Hello, first actual post in linux planets

Introduction

Recently I wanted to have an svn+ssh installation, without giving ssh access to the users. The procedure is very simple, and it doesn’t diverge much from the typical subversion configuration. This is going to be the first topic I’m going to expand. The second one is a Gorg installation, that takes advantage of it, and helps translation teams. Let me clear this out, by telling you the whole story of it:

Some Greek geeks recently gathered and wanted to create a greek gentoo community. So, the very first thing I wanted to do is to have better communication between translators, but also give a motivation to some people to contribute to the translations, even with just reviewing. The current model does not allow it that much. There is only one or two people that have CVS access to translations (for greek there is none at the moment). So, if there are other people also translating the documentation, they have to send patches, which has many drawbacks: What if two or more people where working at the same thing? What if someone finds a simple typo? Why should he create a patch? If a bunch of people could just correct those kind of small mistakes in documentations, without getting in the procedure of creating patches or whatever, the translation progress would be very rapid, and it could be easy for more people to contribute. Let’s begin with the subversion configuration.

Subversion

In fact, all I have done here is to collect information. No special tweaking. This is going to be rather a quick installation, configuration and usage howto.

First of all, we install subversion (in Gentoo it is dev-util/subversion). Then we create a svn user and group, setting its home folder to /var/svn. This is the place where our subversion repositories will be stored.

useradd -m -d /var/svn -s /bin/bash svn

(For some extra security I set rbash as this user’s shell, it seems to work but you’ll have to make sure it doesn’t break your hooks first). The following changes should be done with the svn user, in order to avoid permissions problems. So, we go to that directory and create a test repository:

svnadmin create test

Next step is to set up the users accounts. We need ssh keys from the users for this. In /var/svn/.ssh/authorized_keys we write the following:

command="svnserve -t -r /var/svn --tunnel-user=commiter1",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-dss AAAAB3Nza.... user@host

Now, a little explanation about the above snippet. When the user performs an svn+ssh command, he actually logs in to the system with the svn user. So, ssh immediately calls the command svnserve, with some extra parameters, like the path of the folder where the repos reside and the actual username of the commiter (here it is commiter1). After that follow some extra ssh options which provide more security (like preventing execution of X11 forwarding). At the end is the user’s public key. The last step is to configure the repository, and specify who has read/write, who has read-only and who hasn’t any access. We have to edit two files, test/conf/authz and test/conf/svnserve.conf. In svnserve.conf we uncomment the following lines:

anon-access = read # optional: only if we want an anonymous svnserve running
auth-access = write
authz-db = authz

Then we edit authz file, where we specify the users’ privileges. There are many ways to do it, by specifying aliases, groups of people, and extra permissions to subdirectories. There are examples inside the file, so I am not going to expand on it at all. I’m just going to show a very simple configuration:

[test:/]
commiter1 = rw
commiter2 = rw
commiter3 = r
* = r
# Note: Of course the wildcard * = r covers the commiter3 = r entry

With this configuration we don’t need a running svnserve daemon. This prevents anonymous checkouts, and allows us to close the svn port (default 3690).

However if you do want this, in Gentoo the file /etc/conf.d/svnserve is used to specify the user that will run the daemon, which should be the user svn. Also, the SVNSERVE_OPTS variable could contain the repos path ( –root=/var/svn ). Debian does not provide a script, but it is very easy to create a custom one, and a simple google search will provide millions. Contact me if you need more info on this.

The last part is to create an svnserve wrapper. gentoo-wiki provides one that I have extended a bit (based on a script that robbat2 gave me that he uses in a Gentoo server):

#!/bin/bash
export SSH_SESSION=1
echo "$(date),$(date +%s) $USER (${SSH_ORIGINAL_COMMAND}) ($@)" >> /var/log/svnserve.log 
if [ "$SSH_ORIGINAL_COMMAND" == "svnserve -t" ] ; then
    export SSH_LOGIN=
    umask 002
    exec /usr/bin/svnserve "$@"
else
    exit 1;
fi

The extra thing I added is to log the user and reject the connection if the ssh argument is not svnserve -t. Place the script in /usr/local/bin/svnserve, make it executable and make sure that "which svnserve" returns /usr/loca/bin/svnserve instead of /usr/bin/svnserve. According to the gentoo-wiki article:

If the latter is the case, SSH does not search /usr/local/bin for the svnserve command. To change that, you can use the PAM module pam_env.so which is usually included in /etc/pam.d/ssh via system-auth. pam_env's config file is /etc/security/pam_env.conf and by adding PATH OVERRIDE=/usr/local/bin:/usr/bin:/bin you instruct it to set this particular path for all system-auth services. It appears this PAM module affects local login commands also, so check you have all the directories normally included in root's PATH included in this /etc/security/pam_env.conf entry.

That covers pretty much everything needed for the installation. The following command show how we can checkout the repository:

svn co svn+ssh://svn@server/repo

Since we specified -r /var/svn in authorized_keys, we don't need to type the whole path (the same applies to anonymous checkouts). Note that we use the svn user to do the svn+ssh authentication. The commits though will be logged with the actual user, the one who was specified in --tunnel-user. An optional step is to install a web gui for our svn repositories, like websvn or viewVC. Their configuration is very easy and well documented, so I won't expand on this. We are done with the subversion configuration, now let's move to something more Gentoo-specific.

Gorg with SVN

The main problem in Gentoo translations (and documentation translations in general I suppose) is that they can't be handled with a transifex or pooptle installation. So, what I am proposing here is to have a Gorg installation that serves a copy of the gentoo.org website, apart from the /doc/XX folder which will be a separate svn repository, which will be updated after every commit with a simple post-commit hook. The whole thing seems to work very well for the greek language (/doc/el), and you can see a sample of my work in the following links: http://gorg.gentoo-el.org/doc/el/handbook and http://websvn.gentoo-el.org/listing.php?repname=gentoo-doc-el. (Note to other translation teams: if you are interested in this but you don't have a server to host it, I'll be glad to host it). The installation of gorg is fully explained in Xavier's website, and I don't think I have to say anything more on this. After it is up and running, we can go on doing some further tweaking on this.

First of all we create an svn repository (for example called gentoo-doc-xx). Then delete the folder doc-xx from the CVS checkout we did earlier. Replace this folder with the svn repository you just made, which has to have the same name:

svn co svn://localhost/gentoo-doc-xx /path/to/your/document/root/doc/xx

Then we set up the hook. Some templates are stored inside the repositories, in the subfolder hooks. Just create a file post-commit, make it executable and add to it the following two lines:

#!/bin/bash
/usr/bin/svn export file:///var/svn/gentoo-doc-el/ /path/to/your/document/root/doc/xx  --force >> /var/log/svnserve.log

And that's pretty much it. Feel free to contact me for any suggestions or questions. The docs I used for this are the following:

• Subversion handbook
• SVN installation howto from gentoo-wiki.com
• Gorg installation from Xavier's website (EDIT: Xavier's site is dead, use this guide from gentoo.org instead)

I'd like to thank my Linux Team sysadmins for their precious help and testing, and robbat2 (Gentoo sysadmin) for his suggestions.

I was very excited about this from the very beginning, mostly because I didn’t have the chance to be in another THHF since 2004. I mean, how can someone not be excited about this, given all those live performances and side events, plus the fact that I have seen videos from all the past events and regretting every single year for not going? I was about to witness some of my favorite bands live on stage, after so many years of waiting and listening to their tracks. The event took place on Friday, 18 and Saturday, 19 December 2009 at the club Block33. So, let’s begin our trip.

Warning: This is going to be extremely verbose

Background

First of all, some background about THHF. As the name states, it is an annual Hip Hop Festival which takes place in Thessaloniki, Greece, starting in 2003. It began as a simple live event that hosted the most popular/hot greek rap names, but since then it has been extended very much. It has hosted legendary american/german/french/british rap groups, MCs and DJs, and now it also includes many side-events, like DJ and MC battles, graffiti sessions, DJ sets, workshops, movies etc. The credits for this belong to Zoltan Tribe, which is a group of people that organize various Hip Hop (but not only) events in northern Greece mostly. The team is very respectable in Greece, not only for the past THHF’s, which were big success, but for many other events. And time to move on the inners of this year’s Festival.

Day 1: Live Events

Disclaimer: I’ll keep the greek names intact

At about 19:00 I was outside the club Block33 with some friends. We had waited for more than an hour outside in the cold, as Killa Kela’s flight from London was 5 hours late and we had to wait for him to do the necessary sound check. After some time the doors opened, and we got in. There were graffiti artists (Ser and Yakuza Crew) in a small backyard right next to the concert place, right behind a glass, so we could see the sketches evolving during the live performances (pretty cool, huh?) The place was not very big, but I later found out that there is a bigger one next door, in which the Saturday’s live performances would take place. The attendance was not exactly what I expected, but still, there is the Saturday which is a full Hip Hop day with more performances, so I guess the rest of the people will be here tomorrow. After a while the live started. Sifu VERSUS, one of the most respectable greek Hip Hop Artists, was going to be the host of the evening for second year in a row. He opened the Festival by welcoming us and introducing the first group that was about to perform, 4012 Beats. Although the name was unknown to me, I happened to know one of the MC’s from some past lives, but this specific performance of the group was a very nice surprise to us. They made us banging all the time, the best warm-up that could take place I guess. Next was the group SMA, which I don’t like very much, especially their rapping style, although I think that their productions are in a very high level. Then another brilliant performance took place, this time by MC Yinka. His sound is not pure hip hop, but mixed with dub, drum & bass, reggae elements that makes it very unique. Without a doubt, this was one of my top three performances for the whole two days. Next, Απέχεις, one of the hot newcomer bands in the greek Hip Hop scene. I usually don’t like that kind of performance, meaning 4-5 people just screaming. But in this case I really enjoyed this performance, especially the tracks of group member Λόγος Απειλή, whose name is featuring almost everywhere nowadays. And this is the part where I get drunk and do some nasty things that I don’t need to describe. In short, I couldn’t stand still any more so I was forced to see Killa Kela‘s awesome performance sitting in the back, unable to do a single headbanging just to express my enthusiasm . Of course Killa Kela (with his band) was the highlight of the night, he is a machine, this wasn’t beatbox, it was a clear drums sound (and a million other sounds altogether), just fantastic, something that words can’t describe. The reinforcement of the sound with the follow of the live band made it more awesome. And people of course never stopped banging, hitting, pushing and having fun! This was the last performance for Day One. The whole day left us more than satisfied, making us looking forward for the next full-Hip-Hop day. But it does, a full Hip Hop Day, so let’s move on.

Day 2: Movies and Producers’ Workshop

I woke up with a terrible headache (I know you are impressed now). At about one o’clock me and my friends were at Block33 again, for a full Hip Hop day. We saw two movies, the first about graffiti and the second about beatboxing. The graffiti movie was boring, just some guys going to trains and running from the cops, back and forth, all the time (although the music was terrific). After that, the producers’ workshop was about to begin. Four producers were given a sample and half an hour to create a hip hop beat. The four contestants were Prophet Of Noise, Strider, Κριτής, all of them well-known greek Hip Hop producers, and a newcomer, Ed Gain, which was the winner of a remix contest (online) which took place about a week before THHF, and Ed Gain as the winner had the right to participate to this workshop. Prophet was going to do his production with an MPC, Strider with (something that I don’t remember, I think MPC too), Κριτής with fruity loops and Ed Gain with Reason (although he had some software problem and he couldn’t participate as expected). While the beatmakers were beatmaking, we had the pleasure to enjoy a brilliant marvelous fabulous DJ set by DJ Sparky T, a well known DJ worldwide. He included Hip Hop from the early and mid nineties (exactly my style). Without a doubt one of my best moments there. After half an hour the producers were ready. It was really impressive what they managed to do in only half an hour! People applauded Κριτής’ beat mostly, while my personal preference was Prophet’s beat, as it was more complex, while Κριτής made a very simple but stronger beat. Ed Gain also presented some of his productions. Every producer explained the way he worked on this production, which was very interesting. And then, here come the battles…

Day 2: The Battles

So, time to take it back to the streets. The only MC battle currently taking place in Greece is THHF Hip Hop Battle. 8 freestylers were about to compete for the title of 2009 Freestyle Battle Winner (plus some presents/clothes/whatever ). The contestants were Sipno, Άρχοντας, Καταχανάς, Παίχτης, Mile, Εφτάψυχος, Πηγαίος and Naruto, the judges were Sifu VERSUS, Λόγος Απειλή, Ραψωδός Φιλόλογος and the voice of the crowd (whose vote would count for two in case of a tie) and DJ D-Mice giving the beats. The thing is that those freestyle battles are very impressive, and very funny sometimes, as people respond to each others’ punchlines with very funny lines usually. So after a lot of laughs and excitement, and a very long final round between Παίχτης and Εφτάψυχος, Παίχτης won the title, with the 3 judges voting for him, while the crowd was slightly in favor of Εφτάψυχος. I also voted for Εφτάψυχος, because his girlfriend was right behind me screaming all the time After that, there was the DJ Battle, which was presented by Sparky T, and wanted to do something similar with the DMC contests. It was the first time that a DJ Battle was hosted in THHF, and that’s why it was a bit unorganized. Still, some of the contestants were very skillful and proved once again that DJing is the backbone of Hip-Hop. Finally, the winner was DJ Mode who beated DJ Wester. At the end we enjoyed another awesome DJ set, this time by the german DJ Unkut, who also had an impressive communication with the crowd while DJing. And yes! Time for the live performances!

Day 2: Live Events

Sifu VERSUS announced us that the doors of the other bigger building are open and soon the live performances were about to begin. We were pretty excited, so we headed there. The live opened by some newcomers which I didn’t know much, KAS, Diezel with a guest appearance by 12ος Πίθηκος. Then performed the artists Αδέσποτο with a guest appearance by Sadomas, Stigma & Xquze and Εισβολέας, who later teamed up with Γέλως and they performed as Σκοτεινή Πλευρά. To be honest I didn’t pay close attention to those performances, either because I have seen them in the past or because I didn’t really like their music. Not to mention that I was getting tired, and at some point we went back to the small building, which was empty at that point, to take a breath. At some point Sifu VERSUS thanked us all for being there that night, as the festival was sold out! I later learned that a lot of people stayed outside. Then, one of my favorite greek Hip Hop groups came on stage, Ψυχοδράμα 07, where they had an excellent show, with many old and new tracks. This was the second in my top three highlights. I was disappointed though that ΔΠΘ, my favorite MC from Ψυχοδράμα, was not there. Still, Άγνωστος Χειμώνας and Ταυτισμένος Λάθος (the lead MCs) were very active and skillful, making us dancing and banging all the time. Of course Τ. Λάθος offered us some of his traditional rolling (by far the best in Greece at this). Also, Άυλος and Αλλοπρόσσαλος performed really well. Next it was the turn of Έκπτωτος Άγιος (Ανάφλεξη), one of the oldest MCs in Greece, who had a very special show (in a good way): I noticed that he didn’t communicate with the world that much (making the croud to shout various things, as it is used to), but he was rapping all the time, thus letting his music speak. Then, Ladose, also one of the hot names in greek Hip Hop scene, came to the stage, to bring the ruckus. Some greek Hip Hop groups are very loud when they rap, Ladose is one of them. Although I really enjoyed their show, I think they shouldn’t be so noisy and let their music speak mostly. Sifu VERSUS came to the stage to introduce us the next performer, but he had lost his voice as he was screaming two days in a raw. We all made some noise for the man, and Alex Zoltan (the main organizer) took his place, and announced the next group. So, we were about to witness Foreign Beggars (from London) live on stage and forget everything we knew so far. We forgot that we were tired, we forgot that we were in Thessaloniki, we forgot our names, our faces, everything. Their show was by far the best one in my life, and I really doubt I’ll experience anything like this soon. In the end MC Orifice Vulgatron did a stage diving as a perfect ending. The thing that impressed me the most is that those people were having more fun than anyone in the building, and they transfered that huge amount to energy to us successfully. After that, another excellent show took place, this time by the legend rapper named Afu-Ra. I feel very lucky that I saw an MC from Brooklyn performing historical tracks, most of them produced by also legendary people, like DJ Premier. Last one was Τάκι Τσαν, also one of the oldest and most respectful rappers in Greece. He, with the help of Εισβολέας and DJ Alx, presented to the crowd tracks of his new LP, Ρίμα Για Χρήμα 2, sequel of Ρίμα Για Χρήμα, which was released ten years earlier and now it is considered a classic in greek Hip Hop music. I have seen him before many times, and I don’t really like his music any more, so after 3-4 tracks we left. I headed straight to my house, where I slept for 20 hours. Well done to the organizers and the participants/performers and everyone involved. We all had a really really great time.

Photos from the event can be found here and here