Setting up Subversion and websvn on Debian

Want to support HowtoForge? Become a subscriber!
 
Submitted by bertheymans (Contact Author) (Forums) on Sun, 2006-09-10 15:02. :: Debian | Other

Setting up Subversion and websvn on Debian 

Purpose of this howto

This howto will illustrate a way to install and configure Subversion and websvn on a Debian server with the following features:

  • multiple repository Subversion
  • access to the repositories via WebDAV (http, https) and ssh
  • Linux system account access control and/or Apache level access control
  • a secured websvn (php web application for easy code browsing)
  • configured syntax coloring in websvn with gnu enscript
I will not specifically configure inetd with svnserve in this howto. Rest assured that Subversion will be totally functional without it. You can copy/paste most of the howto to get it working.

Packages that are assumed to already be installed

This howto assumes PHP and apache2 are installed and configured. Configuring apache2 with SSL is optional.

Setting up Subversion

Subversion packages

As root you can enter the following commands to install the packages required for our Subversion setup:

# apt-get update
# apt-get install subversion
# apt-get install libapache2-svn

The package libapache2-svn will install the subversion WebDAV apache module.

Creating and populating repositories

To work with in this howto we'll create two repos:

# mkdir /var/svn-repos/
# svnadmin create --fs-type fsfs /var/svn-repos/project_zen
# svnadmin create --fs-type fsfs /var/svn-repos/project_wombat 

The repository directories need the proper permissions for apache and the other users. I'll make a group and add users to it (don't just copy/paste here). The apache user won't be put in the group because I find it less secure.

# groupadd subversion
# addgroup john subversion
# addgroup bert subversion
# addgroup you subversion
...
# chown -R www-data:subversion /var/svn-repos/*
# chmod -R 770 /var/svn-repos/*

Let's set up easy ssh connectivity, on a user machine enter the following commands:

$ mkdir ~/.ssh/
$ cd ~/.ssh/
$ ssh-keygen -t dsa
$ cat ~/.ssh/id_dsa.pub | ssh you@example.com "cat - >> ~/.ssh/authorized_keys"

The server example.com is the server we installed Subversion on. For easy ssh use you can chose not to use a passphrase with your key or use an agent to keep authenticated. Otherwise each transaction between the user machine and Subversion will require the user to enter a password (very inconvenient). Using an agent can be done like this:

$ ssh-agent
$ ssh-add
$ ssh you@example.com

All should be set now to use the a repository. You may test it like this, it shows an import and a checkout:

$ mkdir ~/TEMP/
$ echo "testing svn" > ~/TEMP/testing.txt
$ svn import -m "importing test over ssh+svn" ~/TEMP/ svn+ssh://example.com/var/svn-repos/project_zen/trunk
$ svn co svn+ssh://example.com/var/svn-repos/project_zen/trunk testcheckout

As a result the testing.txt file should be in a directory called testcheckout. On the serverside you can check the repositories with svnlook.

# svnlook tree /var/svn-repos/project_zen/

Configuring Subversion WebDAV

Normally the apache mod will be enabled by default, to ensure this is true enter the following commands:

# a2enmod dav
# a2enmod dav_svn

Configuration is done in the file /etc/apache2/mods-available/dav_svn.conf, but first we'll make an access file.

# htpasswd2 -c /etc/apache2/dav_svn.passwd you
# htpasswd2 /etc/apache2/dav_svn.passwd john
# htpasswd2 /etc/apache2/dav_svn.passwd sten
...

This is the content my /etc/apache2/mods-available/dav_svn.conf file:

		<Location /svn_zen>
DAV svn
SVNPath /var/svn-repos/project_zen
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user
SSLRequireSSL
</Location>

<Location /svn_wombat>
DAV svn
SVNPath /var/svn-repos/project_wombat
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user
SSLRequireSSL
</Location>

You can uncomment the SSLRequireSSL file if you don't want to use SSL, but then you need to use http and not https in the commands that follow. Apache should be restarted and we can test from a user machine. We'll import the same testfile in the wombat project.

# /etc/init.s/apache2 restart
$ svn import -m "testing over https" https://example.com/svn_wombat ~/TEMP/

Using a webbrowser you can visit your URL https://example.com/svn_wombat and see what was just committed. This is a basic on-line view on the repository, but using a web font-end like websvn will offer a better repository browsing experience.

Setting up websvn

Required packages

To get rolling with websvn we'll need to install the following packages, both will show you configuration screens (explained in the next paragraph):

# apt-get install enscript
# apt-get install websvn

Enscript isn't mandatory but we'll need it for syntax coloring in websvn.

Configuration

Enscript will ask for paper size, this might seem awkward but that's because enscript is also used for converting ASCII files to PostScript. We need it for it's syntax coloring features.

Websvn will first ask for which kind of server to configure, go ahead and just press enter.

websvn server configurationwebsvn parent directorywebsvn repository directories
 
The next screens ask for a parent repository folder (/var/svn-repos/ in this case) and specific repository folders, this will determine which repositories will show up in websvn. We will only enter a parent repository, all repositories created in this folder will show up in websvn for users to browse. If you want to show only specific repositories enter their full paths in the second screen and leave the parent path blank.
 
As a result the file /etc/websvn/svn_deb_conf.inc will be written. You can rerun debian package configuration screens with dpkg-reconfigure. Further websvn configuration is done in the file /etc/websvn/config.inc. This is the content of my file with some extension mappings for the syntax coloring.

		<?php
// --- LOOK AND FEEL ---
//
// Uncomment ONLY the display file that you want.
$config->setTemplatePath("$locwebsvnreal/templates/Standard/");
// $config->setTemplatePath("$locwebsvnreal/templates/BlueGrey/");
// $config->setTemplatePath("$locwebsvnreal/templates/Zinn/");
// $contentType[".c"] = "plain/text"; // Create a new association
// $contentType[".doc"] = "plain/text"; // Modify an existing one
unset($contentType[".sh"]); // Remove a default association -> .sh is regarded as a binary file by default, needs to be unset
// --- COLOURISATION ---
// Uncomment this line if you want to use Enscript to colourise your file listings
//
// You'll need Enscript version 1.6 or higher AND Sed installed to use this feature.
// Set the path above.
//
$config->useEnscript();
// Enscript need to be told what the contents of a file are so that it can be colourised
// correctly. WebSVN includes a predefined list of mappings from file extension to Enscript
// file type (viewable in setup.inc).
//
// Here you should add and other extensions not already listed or redefine the default ones. eg:
//
// php is default correctly colourized
$extEnscript[".java"] = "java";
$extEnscript[".pl"] = "perl";
$extEnscript[".py"] = "python";
$extEnscript[".sql"] = "sql";
$extEnscript[".java"] = "java";
$extEnscript[".html"] = "html";
$extEnscript[".xml"] = "html";
$extEnscript[".thtml"] = "html";
$extEnscript[".tpl"] = "html";
$extEnscript[".sh"] = "bash";
// --- MISCELLANOUS ---
// Uncomment this if you don't have the right to use it. Be warned that you may need it however!
set_time_limit(0);
// Comment this line to turn off caching of repo information. This will slow down your browsing.
$config->setCachingOn();
// Number of spaces to expand tabs to in diff/listing view across all repositories
$config->expandTabsBy(8);
// To change the global option for individual repositories, uncomment and replicate
// the required line below (replacing 'myrep' for the name of the repository to be changed).
// $config->findRepository("myrep")->expandTabsBy(3); // Expand Tabs by 3 for repository 'myrep'
?>
<?php
if ( file_exists("/etc/websvn/svn_deb_conf.inc") ) {
include("/etc/websvn/svn_deb_conf.inc");
}
?>

Next up is configuring the apache virtualhost for websvn.
Example using SSL:

		<VirtualHost *:443>
ServerAdmin webmaster@example.com
ServerName svn.example.com
DocumentRoot /var/www/websvn/
<Location />
Options FollowSymLinks
order allow,deny
allow from all
AuthType Basic
AuthName "Subversion Repository"
Require valid-user
AuthUserFile /etc/apache2/dav_svn.passwd
<IfModule mod_php4.c>
php_flag magic_quotes_gpc Off
php_flag track_vars On
</IfModule>
</Location>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>

Example without SSL:

		<VirtualHost *:80>
ServerAdmin webmaster@example.com
ServerName svn.example.com
DocumentRoot /var/www/websvn/

<Location />
Options FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthType Basic
AuthName "Subversion Repository"
Require valid-user
AuthUserFile /etc/apache2/dav_svn.passwd
<IfModule mod_php4.c>
php_flag magic_quotes_gpc Off
php_flag track_vars On
</IfModule>
</Location>
</VirtualHost>

Restart apache and have a look at the result at your https://svn.example.com/.

Useful Subversion references

Getting more information

Subversion clients

I hope you find this howto useful. This isn't a perfect setup, but hopefully it will help you in using Subversion. Please feel free to add comments or corrections.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Wed, 2014-01-29 23:28.

To avoid facing the problem:

"Could not open the requested SVN filesystem" 

 Replace the instruction:

 chown -R www-data:subversion /var/svn-repos/*

 with

 chown -R www-data:subversion /var/svn-repos

Submitted by Tavo (not registered) on Fri, 2012-09-07 03:32.

Excellent article. All works perfect. Thank you for all about this.

 

Tavo.

Submitted by Craig Douglas (not registered) on Sat, 2012-02-25 11:28.

Note that the DocumentRoot paths in your apache config files could be different to /var/www/websvn.  If you get an error when restarting apache, try finding your actual websvn directory using something like:<code>find / -path "*websvn/index.php"</code> My path on debian (squeeze) was actually /usr/share/websvn/

Submitted by jarquet (not registered) on Fri, 2011-06-24 04:37.
Everything worked perfectly, everything is set up just how I needed it.  I didn't do the webSVN, don't think i'll need it soon, but I couldn't have asked for better instructions for the rest of it.  Way big thanks.
Submitted by mmncs (registered user) on Thu, 2011-08-18 23:07.
Yes its a really nice guide, but I would recommend to check out Git distrubuted version control. That is the best distrubuted version control out there. Here is a guide to install a repository server on linux debian distros. How to install and setup a Git Repository Server using Gitolite on Linux Ubuntu 10.04 & 11.04 [Development Environment]
Submitted by bera (not registered) on Sun, 2011-05-22 11:16.

Great instruction, very helpful.

Thank you a lot!

You'll bless you in all your way! 

Submitted by Piffer (not registered) on Mon, 2011-02-07 05:46.

Thank you for this tutorial. I still need to do some more homework on the whole svn+ssh part, but all the other stuff works fine.

 Rather than using websvn, I'll try to get Trac setup (http://trac.edgewall.org/)

-Piffer

Submitted by Nuno (not registered) on Sun, 2010-06-27 01:15.

Hi, first nice toturial, i love it.

question, websvn runs in mod_fcgi? Cause i get:

Error 403!

Forbidden!

and

Forbidden

You don't have permission to access /index.php on this server.

 thanks in advance

Nuno

Submitted by Trikks (not registered) on Tue, 2010-06-15 12:29.

http://trikks.wordpress.com/2010/06/15/setup-a-subversion-svn-server-in-debian/

 :)

Submitted by rajesh (not registered) on Thu, 2010-06-10 13:14.
Very helpful.. Thanks a ton..bertheymans
Submitted by hmpetersson (registered user) on Mon, 2010-05-24 18:36.

Hello,

Great article!

However, I need to create a user that has only read access to the same repository as the users that has full access. How can i accomplish that?

/Martin

Submitted by Anonymous (not registered) on Tue, 2010-04-20 10:49.

htpasswd -m dav_svn.passwd USERNAME

 

Submitted by Juan (not registered) on Tue, 2012-04-17 20:05.
Try executing it with sudo or as root user
Submitted by hardik (not registered) on Thu, 2010-04-01 18:28.
Million dollar article. Thanks.
Submitted by Hardik (not registered) on Tue, 2010-03-16 19:03.

Worked perfectly.

Thanks.

Submitted by Ben (not registered) on Sat, 2010-02-20 18:20.
http://svnbook.red-bean.com/en/1.5/index.html which is the definitive
answer.  It appears that the options order has changed and so was able
to import with
 svn import ~/TEMP/ http://example.co.uk/svn_wombat -m 'testing over http'
Submitted by rosinballe (not registered) on Thu, 2010-01-14 08:47.

Used this howto to get websvn going on ubuntu 8.04 server. Thanks!

However, I needed one additional package to get it running:

# apt-get install  python-subversion

Also, enscript does not prompt me for anything.

Submitted by Fez (not registered) on Sat, 2009-11-07 18:55.

ok, so i need to make amends to that last post. I'll start over:

faizan@acer-laptop:~/.ssh$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/faizan/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/faizan/.ssh/id_dsa.
Your public key has been saved in /home/faizan/.ssh/id_dsa.pub.

faizan@acer-laptop:~/.ssh$ ls
id_dsa id_dsa.pub

faizan@acer-laptop:~/.ssh$ cat ~/.ssh/id_dsa.pub | ssh faizan@acer-laptop "cat - >> ~/.ssh/authorized_keys"
ssh: connect to host acer-laptop port 22: Connection refused


I pressed enter when it asked me about the file name to save to, and when it asked me for a password.


So why am i getting the error above? :s please help!

Submitted by Fez (not registered) on Sat, 2009-11-07 18:44.
When I did: $ ssh-agent $ ssh-add $ ssh faizan@localhost ssh: connect to host localhost port 22: Connection refused Similarly, later in the tutorial: $ svn import -m "importing test over ssh+svn" ~/TEMP/ svn+ssh://127.0.0.1/var/svn/icilpk/ trunk svn: Network connection closed unexpectedly Please Note- I had skipped: $ cat ~/.ssh/id_dsa.pub | ssh you@example.com "cat - >> ~/.ssh/authorized_keys" because when I ran "ssh-add" it already asked me for a password and all :s was that the right thing to do?
Submitted by Anonymous (not registered) on Tue, 2009-09-29 20:45.

Everything works grate but when I use svn+ssh to checkin new stuff the owner of db/current and db/txn-current changes from APACHE_USER to CHECKING_IN_USER.

When I browse websvn the repository is empty until I change the owner back to APACHE_USER.

Have I missed something?

One way to solve this problem is using a cronjob that changes permissions at a regular basis. But is there an other one?

Submitted by Niklas (not registered) on Sun, 2009-10-11 22:17.

Adding the apache user to the subversion group fixes this but as the author said (almost at the top):

The apache user won't be put in the group because I find it less secure. 

I did this with addgroup:

# addgroup www-data subversion

This worked for me and I don't worry about the risks since my server is located in a very secure network. But can anyone elaborate the risks with this I'm grateful.

But I will probably remove it again since my clients only will communicate to the svn-server via https.

Submitted by Anonymous (not registered) on Sat, 2009-09-05 09:41.

Thanks for sharing. You can also refer this site to get some more useful details.

http://howtosetup.in/component/content/article/2-subversion/2-subversion.html
Submitted by Anonymous (not registered) on Mon, 2009-08-31 16:59.
Thank you. Never done any of that before and your instructions were perfect. Great article
Submitted by Remington Konarski (not registered) on Fri, 2009-05-01 14:34.
I've tried at least 4 or 5 other subversion installation documents with little to no success. Most of the time Apache would never configure properly. Props to you! Finally an installation document that works and makes sense.
Submitted by Patrick (not registered) on Sun, 2009-03-15 16:11.

Thanks for the great how-to. I managed to get all fixed. However, there is one minor mistake (of course, everybody will be able to fix it themselves)

/etc/init.s/apache2 restart
should be:
/etc/init.d/apache2 restart

gr. P

Submitted by Betclic (not registered) on Sun, 2009-07-05 23:27.
Thanks
Submitted by Anonymous (not registered) on Sat, 2009-03-07 23:17.

You should add .bashrc file with content :

umask 002

On top of the /var/svn-repos

Submitted by neon (not registered) on Sat, 2009-03-21 13:54.
thank you


Submitted by Anonymous (not registered) on Mon, 2009-01-26 06:47.
wont the ssh users be able to see server / ???
Submitted by masterexploder (registered user) on Mon, 2007-05-21 23:30.

Hello all!

Great article! I just wanted to add a reference to another howto article on creating SSH keys for Windows machines that will be loggin into the https repository:

http://www.howtoforge.com/ssh_key_based_logins_putty

I found this when looking for myself, and thought I would post it here to give others easier access.

Thanks again for the article!

Submitted by vibeesh (registered user) on Fri, 2007-05-04 08:42.

hai all

i think the line below in the 

Setting up Subversion and websvn on Debian tutorial is wrong

$ svn co svn+ssh://example.com/usr/share/svn-repos/project_zen/trunk testcheckout

its like

$ svn co svn+ssh://example.com/var/svn-repos/project_zen/trunk testcheckout

correct me if its wrong 

 

thanks 

 

Submitted by 电磁铁 (not registered) on Sat, 2009-11-28 06:34.
thanks for sharing.
Submitted by bertheymans (registered user) on Thu, 2007-05-10 22:02.
Thanks pointing that out, it has been corrected :)
Submitted by XNeo (registered user) on Tue, 2006-11-14 04:51.

Debian Sarge uses SVN 1.1 which has the BDB filesystem as the default for new repositories. However, since SVN 1.2 the FSFS filesystem has become the new default. So, to be as futureproof as possible , I suggest that You change the repository creation commands as follows:
# svnadmin create --fs-type fsfs /var/svn-repos/project_zen
# svnadmin create --fs-type fsfs /var/svn-repos/project_wombat

Submitted by are (registered user) on Tue, 2006-10-10 07:31.

usermod -Gsubversion john REMOVED ME FROM SUDOERS FILE ON UBUNTU

Submitted by bertheymans (registered user) on Wed, 2006-10-11 11:05.

There are some differences between Debian and Ubuntu, I clearly mentioned not to just copy/paste that code. Commands may behave differently on different distributions.

If you lost your admin privileges on Ubuntu and don't know the root password, try putting yourself back in the admin group using a Knoppix CD.

As other comments mention the addgroup command is a safe alternative, I changed the snippet in the howto to this command.

Submitted by mattaldred (registered user) on Fri, 2006-09-15 19:13.

Fantastic Article! 

 

But can I suggest instead of:

    usermod -Gsubversion john

everyone use something like: 

    addgroup john subversion

 

"usermod -G" sometimes wipes all the user's existing groups.  

Submitted by toor (registered user) on Fri, 2006-09-22 16:17.

Just a hint..

My preferably way to do that is using gpasswd:

 

 # gpasswd -a userX groupY
 Adding user userX to group groupY


Submitted by angelabad (registered user) on Tue, 2006-09-12 14:42.

Hello, I make a spanish translation of this great howto, is in http://www.pastelero.net/2006/09/12/instalando-subversion-y-websvn-en-debian/, if you have any problem with this, please contact me.

Bye. 

Submitted by jlchannel (registered user) on Tue, 2006-09-12 11:26.

 

Subversion is great! I used SVNManager for managed my Subversion repo.

Submitted by dozens (registered user) on Fri, 2007-06-29 22:26.

When you say: 

svn import -m "testing over https" https://example.com/svn_wombat ~/TEMP/

I think you mean: 

svn import -m "testing over https" ~/TEMP/ https://example.com/svn_wombat

ie swap the last two arguments. 

Submitted by Biskouaz (not registered) on Thu, 2013-02-14 12:07.

Agreed. This is one of the mistake I found as well in this tutorial.
I wonder how all other users said; "Great, worked perfectly for me!".
Unfortunately it does not work for me and I suspect some more errors and missing information in this tutorial. Thanks anyway. I remains one of the best tutorial I found on the web.

 

Submitted by pari sportifs (not registered) on Mon, 2009-07-06 12:20.
Good !
Submitted by pari sportif (not registered) on Mon, 2009-10-19 10:15.
I like how to forge ! Great resource !