Setting up Subversion and websvn on Debian 

Purpose of this howto

This howto will illustrate a way to install and configure Subversion and websvn on a Debian server with the following features:

  • multiple repository Subversion
  • access to the repositories via WebDAV (http, https) and ssh
  • Linux system account access control and/or Apache level access control
  • a secured websvn (php web application for easy code browsing)
  • configured syntax coloring in websvn with gnu enscript
I will not specifically configure inetd with svnserve in this howto. Rest assured that Subversion will be totally functional without it. You can copy/paste most of the howto to get it working.

Packages that are assumed to already be installed

This howto assumes PHP and apache2 are installed and configured. Configuring apache2 with SSL is optional.

Setting up Subversion

Subversion packages

As root you can enter the following commands to install the packages required for our Subversion setup:

# apt-get update
# apt-get install subversion
# apt-get install libapache2-svn

The package libapache2-svn will install the subversion WebDAV apache module.

Creating and populating repositories

To work with in this howto we'll create two repos:

# mkdir /var/svn-repos/
# svnadmin create --fs-type fsfs /var/svn-repos/project_zen
# svnadmin create --fs-type fsfs /var/svn-repos/project_wombat 

The repository directories need the proper permissions for apache and the other users. I'll make a group and add users to it (don't just copy/paste here). The apache user won't be put in the group because I find it less secure.

# groupadd subversion
# addgroup john subversion
# addgroup bert subversion
# addgroup you subversion
...
# chown -R www-data:subversion /var/svn-repos/*
# chmod -R 770 /var/svn-repos/*

Let's set up easy ssh connectivity, on a user machine enter the following commands:

$ mkdir ~/.ssh/
$ cd ~/.ssh/
$ ssh-keygen -t dsa
$ cat ~/.ssh/id_dsa.pub | ssh [email protected] "cat - >> ~/.ssh/authorized_keys"

The server example.com is the server we installed Subversion on. For easy ssh use you can chose not to use a passphrase with your key or use an agent to keep authenticated. Otherwise each transaction between the user machine and Subversion will require the user to enter a password (very inconvenient). Using an agent can be done like this:

$ ssh-agent
$ ssh-add
$ ssh [email protected]

All should be set now to use the a repository. You may test it like this, it shows an import and a checkout:

$ mkdir ~/TEMP/
$ echo "testing svn" > ~/TEMP/testing.txt
$ svn import -m "importing test over ssh+svn" ~/TEMP/ svn+ssh://example.com/var/svn-repos/project_zen/trunk
$ svn co svn+ssh://example.com/var/svn-repos/project_zen/trunk testcheckout

As a result the testing.txt file should be in a directory called testcheckout. On the serverside you can check the repositories with svnlook.

# svnlook tree /var/svn-repos/project_zen/

Configuring Subversion WebDAV

Normally the apache mod will be enabled by default, to ensure this is true enter the following commands:

# a2enmod dav
# a2enmod dav_svn

Configuration is done in the file /etc/apache2/mods-available/dav_svn.conf, but first we'll make an access file.

# htpasswd2 -c /etc/apache2/dav_svn.passwd you
# htpasswd2 /etc/apache2/dav_svn.passwd john
# htpasswd2 /etc/apache2/dav_svn.passwd sten
...

This is the content my /etc/apache2/mods-available/dav_svn.conf file:

		<Location /svn_zen>
DAV svn
SVNPath /var/svn-repos/project_zen
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user
SSLRequireSSL
</Location>

<Location /svn_wombat>
DAV svn
SVNPath /var/svn-repos/project_wombat
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user
SSLRequireSSL
</Location>

You can uncomment the SSLRequireSSL file if you don't want to use SSL, but then you need to use http and not https in the commands that follow. Apache should be restarted and we can test from a user machine. We'll import the same testfile in the wombat project.

# /etc/init.s/apache2 restart
$ svn import -m "testing over https" https://example.com/svn_wombat ~/TEMP/

Using a webbrowser you can visit your URL https://example.com/svn_wombat and see what was just committed. This is a basic on-line view on the repository, but using a web font-end like websvn will offer a better repository browsing experience.

Setting up websvn

Required packages

To get rolling with websvn we'll need to install the following packages, both will show you configuration screens (explained in the next paragraph):

# apt-get install enscript
# apt-get install websvn

Enscript isn't mandatory but we'll need it for syntax coloring in websvn.

Configuration

Enscript will ask for paper size, this might seem awkward but that's because enscript is also used for converting ASCII files to PostScript. We need it for it's syntax coloring features.

Websvn will first ask for which kind of server to configure, go ahead and just press enter.

websvn server configurationwebsvn parent directorywebsvn repository directories
 
The next screens ask for a parent repository folder (/var/svn-repos/ in this case) and specific repository folders, this will determine which repositories will show up in websvn. We will only enter a parent repository, all repositories created in this folder will show up in websvn for users to browse. If you want to show only specific repositories enter their full paths in the second screen and leave the parent path blank.
 
As a result the file /etc/websvn/svn_deb_conf.inc will be written. You can rerun debian package configuration screens with dpkg-reconfigure. Further websvn configuration is done in the file /etc/websvn/config.inc. This is the content of my file with some extension mappings for the syntax coloring.

		<?php
// --- LOOK AND FEEL ---
//
// Uncomment ONLY the display file that you want.
$config->setTemplatePath("$locwebsvnreal/templates/Standard/");
// $config->setTemplatePath("$locwebsvnreal/templates/BlueGrey/");
// $config->setTemplatePath("$locwebsvnreal/templates/Zinn/");
// $contentType[".c"] = "plain/text"; // Create a new association
// $contentType[".doc"] = "plain/text"; // Modify an existing one
unset($contentType[".sh"]); // Remove a default association -> .sh is regarded as a binary file by default, needs to be unset
// --- COLOURISATION ---
// Uncomment this line if you want to use Enscript to colourise your file listings
//
// You'll need Enscript version 1.6 or higher AND Sed installed to use this feature.
// Set the path above.
//
$config->useEnscript();
// Enscript need to be told what the contents of a file are so that it can be colourised
// correctly. WebSVN includes a predefined list of mappings from file extension to Enscript
// file type (viewable in setup.inc).
//
// Here you should add and other extensions not already listed or redefine the default ones. eg:
//
// php is default correctly colourized
$extEnscript[".java"] = "java";
$extEnscript[".pl"] = "perl";
$extEnscript[".py"] = "python";
$extEnscript[".sql"] = "sql";
$extEnscript[".java"] = "java";
$extEnscript[".html"] = "html";
$extEnscript[".xml"] = "html";
$extEnscript[".thtml"] = "html";
$extEnscript[".tpl"] = "html";
$extEnscript[".sh"] = "bash";
// --- MISCELLANOUS ---
// Uncomment this if you don't have the right to use it. Be warned that you may need it however!
set_time_limit(0);
// Comment this line to turn off caching of repo information. This will slow down your browsing.
$config->setCachingOn();
// Number of spaces to expand tabs to in diff/listing view across all repositories
$config->expandTabsBy(8);
// To change the global option for individual repositories, uncomment and replicate
// the required line below (replacing 'myrep' for the name of the repository to be changed).
// $config->findRepository("myrep")->expandTabsBy(3); // Expand Tabs by 3 for repository 'myrep'
?>
<?php
if ( file_exists("/etc/websvn/svn_deb_conf.inc") ) {
include("/etc/websvn/svn_deb_conf.inc");
}
?>

Next up is configuring the apache virtualhost for websvn.
Example using SSL:

		<VirtualHost *:443>
ServerAdmin [email protected]
ServerName svn.example.com
DocumentRoot /var/www/websvn/
<Location />
Options FollowSymLinks
order allow,deny
allow from all
AuthType Basic
AuthName "Subversion Repository"
Require valid-user
AuthUserFile /etc/apache2/dav_svn.passwd
<IfModule mod_php4.c>
php_flag magic_quotes_gpc Off
php_flag track_vars On
</IfModule>
</Location>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>

Example without SSL:

		<VirtualHost *:80>
ServerAdmin [email protected]
ServerName svn.example.com
DocumentRoot /var/www/websvn/

<Location />
Options FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthType Basic
AuthName "Subversion Repository"
Require valid-user
AuthUserFile /etc/apache2/dav_svn.passwd
<IfModule mod_php4.c>
php_flag magic_quotes_gpc Off
php_flag track_vars On
</IfModule>
</Location>
</VirtualHost>

Restart apache and have a look at the result at your https://svn.example.com/.

Useful Subversion references

Getting more information

Subversion clients

I hope you find this howto useful. This isn't a perfect setup, but hopefully it will help you in using Subversion. Please feel free to add comments or corrections.

Share this page:

Suggested articles

53 Comment(s)

Add comment

Comments

By: Remington Konarski

I've tried at least 4 or 5 other subversion installation documents with little to no success. Most of the time Apache would never configure properly. Props to you! Finally an installation document that works and makes sense.

By: jlchannel

Subversion is great! I used SVNManager for managing my Subversion repo.

By:

When you say: 

svn import -m "testing over https" https://example.com/svn_wombat ~/TEMP/

I think you mean: 

svn import -m "testing over https" ~/TEMP/ https://example.com/svn_wombat

ie swap the last two arguments. 

By: pari sportifs

Good !

By: pari sportif

I like how to forge ! Great resource !

By: Biskouaz

Agreed. This is one of the mistake I found as well in this tutorial.
I wonder how all other users said; "Great, worked perfectly for me!".
Unfortunately it does not work for me and I suspect some more errors and missing information in this tutorial. Thanks anyway. I remains one of the best tutorial I found on the web.

 

By: angelabad

Hello, I make a spanish translation of this great howto, is in http://www.pastelero.net/2006/09/12/instalando-subversion-y-websvn-en-debian/, if you have any problem with this, please contact me.

Bye. 

By: mattaldred

Fantastic Article! 

 

But can I suggest instead of:

    usermod -Gsubversion john

everyone use something like: 

    addgroup john subversion

 

"usermod -G" sometimes wipes all the user's existing groups.  

By: toor

Just a hint..

My preferably way to do that is using gpasswd:

 

 # gpasswd -a userX groupY
 Adding user userX to group groupY


By: are

usermod -Gsubversion john REMOVED ME FROM SUDOERS FILE ON UBUNTU

By: bertheymans

There are some differences between Debian and Ubuntu, I clearly mentioned not to just copy/paste that code. Commands may behave differently on different distributions.

If you lost your admin privileges on Ubuntu and don't know the root password, try putting yourself back in the admin group using a Knoppix CD.

As other comments mention the addgroup command is a safe alternative, I changed the snippet in the howto to this command.

By:

Debian Sarge uses SVN 1.1 which has the BDB filesystem as the default for new repositories. However, since SVN 1.2 the FSFS filesystem has become the new default. So, to be as futureproof as possible , I suggest that You change the repository creation commands as follows:

# svnadmin create --fs-type fsfs /var/svn-repos/project_zen

# svnadmin create --fs-type fsfs /var/svn-repos/project_wombat

By:

hai all

i think the line below in the 

Setting up Subversion and websvn on Debian tutorial is wrong

$ svn co svn+ssh://example.com/usr/share/svn-repos/project_zen/trunk testcheckout

its like

$ svn co svn+ssh://example.com/var/svn-repos/project_zen/trunk testcheckout

correct me if its wrong 

 

thanks 

 

By:

Thanks pointing that out, it has been corrected :)

By: ???

thanks for sharing.

By:

Hello all!

Great article! I just wanted to add a reference to another howto article on creating SSH keys for Windows machines that will be loggin into the https repository:

https://www.howtoforge.com/ssh_key_based_logins_putty

I found this when looking for myself, and thought I would post it here to give others easier access.

Thanks again for the article!

By: neon

thank you


By: Anonymous

wont the ssh users be able to see server / ???

By: Patrick

Thanks for the great how-to. I managed to get all fixed. However, there is one minor mistake (of course, everybody will be able to fix it themselves)

/etc/init.s/apache2 restart
should be:
/etc/init.d/apache2 restart

gr. P

By: Betclic

Thanks

By: Anonymous

You should add .bashrc file with content :

umask 002

On top of the /var/svn-repos

By: Fez

When I did: $ ssh-agent $ ssh-add $ ssh [email protected] ssh: connect to host localhost port 22: Connection refused Similarly, later in the tutorial: $ svn import -m "importing test over ssh+svn" ~/TEMP/ svn+ssh://127.0.0.1/var/svn/icilpk/ trunk svn: Network connection closed unexpectedly Please Note- I had skipped: $ cat ~/.ssh/id_dsa.pub | ssh [email protected] "cat - >> ~/.ssh/authorized_keys" because when I ran "ssh-add" it already asked me for a password and all :s was that the right thing to do?

By: Fez

ok, so i need to make amends to that last post. I'll start over:

[email protected]:~/.ssh$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/faizan/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/faizan/.ssh/id_dsa.
Your public key has been saved in /home/faizan/.ssh/id_dsa.pub.

[email protected]:~/.ssh$ ls
id_dsa id_dsa.pub

[email protected]:~/.ssh$ cat ~/.ssh/id_dsa.pub | ssh [email protected] "cat - >> ~/.ssh/authorized_keys"
ssh: connect to host acer-laptop port 22: Connection refused


I pressed enter when it asked me about the file name to save to, and when it asked me for a password.


So why am i getting the error above? :s please help!

By: Niklas

Adding the apache user to the subversion group fixes this but as the author said (almost at the top):

The apache user won't be put in the group because I find it less secure. 

I did this with addgroup:

# addgroup www-data subversion

This worked for me and I don't worry about the risks since my server is located in a very secure network. But can anyone elaborate the risks with this I'm grateful.

But I will probably remove it again since my clients only will communicate to the svn-server via https.

By: Anonymous

Everything works grate but when I use svn+ssh to checkin new stuff the owner of db/current and db/txn-current changes from APACHE_USER to CHECKING_IN_USER.

When I browse websvn the repository is empty until I change the owner back to APACHE_USER.

Have I missed something?

One way to solve this problem is using a cronjob that changes permissions at a regular basis. But is there an other one?

By: Anonymous

Thank you. Never done any of that before and your instructions were perfect. Great article

By: Anonymous

Thanks for sharing. You can also refer this site to get some more useful details.

http://howtosetup.in/component/content/article/2-subversion/2-subversion.html

By: rosinballe

Used this howto to get websvn going on ubuntu 8.04 server. Thanks!

However, I needed one additional package to get it running:

# apt-get install  python-subversion

Also, enscript does not prompt me for anything.

By: Ben

http://svnbook.red-bean.com/en/1.5/index.html which is the definitive
answer.  It appears that the options order has changed and so was able
to import with
 svn import ~/TEMP/ http://example.co.uk/svn_wombat -m 'testing over http'

By: Hardik

Worked perfectly.

Thanks.

By: hardik

Million dollar article. Thanks.

By: Anonymous

htpasswd -m dav_svn.passwd USERNAME

 

By: Juan

Try executing it with sudo or as root user

By:

Hello,

Great article!

However, I need to create a user that has only read access to the same repository as the users that has full access. How can i accomplish that?

/Martin

By: rajesh

Very helpful.. Thanks a ton..bertheymans

By: Trikks

http://trikks.wordpress.com/2010/06/15/setup-a-subversion-svn-server-in-debian/

 :)

By: Nuno

Hi, first nice toturial, i love it.

question, websvn runs in mod_fcgi? Cause i get:

Error 403!

Forbidden!

and

Forbidden

You don't have permission to access /index.php on this server.

 thanks in advance

Nuno

By: Piffer

Thank you for this tutorial. I still need to do some more homework on the whole svn+ssh part, but all the other stuff works fine.

 Rather than using websvn, I'll try to get Trac setup (http://trac.edgewall.org/)

-Piffer

By: bera

Great instruction, very helpful.

Thank you a lot!

You'll bless you in all your way! 

By: jarquet

Everything worked perfectly, everything is set up just how I needed it.  I didn't do the webSVN, don't think i'll need it soon, but I couldn't have asked for better instructions for the rest of it.  Way big thanks.

By:

Yes its a really nice guide, but I would recommend to check out Git distrubuted version control. That is the best distrubuted version control out there. Here is a guide to install a repository server on linux debian distros. How to install and setup a Git Repository Server using Gitolite on Linux Ubuntu 10.04 & 11.04 [Development Environment]

By: Craig Douglas

Note that the DocumentRoot paths in your apache config files could be different to /var/www/websvn.  If you get an error when restarting apache, try finding your actual websvn directory using something like:

<code>
find / -path "*websvn/index.php"
</code>

 My path on debian (squeeze) was actually /usr/share/websvn/

By: Tavo

Excellent article. All works perfect. Thank you for all about this.

 

Tavo.

By: Anonymous

To avoid facing the problem:

"Could not open the requested SVN filesystem" 

 Replace the instruction:

 chown -R www-data:subversion /var/svn-repos/*

 with

 chown -R www-data:subversion /var/svn-repos

By: Stephen

Good Day Everyone,

Is this article still relevant concerning securcurity 8 years after? It's very helpful and I'm setting up my SVN server per these instructions but I'd like to make changes for updated security enhacements as I go, if there are any.

Thanks!

 

By: Paul O'Rorke

Hi,

 

I followed this tutorial and now have all myy repositories available through the repository root.  I need to have each repository discrete from each other so users can access only the particular one we give them credentials to.

From what I read here each repo should be available using https://svn.example.com/repo-name but I'm getting a forbidden error:

Forbidden

You don't have permission to access /helpDocs on this server.

As I said, I can see and access all the repositories under https://svn.example.com but that gives all users access to all repostiories and the SVN software we use for documentation needs https://svn.example.com/repo-name.

 

I could post my config files here but this thread is pretty old, not sure if anyone will see this anyway...

 

Paul

By: Tata

libapache2-svn is deprecated? Debian 9: not found libapache2-svn.

By: Manuel Malagon

Have you found a fix for this? I'm having the same error.

Thanks!

By: Torsten

Its libapache2-mod-svn, isn't it?

By: fireba11

note: currecnt debian dosn't contain websvn anymore (not maintained)

By: Paul O'Rorke

That's what I am seeing.  I used this document on an older version, but with no webSVN package how can one complete this?  Do I need to go back to 20.04?

By: Peter

Hi,

It took me some time to get this working, seems there is a name change in debian.

So:

   apt-get install libapache2-svn 

is not working, you should use

   apt-get install libapache2-mod-svn

After this i got it to work ok.

By: Paul O'Rorke

Thanks Peter,

so I start with a clean 22.04, set up Apache2 and PHP with https.  I then addsubversion and libapache2-mod-svn 

 apt install subversion libapache2-mod-svn 

what I don't understand is what replaces 

apt install websvn

what provides the php that the package websvn used to be put in /var/www/websvn under the new paradigm?  I tried looking for it with

fbsvnfind / -ind / -path "*websvn/index.php"

and I have none. 

I am clearly missing an important step, the one that used to be fulfilled with the websvn package that provides the php.  If I put a phpinfo() page at /var/www/wensvn/test.php it works but I have no other PHP on there and I am scratchng my head as to where it is supposed to come from if not the websvn package.