Subversion
From KevinWiki
Contents |
Subversion (SVN)
Installation
-Install Subversion from the repository
$ sudo apt-get install subversion
-Add group subversion
$ sudo addgroup subversion Adding group `subversion' (GID ****) ... Done.
-Add yourself and www-data (the Apache user) as users to this group
$ sudo adduser username subversion Adding user `username' to group `subversion' ... Adding user username to group subversion Done. $ sudo adduser www-data subversion Adding user `www-data' to group `subversion' ... Adding user www-data to group subversion Done.
Create SVN Home
-Create SVN home
$ sudo mkdir /opt/svn $ cd /opt/svn
-Create repository
$ sudo mkdir myproject
$ sudo svnadmin create /opt/svn/myproject or $ sudo svnadmin create --fs-type fsfs /opt/svn/myproject
-correct access permissions
$ sudo chown -R www-data:subversion myproject $ sudo chmod -R g+rws myproject
Access via WebDAV protocol (http://)
-Install libapache2-svn
$ sudo apt-get install libapache2-svn ... Enabling module dav. Enabling module dav_svn. Run '/etc/init.d/apache2 restart' to activate new configuration!
-Edit /etc/apache2/mods-enabled/dav_svn.conf file
<Location /svn/myproject>
DAV svn
SVNPath /opt/svn/myproject
# SVNParentPath /opt/svn/
AuthType Basic
AuthName "lckymn.com subversion repository"
AuthUserFile /etc/subversion/.passwd
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
This <LimitExcept GET PROPFIND OPTIONS REPORT></LimitExcept> block gives read-only access to anyone, yet write permission to only authenticated users in the file /etc/subversion/.passwd.
-To set up with multiple virtual hosts create /etc/apache2/sites-available/svn file instead of editing /etc/apache2/mods-enabled/dav_svn.conf file.
<Location /svn/myproject>
DAV svn
SVNPath /opt/svn/myproject
# SVNParentPath /opt/svn/
AuthType Basic
AuthName "lckymn.com subversion repository"
AuthUserFile /etc/subversion/.passwd
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
SSLRequireSSL
</Location>
$ cd /etc/apache2/sites-available $ sudo a2ensite svn
-SSLRequireSSL is added to use SSL when accessing svn.
-To limit any connection to the SVN-Server (private SVN) so only authenticated user can have read and write permissions, remove the lines <LimitExcept GET PROPFIND OPTIONS REPORT> and </LimitExcept>.
<Location /svn/myproject>
DAV svn
SVNPath /opt/svn/myproject
# SVNParentPath /opt/svn/
AuthType Basic
AuthName "lckymn.com subversion repository"
AuthUserFile /etc/subversion/.passwd
# <LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
# </LimitExcept>
</Location>
-use SVNParentPath if there are multiple repositories under a single directory (e.g. /opt/svn/project1, /opt/svn/projec2, /opt/svn/project3)
<Location /svn>
DAV svn
# SVNPath /opt/svn/myproject
SVNParentPath /opt/svn/
AuthType Basic
AuthName "lckymn.com subversion repository"
AuthUserFile /etc/subversion/.passwd
# <LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
# </LimitExcept>
</Location>
-Create user and password
$ sudo htpasswd -c /etc/subversion/.passwd user_name
-Restart Apache server
$ sudo /etc/init.d/apache2 restart
Access via WebDAV protocol with SSL encryption (https://)
- Enable SSL in your Apache server.
With Basic (htpasswd) Authentication
- Create
/etc/apache2/sites-available/svnfile and add the following lines.
<VirtualHost *:443>
ServerAdmin webmaster@yoursite.com
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
ServerName svn.yoursite.com
<Location /myproject>
DAV svn
SVNPath /opt/svn/myproject
# SVNParentPath /opt/svn/
AuthType Basic
AuthName "svn.yoursite.com subversion repository"
AuthUserFile /etc/subversion/.filename.htpasswd
# <LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
# </LimitExcept>
</Location>
</VirtualHost>
- Enable site and restart apache2
$ sudo a2ensite svn $ sudo /etc/init.d/apache2 restart
With Digest (htdigest) Authentication
- To use htdigest as an authentication method instead of htpasswd, modify the
/etc/apache2/sites-available/svnfile like:
<VirtualHost *:443>
ServerAdmin webmaster@yoursite.com
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
ServerName svn.yoursite.com
<Location /myproject>
DAV svn
SVNPath /opt/svn/myproject
# SVNParentPath /opt/svn/
AuthType Digest
AuthName realm
AuthUserFile /etc/subversion/.filename.htdigest
# <LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
# </LimitExcept>
</Location>
</VirtualHost>
- To create htdigest file, use the command below and type the password for the user.
$ htdigest -c passwordfile realm username
- To add more users to the existing realm
$ htdigest passwordfile realm another_username
- Enable site and restart apache2
$ sudo a2ensite svn $ sudo /etc/init.d/apache2 restart
- If it shows an error message like this
Invalid command 'AuthUserFile', perhaps misspelled or defined by a module not included in the server configuration ...fail!
- Enable
auth_digestmodule.
$ a2enmod auth_digest
- Restart the server again.
$ sudo /etc/init.d/apache2 restart
More than one Virtual Host
- If you have another virtual host using 443 port, make sure you default (or mysite) site file has the following line.
NameVirtualHost *:443
Access through SSL
-Now the SVN is accessible through this URL
https://svn.yoursite.com/test
Authorisation
- To set up authorisations for path and repository, create an authorisation file and add the location of it in site configuration file (e.g.
/etc/apache2/sites-available/svn).
AuthzSVNAccessFile <file_path>
- Example
<VirtualHost *:443>
ServerAdmin webmaster@yoursite.com
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
ServerName svn.yoursite.com
<Location /myproject>
DAV svn
SVNPath /opt/svn/myproject
# SVNParentPath /opt/svn/
AuthType Basic
AuthName "svn.yoursite.com subversion repository"
AuthUserFile /etc/subversion/.filename.htpasswd
AuthzSVNAccessFile /etc/subversion/authz
# <LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
# </LimitExcept>
</Location>
</VirtualHost>
- To create the
authzfile, refer to an example authz file in theconfdirectory in a svn repository created bysvnadmin.svnadminautomatically create an example file when creating svn repository. So a good way to create it is to copy the file to a proper location and modify it for your own purpose.
