Tuesday, February 06, 2007

HOWTO: Setting up SVN and DAV in Fedora6

This Howto is based on a similar howto for FC4 by Ferdy Christant HERE


I've been trying to set-up a SVN repository for my university's usergroup to get some kickstart in Opensource development among my batch and friends, and UTP as a whole. With some googling, I managed to find some good guides in helping me to set-up up. (to newbies, just for your information, I'm using root user throughout this guide)

Step 1 : Getting the packages

To set up the repo, you'll need subversion, apache and mod_dav_svn.
yum install subversion mod_dav_svn httpd


Step 2 : Preparing the SVN repository root

After getting the required packages, set up a place for storing the SVN repos in a suitable place. In this howto, lets assume we store it in /var/svn/.
mkdir /var/svn/ 
mkdir /var/svn/permissions/ #where the permission settings will be stored
mkdir /var/svn/repos/ #where the repos will be stored
mkdir /var/svn/users/ #where the user htpasswd will be stored


We'll need to give apache access to the repository root, because it will be the application that read/write on it. Giving ownership is safer and easy to manage than chmod'ing the directories to 755.
chown -R apache:apache /var/svn/


Step 3 : Creating a test SVN repository

Lets create a repository in the directory for testing purposes
cd /var/svn/repos/
svnadmin create testrepo


chown it to apache
chown -R apache:apache testrepo


Step 4 : Setting up Apache and mod_dav_svn

The mod_dav_svn RPM already provided a prebuild configuration for this purpose, you can found it at /etc/httpd/conf.d/subversion.conf. For the lazy people, you can just uncomment the all the entries in the config, change the path settings and start/restart/reload httpd. But lets uncomment a few lines first to test whether the repository can work or not. Don't forget to change the SVNParentPath to your SVN repository parent. If you want, you can also change the Location setting (in this howto, I use /svn).

<Location /svn> 
DAV svn
SVNParentPath /var/svn/repos
#
# # Limit write permission to list of valid users.
# <LimitExcept GET PROPFIND OPTIONS REPORT>
# # Require SSL connection for password protection.
# # SSLRequireSSL
#
# AuthType Basic
# AuthName "Authorization Realm"
# AuthUserFile /path/to/passwdfile
# Require valid-user
# </LimitExcept>
</Location>


Start/Reload apache for the settings to take effect.
service http reload

Then, try entering the repository by pointing your browser to the /svn/testrepo folder of the webserver (lets assume we are doing this on localhost). Open http://localhost/svn/testrepo/ . You should see a page with "Revision 0:/" as the header. If you can see the page it, if not, check if you've done something wrong (if you got error 403, check the folder permissions)

Step 6 : Securing the repository

To secure the repo and DAV, we rely on htpasswd protection, first, create a passwordfile to store the username and password
htpasswd -cb /path/to/passwdfile username password

eg:
htpasswd -cb /var/svn/users/passwords myuser mypasswd123

Then, uncomment these lines
<Location /svn> 
DAV svn
SVNParentPath /var/svn/repos
#
# # Limit write permission to list of valid users.
<LimitExcept GET PROPFIND OPTIONS REPORT>
# # Require SSL connection for password protection.
# SSLRequireSSL
#
AuthType Basic
AuthName "Authorization Realm"
AuthUserFile /var/svn/users/passwords
Require valid-user
</LimitExcept>
</Location>

and reload httpd
service httpd reload

By now, when you want to open the repo URL, the browser will ask for a username and a password.

Allowing Read access to all visitors/users

You might want to allow all users read operation but limit write to known members, you can do this by rearranging entries in the config into this and reload httpd

<Location /svn>
DAV svn
SVNParentPath /svn/repos
SVNListParentPath on
AuthType Basic
AuthName "Authorization Realm"
AuthUserFile /svn/users/passwords
# SSLRequireSSL
#
# Limit write permission to list of valid users.
<LimitExcept GET PROPFIND OPTIONS REPORT>
# # Require SSL connection for password protection.
# SSLRequireSSL
# AuthzSVNAccessFile /svn/permissions/svnauthz.conf
Require valid-user
</LimitExcept>
</Location>


Done

If you want more advanced access control using per-directory permission, you can read the blog post at Ferdy Christant's blog or this Gentoo wiki entry. I'm only covering the base set-up of a SVN server on FC6. If you want a Web based SVN interface, consider looking into WebSVN.
Post a Comment