Installing Subversion on Gentoo

입질쾌감 물때표

Installing Subversion on Gentoo

Installing Subversion on Gentoo is very easy. By this point, you should have installed apachednsvhosts, and webapp-config and may have completed installingssl, and using htaccess.

We will install subversion and websvn with separate public and private repositories. The repositories will be available locally and remotely via webdav.

Subversion and WebSVN Installation

code

# emerge subversion -av
 * Subversion Server Notes
 * -----------------------
 *
 * If you intend to run a server, a repository needs to be created using
 * svnadmin (see man svnadmin) or the following command to create it in
 * /var/svn:
 *
 *     emerge --config =dev-vcs/subversion-1.6.16
 *
 * Subversion has multiple server types, take your pick:
 *
 *  - svnserve daemon:
 *    1. Edit /etc/conf.d/svnserve
 *    2. Fix the repository permissions (see "Fixing the repository permissions")
 *    3. Start daemon: /etc/init.d/svnserve start
 *    4. Make persistent: rc-update add svnserve default
 *
 *  - svnserve via xinetd:
 *    1. Edit /etc/xinetd.d/svnserve (remove disable line)
 *    2. Fix the repository permissions (see "Fixing the repository permissions")
 *    3. Restart xinetd.d: /etc/init.d/xinetd restart
 *
 *  - svn over ssh:
 *    1. Fix the repository permissions (see "Fixing the repository permissions")
 *       Additionally run:
 *         groupadd svnusers
 *         chown -R root:svnusers /var/svn/repos
 *    2. Create an svnserve wrapper in /usr/local/bin to set the umask you
 *       want, for example:
 *          #!/bin/bash
 *          . /etc/conf.d/svnserve
 *          umask 007
 *          exec /usr/bin/svnserve ${SVNSERVE_OPTS} "$@"
 *
 *  - http-based server:
 *    1. Edit /etc/conf.d/apache2 to include both "-D DAV" and "-D SVN"
 *    2. Create an htpasswd file:
 *       htpasswd2 -m -c /var/svn/conf/svnusers USERNAME
 *    3. Fix the repository permissions (see "Fixing the repository permissions")
 *    4. Restart Apache: /etc/init.d/apache2 restart
 *
 *  Fixing the repository permissions:
 *       chmod -Rf go-rwx /var/svn/conf
 *       chmod -Rf g-w,o-rwx /var/svn/repos
 *       chmod -Rf g+rw /var/svn/repos/db
 *       chmod -Rf g+rw /var/svn/repos/locks
 *
 * If you intend to use svn-hot-backup, you can specify the number of
 * backups to keep per repository by specifying an environment variable.
 * If you want to keep e.g. 2 backups, do the following:
 * echo '# hot-backup: Keep that many repository backups around' > /etc/env.d/80subversion
 * echo 'SVN_HOTBACKUP_BACKUPS_NUMBER=2' >> /etc/env.d/80subversion
 *
 * Subversion contains support for the use of Memcached
 * to cache data of FSFS repositories.
 * You should install "net-misc/memcached", start memcached
 * and configure your FSFS repositories, if you want to use this feature.
 * See the documentation for details.
 *

That is it for now.

Creating a Subversion Repository

Here is how you then create a repository. We will create two separate repositories. One repository is for versioning web applications (private) and one for public access.

Creating a Subversion Repository

# mkdir -p /var/svn/{conf,repos}

# svnadmin create /var/svn/repos/www
# svnadmin create /var/svn/repos/public

# ls -Al /var/svn/repos/{www,public}
total 24
-rw-r--r-- 1 root root  229 Aug  7 14:24 README.txt
drwxr-xr-x 2 root root 4096 Aug  7 14:24 conf
drwxr-sr-x 6 root root 4096 Aug  7 14:24 db
-r--r--r-- 1 root root    2 Aug  7 14:24 format
drwxr-xr-x 2 root root 4096 Aug  7 14:24 hooks
drwxr-xr-x 2 root root 4096 Aug  7 14:24 locks

Create Subversion User

First you need to create the following file to define your admins and access levels for the repositories.

/var/svn/conf/svnpolicy

[groups]
admin = YOUR-USERNAME

# By default, nobody has any permissions
[/]
* =

[www:/]
@admin = rw

[public:/]
* = r

Now add a username and password for webdav access, handled by apache.

create password

# htpasswd2 [-c if it is your first file] /var/svn/conf/svnpolicy YOUR-USERNAME

Now create the basic subversion structure.

code

# svn --username USERNAME mkdir -m "- structure setup" file:///var/svn/repos/www/{trunk,tags,branches}

Committed revision 1.

# svn --username USERNAME mkdir -m "- structure setup" file:///var/svn/repos/public/{trunk,tags,branches}

Committed revision 1.

Install Subversion Websvn

Websvn gives a pretty interface for our directory. Installation is easy.

install websvn

# echo "www-apps/websvn enscript" >> /etc/portage/package.use
# emerge subversion websvn -av
 * Messages for package www-apps/websvn-2.3.2:

 * (config) htdocs/include/config.php
 * (config) htdocs/wsvn.php
 * (server owned) htdocs/cache
 *
 * The 'vhosts' USE flag is switched ON
 * This means that Portage will not automatically run webapp-config to
 * complete the installation.
 *
 * To install websvn-2.3.2 into a virtual host, run the following command:
 *
 *     webapp-config -I -h  -d websvn websvn 2.3.2
 *
 * For more details, see the webapp-config(8) man page

Now install websvn with webapp-config. You could, in theory, install it anywhere you want. Here is how I would like to access the repository:

Now we will create those four directories (one for webdav access and one for websvn access for each of our two repositories).

create apache directories

# mkdir -p net.gentoovps.svn{,.www,.public,.public.www}/htdocs
vps www # ls -1 | grep svn
net.gentoovps.svn
net.gentoovps.svn.public.www
net.gentoovps.svn.www
net.gentoovps.svn.public

Now update your dns records and make sure $ dig +short @8.8.8.8 www.public.svn.YOUR-DOMAIN.tldresolves (the example uses google public dns server).

Preparing Vhosts

Create vhost entries for your two websvn installs.

The first configuration will reference our password file created above and ensure users authenticate.

/etc/apache2/vhosts.d/net.gentoovps.svn.www.conf

<IfDefine DEFAULT_VHOST>
  <IfDefine SVN>
    <VirtualHost *:80>
       ServerName www.svn.gentoovps.net
       DocumentRoot "/var/www/net.gentoovps.svn.www/htdocs"

       Include /etc/apache2/vhosts.d/default_vhost.include

       <Directory "/var/www/net.gentoovps.svn.www/htdocs">
                AllowOverride None
                order allow,deny
                allow from all
                AuthType Basic
                AuthName "Subversion Repository"
                Require valid-user
                AuthUserFile /var/svn/conf/svn-user-auth
       </Directory>

    </VirtualHost>
  </IfDefine>
</IfDefine>

This one is a bit shorter as we are not enforcing passwords.

/etc/apache2/vhosts.d/net.gentoovps.svn.public.www.conf

<IfDefine DEFAULT_VHOST>

    <VirtualHost *:80>
       ServerName www.public.svn.gentoovps.net
       DocumentRoot "/var/www/net.gentoovps.svn.public.www/htdocs"

       Include /etc/apache2/vhosts.d/default_vhost.include

       <Directory "/var/www/net.gentoovps.svn.public.www/htdocs">
               Options Indexes FollowSymLinks
               AllowOverride All
               Order allow,deny
               Allow from all
       </Directory>
    </VirtualHost>

</IfDefine>

Remember to restart apache since we changed our vhost file.

restart apache

# /etc/init.d/apache2 restart

webapp magic

Sigh, we’re getting there. Next install websvn to two different directories (public and www).

install websvn

# webapp-config -I -h net.gentoovps.svn.www websvn 2.3.2
*
* You may be installing into the website's root directory.
* Is this what you meant to do?
*
*   Creating required directories
*   Linking in required files
*     This can take several minutes for larger apps
*   Files and directories installed
* Install completed - success

# webapp-config -I -h net.gentoovps.svn.public.www websvn 2.3.2
*
* You may be installing into the website's root directory.
* Is this what you meant to do?
*
*   Creating required directories
*   Linking in required files
*     This can take several minutes for larger apps
*   Files and directories installed
* Install completed - success

Configuring Websvn

If you try to access either installation now with (http://www.svn.gentoovps.net/ or http://www.public.svn.gentoovps.net/) you’ll be greeted with the following.

Please set up a repository in include/config.php using $config->parentPath or $config->addRepository. See the installation guide for more details.

Here is the configuration for our public server. Make sure to list only the public repository.

/var/www/net.gentoovps.svn.public.www/htdocs/include/config.php

$config->setSvnConfigDir('/tmp');
$config->setTrustServerCert();
$config->addRepository('public', 'file:///var/svn/repos/public');
$config->addTemplatePath($locwebsvnreal.'/templates/calm/');
$config->addInlineMimeType('text/plain');
$config->setMinDownloadLevel(2);
$config->useGeshi();
set_time_limit(0);
$config->expandTabsBy(8);
$config->allowDownload();
$config->setDefaultFileDlMode('plain');
$config->setDefaultFolderDlMode('zip');
$config->setMinDownloadLevel(2);
$config->useEnscript();
$config->setRssEnabled(false);
$config->expandTabsBy(8);

Here is the configuration for our private server. Make sure to define the parentPath so all repositories are included.

/var/www/net.gentoovps.svn.www/htdocs/include/config.php

$config->setSvnConfigDir('/tmp');
$config->setTrustServerCert();
$config->parentPath('/var/svn/repos');
$config->addTemplatePath($locwebsvnreal.'/templates/calm/');
$config->useAuthenticationFile('/var/svn/conf/svnpolicy'); // restrict www
$config->addInlineMimeType('text/plain');
$config->setMinDownloadLevel(2);
$config->useGeshi();
set_time_limit(0);
$config->expandTabsBy(8);
$config->allowDownload();
$config->setDefaultFileDlMode('plain');
$config->setDefaultFolderDlMode('zip');
$config->setMinDownloadLevel(2);
$config->useEnscript();
$config->setRssEnabled(false);
$config->expandTabsBy(8);

Now try http://www.svn.gentoovps.net/ and http://www.public.svn.gentoovps.net/ again.

Adding a Project (website)

Start by cd’ing to the subdomain that you will add to version control. We’ll call it a project.

change directory to the project

#cd /var/www/net.gentoovps.svn.public.www/htdocs

do not serve svn files

Subversion places .svn files in the directories under version control. Apache does not need to serve these so we need to alter our current .htaccess files.

protect svn files

# touch .htaccess && echo -e "# do not serve .svn files to the public \
> \nRewriteEngine on\nRewriteRule .*\.svn/.* - [F]\n\n" | cat - .htaccess > .tmp.htaccess && mv .tmp.htaccess .htaccess

commit project

Perform an initial commit.

initial commit

# cd /var/www/net.gentoovps.svn.public.www
# svn --username USERNAME mkdir -m "- setting up new project" file:///var/svn/repos/www/trunk/net.gentoovps.svn.public.www

Committed revision 2.

Checking Out Project

Check out the project we just made.

code

$ svn --username USERNAME co file:///var/svn/repos/www/trunk/net.gentoovps.svn.public.www .
Checked out revision 2.

Add files to the project (including the .htaccess file)

code

$ svn --username USERNAME add * **/.htaccess

Now try a local commit.

test local commit

$ svn --username USERNAME commit -m "- initial code commit"

Committed revision 3.

Now browse to http://www.svn.gentoovps.net and see that you have a subdomain under version control.

So far you only have true access through localhost, next we’ll set up webdav to allow access from outside.

Webdav

Enable webdav in apache.

/etc/conf.d/apache2

APACHE2_OPTS="... -D SVN -D SVN_AUTHZ -D DAV -D DAV_FS”

Backup the original mod_dav_svn config file.

backup config

cd /etc/apache2/modules.d/
cp 47_mod_dav_svn.conf 47_mod_dav_svn.conf.orig

Make a few changes to the 47_mod_dav_svn.conf file.

/etc/apache2/modules.d/47_mod_dav_svn.conf

<IfDefine SVN>
        <IfModule !mod_dav_svn.c>
                LoadModule dav_svn_module       modules/mod_dav_svn.so
        </IfModule>
        <IfDefine SVN_AUTHZ>
                <IfModule !mod_authz_svn.c>
                        LoadModule authz_svn_module     modules/mod_authz_svn.so
                </IfModule>
        </IfDefine>
</IfDefine>

Webdav Vhost

Here is a vhost configuration for public subversion webdav access (no browsing support though … use websvn for that).

/etc/apache2/vhosts.d/net.gentoovps.svn.public.conf

<IfDefine DEFAULT_VHOST>
  <IfDefine SVN>
    <VirtualHost *:80>
       ServerName public.svn.gentoovps.net

       Include /etc/apache2/vhosts.d/default_vhost.include

       <Location />
                DAV svn
                SVNParentPath /var/svn/repos

                # try anonymous access first, resort to real
                # authentication if necessary.
                Satisfy Any
                Require valid-user
        </Location>
    </VirtualHost>
  </IfDefine>
</IfDefine>

Here is a vhost configuration for subversion webdav access (no browsing support though … use websvn for that).

/etc/apache2/vhosts.d/net.gentoovps.svn.conf

<IfDefine DEFAULT_VHOST>
  <IfDefine SVN>
    <VirtualHost *:80>
     ServerName svn.gentoovps.net

          Include /etc/apache2/vhosts.d/default_vhost.include

          <Location />
                DAV svn
                SVNParentPath /var/svn/repos

                AuthzSVNAccessFile /var/svn/conf/svnpolicy

                # try anonymous access first, resort to real
                # authentication if necessary.
                Satisfy Any
                Require valid-user

                # how to authenicate a user
                AuthType Basic
                AuthName "GentooVPS.net SVN Repository"
                AuthUserFile /var/svn/conf/svn-user-auth

          </Location>
      </VirtualHost>
  </IfDefine>
</IfDefine>

Remember to restart apache since we changed our vhost file.

restart apache

# /etc/init.d/apache2 restart

Perform your first checkout on a client machine with webdav.

checkout

client $> svn --username USERNAME co http://svn.gentoovps.net/www/trunk/net.gentoovps.svn.public.www .

Just to ensure that you have write access, test a commit.

test commit

client $> echo "# testing commit" >> htdocs/.htaccess
client $> svn commit -m "- making modification"
Authentication realm:  GentooVPS.net SVN Repository
Password for 'USERNAME':

-----------------------------------------------------------------------
ATTENTION!  Your password for authentication realm:

    GentooVPS.net SVN Repository

can only be stored to disk unencrypted!  You are advised to configure
your system so that Subversion can store passwords encrypted, if
possible.  See the documentation for details.

You can avoid future appearances of this warning by setting the value
of the 'store-plaintext-passwords' option to either 'yes' or 'no' in
'/home/USERNAME/.subversion/servers'.
-----------------------------------------------------------------------
Store password unencrypted (yes/no)? no
Sending        htdocs/.htaccess
Transmitting file data .
Committed revision 36.

Force SSL

Update your vhost file to force ssl via a 301 redirect.

/etc/apache2/vhosts.d/net.gentoovps.svn.conf

<IfDefine DEFAULT_VHOST>
  <IfDefine SVN>
    <VirtualHost *:80>
     ServerName svn.gentoovps.net
     RewriteEngine On
     RewriteRule (.*) https://svn.gentoovps.net$1 [R=301,L]
    </VirtualHost>

    <IfDefine SSL>
      <IfModule ssl_module>
        <VirtualHost *:443>

          ServerName svn.gentoovps.net

          Include /etc/apache2/vhosts.d/default_vhost.include

          SSLEngine on
          # Change the next two lines according to where you've actually
          # stored the certificate and key files.
          SSLCertificateFile /etc/apache2/gentoovps.net.crt
          SSLCertificateKeyFile /etc/apache2/gentoovps.net.key

          SSLOptions StrictRequire
          SSLProtocol all -SSLv2

          <Location />
                DAV svn
                SVNParentPath /var/svn/repos

                SSLRequireSSL

                AuthzSVNAccessFile /var/svn/conf/svnpolicy

                # try anonymous access first, resort to real
                # authentication if necessary.
                Satisfy Any
                Require valid-user

                # how to authenicate a user
                AuthType Basic
                AuthName "GentooVPS.net SVN Repository"
                AuthUserFile /var/svn/conf/svn-user-auth
          </Location>
      </VirtualHost>
    </IfModule>
  </IfDefine>
</IfDefine>

Now see what happens when you try to perform a check out without ssl.

checkout after forced redirect

$ svn --username USERNAME co http://svn.gentoovps.net/www/trunk/net.gentoovps.svn.public.www .
svn: Repository moved permanently to 'https://svn.gentoovps.net/www/trunk/net.gentoovps.svn.public.www'; please relocate

Now attempt your checkout with ssl.

checkout with sll

$ svn --username USERNAME co https://svn.gentoovps.net/www/trunk/net.gentoovps.svn.public.www .

Force SSL for Private Websvn

Lastly, lets encrypt websvn to our traffic. If the files are important enough to password protect, they are important enough to secure during transport.

/etc/apache2/vhosts.d/net.gentoovps.svn.www.conf

<IfDefine DEFAULT_VHOST>
  <IfDefine SVN>
    <VirtualHost *:80>
       ServerName www.svn.gentoovps.net
       RewriteEngine On
       RewriteRule (.*) https://svn.gentoovps.net$1 [R=301,L]
    </VirtualHost>

    <IfDefine SSL>
      <IfModule ssl_module>
        <VirtualHost *:443>
          ServerName www.svn.gentoovps.net
          Include /etc/apache2/vhosts.d/default_vhost.include

          DocumentRoot "/var/www/net.gentoovps.svn.www/htdocs"

          SSLEngine on
          # Change the next two lines according to where you've actually
          # stored the certificate and key files.
          SSLCertificateFile /etc/apache2/gentoovps.net.crt
          SSLCertificateKeyFile /etc/apache2/gentoovps.net.key

          SSLOptions StrictRequire
          SSLProtocol all -SSLv2

          <Directory "/var/www/net.gentoovps.svn.www/htdocs">
                AllowOverride None
                order allow,deny
                allow from all
                AuthType Basic
                AuthName "Subversion Repository"
                Require valid-user
                AuthUserFile /var/svn/conf/svn-user-auth
           </Directory>
      </VirtualHost>
    </IfModule>
  </IfDefine>
</IfDefine>

Wrapping Up

Okay, so now you can go through and all your subdomain directories as projects in your repository. Since checkouts are via webdav with ssl, this provides a method of uploading that is as secure as sftp and has the benefit of being under version control. Now we are ready to install web application and begin development on our server.

Gentoo Resources

Next Step for your Gentoo Server

One thought on “Installing Subversion on Gentoo

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다