I know that this has been asked many times before, but I believe my situation is different.
I am trying to add a pre-revprop-change hook to our SVN repository to enable changes to be made to log messages.
Before I added the pre-revprop-change
file I was getting this error:
$ svn propset -r 557 --revprop svn:log "New message!" https://myserver/repos/myrepo
svn: DAV request failed; it's possible that the repository's pre-revprop-change hook either failed or is non-existent
svn: At least one property change failed; repository is unchanged
svn: Error setting property 'log':
Repository has not been enabled to accept revision propchanges;
ask the administrator to create a pre-revprop-change hook
No problem, I thought. I'll add it:
$ cd /var/www/svn/myrepo/hooks
$ # Create the simplest hook possible
$ echo '#!/bin/sh' > pre-revprop-change
$ echo 'exit 0' >> pre-revprop-change
$ # Check that it looks correct
$ cat pre-revprop-change
#!/bin/sh
exit 0
$ # Looks good, now make it executable
$ chmod a+x pre-revprop-change
$ # Check the permissions
$ ls -al pre-revprop-change
-rwxr-xr-x 1 apache apache 17 2012-05-24 12:05 pre-revprop-change
$ # Run it, to make sure it runs, and check the error code
$ ./pre-revprop-change
$ echo $?
0
So, according to everything else I've read on SO, that should be all I need to make it work. But, when I try to edit the log message again, I still get an error (a different one this time):
$ svn propset -r 557 --revprop svn:log "New message!" https://myserver/repos/myrepo
svn: DAV request failed; it's possible that the repository's pre-revprop-change hook either failed or is non-existent
svn: At least one property change failed; repository is unchanged
svn: Error setting property 'log':
Revprop change blocked by pre-revprop-change hook (exit code 255) with no output.
There are a few points to note:
1) The repository is hosted on an SELinux server (Fedora core 10). Perhaps there is something that I need to do with regards to those permissions? Here are the SE permissions of the hook:
$ ls -alZ pre-revprop-change
-rwxr-xr-x apache apache unconfined_u:object_r:httpd_sys_content_rw_t:s0 pre-revprop-change
2) The repository is being accessed via WebDAV (note the https://
in the repository name). Is there something that I need to setup on the WebDAV side to allow pre-revprop-change changes?
After several hours of trying, I've found the answer. And, as it doesn't seem to exist anywhere else on the internet, I'll post it here...
The problem was caused by SELinux (no great surprise there). It seems that apache (/usr/sbin/httpd
) did not have the necessary permissions to run the hook script with the afore-mentioned SE permissions. To get it to execute, the SELinux permissions needed to be changed with
$ chcon -t httpd_exec_t pre-revprop-change
(I first tried changing it to httpd_sys_script_exec_t
, but this was not enough to get the script to execute. But with the httpd_exec_t
type it worked.)
Final question: is this a secure thing to be doing?