Difference between revisions of "Subversion"

From ArchWiki
Jump to: navigation, search
m (Start the server daemon: Use hc template)
m ("config" -> "configuration)
 
(32 intermediate revisions by 11 users not shown)
Line 1: Line 1:
 
[[Category:Version Control System]]
 
[[Category:Version Control System]]
[[Category:Web Server]]
+
[[Category:Web server]]
 
[[de:Apache Subversion]]
 
[[de:Apache Subversion]]
[[zh-CN:Subversion Setup]]
+
[[ja:Subversion]]
''"[http://subversion.apache.org/features.html Apache Subversion] is a full-featured version control system originally designed to be a better [[CVS]]. Subversion has since expanded beyond its original goal of replacing CVS, but its basic model, design, and interface remain heavily influenced by that goal."''
+
[[zh-cn:Subversion]]
 +
[http://subversion.apache.org/features.html Apache Subversion] is "a full-featured version control system originally designed to be a better [[CVS]]. Subversion has since expanded beyond its original goal of replacing CVS, but its basic model, design, and interface remain heavily influenced by that goal."
  
This article deals with setting up an svn-server on your machine. There are two popular svn-servers, the built in svnserve and the more advanced option, [[LAMP | Apache]] with svn plugins.
+
This article deals with setting up an svn-server on your machine. There are two popular svn-servers, the built in ''svnserve'' and the more advanced option, [[Apache HTTP Server]] with svn plugins.
  
== Apache for Subversion Setup ==
+
== Apache Subversion Setup ==
  
 
===Goals===
 
===Goals===
Line 17: Line 18:
 
* The Subversion team is working on seamless webdav integration. At some point you should be able to use any webdav interface to update files in the repository.
 
* The Subversion team is working on seamless webdav integration. At some point you should be able to use any webdav interface to update files in the repository.
  
====Required Packages====
+
===Installation===
* apache
+
Install [[Apache HTTP Server]] as described in its article.
* subversion
+
  
===Apache Installation===
+
Besides Apache, you will only need to install {{Pkg|subversion}}, available from the [[official repositories]].
This howto '''does not''' cover installation and initial setup of the Apache web server. This is covered [[LAMP|here]].
+
  
===Subversion Installation===
+
===Subversion Configuration===
====Install the package====
+
Create a directory for your repositories:
  pacman -S subversion
+
  # mkdir -p /home/svn/repositories
  
====Create a Directory====
+
====Edit /etc/httpd/conf/httpd.conf====
mkdir -p /home/svn/repositories
+
 
+
===Miscellaneous Configuration Specifics===
+
====/etc/httpd/conf/httpd.conf====
+
 
Ensure the following are listed...if not, add them (you will typically have to add just the last two), they must be in this order:
 
Ensure the following are listed...if not, add them (you will typically have to add just the last two), they must be in this order:
 
 
  LoadModule dav_module          modules/mod_dav.so
 
  LoadModule dav_module          modules/mod_dav.so
 
  LoadModule dav_fs_module        modules/mod_dav_fs.so
 
  LoadModule dav_fs_module        modules/mod_dav_fs.so
Line 40: Line 34:
 
  LoadModule authz_svn_module    modules/mod_authz_svn.so
 
  LoadModule authz_svn_module    modules/mod_authz_svn.so
  
====SSL or not to SSL?====
+
====To SSL or not to SSL?====
I prefer to use SSL for SVN access. This enables me to use Apache's AuthType Basic, with little fear of someone sniffing passwords.
+
SSL for SVN access has a few benefits, for instance it allows you to use Apache's AuthType Basic, with little fear of someone sniffing passwords.
 
+
I generate the certificate by:
+
 
+
{{bc|cd /etc/httpd/conf/; openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes}}
+
  
Add the following to {{ic|/etc/httpd/conf/extra/httpd-ssl.conf}}. (Or add to {{ic|/etc/httpd/conf/extra/httpd-vhosts.conf}} if your not using ssl[at your own risk], or are on a local testing server)  Include the following inside of a virtual host directive:
+
Generate the certificate by:
 +
# cd /etc/httpd/conf/
 +
# openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes
  
 +
Add the following to {{ic|/etc/httpd/conf/extra/httpd-ssl.conf}} (or to {{ic|/etc/httpd/conf/extra/httpd-vhosts.conf}} if you are not using ssl). Include the following inside of a virtual host directive:
 
  <Location /svn>
 
  <Location /svn>
 
     DAV svn
 
     DAV svn
Line 56: Line 49:
 
     AuthType Basic
 
     AuthType Basic
 
     AuthUserFile /home/svn/.svn-auth-file
 
     AuthUserFile /home/svn/.svn-auth-file
    Satisfy Any
 
 
     Require valid-user
 
     Require valid-user
 
  </Location>
 
  </Location>
  
 
To make sure the SSL settings get loaded, uncomment the SSL configuration line in {{ic|/etc/httpd/conf/httpd.conf}} so it looks like this:
 
To make sure the SSL settings get loaded, uncomment the SSL configuration line in {{ic|/etc/httpd/conf/httpd.conf}} so it looks like this:
 
+
LoadModule ssl_module modules/mod_ssl.so
  Include /etc/httpd/conf/extra/httpd-ssl.conf
+
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 +
Include /etc/httpd/conf/extra/httpd-ssl.conf
  
 
====Create /home/svn/.svn-policy-file====
 
====Create /home/svn/.svn-policy-file====
{{bc|1=
+
[/]
[/]
+
* = r
* = r
+
 
+
[REPO_NAME:/]
[REPO_NAME:/]
+
USER_NAME = rw
USER_NAME = rw
+
}}
+
  
 
The * in the / section is matched to anonymous users. Any access above and beyond read only will be prompted for a user/pass by apache AuthType Basic. The REPO_NAME:/ section inherits permissions from those above, so anon users have read only permission to it. The last bit grants read/write permission of the REPO_NAME repository to the user USER_NAME.
 
The * in the / section is matched to anonymous users. Any access above and beyond read only will be prompted for a user/pass by apache AuthType Basic. The REPO_NAME:/ section inherits permissions from those above, so anon users have read only permission to it. The last bit grants read/write permission of the REPO_NAME repository to the user USER_NAME.
  
 
====Create /home/svn/.svn-auth-file====
 
====Create /home/svn/.svn-auth-file====
This is either an htpasswd, or htdigest file. I used htpasswd. Again, because of SSL, I do not worry as much about password sniffing. htdigest would provide even more security vs sniffing, but at this point, I do not have a need for it. Run the following command
+
This is either an htpasswd, or htdigest file. I used htpasswd. Again, because of SSL, I do not worry as much about password sniffing. htdigest would provide even more security vs. sniffing, but at this point, I do not have a need for it. Run the following command
  htpasswd -cs /home/svn/.svn-auth-file USER_NAME
+
# htpasswd -cs /home/svn/.svn-auth-file USER_NAME
 +
 
 +
The above creates the file ({{ic|-c}}) and uses SHA-1 for storing the password ({{ic|-s}}). The user {{ic|USER_NAME}} is created.
  
The above creates the file (-c) and uses sha1 for storing the password (-s). The user USER_NAME is created. <br />
+
To add additional users, leave off the ({{ic|-c}}) flag.
To add additional users, leave off the (-c) flag.
+
  # htpasswd -s /home/svn/.svn-auth-file OTHER_USER_NAME
  htpasswd -s /home/svn/.svn-auth-file OTHER_USER_NAME
+
  
 
====Create a Repository====
 
====Create a Repository====
  svnadmin create /home/svn/repositories/REPO_NAME
+
  # svnadmin create /home/svn/repositories/REPO_NAME
  
 
====Set Permissions====
 
====Set Permissions====
 
The Apache user needs permissions over the new repository.
 
The Apache user needs permissions over the new repository.
  chown -R http.http /home/svn/repositories/REPO_NAME
+
  # chown -R http:http /home/svn/repositories/REPO_NAME
  
 
===Create a Project===
 
===Create a Project===
 
====Directory structure for project====
 
====Directory structure for project====
Create the following directory structure on your development machine.
+
Create a temporary directory with the {{ic|branches}} {{ic|tags}} {{ic|trunk}} directory structure on your development machine.
  branches  tags  trunk
+
  $ mkdir -p ~/svn-import/{branches,tags,trunk}
 
+
You can create them like this.
+
cd /path/to/project
+
mkdir branches tags trunk
+
  
 
====Populate Directory====
 
====Populate Directory====
 
Copy or move your project source files into the created trunk directory.
 
Copy or move your project source files into the created trunk directory.
  cp -R /home/USER_NAME/project/REPO_NAME/code/* trunk
+
  $ cp -R /my/existing/project/* ~/svn-import/trunk
  
 
====Import the Project====
 
====Import the Project====
  svn import -m "Initial import" https://yourdomain.net/svn/REPO_NAME/
+
  $ svn import -m "Initial import" ~/svn-import https://yourdomain.net/svn/REPO_NAME/
  
 
====Test SVN Checkout====
 
====Test SVN Checkout====
{{bc|
+
$ svn checkout https://yourdomain.net/svn/REPO_NAME/ /my/svn/working/copy
cd /path/to/directory_of_choice
+
cd ..
+
rm -rf /path/to/directory_of_choice
+
svn co https://yourdomain.net/svn/REPO_NAME/
+
}}
+
  
 
If everything worked out, you should now have a working, checked out copy of your freshly created SVN repo.
 
If everything worked out, you should now have a working, checked out copy of your freshly created SVN repo.
Line 120: Line 103:
 
== Svnserve setup ==
 
== Svnserve setup ==
  
====Install the package====
+
===Install the package===
pacman -S subversion
+
Install {{Pkg|subversion}} from the [[official repositories]].
  
==== Create a repository ====
+
=== Create a repository ===
  
 
Create your repository
 
Create your repository
 
  mkdir /path/to/repos/
 
  mkdir /path/to/repos/
 
  svnadmin create /path/to/repos/repo1
 
  svnadmin create /path/to/repos/repo1
+
 
 
Your initial repository is empty, if you want to import files into it, use the following command.
 
Your initial repository is empty, if you want to import files into it, use the following command.
 
  svn import ~/code/project1 file:///path/to/repos/repo1 --message 'Initial repository layout'
 
  svn import ~/code/project1 file:///path/to/repos/repo1 --message 'Initial repository layout'
  
==== Set access policies ====
+
=== Set access policies ===
  
 
Edit the file /path/to/repos/repo1/conf/svnserve.conf and uncomment or add the line under [general]
 
Edit the file /path/to/repos/repo1/conf/svnserve.conf and uncomment or add the line under [general]
Line 148: Line 131:
 
The above defines users harry and sally, with passwords foopassword and barpassword, change it as you like
 
The above defines users harry and sally, with passwords foopassword and barpassword, change it as you like
  
==== Start the server daemon ====
+
=== Start the server daemon ===
 +
 
 +
Before you start the server, edit the configuration file:
  
Before you start the server, edit the config file:
 
 
{{hc|/etc/conf.d/svnserve|2=
 
{{hc|/etc/conf.d/svnserve|2=
SVNSERVE_ARGS="-r /path/to/repos --listen-port=4711"
+
SVNSERVE_ARGS="--root=/path/to/repos"
SVNSERVE_USER="user"
+
 
}}
 
}}
The {{ic|--listen-port}} flag is optional.
 
  
The {{ic|-r /path/to/repos}} option set the root of repository tree. If you have multiple repositories use {{ic|-r /path-to/reposparent}}. Then access independent repositories by passing in repository name in the URL: {{ic|svn://host/repo1}}. make sure that the user has read/write access to the repository files)
+
The {{ic|1=--root=/path/to/repos}} option set the root of repository tree. If you have multiple repositories use {{ic|1=--root=/path-to/reposparent}}. Then access independent repositories by passing in repository name in the URL: {{ic|svn://host/repo1}}. make sure that the user has read/write access to the repository files)
  
Now start the daemon:
+
Optionally add a {{ic|--listen-port}} if you want a different port, or other options.
# systemctl start svnserve
+
  
If you want it to autostart on boot:
+
By default, the service runs as root. If you want to change that, add a drop-in:
# systemctl enable svnserve
+
  
==Subversion backup==
+
{{hc|/etc/systemd/system/svnserve.service.d/50-custom.conf|2=
 +
[Service]
 +
User=svn
 +
}}
  
For a guide on backing up your subversion repositories, see [[Subversion backup and restore]].
+
Now start the ''svnserve.service'' [[daemon]].
 +
 
 +
=== svn+ssh ===
 +
To use svn+ssh://, we have to have a wrapper written for svnserve.
 +
 
 +
check where the svnserve binary is located:
 +
{{bc| # which svnserve
 +
/usr/local/bin/svnserve
 +
}}
 +
 
 +
Our wrapper is going to have to fall in PATH prior to this location...
 +
 
 +
create wrapper:
 +
# touch /usr/bin/svnserve
 +
# chmod 755 /usr/bin/svnserve
 +
 
 +
now edit it to look like so:
 +
 
 +
{{bc|/usr/bin/svnserve
 +
#!/bin/sh
 +
# wrapper script for svnserve
 +
umask 007
 +
/usr/local/bin/svnserve -r /path/to "$@"
 +
}}
 +
 
 +
{{ic|-r /path/to}} is what makes use of the svn co svn+ssh://server.domain.com:/reponame instead of {{ic|:/path/to/reponame}}.
 +
 
 +
Start svnserve with new wrapper script like so:
 +
# /usr/bin/svnserve -d  ( start daemon mode )
 +
 
 +
we can also check the perms for remote users like this:
 +
 
 +
{{bc|$ <nowiki>svn ls svn+ssh://server.domain.com:/reponame</nowiki>
 +
++server.domain.com++
 +
dev/
 +
qa/
 +
release/
 +
}}
 +
 
 +
==Subversion backup and restore ==
 +
 
 +
To back up your subversion repositories,do this for each repository you have.
 +
$ svnadmin dump /path/to/reponame > /tmp/reponame.dump
 +
$ scp -rp /tmp/reponame.dump user@server.domain.com:/tmp/
 +
 
 +
To restore the backup, create the corresponding repositories first:
 +
svnadmin create /path/to/reponame
 +
 
 +
Then load svn dump into new repo:
 +
svnadmin load /path/to/reponame < /tmp/repo1.dump
 +
 
 +
Setting Permissions:
 +
chown -R svn:svnusers /path/to/reponame ;
 +
chmod -R g+w /path/to/reponame/db/
 +
 +
Ok these repos should be all setup.
  
 
==Subversion clients==
 
==Subversion clients==
For a list of subversion clients, see wikipedia: [http://en.wikipedia.org/wiki/Comparison_of_Subversion_clients]
+
For a list of subversion clients, see the [[Wikipedia:Comparison of Subversion clients|Wikipedia article]].
 +
 
 +
== See also ==
 +
* http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-9-sect-2.2-re-load
 +
* http://subversion.tigris.org/

Latest revision as of 18:49, 22 April 2016

Apache Subversion is "a full-featured version control system originally designed to be a better CVS. Subversion has since expanded beyond its original goal of replacing CVS, but its basic model, design, and interface remain heavily influenced by that goal."

This article deals with setting up an svn-server on your machine. There are two popular svn-servers, the built in svnserve and the more advanced option, Apache HTTP Server with svn plugins.

Apache Subversion Setup

Goals

The goal of this how to is to setup Subversion, with Apache. Why use Apache for Subversion? Well, quite simply, it provides features that the standalone svnserve does not have...

  • You get the ability to use https protocol. This is more secure than the md5 authentication used by svnserve.
  • You get fine-grained access controls. You can use Apache auth to limit permissions by directory. This means you can grant read access to everything, but commit access only to trunk for instance, while have another group with commit access to tags or branches.
  • You get a free repository viewer. While not very exciting, it does work.
  • The Subversion team is working on seamless webdav integration. At some point you should be able to use any webdav interface to update files in the repository.

Installation

Install Apache HTTP Server as described in its article.

Besides Apache, you will only need to install subversion, available from the official repositories.

Subversion Configuration

Create a directory for your repositories:

# mkdir -p /home/svn/repositories

Edit /etc/httpd/conf/httpd.conf

Ensure the following are listed...if not, add them (you will typically have to add just the last two), they must be in this order:

LoadModule dav_module           modules/mod_dav.so
LoadModule dav_fs_module        modules/mod_dav_fs.so
LoadModule dav_svn_module       modules/mod_dav_svn.so
LoadModule authz_svn_module     modules/mod_authz_svn.so

To SSL or not to SSL?

SSL for SVN access has a few benefits, for instance it allows you to use Apache's AuthType Basic, with little fear of someone sniffing passwords.

Generate the certificate by:

# cd /etc/httpd/conf/
# openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes

Add the following to /etc/httpd/conf/extra/httpd-ssl.conf (or to /etc/httpd/conf/extra/httpd-vhosts.conf if you are not using ssl). Include the following inside of a virtual host directive:

<Location /svn>
   DAV svn
   SVNParentPath /home/svn/repositories
   AuthzSVNAccessFile /home/svn/.svn-policy-file
   AuthName "SVN Repositories"
   AuthType Basic
   AuthUserFile /home/svn/.svn-auth-file
   Require valid-user
</Location>

To make sure the SSL settings get loaded, uncomment the SSL configuration line in /etc/httpd/conf/httpd.conf so it looks like this:

LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include /etc/httpd/conf/extra/httpd-ssl.conf

Create /home/svn/.svn-policy-file

[/]
* = r

[REPO_NAME:/]
USER_NAME = rw

The * in the / section is matched to anonymous users. Any access above and beyond read only will be prompted for a user/pass by apache AuthType Basic. The REPO_NAME:/ section inherits permissions from those above, so anon users have read only permission to it. The last bit grants read/write permission of the REPO_NAME repository to the user USER_NAME.

Create /home/svn/.svn-auth-file

This is either an htpasswd, or htdigest file. I used htpasswd. Again, because of SSL, I do not worry as much about password sniffing. htdigest would provide even more security vs. sniffing, but at this point, I do not have a need for it. Run the following command

# htpasswd -cs /home/svn/.svn-auth-file USER_NAME

The above creates the file (-c) and uses SHA-1 for storing the password (-s). The user USER_NAME is created.

To add additional users, leave off the (-c) flag.

# htpasswd -s /home/svn/.svn-auth-file OTHER_USER_NAME

Create a Repository

# svnadmin create /home/svn/repositories/REPO_NAME

Set Permissions

The Apache user needs permissions over the new repository.

# chown -R http:http /home/svn/repositories/REPO_NAME

Create a Project

Directory structure for project

Create a temporary directory with the branches tags trunk directory structure on your development machine.

$ mkdir -p ~/svn-import/{branches,tags,trunk}

Populate Directory

Copy or move your project source files into the created trunk directory.

$ cp -R /my/existing/project/* ~/svn-import/trunk

Import the Project

$ svn import -m "Initial import" ~/svn-import https://yourdomain.net/svn/REPO_NAME/

Test SVN Checkout

$ svn checkout https://yourdomain.net/svn/REPO_NAME/ /my/svn/working/copy

If everything worked out, you should now have a working, checked out copy of your freshly created SVN repo.

Enjoy!

Svnserve setup

Install the package

Install subversion from the official repositories.

Create a repository

Create your repository

mkdir /path/to/repos/
svnadmin create /path/to/repos/repo1

Your initial repository is empty, if you want to import files into it, use the following command.

svn import ~/code/project1 file:///path/to/repos/repo1 --message 'Initial repository layout'

Set access policies

Edit the file /path/to/repos/repo1/conf/svnserve.conf and uncomment or add the line under [general]

password-db = passwd

You might also want to change the default option for anonymous users.

anon-access = read

Replace "read" with "write" for a repository that anyone can commit to, or set it to "none" to disable all anonymous access.

Now edit the file /path/to/repos/repo1/conf/passwd

[users]
harry = foopassword
sally = barpassword

The above defines users harry and sally, with passwords foopassword and barpassword, change it as you like

Start the server daemon

Before you start the server, edit the configuration file:

/etc/conf.d/svnserve
SVNSERVE_ARGS="--root=/path/to/repos"

The --root=/path/to/repos option set the root of repository tree. If you have multiple repositories use --root=/path-to/reposparent. Then access independent repositories by passing in repository name in the URL: svn://host/repo1. make sure that the user has read/write access to the repository files)

Optionally add a --listen-port if you want a different port, or other options.

By default, the service runs as root. If you want to change that, add a drop-in:

/etc/systemd/system/svnserve.service.d/50-custom.conf
[Service]
User=svn

Now start the svnserve.service daemon.

svn+ssh

To use svn+ssh://, we have to have a wrapper written for svnserve.

check where the svnserve binary is located:

 # which svnserve
/usr/local/bin/svnserve

Our wrapper is going to have to fall in PATH prior to this location...

create wrapper:

# touch /usr/bin/svnserve
# chmod 755 /usr/bin/svnserve 

now edit it to look like so:

/usr/bin/svnserve 
#!/bin/sh
# wrapper script for svnserve
umask 007
/usr/local/bin/svnserve -r /path/to "$@"

-r /path/to is what makes use of the svn co svn+ssh://server.domain.com:/reponame instead of :/path/to/reponame.

Start svnserve with new wrapper script like so:

# /usr/bin/svnserve -d  ( start daemon mode )

we can also check the perms for remote users like this:

$ svn ls svn+ssh://server.domain.com:/reponame
++server.domain.com++
dev/
qa/
release/

Subversion backup and restore

To back up your subversion repositories,do this for each repository you have.

$ svnadmin dump /path/to/reponame > /tmp/reponame.dump
$ scp -rp /tmp/reponame.dump user@server.domain.com:/tmp/

To restore the backup, create the corresponding repositories first:

svnadmin create /path/to/reponame

Then load svn dump into new repo:

svnadmin load /path/to/reponame < /tmp/repo1.dump

Setting Permissions:

chown -R svn:svnusers /path/to/reponame ; 
chmod -R g+w /path/to/reponame/db/

Ok these repos should be all setup.

Subversion clients

For a list of subversion clients, see the Wikipedia article.

See also