Subversion

From KevinWiki

(Difference between revisions)
Jump to: navigation, search
(Create SVN Home)
 
(One intermediate revision not shown)
Line 32: Line 32:
  $ sudo mkdir /opt/svn  
  $ sudo mkdir /opt/svn  
  $ cd /opt/svn  
  $ cd /opt/svn  
 +
 +
-Create repository
  $ sudo mkdir myproject  
  $ sudo mkdir myproject  
-
$ sudo chown -R www-data myproject
 
-
$ sudo chgrp -R subversion myproject
 
-
$ sudo chmod -R g+rws myproject
 
-
-Create repository
+
$ sudo svnadmin create /opt/svn/myproject  
-
<pre>
+
or
-
$ sudo svnadmin create /opt/svn/myproject  
+
$ sudo svnadmin create --fs-type fsfs /opt/svn/myproject  
-
</pre>
+
-
or
+
-
<pre>
+
-
$ sudo svnadmin create --fs-type fsfs /opt/svn/myproject  
+
-
</pre>
+
-
-to use WebDAV, repeat the chmod -R g+rws myproject command again as because svnadmin will create directories and files without group write access.
+
 +
-correct access permissions
 +
$ sudo chown -R www-data:subversion myproject
 +
$ sudo chmod -R g+rws myproject
==Access via WebDAV protocol (<code>http://</code>)==
==Access via WebDAV protocol (<code>http://</code>)==
Line 228: Line 224:
https://svn.yoursite.com/test
https://svn.yoursite.com/test
</pre>
</pre>
 +
 +
=== Authorisation ===
 +
*To set up authorisations for path and repository, create an authorisation file and add the location of it in site configuration file (e.g. <code>/etc/apache2/sites-available/svn</code>).
 +
 +
<pre>
 +
AuthzSVNAccessFile <file_path>
 +
</pre>
 +
 +
* Example
 +
<VirtualHost *:443>                                     
 +
    ServerAdmin webmaster@yoursite.com         
 +
 +
    SSLEngine on
 +
 +
    SSLOptions +StrictRequire
 +
 +
    SSLCertificateFile /etc/ssl/certs/server.crt
 +
    SSLCertificateKeyFile /etc/ssl/private/server.key
 +
 +
    ServerName svn.yoursite.com
 +
 +
    <Location /myproject>
 +
        DAV svn
 +
        SVNPath /opt/svn/myproject
 +
#        SVNParentPath /opt/svn/
 +
        AuthType Basic
 +
        AuthName "svn.yoursite.com subversion repository"
 +
        AuthUserFile /etc/subversion/.filename.htpasswd
 +
        '''AuthzSVNAccessFile /etc/subversion/authz'''
 +
#        <LimitExcept GET PROPFIND OPTIONS REPORT>
 +
            Require valid-user
 +
#        </LimitExcept>
 +
    </Location>
 +
</VirtualHost>
 +
 +
*To create the <code>authz</code> file, refer to an example authz file in the <code>conf</code> directory in a svn repository created by <code>svnadmin</code>. <code>svnadmin</code> automatically create an example file when creating svn repository.  So a good way to create it is to copy the file to a proper location and modify it for your own purpose.

Latest revision as of 11:09, 26 November 2011

Contents

Subversion (SVN)

Installation

-Install Subversion from the repository 

$ sudo apt-get install subversion

-Add group subversion 

$ sudo addgroup subversion 
Adding group `subversion' (GID ****) ...
Done.

-Add yourself and www-data (the Apache user) as users to this group 

$ sudo adduser username subversion 
Adding user `username' to group `subversion' ...
Adding user username to group subversion
Done.

$ sudo adduser www-data subversion 
Adding user `www-data' to group `subversion' ...
Adding user www-data to group subversion
Done.

Create SVN Home

-Create SVN home 

$ sudo mkdir /opt/svn 
$ cd /opt/svn

-Create repository 

$ sudo mkdir myproject 

$ sudo svnadmin create /opt/svn/myproject 
or
$ sudo svnadmin create --fs-type fsfs /opt/svn/myproject

-correct access permissions 

$ sudo chown -R www-data:subversion myproject 
$ sudo chmod -R g+rws myproject

Access via WebDAV protocol (http://)

-Install libapache2-svn 

$ sudo apt-get install libapache2-svn 
...
Enabling module dav.
Enabling module dav_svn.
Run '/etc/init.d/apache2 restart' to activate new configuration!

-Edit /etc/apache2/mods-enabled/dav_svn.conf file 

<Location /svn/myproject>
    DAV svn
    SVNPath /opt/svn/myproject
#    SVNParentPath /opt/svn/
    AuthType Basic
    AuthName "lckymn.com subversion repository"
    AuthUserFile /etc/subversion/.passwd
    <LimitExcept GET PROPFIND OPTIONS REPORT>
        Require valid-user
    </LimitExcept>
</Location>

This <LimitExcept GET PROPFIND OPTIONS REPORT></LimitExcept> block gives read-only access to anyone, yet write permission to only authenticated users in the file /etc/subversion/.passwd.


-To set up with multiple virtual hosts create /etc/apache2/sites-available/svn file instead of editing /etc/apache2/mods-enabled/dav_svn.conf file. 

<Location /svn/myproject>
    DAV svn
    SVNPath /opt/svn/myproject
#    SVNParentPath /opt/svn/
    AuthType Basic
    AuthName "lckymn.com subversion repository"
    AuthUserFile /etc/subversion/.passwd
    <LimitExcept GET PROPFIND OPTIONS REPORT>
        Require valid-user
    </LimitExcept>
	SSLRequireSSL
</Location>

$ cd /etc/apache2/sites-available
$ sudo a2ensite svn

-SSLRequireSSL is added to use SSL when accessing svn.


-To limit any connection to the SVN-Server (private SVN) so only authenticated user can have read and write permissions, remove the lines <LimitExcept GET PROPFIND OPTIONS REPORT> and </LimitExcept>. 

<Location /svn/myproject>
    DAV svn
    SVNPath /opt/svn/myproject
#    SVNParentPath /opt/svn/
    AuthType Basic
    AuthName "lckymn.com subversion repository"
    AuthUserFile /etc/subversion/.passwd
#    <LimitExcept GET PROPFIND OPTIONS REPORT>
        Require valid-user
#    </LimitExcept>
</Location>


-use SVNParentPath if there are multiple repositories under a single directory (e.g. /opt/svn/project1, /opt/svn/projec2, /opt/svn/project3) 

<Location /svn>
    DAV svn
#    SVNPath /opt/svn/myproject
    SVNParentPath /opt/svn/
    AuthType Basic
    AuthName "lckymn.com subversion repository"
    AuthUserFile /etc/subversion/.passwd
#    <LimitExcept GET PROPFIND OPTIONS REPORT>
        Require valid-user
#    </LimitExcept>
</Location>


-Create user and password 

$ sudo htpasswd -c /etc/subversion/.passwd user_name


-Restart Apache server 

$ sudo /etc/init.d/apache2 restart


Access via WebDAV protocol with SSL encryption (https://)

  • Enable SSL in your Apache server.

With Basic (htpasswd) Authentication

  • Create /etc/apache2/sites-available/svn file and add the following lines. 
<VirtualHost *:443>                                       
    ServerAdmin webmaster@yoursite.com          

    SSLEngine on

    SSLOptions +StrictRequire

    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key

    ServerName svn.yoursite.com

    <Location /myproject>
        DAV svn
        SVNPath /opt/svn/myproject
#        SVNParentPath /opt/svn/
        AuthType Basic
        AuthName "svn.yoursite.com subversion repository"
        AuthUserFile /etc/subversion/.filename.htpasswd
#        <LimitExcept GET PROPFIND OPTIONS REPORT>
            Require valid-user
#        </LimitExcept>
    </Location>
</VirtualHost>


  • Enable site and restart apache2 
$ sudo a2ensite svn 
$ sudo /etc/init.d/apache2 restart


With Digest (htdigest) Authentication

  • To use htdigest as an authentication method instead of htpasswd, modify the /etc/apache2/sites-available/svn file like: 
<VirtualHost *:443>                                       
    ServerAdmin webmaster@yoursite.com

    SSLEngine on

    SSLOptions +StrictRequire

    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key

    ServerName svn.yoursite.com

    <Location /myproject>
        DAV svn
        SVNPath /opt/svn/myproject
#        SVNParentPath /opt/svn/
        AuthType Digest
        AuthName realm
        AuthUserFile /etc/subversion/.filename.htdigest
#        <LimitExcept GET PROPFIND OPTIONS REPORT>
            Require valid-user
#        </LimitExcept>
    </Location>
</VirtualHost>
  • To create htdigest file, use the command below and type the password for the user. 
$ htdigest -c passwordfile realm username
  • To add more users to the existing realm 
$ htdigest passwordfile realm another_username
  • Enable site and restart apache2 
$ sudo a2ensite svn 
$ sudo /etc/init.d/apache2 restart
  • If it shows an error message like this 
Invalid command 'AuthUserFile', perhaps misspelled or defined by a module not included in the server configuration
   ...fail!
  • Enable auth_digest module. 
$ a2enmod auth_digest
  • Restart the server again. 
$ sudo /etc/init.d/apache2 restart


More than one Virtual Host

  • If you have another virtual host using 443 port, make sure you default (or mysite) site file has the following line. 
NameVirtualHost *:443


Access through SSL

-Now the SVN is accessible through this URL 

https://svn.yoursite.com/test

Authorisation

  • To set up authorisations for path and repository, create an authorisation file and add the location of it in site configuration file (e.g. /etc/apache2/sites-available/svn). 
AuthzSVNAccessFile <file_path>
  • Example 
<VirtualHost *:443>                                       
    ServerAdmin webmaster@yoursite.com          

    SSLEngine on

    SSLOptions +StrictRequire

    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key

    ServerName svn.yoursite.com

    <Location /myproject>
        DAV svn
        SVNPath /opt/svn/myproject
#        SVNParentPath /opt/svn/
        AuthType Basic
        AuthName "svn.yoursite.com subversion repository"
        AuthUserFile /etc/subversion/.filename.htpasswd
        AuthzSVNAccessFile /etc/subversion/authz
#        <LimitExcept GET PROPFIND OPTIONS REPORT>
            Require valid-user
#        </LimitExcept>
    </Location>
</VirtualHost>
  • To create the authz file, refer to an example authz file in the conf directory in a svn repository created by svnadmin. svnadmin automatically create an example file when creating svn repository. So a good way to create it is to copy the file to a proper location and modify it for your own purpose.
Retrieved from "http://kevinlee.io/wiki/Subversion"
Personal tools