Dr. Dobb's is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Channels ▼
RSS

Open Source

Subversion and Linux: Setup and Use, Part 2

By Ramanathan Muthaiah, August 06, 2007

First you set up Subversion, then you use it

A Special Recipe Using Apache's HTTP

Using a custom module, Apache's httpd is capable of serving Subversion repositories via the WebDAV/DeltaV protocol over the local intranet or Internet. The WebDAV/DeltaV protocol is an extension of HTTP v1.1 with provisions that enable authoring (writing) capabilities on versioned files.

Note: Serving the repository via httpd does not require a special/custom port.

Rather than discussing in a dry theoretical manner how the various things work, I focus on some commonly asked questions in the SVN mailing lists. These are given in separate points below. Of course, for more detail, you can refer to the Collins-Sussman book.

Differences between "SVNPath" and "SVNParentPath":

  • SVNPath. To serve a single repository, input is absolute path to the repo location
  • SVNParentPath. To serve multiple repos located in a common parent directory. The advantage with this directive is that any new repositories created in this "common parent dir" shall be served immediately by httpd without having to restart the Web server daemon or change the Apache's httpd.conf.
  • SVNListParentPath. When used along with SVNParentPath, this directive enables anyone with access to SVN hostname to view all the repos in this "common parent dir"; however, it is turned off by default for security reasons.

Basic Authentication

Authentication is set up using the htpasswd utility; the password generated using this tool should be stored in the file, /path/to/svn-auth-file.

Directives to be used (without the arrows shown below) with this authentication mechanism, in <Location> block, are given below: 

DAV          ==> svn
AuthType     ==> Basic
AuthName     ==> "Imaginary name"
AuthUserFile ==> /path/to/svn-auth-file

Passwords used in this basic setup are transmitted as plain text over the network; hence, SVN admins concerned with security should use encryption mechanisms like SSL certificates. With this kind of arrangement, clients can authenticate using https:// instead of http://.

Configuring Neon

Opening up repository access to networks, outside the local intranet, necessitates the implementation of strict access control mechanisms. This is exactly the scenario wherein the Neon library is required, because it is capable of exchanging certificates with Apache's httpd. At the time of SVN client installation, if OpenSSL is enabled or compiled, then it is possible for SVN clients to use https://.

Neon is a generic webDAV/HTTP library with support for:

  • Client/server certificates

  • Repo access via proxy
  • Repo access using a virtual domain name

The following module names, for SVN purposes, should be in the LoadModules directive:

  • mod_dav
  • mod_dav_svn

What is "mod_authz_svn"?

To implement path-based/per-directory access control, you must define the mechanism (i.e., the permissions for the various paths in the repo) in a "control file" that is in turn referred by the directive "AuthzSVNAccessFile" located in the <Location> block. Along with this directive, we should extend the LoadModule section, by adding mod_authz_svn immediately after the mod_dav_svn's entry.

The format of this control file, which defines path-based access, is similar that used by svnserve daemon. For the format of this control file, see the SVN book.

Here are the steps to configure and set up Subversion with Apache's httpd:

  1. Install Subversion and httpd, either from sources or using pre-built binary packages.
  2. Modify httpd.conf for the various directives, as listed in the items below.
  3. Add module names, mod_dav.so, mod_dav_svn.so, and mod_authz_svn.so in that order.
  4. Set the location of repos in <Location> block.
  5. Set up authentication, basic or encryption, and extend/add the new directives.
  6. Determine type of access to the repos. You can set either blanket access allowing a set of valid users to have read-only or read-write control on the repo or per-directory based control using custom rules written in a "control file".

A snapshot of the Apache config and repo permissions are shown in the following examples. With this basic setup, I demonstrate how to access the repos using http://. 

$ls -l /opt/samagdocs/
total 56
drwxrwxr-x 2 apached svnplaygrp 4096 May  6 19:31 conf
drwxrwxr-x 2 apached svnplaygrp 4096 Nov 27 00:43 dav
drwxrwxr-x 5 apached svnplaygrp 4096 May  6 19:18 db

-rwxrwxr-x 1 apached svnplaygrp    2 Nov 27 00:43 format
drwxrwxr-x 2 apached svnplaygrp 4096 Nov 27 00:43 hooks
drwxrwxr-x 2 apached svnplaygrp 4096 Nov 27 00:43 locks
-rwxrwxr-x 1 apached svnplaygrp  229 Nov 27 00:43 README.txt

$ls -ld /opt/samagdocs/
drwxrwxr-x 7 apached svnplaygrp 4096 Nov 27 00:43 /opt/samagdocs/

$cat /opt/samagdocs/conf/svn-auth-file
ram:$apr1$C.gJb...$/fMmtuoOX3YWNF3ZPXAvm1

Here are the directives in Apache's httpd.conf:

LoadModules: 

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so

Httpd should be run as user/group: 

User apached
Group svnplaygrp

Port number: 

Listen 8080

No DNS server; server name is same as IP address:

<Location /samagrepo> DAV svn SVNPath /opt/samagdocs AuthType Basic AuthName "SAMAG Article Repo" AuthUserFile "/opt/samagdocs/conf/svn-auth-file" </Location>

The next logical step is to verify your configuration; let's start the Apache server and try out few commands, such as svn info and svn co: 

$ps auxw | grep -i apache
apached 2428  0.0  0.4 5584 2152 ?  S 19:49 0:00 /opt/http-2.2.3/bin/httpd -k start
apached 2429  0.0  0.6 5740 2732 ?  S 19:49 0:00 /opt/http-2.2.3/bin/httpd -k start
apached 2430  0.0  0.3 5448 1680 ?  S 19:49 0:00 /opt/http-2.2.3/bin/httpd -k start
apached 2431  0.0  0.3 5448 1680 ?  S 19:49 0:00 /opt/http-2.2.3/bin/httpd -k start
apached 2432  0.0  0.3 5448 1680 ?  S 19:49 0:00 /opt/http-2.2.3/bin/httpd -k start

Now look at the actual SVN commands using http://. With the correct configuration, it is obvious from the commands shown below that repo access via http:// works. I show two commands: svn info and svn co, both accessing the repo via http://192.168.0.123:8080, as defined in httpd.conf:

svn info: 

$/opt/svn-1.4.3/bin/svn info http://192.168.0.123:8080/samagrepo
Path: samagrepo
URL: http://192.168.0.123:8080/samagrepo
Repository Root: http://192.168.0.123:8080/samagrepo
Repository UUID: d87b2b87-2545-461f-ae99-430b66f94c56
Revision: 51
Node Kind: directory
Last Changed Author: ram
Last Changed Rev: 51
Last Changed Date: 2007-05-06 19:18:58 +0530 (Sun, 06 May 2007)

svn checkout: 

$/opt/svn-1.4.3/bin/svn co -r HEAD http://192.168.0.123:8080/samagrepo samg-httpwc
A    samg-httpwc/trunk
A    samg-httpwc/trunk/images
A    samg-httpwc/trunk/images/svn_move.png
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
A    samg-httpwc/tags/23DEC_BL/images/svn_checkout.png
A    samg-httpwc/tags/23DEC_BL/svn_article
Checked out revision 52.

Conclusion

TortoiseSVN, Subclipse, SVK, and Trac are some of the most popular clients, and high-level tools are available that use Subversion. For a complete list of clients and plugins, higher level tools that use Subversion, third-party browsing tools, as well as miscellaneous utilities and Subversion language bindings, please refer to the references.



Previous 1 2 3 4 5 

Related Reading

News

Commentary

Slideshow

Video

Most Popular

More Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>
INFO-LINK




Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Open Source Recent Articles

Most Popular

Stories Blogs

Upcoming Events



Most Recent Premium Content

Digital Issues