subversion/subversion.README.SuSE

Topics:

1. backup and restore your repository data
2. create svn user/group for svnserve
3. mini-howto for 2 projects

================================================================================

1. backup and restore your repository data

subversion repositories use either the Berkeley Database system libraries,
or the FSFS database format which comes with the subversion package.
Since the BDB system libraries often introduce a new incompatible format during
version upgrade, a backup/restore of all the subversion repositories must be
performed _BEFORE_ doing such a system upgrade.
'svnadmin dump' will write the repository to stdout in a 'dumpfile' format.
This dumpfile can be loader later with 'svnadmin load'.


2. create svn user/group for svnserve

subversion repositories can be served either via http, or via the svnserve
daemon and a special network protocol. svnserve should not run as root user.
The startup script rcsvnserve expects a user/group named 'svn', configureable
via /etc/sysconfig/svnserve.
But this user/group must be created before first use:

	useradd svn
	groupadd svn


3. mini-howto for 2 projects

To run a subversion server, you need to configure apache2 to load two apache2
modules: mod_dav and mod_dav_svn. (mod_dav is needed by mod_dav_svn, it is
installed together with apache2.)

This is done by adding the dav and dav_svn modules to the apache2 configuration
(a2enmod dav; a2enmod dav_svn), and restarting the server.

A default/example configuration of the dav_svn module can be found in
/etc/apache2/conf.d/subversion.conf. With more recent apache
packages, this configuration is *not* loaded automatically by
the apache server, since many people configure virtual hosts
and it is unlikely that the repositories shall be available
from any virtual host. To load the configuration for a certain
virtual host, add 
  Include /etc/apache2/conf.d/subversion.conf
or 
  Include /path/to/your_subversion_configuration
in the respective virtual host configuration. This *may* be done in the default
virtual host (/etc/apache2/default-server.conf).



Minihowto:


The plan:

host 2 source projects with subversion
both must have anonymous read access
both must have limited write access for a few users
they are accessed only via HTTP, not (!) locally
they will be reachable via:

 http://hostname/repos/project1
 http://hostname/repos/project2

Both will have the official version of the source tree and our modified
version for the distribution. Projects in question are:
project1
project2

The realisation:

find a machine to host the projects. Keep backup (and restore!) in mind
when hunting for hardware.

install needed packages
(you might check for update packages on
ftp://ftp.suse.com/pub/projects/apache/ )

rpm -Uvh \
	apache2 \
	apache2-doc \
	apache2-prefork \
	libapr1 \
	libapr-util1 \
	neon \
	subversion \
	subversion-doc \
	subversion-server



# Update /etc/sysconfig/apache2 by
# adding 'dav dav_svn' to $APACHE_MODULES:
a2enmod dav
a2enmod dav_svn

create a few directories:
mkdir -p /srv/svn/repos
mkdir -p /srv/svn/user_access
mkdir -p /srv/svn/html

Add the http repository data to /etc/apache2/conf.d/subversion.conf:
#------------------------------------------------------------------------
#
# project related HTML files
#
<IfModule mod_alias.c>
Alias /repos	"/srv/svn/html"
</IfModule>
<Directory /srv/svn/html>
	Options		+Indexes +Multiviews -FollowSymLinks
	IndexOptions	FancyIndexing \
			ScanHTMLTitles \
			NameWidth=* \
			DescriptionWidth=* \
			SuppressLastModified \
			SuppressSize

	order allow,deny
	allow from all
</Directory>


# project repository files for project1
<Location /repos/project1>
	DAV svn
	SVNPath /srv/svn/repos/project1

	# Limit write access to certain people
	AuthType Basic
	AuthName "Authorization for project1 required"
	AuthUserFile /srv/svn/user_access/project1_passwdfile
	AuthGroupFile /srv/svn/user_access/project1_groupfile
	<LimitExcept GET PROPFIND OPTIONS REPORT>
	Require group project1_committers
	</LimitExcept>

	# Limit read access to certain people
	<Limit GET PROPFIND OPTIONS REPORT>
	Require group project1_committers
	Require group project1_readers
	</Limit>

</Location>

# project repository files for project2
<Location /repos/project2>
	DAV svn
	SVNPath /srv/svn/repos/project2

	# Limit write permission to list of valid users.
	<LimitExcept GET PROPFIND OPTIONS REPORT>
		# Require SSL connection for password protection.
		# SSLRequireSSL

		AuthType Basic
		AuthName "Authorization for project2 required"
		AuthUserFile /srv/svn/user_access/project2_passwdfile
		Require valid-user
	</LimitExcept>
</Location>
#------------------------------------------------------------------------

create the repositories itself:
cd /srv/svn/repos
svnadmin create project1
chown -R wwwrun:www project1/{dav,db,locks}
svnadmin create project2
chown -R wwwrun:www project2/{dav,db,locks}


The webserver must be (re)started:
rcapache2 restart

Now create the user access files:
project1 is a restricted project.
read access requires a password
write access is limited to a few users
touch /srv/svn/user_access/project1_passwdfile
chown root:www /srv/svn/user_access/project1_passwdfile
chmod 640 /srv/svn/user_access/project1_passwdfile

htpasswd2 /srv/svn/user_access/project1_passwdfile olaf
htpasswd2 /srv/svn/user_access/project1_passwdfile olh

this is the group file for project1:
/srv/svn/user_access/project1_groupfile
content:
project1_committers: olh
project1_readers: olaf olh

project2 is world readable, but only a few can commit to the sources.
touch /srv/svn/user_access/project2_passwdfile
chown root:www /srv/svn/user_access/project2_passwdfile
chmod 640 /srv/svn/user_access/project2_passwdfile
htpasswd2 /srv/svn/user_access/project2_passwdfile olaf 

You should be able to connect to the server:
http://host/repos/project2
http://host/repos/project1

Now import the data, e.g.
svn import /path/to/project2-tree http://host/repos/project2