在网络托管软件包上执行SVn检出/更新的最佳方式 [英] Best way of doing an SVn checkout/update on a web hosting package

问题描述

我想通过颠覆办理结帐来将我的网站部署到我的网络托管软件包上。我没有SSH访问我的托管软件包，这只是一个基本的LAMP Web托管软件包，但我知道在网络服务器上安装了一个SVN客户端。

I want to deploy my site on my web hosting package by doing a checkout through subversion. I do not have SSH access to my hosting package, which is just a basic LAMP web hosting package, but I do know that there is an SVN client installed on the web server.

我正在考虑编写一些可以做不同功能的脚本（PHP或Shell）。像一个结帐，更新，切换到另一个标签等，我可以以某种方式从外部调用。

I was thinking of writing some sort of script (PHP or Shell) that can do different functions. Like a checkout, update, switch to another tag etc. and that I can call externally in some sort of fashion.

任何关于最佳做法的输入，需要注意的事项而且如何去做这个非常感谢。

Any input on best practices, things to look out for and how to go about this is very much appreciated.

更新：我一直在使用
以下的技术为过去
几个星期现在。我已经仔细地
制作（并经过良好测试）一对
shell脚本，我可以通过cPanel从
cron执行。每当cron有
完成一个工作，它将通过电子邮件向我发送
控制台的作业输出。这样我的
可以监视所有命令是否成功。由于我只有
在服务器上执行更新，没有
提交，所以我没有碰到关于Subversion的任何
问题。当然，在我的.htaccess
文件中，我创建了一个规则，将拒绝
任何访问隐藏的.svn文件夹。

UPDATE: I have been using the following technique for the past couple of weeks now. I've carefully crafted (and well tested) a couple shell scripts that I can execute from cron through cPanel. Whenever cron has completed a job it will email me the console output of the job. this way I can monitor if all commands succeeded. Since I only do updates on the server and no commits, I haven't run into any issues concerning Subversion. Of course, in my .htaccess files I have created a rule that will deny any access to the hidden .svn folders.

推荐答案

好消息是，svn非常容易编写脚本，但坏消息是，您很可能没有shell访问困难时期。

The good news is that svn is very easily scriptable, but the bad news is that you are likely to have a difficult time without shell access.

如果您没有shell访问，请小心可以更改svn下的目录中的文件。这可能导致工作副本和最新版本之间的冲突，并阻止您的更新。您可能希望在更新脚本中构建一个恢复命令，并在更新之前递归递减。

If you do this without shell access, be careful of anything that can change a file in a directory under svn. This can lead to conflicts between working copy and latest version and block your updates. You might want to build in a revert command into your update script, and revert recursively before the update.

另一种选择是导出而不是退出。你不会有.svn目录，你不必担心文件冲突。您可能希望导出到一个干净的目录，而不是覆盖，因为我认为svn导出不接触非版本的文件，包括通过svn删除的文件。

The other choice would be to export rather than check out. You wouldn't have the .svn directories, and you wouldn't have to be concerned about files being conflicted. You might want to export into a clean directory rather than overwrite, since I think the svn export does not touch non-versioned files including files deleted through svn.

困难的部分Web服务器的用户名可能没有对您想要结帐的目录的写入权限。所以它需要运行svn命令作为另一个用户的写权限和文件所有权。我使用suid-perl更改有效的uid / gid，并从php调用那些perl脚本。 Perl然后使用正确的身份调用svn命令。如果您需要suid，那么您需要能够更改文件权限并设置suid位。也许你的FTP可以设置suid权限，否则你需要一个shell。想到的唯一其他选项（这是一个坏主意）是授予Web服务器对整个目录的写入权限。

The difficult part is that the web server's userid probably does not have write permission to the directories you want to hit with your checkout. So it needs to run the svn commands as another user for write permissions and file ownership. I used suid-perl to change effective uid/gid, and call those perl scripts from the php. The Perl then calls the svn command with the correct identity. If you do need suid, then you'll need to be able to change file permissions and set the suid bit. Maybe your FTP can set suid permissions, otherwise you'll need a shell. The only other option which comes to mind (which is a bad idea) is to grant the web server write access to your entire directory.

如果svn存储库位于单独的机器，你可能会想使用svn + ssh。这可能意味着在Web服务器上存储密钥文件或密码。确保密钥文件中的权限是正确的，因为如果ssh对所有者以外的任何人都可读，ssh将拒绝它们。为了安全起见，请确保subversion服务器上的登录名只能访问svn存储库。

If the svn repository is on a separate machine, you will probably want to use svn+ssh. This could mean storing a key file or password on the web server. Make sure the permissions are correct on the key files, since ssh rejects them if they are readable to anyone other than the owner. Just to be safe, make sure the login on the subversion server can do nothing but access the svn repository.

在.htaccess文件或httpd.conf中，您应该阻止所有访问任何人的.svn目录。

In your .htaccess files or httpd.conf you should block all access to .svn directories from anyone anywhere.

我还将我的PHP更新页面保存在SSL密码保护的目录中。它只能有一个可以执行的操作，它将Web目录更新为svn的最新版本。它不接受用户输入。如果它允许用户选择标签或修订版本，它将只接受列表中的标签选择或整数版本号。那些在使用之前将被高度消毒，并且在shell命令或选项中不会使用用户输入。

I also keep my PHP updater page in a directory protected by password over SSL. It only has one action it can perform, which is updating the web directory to the latest revision from svn. It accepts no user input. If it did allow the user to choose a tag or revision, it would only accept tag selections from a list, or integer revision numbers. Those would be highly sanitized before use, and no user input would ever be used in a shell command or option.

主要的是要注意安全性，当你有任何PHP或外部可访问的脚本执行一个修改服务器上的数据的命令。

The main thing is to be careful of security when you have any PHP or externally accessible script execute a command which modifies data on the server.

我认为在一个没有shell访问的机器上，你会有很多难度与权限和文件所有权。除非您与此托管服务提供商有很强的联系，否则我建议您升级到提供工具以使工作更轻松的提供商。你会节省足够的时间，这将是值得的。

I think on a machine where you do not get shell access, you will have a lot of difficulty with permissions and file ownership. Unless you are strongly tied to this hosting provider, I would recommend upgrading to a provider who offers the tools to make your job easier. You'll save yourself enough time that it will likely be worth the money.

这篇关于在网络托管软件包上执行SVn检出/更新的最佳方式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！