Project

General

Profile

SVN

Accessing the Repository

To Access the DESpec SVN, you need:

If you would like to have write access, email Brian or Laurenz, so we can add you to the DESpec project.

Kerberos

How to set up kerberos

$ mv /etc/krb5.conf /etc/krb5.conf.bak
$ cd /etc
$ wget http://security.fnal.gov/krb5.conf
$ echo "host cdcvs.fnal.gov
   ForwardX11 = no
   GSSAPIAuthentication yes
   GSSAPIDelegateCredentials yes" >> ~/.ssh/config
$ kinit -f your-fnal-username
$ klist

The final klist should show your kerberos ticket and the svn can be checked out now using the svn checkout command below.

Links with further documentation

http://www.fnal.gov/docs/strongauth/macadmin.html#55292
http://kb.mit.edu/confluence/display/istcontrib/Acquiring+Kerberos+Tickets+in+Mac+OS+X+10.7+(Lion)+or+OS+X+10.8+(Mountain+Lion)
http://fermilinux.fnal.gov/documentation/security/kerberos-newer-linux/

Obtaining Secure Access: Kerberos

There are two different passwords for redmine and kerberos. At the beginning (when you register your account), they are the same. But when the redmine password gets changed, the kerberos password stays the same and vice versa.
If you haven't got the initial password any more and need to reset the kerberos password, you have to call the fermilab service desk so they reset the kerberos password. Link: https://fermi.service-now.com/fsc/

$ kpasswd your-fnal-username

Set up with Public Keys

We do support ssh key-based access for off-site users for whom Kerberos is too troublesome
and/or difficult. Someone who is a manager of the appropriate Redmine project can ssh into
the repository account (i.e. ssh ) and make an
.ssh/authorized_keys" file with lines of the format:

environment="REMOTEUSER=redmine-user-name" ssh-dss [big-long-base64-key] email-address

The user can generate an ssh-dss key with ssh-keygen to send to you, if they don't already have one.
Generally what they send you is a copy of their .ssh/identity.pub file, which has the big long
base-64 key mentioned above.

  • Make sure ssh is installed on your system. These instructions have been tested with openssh version 3.5, you can check what version you have by running
      ssh -V
  • If you don't have one, create an ssh key pair, by running:

          ssh-keygen 
      

    It will ask you for a passphrase to keep your private key encrypted. Do not use your system password, etc. for this    passphrase, rather pick a nice long phrase, but one you can remember. You can change it later with
          ssh-keygen -p
      
    This will create $HOME/.ssh/id_dsa and $HOME/.ssh/id_dsa.pub, which are your private and public keys, respectively. You should copy these key files (or even your whole .ssh directory) to whatever computer accounts you have, so that you can establish your key authentication from that account.  And of course you should keep the id_dsa file readable only by you.
  • send your public key to nord or Laurenz

 
 
 

Using the Repository

SVN Checkout

Source Code

svn checkout svn+ssh://p-simulation_pipeline@cdcvs.fnal.gov/cvs/projects/simulation_pipeline-main/trunk despec

Data

svn checkout svn+ssh://p-simulation_pipeline@cdcvs.fnal.gov/cvs/projects/simulation_pipeline-main/data data

This will create a directory called despec containing a checkout the complete pipeline.

Adding a File

Adding a file does not commit the file, use commit to upload the file.

svn add your-file

Commit

One need not supply a URL for commit. SVN automatically contacts external server

svn commit -m "your message"  

SVN Checking your changes

This presents a summary of the changes.

svn status

Which outputs something like

$:~/src/despec/trunk/Wrapper$ svn status
M       run_pipeline.py
A       lsprofcalltree.py
C       glue.ini
?       glue.mine.ini

You see the filenames and the flags at the beginning of the line. The flags mean:

? item
The file, directory, or symbolic link item is not under version control.

A item
The file, directory, or symbolic link item has been scheduled for addition into the repository.

C item
The file item is in a state of conflict. That is, changes received from the server during an update overlap with local changes that you have in your working copy (and weren't resolved during the update). You must resolve this conflict before committing your changes to the repository.

D item
The file, directory, or symbolic link item has been scheduled for deletion from the repository.

M item
The contents of the file item have been modified.

Run the Code

Description of the glue code

Instructions on how to run the pipeline: Run_Pipeline