Subversion Setup
From ArchWiki
Contents |
Introduction
This article deals with setting up an svn-server on your machine. There are two popular svn-servers, the built in svnserve and the more advanced option, Apache with svn plugins.
Apache for Subversion Setup
Goals
The goal of this how to is to setup Subversion, with Apache. Why use Apache for Subversion? Well, quite simply, it provides features that the standalone svnserve
does not have...
- You get the ability to use https protocol. This is more secure than the md5 authentication used by svnserve.
- You get fine-grained access controls. You can use Apache auth to limit permissions by directory. This means you can grant read access to everything, but commit access only to trunk for instance, while have another group with commit access to tags or branches.
- You get a free repository viewer. While not very exciting, it does work.
- The Subversion team is working on seamless webdav integration. At some point you should be able to use any webdav interface to update files in the repository.
Required Packages
- apache
- subversion
Apache Installation
This howto does not cover installation and initial setup of the Apache web server.
Subversion Installation
Install the package
pacman -Sy subversion
Create a Directory
mkdir -p /home/svn/repositories
Miscellaneous Configuration Specifics
/etc/httpd/conf/httpd.conf
Ensure the following are listed...if not, add them (you'll typically have to add just the last two), they must be in this order:
LoadModule dav_module modules/mod_dav.so LoadModule dav_fs_module modules/mod_dav_fs.so LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so
SSL or not to SSL?
I prefer to use SSL for SVN access. This enables me to use Apache's AuthType Basic, with little fear of someone sniffing passwords.
I generate the certificate by:
cd /etc/httpd/conf/; openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes
Then, I add the following to /etc/httpd/conf/extra/httpd-ssl.conf
to include the following inside of a virtual host directive:
<Location /svn> DAV svn SVNParentPath /home/svn/repositories AuthzSVNAccessFile /home/svn/.svn-policy-file AuthName "SVN Repositories" AuthType Basic AuthUserFile /home/svn/.svn-auth-file Satisfy Any Require valid-user </Location>
To make sure the SSL settings get loaded, uncomment the SSL configuration line in /etc/httpd/conf/httpd.conf
so it looks like this:
Include /etc/httpd/conf/extra/httpd-ssl.conf
Create /home/svn/.svn-policy-file
[/] * = r [REPO_NAME:/] USER_NAME = rw
The * in the / section is matched to anonymous users. Any access above and beyond read only will be prompted for a user/pass by apache AuthType Basic. The REPO_NAME:/ section inherits permissions from those above, so anon users have read only permission to it. The last bit grants read/write permission of the REPO_NAME repository to the user USER_NAME.
Create /home/svn/.svn-auth-file
This is either an htpasswd, or htdigest file. I used htpasswd. Again, because of SSL, I don't worry as much about password sniffing. htdigest would provide even more security vs sniffing, but at this point, I don't have a need for it.
htpasswd -cs /home/svn/.svn-auth-file USER_NAME
The above creates the file (-c) and uses sha1 for storing the password (-s). The user USER_NAME is created.
To add additional users, leave off the (-c) flag.
htpasswd -s /home/svn/.svn-auth-file OTHER_USER_NAME
Create a Repository
svnadmin create /home/svn/repositories/REPO_NAME
Set Permissions
The Apache user needs permissions over the new repository.
chown -R http.http /home/svn/repositories/REPO_NAME
Create a Project
Directory structure for project
Create the following directory structure on your development machine.
branches tags trunk
You can create them like this.
cd /path/to/directoryofchoice mkdir branches tags trunk
Populate Directory
Put your source files into the created trunk directory.
cp -R /home/USER_NAME/project/REPO_NAME/code/* trunk
Import the Project
svn import -m "Initial import" https://yourdomain.net/svn/REPO_NAME/
Test SVN Checkout
cd /path/to/directory_of_choice cd .. rm -rf /path/to/directory_of_choice svn co https://yourdomain.net/svn/REPO_NAME/
If everything worked out, you should now have a working, checked out copy of your freshly created SVN repo.
Enjoy!
Svnserve setup
Install the package
pacman -Sy subversion
Create a repository
Create your repository
mkdir /path/to/repos/ svnadmin create /path/to/repos/repo1
Your initial repository is empty, if you want to import files into it, use the following command.
svn import ~/code/project1 file:///path/to/repos/repo1 --message 'Initial repository layout'
Set access policies
Edit the file /path/to/repos/repo1/conf/svnserve.conf and uncomment or add the line under [general]
password-db = passwd
You might also want to change the default option for anonymous users.
anon-access = read
Replace "read" with "write" for a repository that anyone can commit to, or set it to "none" to disable all anonymous access.
Now edit the file /path/to/repos/repo1/conf/passwd
[users] harry = foopassword sally = barpassword
The above defines users harry and sally, with passwords foopassword and barpassword, change it as you like
Start the server daemon
Before you start the server, edit the config file /etc/conf.d/svnserve
SVNSERVE_ARGS="-r /path/to/repos --listen-port=4711" SVNSERVE_USER="user"
(the --listen-port flag is optional, make sure that the user has read/write access to the repository files)
Now start the daemon, add it to /etc/rc.conf if you want it to autostart
/etc/rc.d/svnserve start