Posts Tagged ‘SVN’

Release script for SVN

Friday, June 8th, 2012

I am currently working on a project that comprises several components individually managed in SVN. These components are built and then linked in to the final binary. To makes things easier I wrote a release script that creates an editable commit message with the SVN revisions of the components and commits the final binary. I thought it might be useful to others so generalised it.
(more…)

Setting up a subversion plus ssh server

Tuesday, July 20th, 2010

As someone who is a strong advocate of source control at work I’m actually quite bad at following what I preach. So this lunch time I decided to finally get around to setting up a Subversion server on my Linux server.

Installation

I am currently running Ubuntu 9.10 so installed subversion as follows:

$ sudo apt-get install subversion

If you don’t have ssh installed (why not?) install it similarly.

Users and groups

Once you have subversion and ssh installed you can set up the SVN server. Firstly you need to create a suitable users group, an admin user and a repository.

Create the group like so:

$ sudo groupadd -g 127 svnusers

The group id (127 above) needs to be unique so unless you know a free group id value check to see the last id used in the groups file as follows:

$ tail /etc/group

Then create an SVN admin user using useradd as below:

$ sudo useradd -c "SVN Admin" -u 2000 -g 127 -d /home/svnadmin -m -s /bin/bash svnadmin

Again the user id (2000 above) needs to be unique. This time look at /etc/passwd to find out the last id used. The group id (127 above) should be the same value as the group you created. The rest of the options tell useradd to create a home directory and to set the default shell to be bash.

Set the password for the SVN admin user like so:

$ sudo passwd svnadmin

Finally add any other users to the svnusers group by editing /etc/group and adding the additional users in a comma separated list on the end. For example:

svnusers:x:127:svnadmin,melanie

Server setup

Now its time to create a repository. Firstly create the directory where all the repositories will be stored. I put mine in /var since my /var is on separate partition (to protect from disk full issues). However you can put them where you want. So create the directory and set the permissions as below:

$ mkdir -p /path/to/subversion/repositories
$ chown -R root.svnusers /path/to/subversion/repositories
$ chmod -R 770 /path/to/subversion/repositories

When using ssh, svnserve is used as the SVN server. svnserve requires the full path to repository to be provided by the client to access the repository. You may not want to expose your file system that much so you can write a small script to modify the behaviour. Use which to find out where svnserve is and rename it.

$ which svnserve
/usr/bin/svnserve
$ sudo mv /usr/bin/svnserve /usr/bin/svnserve.bin

Then using your favourite editor create the script below and save it under the old svnserve name.

#!/bin/bash
exec /usr/bin/svnserve.bin -r /path/to/subversion/repositories "$@"

Finally set the execute permissions.

$ sudo chmod 755 /usr/bin/svnserve

Creating a project

Now its time to create a project. Change to the svnadmin user and enter the password.

$ su - svnadmin
password:

Now create a project and turn off other access so that only members of the svnusers group and the admin user can access it.

$ svnadmin create /path/to/subversion/repositories/my_first_project
$ chmod -R o-rwx /path/to/subversion/repositories/my_first_project

Finally you need to configure the project’s access permissions by editing

/path/to/subversion/repositories/my_first_project/conf/svnserve.conf

In the [general] section uncomment or add:

anon-access = none
auth-access = write

Now save the file.

Testing

Now you should be able to access the svn repository from anywhere provided the user is in the svnusers group. Test as follows from a client.

$ svn list svn+ssh://user@some.domain.org/my_first_project

You will be asked for the ssh password for the machine running subversion. And that’s it. You should be able to use your project. You can add new projects using the svnadmin user.

Further tweaks

There a couple of additional things you may want to do. Firstly my subversion server is behind a firewall. The machine it is on is accessed using ssh on a different port to the default. Secondly keep being asked for the ssh password can become quite a pain. Using public key authentication does make things somewhat easier.

Using an alternative ssh port

Annoyingly SVN does not understand the ‘username@domain:port’ syntax. It doesn’t know what to do with the port. However you can use svn’s configuration files to create a custom ‘protocol’. This allows you to add support for an alternative port through the configuration file.

You client user should have a file

~/.subversion/config

If not, create it. In it there should be a [tunnels] section. To that you can add a new ‘protocol’. I created sshhome as follows:

[general]
sshhome = ssh -q -p 1234

The -q option prevents the “Killed by signal 15” message that you see with some versions of subversion. You can then use sshhome instead of ssh as the protocol and it will use the specified port. E.g.

$ svn list svn+sshhome://user@some.domain.org/my_first_project

Public key authentication

Finally to save having to enter your password all the time you can create a public key and install it on the server. On the client change to the ~/.ssh directory. Now if there’s already a file in it called id_dsa or id_rsa STOP. I’m not sure how to support multiple keys yet and create a new key will over write these files. If all is well create a set of keys as below. Do not use an empty passphrase. It’s also good security not to use your password as the passphrase.

$ ssh-keygen -t dsa -C "username@some.domain.org"
Generating public/private dsa key pair.
Enter file in which to save the key (/Users/username/.ssh/id_dsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/username/.ssh/id_dsa.
Your public key has been saved in /Users/username/.ssh/id_dsa.pub.
The key fingerprint is:

Now you need to put the public key on to the server. Copy the file in to your home directory on the SVN server. You can use scp for that.

$ scp id_dsa.pub username@some.domain.org:/path/to/home/directory/.ssh

Then log in to the SVN server and change to the ~/.ssh directory. In that directory add the public key to the file of authorized keys and set the permissions. Then delete the public key file. See below:

$ cat id_dsa.pub  >> ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys
$ rm id_dsa.pub

And that should be it. Try listing your project directory again. This time for the first time it will ask you for your password but then it will only ask for the password infrequently.