    you want to have making commits. In Windows XP pro, the default
    is accounts with no password. This is dumb. Set passwords on all
    the accounts. You can't log into SSH if you don't have either a password
    on the account or a public/private authorized_key pair on the account.
    Make these accounts local administrators. If you don't think you can do
    that, then don't even bother with the rest of this solution. You want Unix
  2. Launch the Cygwin prompt at least once. Run:
    mkpasswd -l > /etc/passwd; mkgroup -l > /etc/group(In a Windows NT Domain/ADS environment, you probably want -l -D.)
  3. Add C:\cygwin\bin to your global PATH environment variable.
    Yeah, just do it. It's in My Computer > Proprties > Advanced >Environment Variables.
  4. Then run ssh-host-config. You probably want to answer 'yes' to
  5. net start sshd or start the service from the services applet.

Test SSH

I suggest logging in as one of your users using just ssh, and make sure you
see some kind of shell.

Install Subversion and Make svnserve Your Bitch

  1. Install Subversion.
  1. Create a repository somwhere, using svnadmin. Now, there're a couple
    of things that need to be true about this repository.

    • It needs to be owned by the Administrators group, including
    • It needs to be writable by them, including subdirs/folders.

    Both of these things are accessed through the Security Tab, and then the
    Advanced button, when you right-click on the folder. If you don't have a
    security tab, go into Tools>Folder Options>View> and uncheck "Simple
    File Sharing".

    You may be scratching your head and thinking "But all your users are
    administrators.. why can't they write to the folder regardless?" You, my
    friend, understand Unix. Unfortunately, you don't understand Windows,
    wherein permissions activate and deactivate apparently at random.

  2. If you've ever configured svn+ssh access to a repository on Unix, you know
    about the umask problem as described in the box at the bottom of this
    svnbook page. There's a different problem on Windows, but it's solved
    the same way, with a very similar shell script.

In Cygwin's sshd, you get a very limited set of directories in your PATH.
It does not match the list in your global environment; it is apparently
compiled into sshd. There are a couple of different ways to modify it, but
they aren't global and/or they don't apply when using ssh to tunnel svn.
The solution is this shell script:

cd /cygdrive/c/Program\ Files/Subversion/bin
# change the following line so that -r points to where you are
# keeping your subversion repositories. This keeps your URLs shorter.
./svnserve -r C:/SUBVERSION "$@"

You need to name this script svnserve with no extension, put this into
your C:\WINDOWS directory, and, using Cygwin,
chmod a+x /cygdrive/c/WINDOWS/svnserve.
What you are doing is routing around the broken PATH and directing svn to
run the binary from its own directory. Note also the argument -rC:/SUBVERSION. That's a FORWARD SLASH. This argument is optional, but
it's extremely handy. Use it when you want shorter URLs.
For example, if you did:

mkdir C:/REPOS
svnadmin create Foostuffs
If you want your url to be svn+ssh://, then use
-r C:/REPOS.
  1. Make svnserve.exe in C:\Program Files\Subversion\bin executable by
    everyone. It isn't world executable by default.

Test svn

Try svn co svn+ssh:// and see what happens. If
you're trying this on a Windows client, you will want to find somebody else's document
on setting up svn+ssh client access from Windows.

Why Windows Sucks

Well, we've already covered the problems with the broken PATH on Windows,
which forces us to use the C:\WINDOWS\svnserve kludge, and the requirement
that your users be local Administrators. In addition to that, this
configuration is just plain flaky and slow. Performance is sluggish or
sometimes just stops altogether, for reasons from the computer going to sleep
(watch out for that) to having the wrong "Optimize for background apps"
setting, to just weird behavior in general. SSH is also slow under Cygwin,
which makes SVN slow.

Tomorrow I'll be setting up Bugzilla on the same box, assuming this pile of
cards hasn't fallen over by then.

[1](Why am I not using conch? Conch doesn't work on Windows. If
you disagree, feel free to send me instructions or patches and I
will try them. Really. I don't like Cygwin sshd.)

No comments: