pool/subversion
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
subversion/subversion.README.SuSE
Andreas Stieger 93cc2385c9 Accepting request 176189 from home:AndreasStieger:branches:devel:tools:scm:svn 
- add systemd support for svnserve
- package now contains user and group svn
- adjust and extend README.SuSE to cover a quickstart with both
  mod_dav_svn and svnserve, mention the user/group requirement for
  parallel operation and make text more compact by referencing the
  template config file [bnc#781980]

OBS-URL: https://build.opensuse.org/request/show/176189
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm:svn/subversion?expand=0&rev=118
2013-05-20 21:00:10 +00:00

211 lines
6.5 KiB
Plaintext
Raw Blame History

Quickstart document for Apache Subversion on openSUSE.
For the full documentation, install the package subversion-doc and see
/usr/share/doc/packages/subversion/html/book/svn-book.html
An online version can be found at http://svnbook.red-bean.com/
Topics:
1. mini-howto
2. allowing anonymous read access
3. serving several repositories with SVNParentPath
4. serving the repositories at "/"
5. running svnserve
6. quickstart for mod_dontdothat
================================================================================
1. mini-howto
To run a subversion server, you need to configure apache2 to load two modules:
mod_dav and mod_dav_svn.
zypper in subversion-server
a2enmod dav
a2enmod dav_svn
A default/example configuration of the dav_svn module can be found in
/etc/apache2/conf.d/subversion.conf. The current default configuration
automatically includes this file the default server configuration.
Create some directories to contain the repositories and other files:
mkdir -p /srv/svn/repos
mkdir -p /srv/svn/user_access
mkdir -p /srv/svn/html
Edit /etc/apache2/conf.d/subversion.conf and uncomment the desired sections.
The first section "project related HTML files" is optional and will allow you
to return some static content when /repos is accessed alone. If you do not need
this, discard this section.
If instead you wish to show a list of repositories, set "SVNListParentPath on"
later. See for details:
http://svnbook.red-bean.com/en/1.7/svn.serverconfig.httpd.html#svn.serverconfig.httpd.extra.browsing.reposlisting
The section following that will configure a repository to be served out of
the path /srv/svn/repos/myproject1. Note that the location "/repo/myproject1"
and "SVNPath" is specified explicitly, see section 3 for an alternative.
To create the repository itself:
cd /srv/svn/repos
svnadmin create project1
chown -R wwwrun:www project1/{db,locks}
If using svnserve is not planned, /srv/svn/repos may be owned by wwrun:www.
Otherwise see instruction in the svnserve section on how to use the user and
group svn.
The webserver must be (re)started:
rcapache2 restart
To create the user access files:
touch /srv/svn/user_access/project1_passwdfile
chown root:www /srv/svn/user_access/project1_passwdfile
chmod 640 /srv/svn/user_access/project1_passwdfile
htpasswd2 /srv/svn/user_access/project1_passwdfile user1
htpasswd2 /srv/svn/user_access/project1_passwdfile user2
Create the group file for project1:
/srv/svn/user_access/project1_groupfile
project1_committers: user2
project1_readers: user1 user2
You can test access by:
svn info http://127.0.0.1/repos/project1
================================================================================
2. allowing anonymous read access
To allow anonymous read access, remove the <Limit GET...> section and move the
three Auth* statements into the <LimitExcept GET...> section.
================================================================================
3. serving several repositories with SVNParentPath
When serving several repositories, instead of specifying each location with
SVNPath in a separate location, you can use SVNParentPath with a single location.
Change the <Location ...> directive form the template to start with the following:
<Location /repos/>
DAV svn
SVNParentPath /srv/svn/repos
SVNListParentPath on
Do not forget to restart the apache service to make the configuration effective.
service apache2 restart
================================================================================
4. serving the repositories at "/"
Include the configuration into the relevant vhost configuration. Uncomment the
section in the template files labeled 'Hosting svn at "/"' and adjust as required.
Note that this example uses "SVNParentPath" as given in the previous section.
================================================================================
5. running svnserve
Subversion repositories can be via the svnserve daemon and a special network
protocol. svnserve should not run as root user. The startup scripts expects a
user/group named 'svn', configureable via /etc/sysconfig/svnserve.
The subversion package now creates a user and group svn.
If you want to expose the repository via both svnserve and mod_dav_svn
(Apache httpd) in parallel, ensure that the apache user is part of the
svn group.
usermod -A svn wwwrun
This requires a restart of the apache2 service to become effective.
Change the permissions to let the svn group write, and set the setgid flag
on the repositories.
chown -R svn:svn /srv/svn/repos
chmod -R g+ws /srv/svn/repos
Then proceed to create reposititories using svnadmin create described above.
In either case, if using svnserve, ensure that the repositories are owned by
svn:svn.
The settings files with the options passed to the daemon is is located in:
/etc/sysconfig/svnserve
To start, ensure proper ownership of repositories and run:
service svnserve start
For further information about multi-method repository access, see
http://svnbook.red-bean.com/en/1.7/svn.serverconfig.multimethod.html
You can test repository access by:
svn info svn://127.0.0.1/project1
Please note that by default, svnserve is configured to be started with -R,
meaning read-only access only. Remove to allow write access, after you have
configued access via
/srv/svn/repos/repo1/conf/svnserve.conf
To configue authentication for svnserve, see
http://svnbook.red-bean.com/en/1.7/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.auth
================================================================================
6. quickstart for mod_dontdothat
The apache module mod_dontdothat can be used to prevent users from causing high
load on the server, e.g. checking out the root of the tree or the tags or
branches directories.
Make sure mod_dontdothat is loaded:
$ a2enmod dontdothat
Add configuration for the module, e.g.
<Location />
DAV svn
SVNParentPath /srv/svn/repos/
SVNListParentPath on
# [...other configuration...]
<IfModule mod_dontdothat.c>
DontDoThatConfigFile /srv/svn/mod_dontdothat.config
DontDoThatDisallowReplay off
</IfModule>
</Location>
Restart apache to make the change effective.
A fairly standard file /srv/svn/mod_dontdothat.config may contain:
[recursive-actions]
/*/trunk = allow
/ = deny
/* = deny
/*/tags = deny
/*/branches = deny
/*/* = deny
/*/*/tags = deny
/*/*/branches = deny
This allows checking out of /trunk and each branch, but disallows checking out
all branches or the complete repository at once.
Reference in New Issue View Git Blame Copy Permalink