Personal LAN subversion by httpd

Trent Shipley tshipley at deru.com
Tue Dec 6 20:37:02 MST 2005 

> file:///usr/share/doc/packages/subversion/README.SuSE
> 
> Topics:
> 
> 1. backup and restore your repository data
> 2. create svn user/group for svnserve
> 3. mini-howto for 2 projects
> 
> 
================================================================================
> 
> 1. backup and restore your repository data

<snip/>

> 2. create svn user/group for svnserve

<snip/>

I'd rather use http than svnserve.

> 3. mini-howto for 2 projects
> 
> To run a subversion server, you need to configure apache2 to load two 
apache2
> modules: mod_dav and mod_dav_svn. (mod_dav is needed by mod_dav_svn, it is
> installed together with apache2.)
> 
> This is done by editing the apache2 configuration (/etc/sysconfig/apache2) 
and
> adding "dav dav_svn" to the APACHE_MODULES setting, and restarting the 
server.

Here is the first problem.

There is no /etc/sysconfig/apache2 file.

When I create the file who should own it and what should the permissions be?

What is the syntax for APACHE_MODULES (or where do I look in the Apache docs)?

The official Subversion book says that somewhere httpd.conf needs to invoke

LoadModule dav_module         /usr/lib/apache2/mod_dav.so
LoadModule dav_svn_module     /usr/lib/apache2/mod_dav_svn.so

Apache2 recommends:

# Note: instead of adding your own configuration here, consider 
#       adding it in your own file (/etc/apache2/httpd.conf.local)
#       putting its name into APACHE_CONF_INCLUDE_FILES in 
#       /etc/sysconfig/apache2 -- this will make system updates 
#       easier :) 


> A default/example configuration of the dav_svn module can be found in
> /etc/apache2/conf.d/subversion.conf. With more recent apache
> packages, this configuration is *not* loaded automatically by
> the apache server, since many people configure virtual hosts
> and it is unlikely that the repositories shall be available
> from any virtual host. To load the configuration for a certain
> virtual host, add 
>   Include /etc/apache2/conf.d/subversion.conf
> or 
>   Include /path/to/your_subversion_configuration
> in the respective virtual host configuration. This *may* be done in the 
default
> virtual host (/etc/apache2/default-server.conf).

Since it's on my linux workstation I'll add the Include on the virtual host so 
everyone sees it.


> Minihowto:
> 
> 
> The plan:
> 
> host 2 source projects with subversion
> both must have anonymous read access
> both must have limited write access for a few users
> they are accessed only via HTTP, not (!) locally
> they will be reachable via:
> 
>  http://hostname/repos/project1
>  http://hostname/repos/project2
> 
> Both will have the official version of the source tree and our modified
> version for the distribution. Projects in question are:
> project1
> project2
> 
> The realisation:
> 
> find a machine to host the projects. Keep backup (and restore!) in mind
> when hunting for hardware.
> 
> install needed packages
> (you might check for update packages on
> ftp://ftp.suse.com/pub/projects/apache/ )
> 
> rpm -Uvh \
> 	apache2 \
> 	apache2-doc \
> 	apache2-prefork \
> 	libapr0 \
> 	neon \
> 	subversion \
> 	subversion-doc \
> 	subversion-server
> 

Assume they came with the distro.
> 
> Update /etc/sysconfig/apache2
> add 'dav dav_svn' to $APACHE_MODULES

OK.

> create a few directories:
> mkdir -p /srv/svn/repos
> mkdir -p /srv/svn/user_access
> mkdir -p /srv/svn/html
> 
> Add the http repository data to /etc/apache2/conf.d/subversion.conf:
> #------------------------------------------------------------------------
> #
> # project related HTML files
> #
> <IfModule mod_alias.c>
> Alias /repos	"/srv/svn/html"
> </IfModule>
> <Directory /srv/svn/html>
> 	Options		+Indexes +Multiviews -FollowSymLinks
> 	IndexOptions	FancyIndexing \
> 			ScanHTMLTitles \
> 			NameWidth=* \
> 			DescriptionWidth=* \
> 			SuppressLastModified \
> 			SuppressSize
> 
> 	order allow,deny
> 	allow from all
> </Directory>
> 
> 
> # project repository files for project1
> <Location /repos/project1>
> 	DAV svn
> 	SVNPath /srv/svn/repos/project1
> 
> 	# Limit write access to certain people
> 	AuthType Basic
> 	AuthName "Authorization for project1 required"
> 	AuthUserFile /srv/svn/user_access/project1_passwdfile
> 	AuthGroupFile /srv/svn/user_access/project1_groupfile
> 	<LimitExcept GET PROPFIND OPTIONS REPORT>
> 	Require group project1_committers
> 	</LimitExcept>
> 
> 	# Limit read access to certain people
> 	<Limit GET PROPFIND OPTIONS REPORT>
> 	Require group project1_committers
> 	Require group project1_readers
> 	</Limit>
> 
> </Location>
> 
> # project repository files for project2
> <Location /repos/project2>
> 	DAV svn
> 	SVNPath /srv/svn/repos/project2
> 
> 	# Limit write permission to list of valid users.
> 	<LimitExcept GET PROPFIND OPTIONS REPORT>
> 		# Require SSL connection for password protection.
> 		# SSLRequireSSL
> 
> 		AuthType Basic
> 		AuthName "Authorization for project2 required"
> 		AuthUserFile /srv/svn/user_access/project2_passwdfile
> 		Require valid-user
> 	</LimitExcept>
> </Location>
> #------------------------------------------------------------------------
> 
> create the repositories itself:
> cd /srv/svn/repos
> svnadmin create project1
> chown -R wwwrun:www project1/{dav,db,locks}
> svnadmin create project2
> chown -R wwwrun:www project2/{dav,db,locks}
> 
> 
> The webserver must be configured and started:
> SuSEconfig --module apache2
> rcapache2 restart
> 
> Now create the user access files:
> project1 is a restricted project.
> read access requires a password
> write access is limited to a few users
> touch /srv/svn/user_access/project1_passwdfile
> chown root:www /srv/svn/user_access/project1_passwdfile
> chmod 640 /srv/svn/user_access/project1_passwdfile
> 
> htpasswd2 /srv/svn/user_access/project1_passwdfile olaf
> htpasswd2 /srv/svn/user_access/project1_passwdfile olh
> 
> this is the group file for project1:
> /srv/svn/user_access/project1_groupfile
> content:
> project1_committers: olh
> project1_readers: olaf olh
> 
> project2 is world readable, but only a few can commit to the sources.
> touch /srv/svn/user_access/project2_passwdfile
> chown root:www /srv/svn/user_access/project2_passwdfile
> chmod 640 /srv/svn/user_access/project2_passwdfile
> htpasswd2 /srv/svn/user_access/project2_passwdfile olaf 
> 
> You should be able to connect to the server:
> http://host/repos/project2
> http://host/repos/project1
> 
> Now import the data, e.g.
> svn import /path/to/project2-tree http://host/repos/project2

More information about the PLUG-discuss mailing list