By default, anonymous users can only read from our repository. Since we haven’t setup a login mechanism for svnserve, we are treated as anonymous users so we can’t check in any files yet. Let’s fix this. We will create a single svnserve.conf file and make symbolic links to it from each of our repositories’ conf directories. User and directory access will be set with global password-db and the authz-db files rather than by tweaking each individual svnserve.conf (nightmare!).
The best part of this setup, we can coax Warehouse app to maintain these files for us and we can just do access rights from their interface.
Let’s create the svnserve.conf file:
cd ~/repositories nano svnserve.conf
Use these settings:
[general] anon-access = none auth-access = write password-db = /home/demo/repositories/passwd #authz-db = /home/demo/repositories/authz realm = Example Repository
As you can see, we have disabled anonymous access with the anon-access option. You could change this if all your repos will be public but I find it better to deny first and allow on a case by case basis. For now, I commented out the authz-db file so that we don’t have to manage it manually (nightmare!). Once Warehouse is in the loop, it will take care of this file for us.
Now create the passwd file:
And add your user account. The format is one username:password entry per line. Here’s mine:
Next is the authz file. We’ll create it but leave it blank for now:
Configure the repositories
Finally, let’s make our repositories use the newly created svnserve.conf file by creating symbolic links as follows:
ln -fs /home/demo/repositories/svnserve.conf project1/conf ln -fs /home/demo/repositories/svnserve.conf project2/conf
Make sure they were created correctly with the following:
ls -l project1/conf ... total 8 -rw-rw-r-- 1 demo demo 684 Sep 25 20:34 authz -rw-rw-r-- 1 demo demo 309 Sep 25 20:34 passwd lrwxrwxrwx 1 demo demo 37 Sep 25 22:16 svnserve.conf -> /home/demo/repositories/svnserve.conf
Perfect. We now have a single svnserve.conf file with which to manage repository access. Be sure to do this for any future repositories you create or they won’t follow the global rules we have set up.
Test out your account
Finally, to make sure everything is working correctly, let’s check out a copy of one of your repositories.
svn co --username admin svn://code.example.com/project1 ... Authentication realm: <svn://code.example.com:3690> Example Repository Password for 'admin': A project1/trunk A project1/trunk/project1.txt A project1/trunk/newfile1.txt A project1/branches A project1/tags Checked out revision 3.
Good, svnserve made us authenticate so no anonymous checkouts. Now let’s create a file and try to commit it. First create the file:
cd project1/trunk touch commitTest.txt svn add commitTest.txt ... A commitTest.txt
Now let’s do a commit:
svn commit -m "authentication test commit" ... Adding trunk/commitTest.txt Transmitting file data . Committed revision 4.
First step is to decide if you want urls to your repos to be done with subdomains or subfolders. By default, Warehouse serves your repos from reponame.code.example.com. I personally like this, but I also like Disco music so I know to not trust my instincts. DNS can be tough for some people to edit so I’ll just use subfolders for this guide. If you like the subdomain style you can skip these steps.
The right way to do this is to set the USEREPOPATHS=1 environment variable, but I can’t figure out how to do this with Nginx/Thin so let’s go with plan B and edit the environment.rb file instead. If anyone can enlighten me on how to set environment variables like this, I will update the guide. Anyway, let’s enable subdirectory access. From the warehouse directory, run:
Find the line:
#USE_REPO_PATHS = true
and uncomment it:
USE_REPO_PATHS = true
Now restart your Thin cluster:
sudo /etc/init.d/thin restart
Login to Warehouse
Re-visit your webpage (http://code.example.com/) and set up the first repo and user as follows. Note that the username and passwords you use here will later be synced up for svnserve to use. You probably want to use the same data you used when making the passwd file. Here’s my install page filled out:
You will now see this page where you can just tell Warehouse to syncronize the first changeset:
And now you will be taken to your first repo in Warehouse where you should be able to see the files we checked in earlier:
That’s it! Warehouse is now linked to your repository. Take some time to play around and explore. Be sure to check out the guides at Warehouseapp.com to get a feel for how the system works.
Subversion is officially ready to roll. It has basic authentication set up and we can now commit and check out files as needed from it. Warehouse was also initialized and it works on it’s own for now. Come back once you’re done playing around for the next article where we will configure some hooks to keep our svnserve configuration up-to-date and to automatically synchronize change-sets to Warehouse.