You are here: Home Experiment Information US ATLAS Grid Development Using Subversion at BNL

Using Subversion at BNL

by John Hover last modified Oct 05, 2012 03:32 PM
Contributors: John DeStefano
About Subversion and how to set up a Subversion client for US ATLAS development at BNL.

What is Subversion?

Subversion is a system that allows one to establish a code repository to save program source code in a central location. Developers then check out the code (using the Subversion client), work on it, and check it back in. Thus multiple developers can work on one project simultaneously, and Subversion will merge their changes automatically. The system also allows changes to be rolled back if a mistake is made. Subversion is a modern rewrite of the classic source code control program CVS.


Client Setup Instructions

To use subversion from a UNIX system, you will need a few prerequisites:

  1. The Subversion client installed on your computer.
  2. Your grid certificate in PKCS12 format. Store it in your home directory and note the location.
  3. The DOEgrids CA certificate, from:
    1. An OSG install, e.g. on an RACF-maintained server, or one of the ACF/RCF worker nodes, OR
    2. A set of IGTF Root CA certificates. e.g. from (via OR
    3. A package manager-based CA installation, e.g. yum. Here is a glite-CA.repo file you can use.
      1. [glite-ca]
        name=gLite CA RPMs
      2. After adding this repo file, you'll need to run yum install lcg-CA
      3. You will also need to ensure that the fetch-crl package is installed and enabled. Try yum install fetch-crl
  4. Your Subversion client ('svn') configured to use your personal certificate, and to recognize the server certificate (which is signed by the DOEgrids Certificate Authority). This is a template of the Subversion servers file:


 #  ~/.subversion/servers
ssl-client-cert-file = /home/jhover/.globus/jhover-doegrids-2007.p12 ssl-client-cert-password = tOpsEcrEt ssl-trust-default-ca = true # This is the CA certificate for DOEgrids ssl-authority-files = /etc/grid-security/certificates/1c3f2ca8.0

Once this is set up, you can check out code from the command line like so:

svn checkout

5. If you have trouble connecting to a certificate-authenticated SVN URL, you may be affected by a bug in GNUTLS that interacts with your certificate in a way that causes "Decrypt  error" messages. If so, you need to re-pack your certificate using the following recipe:

     openssl pkcs12 -in CURRENT.p12 -nodes -nocerts > priv.key.pem
openssl pkcs12 -in CURRENT.p12 -nodes -nokeys > pub.key.pem

Then in public.key.pem delete all but your own certificate, i.e. delete any CA
certificates that are included. Then recreate your certificate using:

openssl pkcs12 -export -inkey priv.key.pem -in pub.key.pem -out NEW.p12

6. If you are on a recent Debian/Ubuntu system, and the certificate change above doesn't fix it for you, replacing libneon-gnutls with libneon (which is linked to libssl) has been reported to work as well:

cd /usr/lib/

sudo rm

sudo ln -s /usr/lib/

And for the Eclipse IDE, at least, once this works from the command line it will also work transparently from within the IDE using the Subclipse Eclipse plugin.

For more information about Subversion (downloads, documentation, etc. ) visit

Filed under: , ,