Installing Subversion And Configuring Access Through Different Protocols On Ubuntu 11.10

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Follow me on Twitter
Last edited 02/20/2012

Subversion (svn) is an open-source version control system (VCS), used in the development of many software projects. This tutorial shows how to install Subversion on Ubuntu 11.10 and how to configure it to allow access to a repository through different protocols: file://, http://, https://, svn://, and svn+ssh://.

I do not issue any guarantee that this will work for you!

1 Preliminary Note

This tutorial concentrates on Subversion installation and configuration, not on its usage. You can find a list of usefull svn commands here: http://wiki.greenstone.org/wiki/index.php/Useful_SVN_Commands. The complete svn documentation is here: http://svnbook.red-bean.com/en/1.5/index.html

The Ubuntu 11.10 system that I use here has the IP address 192.168.0.100 which I will use in the various svn commands throughout this tutorial. Make sure you replace it with your own server's IP/hostname.

2 Installing Subversion

Subversion can be installed as follows:

apt-get install subversion

Next we create a directory that will hold our repository/repositories - I use /var/lib/svn, but you can use another directory, if you like.

mkdir -p /var/lib/svn

I want to create a repository for my software project called myproject inside the /var/lib/svn directory - this can be done as follows:

svnadmin create /var/lib/svn/myproject

Of course, the repository is empty until we import our project into it.

There are several ways or protocols that can be used to access svn:

• file:// - Through this protocol you get direct repository access. Works only on the same system (local disk), not over the network. Works out of the box.
• http:// - It is possible to use WebDAV on a Subversion-aware Apache2 server to access a repository. Works over the network (port 80).
• https:// - Same as http://, but over a secure SSL connection (port 443).
• svn:// - Access to a repository is done through an svnserve server. Works over the network (port 3690).
• svn+ssh:// - Same as svn://, but through an SSH tunnel (port 22).

3 Using The file:// Protocol

The file:// protocol works out of the box (it doesn't require any server process), but only locally, not over the network.

We can use it to import our software project (I have stored it in /home/falko/myproject) into our /var/lib/svn/myproject repository:

svn import /home/falko/myproject file://localhost/var/lib/svn/myproject

Checkouts can be done as follows:

svn co file://localhost/var/lib/svn/myproject /home/falko/somedir

4 Using The http:// Protocol

For the http:// protocol, we need to configure WebDAV on an Apache2 server. Therefore we install Apache2 and the Apache2 SVN module now:

apt-get install apache2 libapache2-svn

Now we configure the Apache2 SVN module by editing the file /etc/apache2/mods-available/dav_svn.conf:

vi /etc/apache2/mods-available/dav_svn.conf

There's a configuration already in the file, but it is commented out. You can leave it commented out, but at the end of the file, please add the following lines:

[...]
 <Location /svn>
  DAV svn
  SVNParentPath /var/lib/svn
  AuthType Basic
  AuthName "Subversion Repository"
  AuthUserFile /etc/apache2/dav_svn.passwd
  <LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
  </LimitExcept>
 </Location>

Restart Apache:

/etc/init.d/apache2 restart

Because we will read and write to our repositories as the Apache user (www-data) and group (www-data) from now on, we must change the owner and group of /var/lib/svn and its subdiretories to the Apache user and group now:

chown -R www-data:www-data /var/lib/svn

Please note: If you decide to use http:// or https:// to access SVN, do not use any of the other protocols anymore to write to SVN because the ownerships of the changed files will not match the Apache user/group if you do not use http:// or https://!

Now we must create the password file /etc/apache2/dav_svn.passwd that contains all users that will have access to SVN (I will use the users falko and till here).

htpasswd -c /etc/apache2/dav_svn.passwd falko

Please note: Use the -c switch only if you create the /etc/apache2/dav_svn.passwd file for the first time. If you want to add another user, please leave it out (otherwise the file will be created from scratch again which means you lose all users that are already in the file):

htpasswd /etc/apache2/dav_svn.passwd till

You can now do a checkout as follows using the http:// protocol (please make sure you use the correct username):

svn co --username falko http://192.168.0.100/svn/myproject /home/falko/somedir

5 Using The https:// Protocol

If you want to use https://, please follow chapter 4, and then do this to enable the SSL Apache module and the default SSL web site:

a2enmod ssl
a2ensite default-ssl
/etc/init.d/apache2 restart

(Please note that the default Apache SSL web site uses a self-signed certificate. You might want to replace it with a certificate from a trusted CA. You might want to check out this tutorial for more details: How To Set Up An SSL Vhost Under Apache2 On Ubuntu 9.10/Debian Lenny.)

Now you can access SVN through https:// and also http://. If you want https:// only, you can disable http:// as follows:

Open /etc/apache2/mods-available/dav_svn.conf and comment out/remove the section that you have added in chapter 4:

vi /etc/apache2/mods-available/dav_svn.conf

[...]
# <Location /svn>
#  DAV svn
#  SVNParentPath /var/lib/svn
#  AuthType Basic
#  AuthName "Subversion Repository"
#  AuthUserFile /etc/apache2/dav_svn.passwd
#  <LimitExcept GET PROPFIND OPTIONS REPORT>
#    Require valid-user
#  </LimitExcept>
# </Location>

Then open the vhost configuration file /etc/apache2/sites-available/default-ssl of the default SSL vhost and add the same section between <VirtualHost> and </VirtualHost>:

vi /etc/apache2/sites-available/default-ssl

[...]
 <Location /svn>
  DAV svn
  SVNParentPath /var/lib/svn
  AuthType Basic
  AuthName "Subversion Repository"
  AuthUserFile /etc/apache2/dav_svn.passwd
  <LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
  </LimitExcept>
 </Location>
[...]

Then restart Apache:

/etc/init.d/apache2 restart

You can do a checkout as follows using the https:// protocol:

svn co --username falko https://192.168.0.100/svn/myproject /home/falko/somedir

Please note: If you decide to use http:// or https:// to access SVN, do not use any of the other protocols anymore to write to SVN because the ownerships of the changed files will not match the Apache user/group if you do not use http:// or https://!

6 Using The svn:// Protocol

We can use the svn:// protocol by starting the svnserve daemon.

Before we do this, let's configure password protection for our repository. There's a conf/svnserve.conf file in each repository, so for /var/lib/svn/myproject it's /var/lib/svn/myproject/conf/svnserve.conf. open that file...

vi /var/lib/svn/myproject/conf/svnserve.conf

... and uncomment the password-db = passwd line:

[...]
[general]
### These options control access to the repository for unauthenticated
### and authenticated users.  Valid values are "write", "read",
### and "none".  The sample settings below are the defaults.
# anon-access = read
# auth-access = write
### The password-db option controls the location of the password
### database file.  Unless you specify a path starting with a /,
### the file's location is relative to the directory containing
### this configuration file.
### If SASL is enabled (see below), this file will NOT be used.
### Uncomment the line below to use the default password file.
password-db = passwd
### The authz-db option controls the location of the authorization
### rules for path-based access control.  Unless you specify a path
### starting with a /, the file's location is relative to the the
### directory containing this file.  If you don't specify an
### authz-db, no path-based access control is done.
### Uncomment the line below to use the default authorization file.
# authz-db = authz
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa.  The default realm
### is repository's uuid.
# realm = My First Repository
[...]

passwd refers to the passwd file in the same directory, i.e., /var/lib/svn/myproject/conf/passwd. Open that file and add your SVN users and passwords (passwords are in clear text):

vi /var/lib/svn/myproject/conf/passwd

### This file is an example password file for svnserve.
### Its format is similar to that of svnserve.conf. As shown in the
### example below it contains one section labelled [users].
### The name and password for each user follow, one account per line.

[users]
falko = falkospassword
till = tillspassword

We can now start the svnserve daemon:

svnserve -d -r /var/lib/svn/

(The -d switch makes it run as a daemon in the background.)

Run

netstat -tap | grep svn

and you should see that snvserve is listening on port 3690 (:svn):

root@server1:~# netstat -tap | grep svn
tcp        0      0 *:svn                   *:*                     LISTEN      2950/svnserve
root@server1:~#

Now we can use the svn:// protocol. For example, a checkout can be done as follows:

svn co --username falko svn://192.168.0.100/myproject /home/falko/somedir

7 Using The svn+ssh:// Protocol

To tunnel the svn:// protocol through SSH, just follow chapter 6 and make sure you have an SSH damon running on your Ubuntu system (if you have not, you can install it by running

apt-get install openssh-server ssh

)

That's it! All you have to do now is to use svn+ssh:// instead of svn://, for example, a checkout can be done as follows:

svn co --username falko svn+ssh://192.168.0.100/var/lib/svn/myproject /home/falko/somedir

8 Links

• Subversion: http://subversion.apache.org/
• Ubuntu: http://www.ubuntu.com/