Installing Subversion on Gentoo
Installing Subversion on Gentoo is very easy. By this point, you should have installed apache, dns, vhosts, and webapp-config and may have completed installingssl, and using htaccess.
We will install subversion and websvn with separate public and private repositories. The repositories will be available locally and remotely via webdav.
Subversion and WebSVN Installation
code
# emerge subversion -av
* Subversion Server Notes
* -----------------------
*
* If you intend to run a server, a repository needs to be created using
* svnadmin (see man svnadmin) or the following command to create it in
* /var/svn:
*
* emerge --config =dev-vcs/subversion-1.6.16
*
* Subversion has multiple server types, take your pick:
*
* - svnserve daemon:
* 1. Edit /etc/conf.d/svnserve
* 2. Fix the repository permissions (see "Fixing the repository permissions")
* 3. Start daemon: /etc/init.d/svnserve start
* 4. Make persistent: rc-update add svnserve default
*
* - svnserve via xinetd:
* 1. Edit /etc/xinetd.d/svnserve (remove disable line)
* 2. Fix the repository permissions (see "Fixing the repository permissions")
* 3. Restart xinetd.d: /etc/init.d/xinetd restart
*
* - svn over ssh:
* 1. Fix the repository permissions (see "Fixing the repository permissions")
* Additionally run:
* groupadd svnusers
* chown -R root:svnusers /var/svn/repos
* 2. Create an svnserve wrapper in /usr/local/bin to set the umask you
* want, for example:
* #!/bin/bash
* . /etc/conf.d/svnserve
* umask 007
* exec /usr/bin/svnserve ${SVNSERVE_OPTS} "$@"
*
* - http-based server:
* 1. Edit /etc/conf.d/apache2 to include both "-D DAV" and "-D SVN"
* 2. Create an htpasswd file:
* htpasswd2 -m -c /var/svn/conf/svnusers USERNAME
* 3. Fix the repository permissions (see "Fixing the repository permissions")
* 4. Restart Apache: /etc/init.d/apache2 restart
*
* Fixing the repository permissions:
* chmod -Rf go-rwx /var/svn/conf
* chmod -Rf g-w,o-rwx /var/svn/repos
* chmod -Rf g+rw /var/svn/repos/db
* chmod -Rf g+rw /var/svn/repos/locks
*
* If you intend to use svn-hot-backup, you can specify the number of
* backups to keep per repository by specifying an environment variable.
* If you want to keep e.g. 2 backups, do the following:
* echo '# hot-backup: Keep that many repository backups around' > /etc/env.d/80subversion
* echo 'SVN_HOTBACKUP_BACKUPS_NUMBER=2' >> /etc/env.d/80subversion
*
* Subversion contains support for the use of Memcached
* to cache data of FSFS repositories.
* You should install "net-misc/memcached", start memcached
* and configure your FSFS repositories, if you want to use this feature.
* See the documentation for details.
*
That is it for now.
Creating a Subversion Repository
Here is how you then create a repository. We will create two separate repositories. One repository is for versioning web applications (private) and one for public access.
Creating a Subversion Repository
# mkdir -p /var/svn/{conf,repos}
# svnadmin create /var/svn/repos/www
# svnadmin create /var/svn/repos/public
# ls -Al /var/svn/repos/{www,public}
total 24
-rw-r--r-- 1 root root 229 Aug 7 14:24 README.txt
drwxr-xr-x 2 root root 4096 Aug 7 14:24 conf
drwxr-sr-x 6 root root 4096 Aug 7 14:24 db
-r--r--r-- 1 root root 2 Aug 7 14:24 format
drwxr-xr-x 2 root root 4096 Aug 7 14:24 hooks
drwxr-xr-x 2 root root 4096 Aug 7 14:24 locks
Create Subversion User
First you need to create the following file to define your admins and access levels for the repositories.
/var/svn/conf/svnpolicy
[groups] admin = YOUR-USERNAME # By default, nobody has any permissions [/] * = [www:/] @admin = rw [public:/] * = r
Now add a username and password for webdav access, handled by apache.
create password
# htpasswd2 [-c if it is your first file] /var/svn/conf/svnpolicy YOUR-USERNAME
Now create the basic subversion structure.
code
# svn --username USERNAME mkdir -m "- structure setup" file:///var/svn/repos/www/{trunk,tags,branches}
Committed revision 1.
# svn --username USERNAME mkdir -m "- structure setup" file:///var/svn/repos/public/{trunk,tags,branches}
Committed revision 1.
Install Subversion Websvn
Websvn gives a pretty interface for our directory. Installation is easy.
install websvn
# echo "www-apps/websvn enscript" >> /etc/portage/package.use # emerge subversion websvn -av * Messages for package www-apps/websvn-2.3.2: * (config) htdocs/include/config.php * (config) htdocs/wsvn.php * (server owned) htdocs/cache * * The 'vhosts' USE flag is switched ON * This means that Portage will not automatically run webapp-config to * complete the installation. * * To install websvn-2.3.2 into a virtual host, run the following command: * * webapp-config -I -h -d websvn websvn 2.3.2 * * For more details, see the webapp-config(8) man page
Now install websvn with webapp-config. You could, in theory, install it anywhere you want. Here is how I would like to access the repository:
- local or webdav
- websvn
Now we will create those four directories (one for webdav access and one for websvn access for each of our two repositories).
create apache directories
# mkdir -p net.gentoovps.svn{,.www,.public,.public.www}/htdocs
vps www # ls -1 | grep svn
net.gentoovps.svn
net.gentoovps.svn.public.www
net.gentoovps.svn.www
net.gentoovps.svn.public
Now update your dns records and make sure $ dig +short @8.8.8.8 www.public.svn.YOUR-DOMAIN.tldresolves (the example uses google public dns server).
Preparing Vhosts
Create vhost entries for your two websvn installs.
The first configuration will reference our password file created above and ensure users authenticate.
/etc/apache2/vhosts.d/net.gentoovps.svn.www.conf
<IfDefine DEFAULT_VHOST>
<IfDefine SVN>
<VirtualHost *:80>
ServerName www.svn.gentoovps.net
DocumentRoot "/var/www/net.gentoovps.svn.www/htdocs"
Include /etc/apache2/vhosts.d/default_vhost.include
<Directory "/var/www/net.gentoovps.svn.www/htdocs">
AllowOverride None
order allow,deny
allow from all
AuthType Basic
AuthName "Subversion Repository"
Require valid-user
AuthUserFile /var/svn/conf/svn-user-auth
</Directory>
</VirtualHost>
</IfDefine>
</IfDefine>
This one is a bit shorter as we are not enforcing passwords.
/etc/apache2/vhosts.d/net.gentoovps.svn.public.www.conf
<IfDefine DEFAULT_VHOST>
<VirtualHost *:80>
ServerName www.public.svn.gentoovps.net
DocumentRoot "/var/www/net.gentoovps.svn.public.www/htdocs"
Include /etc/apache2/vhosts.d/default_vhost.include
<Directory "/var/www/net.gentoovps.svn.public.www/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
</IfDefine>
Remember to restart apache since we changed our vhost file.
restart apache
# /etc/init.d/apache2 restart
webapp magic
Sigh, we’re getting there. Next install websvn to two different directories (public and www).
install websvn
# webapp-config -I -h net.gentoovps.svn.www websvn 2.3.2 * * You may be installing into the website's root directory. * Is this what you meant to do? * * Creating required directories * Linking in required files * This can take several minutes for larger apps * Files and directories installed * Install completed - success # webapp-config -I -h net.gentoovps.svn.public.www websvn 2.3.2 * * You may be installing into the website's root directory. * Is this what you meant to do? * * Creating required directories * Linking in required files * This can take several minutes for larger apps * Files and directories installed * Install completed - success
Configuring Websvn
If you try to access either installation now with (http://www.svn.gentoovps.net/ or http://www.public.svn.gentoovps.net/) you’ll be greeted with the following.
Please set up a repository in include/config.php using $config->parentPath or $config->addRepository. See the installation guide for more details.
Here is the configuration for our public server. Make sure to list only the public repository.
/var/www/net.gentoovps.svn.public.www/htdocs/include/config.php
$config->setSvnConfigDir('/tmp');
$config->setTrustServerCert();
$config->addRepository('public', 'file:///var/svn/repos/public');
$config->addTemplatePath($locwebsvnreal.'/templates/calm/');
$config->addInlineMimeType('text/plain');
$config->setMinDownloadLevel(2);
$config->useGeshi();
set_time_limit(0);
$config->expandTabsBy(8);
$config->allowDownload();
$config->setDefaultFileDlMode('plain');
$config->setDefaultFolderDlMode('zip');
$config->setMinDownloadLevel(2);
$config->useEnscript();
$config->setRssEnabled(false);
$config->expandTabsBy(8);
Here is the configuration for our private server. Make sure to define the parentPath so all repositories are included.
/var/www/net.gentoovps.svn.www/htdocs/include/config.php
$config->setSvnConfigDir('/tmp');
$config->setTrustServerCert();
$config->parentPath('/var/svn/repos');
$config->addTemplatePath($locwebsvnreal.'/templates/calm/');
$config->useAuthenticationFile('/var/svn/conf/svnpolicy'); // restrict www
$config->addInlineMimeType('text/plain');
$config->setMinDownloadLevel(2);
$config->useGeshi();
set_time_limit(0);
$config->expandTabsBy(8);
$config->allowDownload();
$config->setDefaultFileDlMode('plain');
$config->setDefaultFolderDlMode('zip');
$config->setMinDownloadLevel(2);
$config->useEnscript();
$config->setRssEnabled(false);
$config->expandTabsBy(8);
Now try http://www.svn.gentoovps.net/ and http://www.public.svn.gentoovps.net/ again.
Adding a Project (website)
Start by cd’ing to the subdomain that you will add to version control. We’ll call it a project.
change directory to the project
#cd /var/www/net.gentoovps.svn.public.www/htdocs
do not serve svn files
Subversion places .svn files in the directories under version control. Apache does not need to serve these so we need to alter our current .htaccess files.
protect svn files
# touch .htaccess && echo -e "# do not serve .svn files to the public \ > \nRewriteEngine on\nRewriteRule .*\.svn/.* - [F]\n\n" | cat - .htaccess > .tmp.htaccess && mv .tmp.htaccess .htaccess
commit project
Perform an initial commit.
initial commit
# cd /var/www/net.gentoovps.svn.public.www # svn --username USERNAME mkdir -m "- setting up new project" file:///var/svn/repos/www/trunk/net.gentoovps.svn.public.www Committed revision 2.
Checking Out Project
Check out the project we just made.
code
$ svn --username USERNAME co file:///var/svn/repos/www/trunk/net.gentoovps.svn.public.www . Checked out revision 2.
Add files to the project (including the .htaccess file)
code
$ svn --username USERNAME add * **/.htaccess
Now try a local commit.
test local commit
$ svn --username USERNAME commit -m "- initial code commit" Committed revision 3.
Now browse to http://www.svn.gentoovps.net and see that you have a subdomain under version control.
So far you only have true access through localhost, next we’ll set up webdav to allow access from outside.
Webdav
Enable webdav in apache.
/etc/conf.d/apache2
APACHE2_OPTS="... -D SVN -D SVN_AUTHZ -D DAV -D DAV_FS”
Backup the original mod_dav_svn config file.
backup config
cd /etc/apache2/modules.d/ cp 47_mod_dav_svn.conf 47_mod_dav_svn.conf.orig
Make a few changes to the 47_mod_dav_svn.conf file.
/etc/apache2/modules.d/47_mod_dav_svn.conf
<IfDefine SVN>
<IfModule !mod_dav_svn.c>
LoadModule dav_svn_module modules/mod_dav_svn.so
</IfModule>
<IfDefine SVN_AUTHZ>
<IfModule !mod_authz_svn.c>
LoadModule authz_svn_module modules/mod_authz_svn.so
</IfModule>
</IfDefine>
</IfDefine>
Webdav Vhost
Here is a vhost configuration for public subversion webdav access (no browsing support though … use websvn for that).
/etc/apache2/vhosts.d/net.gentoovps.svn.public.conf
<IfDefine DEFAULT_VHOST>
<IfDefine SVN>
<VirtualHost *:80>
ServerName public.svn.gentoovps.net
Include /etc/apache2/vhosts.d/default_vhost.include
<Location />
DAV svn
SVNParentPath /var/svn/repos
# try anonymous access first, resort to real
# authentication if necessary.
Satisfy Any
Require valid-user
</Location>
</VirtualHost>
</IfDefine>
</IfDefine>
Here is a vhost configuration for subversion webdav access (no browsing support though … use websvn for that).
/etc/apache2/vhosts.d/net.gentoovps.svn.conf
<IfDefine DEFAULT_VHOST>
<IfDefine SVN>
<VirtualHost *:80>
ServerName svn.gentoovps.net
Include /etc/apache2/vhosts.d/default_vhost.include
<Location />
DAV svn
SVNParentPath /var/svn/repos
AuthzSVNAccessFile /var/svn/conf/svnpolicy
# try anonymous access first, resort to real
# authentication if necessary.
Satisfy Any
Require valid-user
# how to authenicate a user
AuthType Basic
AuthName "GentooVPS.net SVN Repository"
AuthUserFile /var/svn/conf/svn-user-auth
</Location>
</VirtualHost>
</IfDefine>
</IfDefine>
Remember to restart apache since we changed our vhost file.
restart apache
# /etc/init.d/apache2 restart
Perform your first checkout on a client machine with webdav.
checkout
client $> svn --username USERNAME co http://svn.gentoovps.net/www/trunk/net.gentoovps.svn.public.www .
Just to ensure that you have write access, test a commit.
test commit
client $> echo "# testing commit" >> htdocs/.htaccess
client $> svn commit -m "- making modification"
Authentication realm: GentooVPS.net SVN Repository
Password for 'USERNAME':
-----------------------------------------------------------------------
ATTENTION! Your password for authentication realm:
GentooVPS.net SVN Repository
can only be stored to disk unencrypted! You are advised to configure
your system so that Subversion can store passwords encrypted, if
possible. See the documentation for details.
You can avoid future appearances of this warning by setting the value
of the 'store-plaintext-passwords' option to either 'yes' or 'no' in
'/home/USERNAME/.subversion/servers'.
-----------------------------------------------------------------------
Store password unencrypted (yes/no)? no
Sending htdocs/.htaccess
Transmitting file data .
Committed revision 36.
Force SSL
Update your vhost file to force ssl via a 301 redirect.
/etc/apache2/vhosts.d/net.gentoovps.svn.conf
<IfDefine DEFAULT_VHOST>
<IfDefine SVN>
<VirtualHost *:80>
ServerName svn.gentoovps.net
RewriteEngine On
RewriteRule (.*) https://svn.gentoovps.net$1 [R=301,L]
</VirtualHost>
<IfDefine SSL>
<IfModule ssl_module>
<VirtualHost *:443>
ServerName svn.gentoovps.net
Include /etc/apache2/vhosts.d/default_vhost.include
SSLEngine on
# Change the next two lines according to where you've actually
# stored the certificate and key files.
SSLCertificateFile /etc/apache2/gentoovps.net.crt
SSLCertificateKeyFile /etc/apache2/gentoovps.net.key
SSLOptions StrictRequire
SSLProtocol all -SSLv2
<Location />
DAV svn
SVNParentPath /var/svn/repos
SSLRequireSSL
AuthzSVNAccessFile /var/svn/conf/svnpolicy
# try anonymous access first, resort to real
# authentication if necessary.
Satisfy Any
Require valid-user
# how to authenicate a user
AuthType Basic
AuthName "GentooVPS.net SVN Repository"
AuthUserFile /var/svn/conf/svn-user-auth
</Location>
</VirtualHost>
</IfModule>
</IfDefine>
</IfDefine>
Now see what happens when you try to perform a check out without ssl.
checkout after forced redirect
$ svn --username USERNAME co http://svn.gentoovps.net/www/trunk/net.gentoovps.svn.public.www . svn: Repository moved permanently to 'https://svn.gentoovps.net/www/trunk/net.gentoovps.svn.public.www'; please relocate
Now attempt your checkout with ssl.
checkout with sll
$ svn --username USERNAME co https://svn.gentoovps.net/www/trunk/net.gentoovps.svn.public.www .
Force SSL for Private Websvn
Lastly, lets encrypt websvn to our traffic. If the files are important enough to password protect, they are important enough to secure during transport.
/etc/apache2/vhosts.d/net.gentoovps.svn.www.conf
<IfDefine DEFAULT_VHOST>
<IfDefine SVN>
<VirtualHost *:80>
ServerName www.svn.gentoovps.net
RewriteEngine On
RewriteRule (.*) https://svn.gentoovps.net$1 [R=301,L]
</VirtualHost>
<IfDefine SSL>
<IfModule ssl_module>
<VirtualHost *:443>
ServerName www.svn.gentoovps.net
Include /etc/apache2/vhosts.d/default_vhost.include
DocumentRoot "/var/www/net.gentoovps.svn.www/htdocs"
SSLEngine on
# Change the next two lines according to where you've actually
# stored the certificate and key files.
SSLCertificateFile /etc/apache2/gentoovps.net.crt
SSLCertificateKeyFile /etc/apache2/gentoovps.net.key
SSLOptions StrictRequire
SSLProtocol all -SSLv2
<Directory "/var/www/net.gentoovps.svn.www/htdocs">
AllowOverride None
order allow,deny
allow from all
AuthType Basic
AuthName "Subversion Repository"
Require valid-user
AuthUserFile /var/svn/conf/svn-user-auth
</Directory>
</VirtualHost>
</IfModule>
</IfDefine>
</IfDefine>
Wrapping Up
Okay, so now you can go through and all your subdomain directories as projects in your repository. Since checkouts are via webdav with ssl, this provides a method of uploading that is as secure as sftp and has the benefit of being under version control. Now we are ready to install web application and begin development on our server.
http://rockfloat.com/howto/gentoo-subversion.html 참고