Print
Category: Linux Server Admin Guide
Hits: 18258

Step 1: Prepare your system

Install subversion, if not yet done:

root@testkraxn ~ # which svn
svn not found
root@testkraxn ~ # apt-get update
root@testkraxn ~ # apt-get install subversion
        The following NEW packages will be installed:
          libapr1 libaprutil1 libdb4.8 libneon27-gnutls libsvn1 subversion
        Do you want to continue [Y/n]? y

Create a single user and run the subversion server as that user. Be sure to make the repository in the filesystem owned by the subversion user as well. From a security point of view, this keeps the repo data well isolated and protected by filesystem permissions, changeable by only the Subversion server process itself.

root@testkraxn ~ # useradd -d /home/subversion -m subversion
root@testkraxn ~ # usermod -a -G subversion subversion
root@testkraxn ~ # chsh subversion # to whatever you prefer
root@testkraxn ~ # cd ~subversion
root@testkraxn ~ # mkdir ~subversion/svn-data
root@testkraxn ~ # chown subversion:subversion -R ~subversion/svn-data

Place a link in the filesystem so we can later access with svn://host:1111/svn/projectX

root@testkraxn ~ # ln -s /home/subversion/svn-data /svn

Step 2: Create a repository

root@testkraxn ~subversion # su subversion
subversion@testkraxn ~ % cd svn-data
subversion@testkraxn ~/svn-data % svnadmin create projectX

Edit your svnserve.conf like this:

subversion@testkraxn ~/svn-data % vim projectX/conf/svnserve.conf
subversion@testkraxn ~/svn-data % grep -vE '^\s*(#.*|)$' projectX/conf/svnserve.conf
[general]
anon-access = none
auth-access = write
password-db = passwd
authz-db = authz

[sasl]

Place your svn users here:

subversion@testkraxn ~/svn-data % vim projectX/conf/passwd
subversion@testkraxn ~/svn-data % grep -vE '^\s*(#.*|)$' projectX/conf/passwd
[users]
andre = asdf27

Step 3: Start and test the svn server daemon process

subversion@testkraxn ~/svn-data % svnserve -d
subversion@testkraxn ~/svn-data % sudo su
root@testkraxn ~ # nmap -sS localhost
PORT     STATE SERVICE
22/tcp   open  ssh
3690/tcp open  svn        <-- you should see this line

Now you should be able to checkout on localhost and from other hosts:

subversion@testkraxn ~/svn-data/projectX % cd /tmp
subversion@testkraxn /tmp % svn co svn://localhost/svn/projectX projectX
subversion@testkraxn /tmp % cd projectX
subversion@testkraxn /tmp/projectX % svn info
Repository Root: svn://localhost/svn/projectX
subversion@testkraxn /tmp/projectX % echo hello > test.txt
subversion@testkraxn /tmp/projectX % svn add test.txt
A         test.txt
subversion@testkraxn /tmp/projectX % svn ci -m "hello world test"
subversion@testkraxn /tmp/projectX % svn update
At revision 1.

or from another host:

anotheruser@anotherhost ~ % svn co svn://vbox0/svn/projectX projectX
A    projectX/test.txt
Checked out revision 1.

Step 4: Configure svn over ssh

This will improve security and convenience, since the users do not need a separate svn user and they can authenticate with a keyfile instead of typing and storing their passwords.

The following requirements must be given:

  • The authentication must use the systems unix user acconts. We do not want to manage a new user/password mapping for everybody.
  • In the configuration, we need to be able control the following:
    • Put users into groups and enable group based authentication rules.
    • Specify separate permissions for every directory.

Example:

On our system, we have two users:

    tester (the one that has readwrite access)
    leser (the one that cannot commit)

Both accounts are existing on the machine and are able to login via ssh.

Set file system permissions. Users not in group subversion are locked out:

root@testkraxn /etc/ssh # cd ~subversion
root@testkraxn ~subversion # ls -l
drwxrwxr-x 3 subversion subversion 4096 Dec  3 14:58 svn-data/
root@testkraxn ~subversion # chown subversion:subversion -R svn-data # to be sure :D
root@testkraxn ~subversion # chmod o-rwx -R svn-data
root@testkraxn ~subversion # ls -l
drwxrwx--- 3 subversion subversion 4096 Dec  3 14:58 svn-data/

Put users to group "subversion". This will allow to access the svn repository.

root@testkraxn /etc/ssh # usermod -G subversion tester
root@testkraxn /etc/ssh # groups tester
tester : tester subversion

Edit your authz file like this:

subversion@testkraxn ~/svn-data % cat projectX/conf/authz

[aliases]
[groups]
committergroup = tester
readgroup = leser, tester

[/] # relative to project root
# allow nothing by default:
* =
@readgroup = r
@committergroup = rw

[/tags]
* =
committergroup = rw

After this, you should be able to use the svn repo like this:

andrer@caracas ~ svn co svn+ssh://tester@vbox0/svn/projectX/trunk rw
Checked out revision 7.

Tutorial
another Reference

Optional: Setup websvn viewer for your server

DRAFT


******* install web svn ( http://www.websvn.info ) ********

root@virtubuntu ~ # apt-get install websvn

or
download bin from 
 http://websvn.tigris.org/files/documents/1380/49057/websvn-2.3.3.zip 

******* setup test repo ********

root@virtubuntu /var/lib # mkdir svn
root@virtubuntu /var/lib # cd svn
root@virtubuntu /var/lib/svn # svnadmin create helloworld
root@virtubuntu /var/lib/svn # ls -l
drwxr-xr-x 6 tester tester 4096 Sep 12 20:22 helloworld/

root@virtubuntu ~ # dpkg-reconfigure websvn

    Apache configuration:
    [*] apache2

    svn parent repositories:
    /var/lib/svn/helloworld

(apache runs as root in my case, so i do not bother.)

open a browser, and goto:
 http://localhost/websvn/ 


Optional: Migrate SVN projects to avoid permission problems with websvn

DRAFT

If needed with this script you can migrate your projects to the fsfs file system type.

Note on permissions
Due to a limitation in the DB format, the 'svnlook' command needs read-write access to the repository (to create locks etc).
You need to give read-write permissions to the user running your webserver on all your repositories.

Another way of avoiding this problem is by creating SVN repositories with the --fs-type=fsfs option.
Existing DB repositories can be converted to the FSFS format by using the svnadmin dump/load commands.



******* setup in filesystem *********

I want to convert all projects that are in directory "public".
The target directory is "migration-stage"

andre@killerkraxn /data/subversion/svn-data/andre % ls -l
drwx------  5 andre andre 4096 2013-07-30 18:41 private/
drwxrwxr-x 36 andre andre 4096 2013-02-13 18:54 public/
andre@killerkraxn /data/subversion/svn-data/andre % ./migrate.sh public  # see below


******* migrate.sh script *********

#!/bin/bash

sourceRootDir="$1"                                                             
migratedRootDir="migration-stage"
mkdir -p "$migratedRootDir"

find "$sourceRootDir" -type d -mindepth 1 -maxdepth 1 \
| sort \
| while read sourceRepo
do
        migratedRepo="${migratedRootDir}${sourceRepo#$sourceRootDir}"
        dumpFile="$migratedRepo.dump"

        echo "migrating repository $sourceRepo to $migratedRepo ..."

        echo "1. create new repo with correct fs type: $migratedRepo"
        svnadmin create --fs-type=fsfs "$migratedRepo"

        echo "2. create svn dump to: $dumpFile"
        svnadmin dump "$sourceRepo" > "$dumpFile"

        echo "3. drop the dump in the new repo"
        cat "$dumpFile" | svnadmin load "$migratedRepo"

        echo "done with migration of $sourceRepo"; echo
done



******** example output *********

migrating repository public/web-jsf2-getstarted to migration-stage/web-jsf2-getstarted ...
1. create new repo: migration-stage/web-jsf2-getstarted

2. create svn dump to: migration-stage/web-jsf2-getstarted.dump
* Dumped revision 0.
* Dumped revision 1.

      [...]

* Dumped revision 11.
* Dumped revision 12.

3. drop the dump in the new repo
<<< Started new transaction, based on original revision 1
     * adding path : branches ... done.
     * adding path : tags ... done.
     * adding path : trunk ... done.
------- Committed revision 1 >>>
<<< Started new transaction, based on original revision 2
     * editing path : trunk ... done.
     * adding path : trunk/pom.xml ... done.
     * adding path : trunk/web ... done.
     * adding path : trunk/web/WEB-INF ... done.
     * adding path : trunk/web/WEB-INF/web.xml ... done.
------- Committed revision 2 >>>
<<< Started new transaction, based on original revision 3

      [...]

<<< Started new transaction, based on original revision 11
     * editing path : trunk/pom.xml ... done.
------- Committed revision 11 >>>
<<< Started new transaction, based on original revision 12
     * editing path : trunk/web/WEB-INF/web.xml ... done.
------- Committed revision 12 >>>
done with repo public/web-jsf2-getstarted