Roll your own Subversion server, Roll-out Part 1

svnserve configuration

By default, anonymous users can only read from our repository. Since we haven’t setup a login mechanism for svnserve, we are treated as anonymous users so we can’t check in any files yet. Let’s fix this. We will create a single svnserve.conf file and make symbolic links to it from each of our repositories’ conf directories. User and directory access will be set with global password-db and the authz-db files rather than by tweaking each individual svnserve.conf (nightmare!).

The best part of this setup, we can coax Warehouse app to maintain these files for us and we can just do access rights from their interface.

svnserve.conf file

Let’s create the svnserve.conf file:

cd ~/repositories
nano svnserve.conf

Use these settings:

[general]
anon-access = none
auth-access = write
password-db = /home/demo/repositories/passwd
#authz-db    = /home/demo/repositories/authz
realm       = Example Repository

As you can see, we have disabled anonymous access with the anon-access option. You could change this if all your repos will be public but I find it better to deny first and allow on a case by case basis. For now, I commented out the authz-db file so that we don’t have to manage it manually (nightmare!). Once Warehouse is in the loop, it will take care of this file for us.

passwd file

Now create the passwd file:

nano passwd

And add your user account. The format is one username:password entry per line. Here’s mine:

[users]
admin:password

authz file

Next is the authz file. We’ll create it but leave it blank for now:

touch authz

Configure the repositories

Finally, let’s make our repositories use the newly created svnserve.conf file by creating symbolic links as follows:

ln -fs /home/demo/repositories/svnserve.conf project1/conf
ln -fs /home/demo/repositories/svnserve.conf project2/conf

Make sure they were created correctly with the following:

ls -l project1/conf
...
total 8
-rw-rw-r-- 1 demo demo 684 Sep 25 20:34 authz
-rw-rw-r-- 1 demo demo 309 Sep 25 20:34 passwd
lrwxrwxrwx 1 demo demo  37 Sep 25 22:16 svnserve.conf -> /home/demo/repositories/svnserve.conf

Perfect. We now have a single svnserve.conf file with which to manage repository access. Be sure to do this for any future repositories you create or they won’t follow the global rules we have set up.

Test out your account

Finally, to make sure everything is working correctly, let’s check out a copy of one of your repositories.

svn co --username admin svn://code.example.com/project1
...
Authentication realm: <svn://code.example.com:3690> Example Repository
Password for 'admin':
A    project1/trunk
A    project1/trunk/project1.txt
A    project1/trunk/newfile1.txt
A    project1/branches
A    project1/tags
Checked out revision 3.

Good, svnserve made us authenticate so no anonymous checkouts. Now let’s create a file and try to commit it. First create the file:

cd project1/trunk
touch commitTest.txt
svn add commitTest.txt
...
A         commitTest.txt

Now let’s do a commit:

svn commit -m "authentication test commit"
...
Adding         trunk/commitTest.txt
Transmitting file data .
Committed revision 4.

Looks good!

Warehouse configuration

First step is to decide if you want urls to your repos to be done with subdomains or subfolders. By default, Warehouse serves your repos from reponame.code.example.com. I personally like this, but I also like Disco music so I know to not trust my instincts. DNS can be tough for some people to edit so I’ll just use subfolders for this guide. If you like the subdomain style you can skip these steps.

Enable subdirectories

The right way to do this is to set the USEREPOPATHS=1 environment variable, but I can’t figure out how to do this with Nginx/Thin so let’s go with plan B and edit the environment.rb file instead. If anyone can enlighten me on how to set environment variables like this, I will update the guide. Anyway, let’s enable subdirectory access. From the warehouse directory, run:

nano config/environment.rb

Find the line:

#USE_REPO_PATHS = true

and uncomment it:

USE_REPO_PATHS = true

Now restart your Thin cluster:

sudo /etc/init.d/thin restart

Login to Warehouse

Re-visit your webpage (http://code.example.com/) and set up the first repo and user as follows. Note that the username and passwords you use here will later be synced up for svnserve to use. You probably want to use the same data you used when making the passwd file. Here’s my install page filled out:

Warehouse Install

You will now see this page where you can just tell Warehouse to syncronize the first changeset:

Warehouse Sync

And now you will be taken to your first repo in Warehouse where you should be able to see the files we checked in earlier:

Warehouse Home

That’s it! Warehouse is now linked to your repository. Take some time to play around and explore. Be sure to check out the guides at Warehouseapp.com to get a feel for how the system works.

Next Steps

Subversion is officially ready to roll. It has basic authentication set up and we can now commit and check out files as needed from it. Warehouse was also initialized and it works on it’s own for now. Come back once you’re done playing around for the next article where we will configure some hooks to keep our svnserve configuration up-to-date and to automatically synchronize change-sets to Warehouse.

Tags: , , ,


  • Thanks for sharing these useful codes. Definitely helpful.

blog comments powered by Disqus