Setting up Subversion and websvn on Debian 

Purpose of this howto

This howto will illustrate a way to install and configure Subversion and websvn on a Debian server with the following features:

  • multiple repository Subversion
  • access to the repositories via WebDAV (http, https) and ssh
  • Linux system account access control and/or Apache level access control
  • a secured websvn (php web application for easy code browsing)
  • configured syntax coloring in websvn with gnu enscript
I will not specifically configure inetd with svnserve in this howto. Rest assured that Subversion will be totally functional without it. You can copy/paste most of the howto to get it working.

Packages that are assumed to already be installed

This howto assumes PHP and apache2 are installed and configured. Configuring apache2 with SSL is optional.

Setting up Subversion

Subversion packages

As root you can enter the following commands to install the packages required for our Subversion setup:

# apt-get update
# apt-get install subversion
# apt-get install libapache2-svn

The package libapache2-svn will install the subversion WebDAV apache module.

Creating and populating repositories

To work with in this howto we'll create two repos:

# mkdir /var/svn-repos/
# svnadmin create --fs-type fsfs /var/svn-repos/project_zen
# svnadmin create --fs-type fsfs /var/svn-repos/project_wombat 

The repository directories need the proper permissions for apache and the other users. I'll make a group and add users to it (don't just copy/paste here). The apache user won't be put in the group because I find it less secure.

# groupadd subversion
# addgroup john subversion
# addgroup bert subversion
# addgroup you subversion
...
# chown -R www-data:subversion /var/svn-repos/*
# chmod -R 770 /var/svn-repos/*

Let's set up easy ssh connectivity, on a user machine enter the following commands:

$ mkdir ~/.ssh/
$ cd ~/.ssh/
$ ssh-keygen -t dsa
$ cat ~/.ssh/id_dsa.pub | ssh [email protected] "cat - >> ~/.ssh/authorized_keys"

The server example.com is the server we installed Subversion on. For easy ssh use you can chose not to use a passphrase with your key or use an agent to keep authenticated. Otherwise each transaction between the user machine and Subversion will require the user to enter a password (very inconvenient). Using an agent can be done like this:

$ ssh-agent
$ ssh-add
$ ssh [email protected]

All should be set now to use the a repository. You may test it like this, it shows an import and a checkout:

$ mkdir ~/TEMP/
$ echo "testing svn" > ~/TEMP/testing.txt
$ svn import -m "importing test over ssh+svn" ~/TEMP/ svn+ssh://example.com/var/svn-repos/project_zen/trunk
$ svn co svn+ssh://example.com/var/svn-repos/project_zen/trunk testcheckout

As a result the testing.txt file should be in a directory called testcheckout. On the serverside you can check the repositories with svnlook.

# svnlook tree /var/svn-repos/project_zen/

Configuring Subversion WebDAV

Normally the apache mod will be enabled by default, to ensure this is true enter the following commands:

# a2enmod dav
# a2enmod dav_svn

Configuration is done in the file /etc/apache2/mods-available/dav_svn.conf, but first we'll make an access file.

# htpasswd2 -c /etc/apache2/dav_svn.passwd you
# htpasswd2 /etc/apache2/dav_svn.passwd john
# htpasswd2 /etc/apache2/dav_svn.passwd sten
...

This is the content my /etc/apache2/mods-available/dav_svn.conf file: 

		<Location /svn_zen>
		  DAV svn
		  SVNPath /var/svn-repos/project_zen
		  AuthType Basic
		  AuthName "Subversion Repository"
		  AuthUserFile /etc/apache2/dav_svn.passwd
		  Require valid-user
		  SSLRequireSSL
		</Location>
		
		<Location /svn_wombat>
		  DAV svn
		  SVNPath /var/svn-repos/project_wombat
		  AuthType Basic
		  AuthName "Subversion Repository"
		  AuthUserFile /etc/apache2/dav_svn.passwd
		  Require valid-user
		  SSLRequireSSL
		</Location>

You can uncomment the SSLRequireSSL file if you don't want to use SSL, but then you need to use http and not https in the commands that follow. Apache should be restarted and we can test from a user machine. We'll import the same testfile in the wombat project.

# /etc/init.s/apache2 restart
$ svn import -m "testing over https" https://example.com/svn_wombat ~/TEMP/

Using a webbrowser you can visit your URL https://example.com/svn_wombat and see what was just committed. This is a basic on-line view on the repository, but using a web font-end like websvn will offer a better repository browsing experience.

Setting up websvn

Required packages

To get rolling with websvn we'll need to install the following packages, both will show you configuration screens (explained in the next paragraph):

# apt-get install enscript
# apt-get install websvn

Enscript isn't mandatory but we'll need it for syntax coloring in websvn.

Configuration

Enscript will ask for paper size, this might seem awkward but that's because enscript is also used for converting ASCII files to PostScript. We need it for it's syntax coloring features.

Websvn will first ask for which kind of server to configure, go ahead and just press enter.

websvn server configurationwebsvn parent directorywebsvn repository directories
 
The next screens ask for a parent repository folder (/var/svn-repos/ in this case) and specific repository folders, this will determine which repositories will show up in websvn. We will only enter a parent repository, all repositories created in this folder will show up in websvn for users to browse. If you want to show only specific repositories enter their full paths in the second screen and leave the parent path blank.
 
As a result the file /etc/websvn/svn_deb_conf.inc will be written. You can rerun debian package configuration screens with dpkg-reconfigure. Further websvn configuration is done in the file /etc/websvn/config.inc. This is the content of my file with some extension mappings for the syntax coloring. 

		<?php
		// --- LOOK AND FEEL ---
		//
		// Uncomment ONLY the display file that you want.  
		$config->setTemplatePath("$locwebsvnreal/templates/Standard/");
		// $config->setTemplatePath("$locwebsvnreal/templates/BlueGrey/");
		// $config->setTemplatePath("$locwebsvnreal/templates/Zinn/");
		// $contentType[".c"] = "plain/text"; // Create a new association
		// $contentType[".doc"] = "plain/text"; // Modify an existing one
		unset($contentType[".sh"]); // Remove a default association -> .sh is regarded as a binary file by default, needs to be unset
		// --- COLOURISATION ---
		// Uncomment this line if you want to use Enscript to colourise your file listings
		//
		// You'll need Enscript version 1.6 or higher AND Sed installed to use this feature. 
		// Set the path above.
		//
		$config->useEnscript();
		// Enscript need to be told what the contents of a file are so that it can be colourised
		// correctly.  WebSVN includes a predefined list of mappings from file extension to Enscript
		// file type (viewable in setup.inc).
		//
		// Here you should add and other extensions not already listed or redefine the default ones. eg:
		//
		// php is default correctly colourized
		$extEnscript[".java"] = "java";
		$extEnscript[".pl"] = "perl";
		$extEnscript[".py"] = "python";
		$extEnscript[".sql"] = "sql";
		$extEnscript[".java"] = "java";
		$extEnscript[".html"] = "html";
		$extEnscript[".xml"] = "html";
		$extEnscript[".thtml"] = "html";
		$extEnscript[".tpl"] = "html";
		$extEnscript[".sh"] = "bash";
		// --- MISCELLANOUS ---
		// Uncomment this if you don't have the right to use it.  Be warned that you may need it however!
		set_time_limit(0);
		// Comment this line to turn off caching of repo information.  This will slow down your browsing.
		$config->setCachingOn();
		// Number of spaces to expand tabs to in diff/listing view across all repositories
		$config->expandTabsBy(8);
		// To change the global option for individual repositories, uncomment and replicate
		// the required line below (replacing 'myrep' for the name of the repository to be changed).
		// $config->findRepository("myrep")->expandTabsBy(3); // Expand Tabs by 3 for repository 'myrep'
		?>
		<?php
		if ( file_exists("/etc/websvn/svn_deb_conf.inc") ) {
		  include("/etc/websvn/svn_deb_conf.inc");
		}
		?>

Next up is configuring the apache virtualhost for websvn.
Example using SSL: 

		<VirtualHost *:443>
			ServerAdmin [email protected]
		    ServerName svn.example.com
		    DocumentRoot /var/www/websvn/
			<Location />
				Options FollowSymLinks 
				order allow,deny
				allow from all
				AuthType Basic
				AuthName "Subversion Repository"
				Require valid-user
				AuthUserFile /etc/apache2/dav_svn.passwd 
				<IfModule mod_php4.c>
					php_flag magic_quotes_gpc Off
					php_flag track_vars On
		        </IfModule>
			</Location>
			SSLEngine on
			SSLCertificateFile /etc/apache2/ssl/apache.pem
		</VirtualHost>

Example without SSL: 

		<VirtualHost *:80>
			ServerAdmin [email protected]
	        ServerName svn.example.com
	        DocumentRoot /var/www/websvn/
		
			<Location />
				Options FollowSymLinks 
				AllowOverride None
				order allow,deny
				allow from all
				AuthType Basic
				AuthName "Subversion Repository"
				Require valid-user
				AuthUserFile /etc/apache2/dav_svn.passwd 
				<IfModule mod_php4.c>
					php_flag magic_quotes_gpc Off
					php_flag track_vars On
			    </IfModule>
			</Location>
		</VirtualHost>

Restart apache and have a look at the result at your https://svn.example.com/.

Useful Subversion references

Getting more information

Subversion clients

I hope you find this howto useful. This isn't a perfect setup, but hopefully it will help you in using Subversion. Please feel free to add comments or corrections.

Share this page:

Suggested articles

53 Comment(s)

Add comment

Comments

By: Remington Konarski
Reply  

I've tried at least 4 or 5 other subversion installation documents with little to no success. Most of the time Apache would never configure properly. Props to you! Finally an installation document that works and makes sense.

By: jlchannel
Reply  

Subversion is great! I used SVNManager for managing my Subversion repo.

By:
Reply  

When you say: 

svn import -m "testing over https" https://example.com/svn_wombat ~/TEMP/

I think you mean: 

svn import -m "testing over https" ~/TEMP/ https://example.com/svn_wombat

ie swap the last two arguments. 

By: pari sportifs
Reply  

Good !

By: pari sportif
Reply  

I like how to forge ! Great resource !

By: Biskouaz
Reply  

Agreed. This is one of the mistake I found as well in this tutorial.
I wonder how all other users said; "Great, worked perfectly for me!".
Unfortunately it does not work for me and I suspect some more errors and missing information in this tutorial. Thanks anyway. I remains one of the best tutorial I found on the web.

 

By: angelabad
Reply  

Hello, I make a spanish translation of this great howto, is in http://www.pastelero.net/2006/09/12/instalando-subversion-y-websvn-en-debian/, if you have any problem with this, please contact me.

Bye. 

By: mattaldred
Reply  

Fantastic Article! 

 

But can I suggest instead of:

    usermod -Gsubversion john

everyone use something like: 

    addgroup john subversion

 

"usermod -G" sometimes wipes all the user's existing groups.  

By: toor
Reply  

Just a hint..

My preferably way to do that is using gpasswd:

 

 # gpasswd -a userX groupY
 Adding user userX to group groupY


By: are
Reply  

usermod -Gsubversion john REMOVED ME FROM SUDOERS FILE ON UBUNTU

By: bertheymans
Reply  

There are some differences between Debian and Ubuntu, I clearly mentioned not to just copy/paste that code. Commands may behave differently on different distributions.

If you lost your admin privileges on Ubuntu and don't know the root password, try putting yourself back in the admin group using a Knoppix CD.

As other comments mention the addgroup command is a safe alternative, I changed the snippet in the howto to this command.

By:
Reply  

Debian Sarge uses SVN 1.1 which has the BDB filesystem as the default for new repositories. However, since SVN 1.2 the FSFS filesystem has become the new default. So, to be as futureproof as possible , I suggest that You change the repository creation commands as follows:

# svnadmin create --fs-type fsfs /var/svn-repos/project_zen

# svnadmin create --fs-type fsfs /var/svn-repos/project_wombat

By:
Reply  

hai all

i think the line below in the 

Setting up Subversion and websvn on Debian tutorial is wrong

$ svn co svn+ssh://example.com/usr/share/svn-repos/project_zen/trunk testcheckout

its like

$ svn co svn+ssh://example.com/var/svn-repos/project_zen/trunk testcheckout

correct me if its wrong 

 

thanks 

 

By:
Reply  

Thanks pointing that out, it has been corrected :)

By: ???
Reply  

thanks for sharing.

By:
Reply  

Hello all!

Great article! I just wanted to add a reference to another howto article on creating SSH keys for Windows machines that will be loggin into the https repository:

https://www.howtoforge.com/ssh_key_based_logins_putty

I found this when looking for myself, and thought I would post it here to give others easier access.

Thanks again for the article!

By: neon
Reply  

thank you


By: Anonymous
Reply  

wont the ssh users be able to see server / ???

By: Patrick
Reply  

Thanks for the great how-to. I managed to get all fixed. However, there is one minor mistake (of course, everybody will be able to fix it themselves)

/etc/init.s/apache2 restart
should be:
/etc/init.d/apache2 restart

gr. P

By: Betclic
Reply  

Thanks

By: Anonymous
Reply  

You should add .bashrc file with content :

umask 002

On top of the /var/svn-repos

By: Fez
Reply  

When I did: $ ssh-agent $ ssh-add $ ssh [email protected] ssh: connect to host localhost port 22: Connection refused Similarly, later in the tutorial: $ svn import -m "importing test over ssh+svn" ~/TEMP/ svn+ssh://127.0.0.1/var/svn/icilpk/ trunk svn: Network connection closed unexpectedly Please Note- I had skipped: $ cat ~/.ssh/id_dsa.pub | ssh [email protected] "cat - >> ~/.ssh/authorized_keys" because when I ran "ssh-add" it already asked me for a password and all :s was that the right thing to do?

By: Fez
Reply  

ok, so i need to make amends to that last post. I'll start over:

[email protected]:~/.ssh$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/faizan/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/faizan/.ssh/id_dsa.
Your public key has been saved in /home/faizan/.ssh/id_dsa.pub.

[email protected]:~/.ssh$ ls
id_dsa id_dsa.pub

[email protected]:~/.ssh$ cat ~/.ssh/id_dsa.pub | ssh [email protected] "cat - >> ~/.ssh/authorized_keys"
ssh: connect to host acer-laptop port 22: Connection refused


I pressed enter when it asked me about the file name to save to, and when it asked me for a password.


So why am i getting the error above? :s please help!

By: Niklas
Reply  

Adding the apache user to the subversion group fixes this but as the author said (almost at the top):

The apache user won't be put in the group because I find it less secure. 

I did this with addgroup:

# addgroup www-data subversion

This worked for me and I don't worry about the risks since my server is located in a very secure network. But can anyone elaborate the risks with this I'm grateful.

But I will probably remove it again since my clients only will communicate to the svn-server via https.

By: Anonymous
Reply  

Everything works grate but when I use svn+ssh to checkin new stuff the owner of db/current and db/txn-current changes from APACHE_USER to CHECKING_IN_USER.

When I browse websvn the repository is empty until I change the owner back to APACHE_USER.

Have I missed something?

One way to solve this problem is using a cronjob that changes permissions at a regular basis. But is there an other one?

By: Anonymous
Reply  

Thank you. Never done any of that before and your instructions were perfect. Great article

By: Anonymous
Reply  

Thanks for sharing. You can also refer this site to get some more useful details.

http://howtosetup.in/component/content/article/2-subversion/2-subversion.html

By: rosinballe
Reply  

Used this howto to get websvn going on ubuntu 8.04 server. Thanks!

However, I needed one additional package to get it running:

# apt-get install  python-subversion

Also, enscript does not prompt me for anything.

By: Ben
Reply  

http://svnbook.red-bean.com/en/1.5/index.html which is the definitive
answer.  It appears that the options order has changed and so was able
to import with
 svn import ~/TEMP/ http://example.co.uk/svn_wombat -m 'testing over http'

By: Hardik
Reply  

Worked perfectly.

Thanks.

By: hardik
Reply  

Million dollar article. Thanks.

By: Anonymous
Reply  

htpasswd -m dav_svn.passwd USERNAME

 

By: Juan
Reply  

Try executing it with sudo or as root user

By:
Reply  

Hello,

Great article!

However, I need to create a user that has only read access to the same repository as the users that has full access. How can i accomplish that?

/Martin

By: rajesh
Reply  

Very helpful.. Thanks a ton..bertheymans

By: Trikks
Reply  

http://trikks.wordpress.com/2010/06/15/setup-a-subversion-svn-server-in-debian/

 :)

By: Nuno
Reply  

Hi, first nice toturial, i love it.

question, websvn runs in mod_fcgi? Cause i get:

Error 403!

Forbidden!

and

Forbidden

You don't have permission to access /index.php on this server.

 thanks in advance

Nuno

By: Piffer
Reply  

Thank you for this tutorial. I still need to do some more homework on the whole svn+ssh part, but all the other stuff works fine.

 Rather than using websvn, I'll try to get Trac setup (http://trac.edgewall.org/)

-Piffer

By: bera
Reply  

Great instruction, very helpful.

Thank you a lot!

You'll bless you in all your way! 

By: jarquet
Reply  

Everything worked perfectly, everything is set up just how I needed it.  I didn't do the webSVN, don't think i'll need it soon, but I couldn't have asked for better instructions for the rest of it.  Way big thanks.

By:
Reply  

Yes its a really nice guide, but I would recommend to check out Git distrubuted version control. That is the best distrubuted version control out there. Here is a guide to install a repository server on linux debian distros. How to install and setup a Git Repository Server using Gitolite on Linux Ubuntu 10.04 & 11.04 [Development Environment]

By: Craig Douglas
Reply  

Note that the DocumentRoot paths in your apache config files could be different to /var/www/websvn.  If you get an error when restarting apache, try finding your actual websvn directory using something like:

<code>
find / -path "*websvn/index.php"
</code>

 My path on debian (squeeze) was actually /usr/share/websvn/

By: Tavo
Reply  

Excellent article. All works perfect. Thank you for all about this.

 

Tavo.

By: Anonymous
Reply  

To avoid facing the problem:

"Could not open the requested SVN filesystem" 

 Replace the instruction:

 chown -R www-data:subversion /var/svn-repos/*

 with

 chown -R www-data:subversion /var/svn-repos

By: Stephen
Reply  

Good Day Everyone,

Is this article still relevant concerning securcurity 8 years after? It's very helpful and I'm setting up my SVN server per these instructions but I'd like to make changes for updated security enhacements as I go, if there are any.

Thanks!

 

By: Paul O'Rorke
Reply  

Hi,

 

I followed this tutorial and now have all myy repositories available through the repository root.  I need to have each repository discrete from each other so users can access only the particular one we give them credentials to.

From what I read here each repo should be available using https://svn.example.com/repo-name but I'm getting a forbidden error:

Forbidden

You don't have permission to access /helpDocs on this server.

As I said, I can see and access all the repositories under https://svn.example.com but that gives all users access to all repostiories and the SVN software we use for documentation needs https://svn.example.com/repo-name.

 

I could post my config files here but this thread is pretty old, not sure if anyone will see this anyway...

 

Paul

By: Tata
Reply  

libapache2-svn is deprecated? Debian 9: not found libapache2-svn.

By: Manuel Malagon
Reply  

Have you found a fix for this? I'm having the same error.

Thanks!

By: Torsten
Reply  

Its libapache2-mod-svn, isn't it?

By: fireba11
Reply  

note: currecnt debian dosn't contain websvn anymore (not maintained)

By: Paul O'Rorke
Reply  

That's what I am seeing.  I used this document on an older version, but with no webSVN package how can one complete this?  Do I need to go back to 20.04?

By: Peter
Reply  

Hi,

It took me some time to get this working, seems there is a name change in debian.

So:

   apt-get install libapache2-svn 

is not working, you should use

   apt-get install libapache2-mod-svn

After this i got it to work ok.

By: Paul O'Rorke
Reply  

Thanks Peter,

so I start with a clean 22.04, set up Apache2 and PHP with https.  I then addsubversion and libapache2-mod-svn 

 apt install subversion libapache2-mod-svn 

what I don't understand is what replaces 

apt install websvn

what provides the php that the package websvn used to be put in /var/www/websvn under the new paradigm?  I tried looking for it with

fbsvnfind / -ind / -path "*websvn/index.php"

and I have none. 

I am clearly missing an important step, the one that used to be fulfilled with the websvn package that provides the php.  If I put a phpinfo() page at /var/www/wensvn/test.php it works but I have no other PHP on there and I am scratchng my head as to where it is supposed to come from if not the websvn package.