Difference between revisions of "SVN"

From Blue-IT.org Wiki
(Undo revision 4491 by Apos (talk))
Line 1: Line 1:
= svn+ssh and https together =
+
== SVN Integration with https ==
* Already running an ssh server?
+
This HowTo is tested with Debian 6 (squeeze) but should be applicable to any Linux based distribution.
* Already have a user with ssh account (that's necessary)
 
  
Add the user you want to add to the subversion group:
+
First of all your repository, e.g. /home/svn must be writable by the webserver:
adduser username subversion
 
(or later remove with: deluser username subversion)
 
  
Alter permissions of the repository "users_repository"
+
MYREPO="/home/svn"
cd /home/svn
+
  chown -R www-data:www-data ${MYREPO}
  chown -R www-data:subversion users_repository
+
  find ${MYREPO} -type d -exec chmod 2755 \{} \;
  find users_repository/. -type d -name "*" -exec chmod -R g+rws {} \;
+
  find ${MYREPO} -not -type d -exec chmod 0644 \{} \;
  find users_repository/. -type f -name "*" -exec chmod -R g+rw {} \;
 
  
That's it.
+
Then you need mod_dav for apache2:
  
Now you can connect e.g.:
+
apt-get install libapache2-svn
  svn checkout svn+ssh://username@SERVER_IP/home/svn/users_repository
+
a2enmod dav
 +
  a2enmod dav_svn
  
Attention: In your checked out repository you have to switch the svn access url from http to svn+ssh!
+
 
  svn switch --relocate http://domain.com/{repo} svn+ssh://{username}@domain.com/home/{username}/svn/{repo}
+
To access an svn like https://serverip/svn/repo1 (with read/write access for user1) https://serverip/svn/repo2 (with read/write access for user2)
 +
/path/to/
 +
      └── svn
 +
            ├── repo1  -> should only be rw-accessible by user1
 +
            └── repo2  -> should only be rw-accessible by user2
 +
 
 +
do the following 3 (4) steps:
 +
 
 +
=== First: create a dav configuration file ===
 +
 
 +
cd /etc/apache2/mods-available/
 +
vim dav_svn.conf
 +
 
 +
<nowiki><Location /svn></nowiki>
 +
    DAV svn
 +
    SVNParentPath /path/to/svn
 +
    AuthType Basic
 +
    AuthName "Subversion Repository"
 +
    AuthUserFile /etc/apache2/dav_svn.passwd
 +
    AuthzSVNAccessFile /etc/apache2/dav_svn.authz
 +
     
 +
    <nowiki># Allow access only with authentification</nowiki>
 +
    Require valid-user
 +
 
 +
    <nowiki># Allow acces with anonymous checkout</nowiki>
 +
    <nowiki>#<LimitExcept GET PROPFIND OPTIONS REPORT></nowiki>
 +
    <nowiki># </nowiki> Require valid-user
 +
    <nowiki>#</LimitExcept></nowiki>
 +
 
 +
<nowiki></Location></nowiki>
 +
 
 +
=== Second: set passwords for users: ===
 +
For the first user call htpasswd with the -c parameter (this _c_reates a new file and - of course - overwrites an existing one!):
 +
 
 +
  htpasswd -c /etc/apache2/dav_svn.passwd  user1
 +
 +
and for every one after that without “-c“ (because this in case will overwrite the file!!!)
 +
 
 +
htpasswd /etc/apache2/dav_svn.passwd  user2
 +
 
 +
=== Third: create the authz file for authorization: ===
 +
vim /etc/apache2/dav_svn.authz
 +
 
 +
## groups or users
 +
#groupname = user1,user2
 +
 +
## repositories
 +
## the repositoryname is relative (!) to the given
 +
## repository in the dav_svn.conf file
 +
 +
#[reponame:/]
 +
## read / write access for all users
 +
#* = rw
 +
## nor read acces for this group
 +
#@groupname =
 +
## read access for this user
 +
#user1 = r
 +
 +
#[reponame:/trunk/]
 +
## read / write access for user1 to /trunk/
 +
#user1 = rw
 +
 +
[repo1:/]
 +
user1 = rw
 +
 +
[repo2:/]
 +
user2 = rw
 +
 
 +
=== Create a virtual host if you like: ===
 +
SERVERIP="1.2.3.4"
 +
MAIL="webmaster@mydomain.com"
 +
DOMAIN="svn.example.com"
 +
DOCPATH="/var/www"
 +
SSLPATH="/var/webs/ssl"
 +
CUSTOMER=""
 +
CHAINFILE="/var/webs/ssl/CAcert_chain.pem"
 +
 +
<nowiki>cat << EOF > ${DOMAIN}.conf</nowiki>
 +
<nowiki><VirtualHost ${SERVERIP}:443></nowiki>
 +
  ServerAdmin webmaster@${DOMAIN}
 +
  ServerName  www.${DOMAIN}
 +
  ServerAlias ${DOMAIN}
 +
 +
  DocumentRoot ${DOCPATH}
 +
  <nowiki><Directory ${DOCPATH}></nowiki>
 +
    Options -MultiViews
 +
    allow from all
 +
  <nowiki></Directory></nowiki>
 +
  <nowiki># Possible values include: debug, info, notice, warn, error, crit,</nowiki>
 +
  <nowiki># alert, emerg.</nowiki>
 +
  LogLevel warn
 +
 +
  CustomLog /var/log/apache2/access.log combined
 +
  ErrorLog /var/log/apache2/error.log
 +
 +
  SSLEngine on
 +
  SSLCertificateFile ${SSLPATH}/${CUSTOMER}/${DOMAIN}.cert
 +
  SSLCertificateKeyFile ${SSLPATH}/${CUSTOMER}/${DOMAIN}.key
 +
  SSLCertificateChainFile ${CHAINFILE}
 +
 +
<nowiki></VirtualHost></nowiki>
 +
EOF
 +
 +
 
 +
Restart Apache:
 +
 
 +
/etc/init.d/apache2 restart
  
 
= svnsync =
 
= svnsync =

Revision as of 17:25, 17 January 2012

SVN Integration with https

This HowTo is tested with Debian 6 (squeeze) but should be applicable to any Linux based distribution.

First of all your repository, e.g. /home/svn must be writable by the webserver: 

MYREPO="/home/svn"
chown -R www-data:www-data ${MYREPO}
find ${MYREPO} -type d -exec chmod 2755 \{} \;
find ${MYREPO} -not -type d -exec chmod 0644 \{} \;

Then you need mod_dav for apache2: 

apt-get install libapache2-svn
a2enmod dav
a2enmod dav_svn


To access an svn like https://serverip/svn/repo1 (with read/write access for user1) https://serverip/svn/repo2 (with read/write access for user2) 

/path/to/
      └── svn
           ├── repo1  -> should only be rw-accessible by user1
           └── repo2  -> should only be rw-accessible by user2

do the following 3 (4) steps:

First: create a dav configuration file

cd /etc/apache2/mods-available/
vim dav_svn.conf

<Location /svn>
    DAV svn
    SVNParentPath /path/to/svn
    AuthType Basic
    AuthName "Subversion Repository"
    AuthUserFile /etc/apache2/dav_svn.passwd
    AuthzSVNAccessFile /etc/apache2/dav_svn.authz
     
    # Allow access only with authentification
    Require valid-user
  
    # Allow acces with anonymous checkout
    #<LimitExcept GET PROPFIND OPTIONS REPORT>
    #  Require valid-user
    #</LimitExcept>
  
</Location>

Second: set passwords for users:

For the first user call htpasswd with the -c parameter (this _c_reates a new file and - of course - overwrites an existing one!): 

htpasswd -c /etc/apache2/dav_svn.passwd  user1

and for every one after that without “-c“ (because this in case will overwrite the file!!!) 

htpasswd /etc/apache2/dav_svn.passwd  user2

Third: create the authz file for authorization:

vim /etc/apache2/dav_svn.authz

## groups or users
#groupname = user1,user2

## repositories
## the repositoryname is relative (!) to the given
## repository in the dav_svn.conf file

#[reponame:/]
## read / write access for all users
#* = rw 
## nor read acces for this group
#@groupname = 
## read access for this user
#user1 = r

#[reponame:/trunk/]
## read / write access for user1 to /trunk/
#user1 = rw

[repo1:/]
user1 = rw

[repo2:/]
user2 = rw

Create a virtual host if you like:

SERVERIP="1.2.3.4"
MAIL="webmaster@mydomain.com"
DOMAIN="svn.example.com"
DOCPATH="/var/www"
SSLPATH="/var/webs/ssl"
CUSTOMER=""
CHAINFILE="/var/webs/ssl/CAcert_chain.pem"

cat << EOF > ${DOMAIN}.conf
<VirtualHost ${SERVERIP}:443>
  ServerAdmin webmaster@${DOMAIN}
  ServerName  www.${DOMAIN}
  ServerAlias ${DOMAIN}

  DocumentRoot ${DOCPATH}
  <Directory ${DOCPATH}>
    Options -MultiViews
    allow from all
  </Directory>
  # Possible values include: debug, info, notice, warn, error, crit,
  # alert, emerg.
  LogLevel warn

  CustomLog /var/log/apache2/access.log combined
  ErrorLog /var/log/apache2/error.log

  SSLEngine on
  SSLCertificateFile ${SSLPATH}/${CUSTOMER}/${DOMAIN}.cert
  SSLCertificateKeyFile ${SSLPATH}/${CUSTOMER}/${DOMAIN}.key
  SSLCertificateChainFile ${CHAINFILE}

</VirtualHost>
EOF

Restart Apache: 

/etc/init.d/apache2 restart

svnsync

Taken from:

Create the following variables: 

MYPATH="/home/svn"
URL_TO_REPO_ROOT_TO_CLONE="https://axelpospischil@ssl.qwws.net/svn/mt_roadrunner"
DEST_URL="/home/svn"

(Note: „DEST_URL“ is the url to the Subversion repository you create in step 1.)

1. Create your local repository: 

svnadmin create ${MYPATH}

2. Create an empty pre-revprop-change hook script: 

echo '#!/bin/bash' > ${MYPATH}/hooks/pre-revprop-change

3. Make the pre-revprop-change hook script executable: 

chmod +x ${MYPATH}/hooks/pre-revprop-change

4. Initialize svnsync: 

svnsync init file:⁄⁄⁄${MYPATH} ${URL_TO_REPO_ROOT_TO_CLONE}

5. Synchronize: 

svnsync sync ${DEST_URL}

Subversion 1.6.x needs those added to the pre-revprop-change script: 

    REPOS="$1"
    REV="$2"
    USER="$3"
    PROPNAME="$4"
    ACTION="$5"

Einrichten unter Debian

1. Svn installieren: 

apt-get update
apt-get install subversion

2. Eine svn Gruppe erstellen und einen Benutzer hinzufügen: 

groupadd subversion
addgroup username subversion

3. Ein svn Repository erzeugen oder ein Vorhandenes kopieren 

mkdir /home/svn/myrepo
rsync -av oldserver:/home/svn /home/.
chown -R root:subversion /home/svn
svnadmin create --fs-type fsfs /home/svn/myrepo/projekt1
svnadmin create --fs-type fsfs /home/svn/myrepo/projekt2

4. Einloggen via ssh (geht nur, wenn ein ssh-Schlüssel im Userverzeichnis generiert wurde) 

ssh+svn://servername/home/svn/myrepo
Retrieved from "https://wiki.blue-it.org/index.php?title=SVN&oldid=4492"