SVN server configuration description "Go"

HTTP://WWW.CNBLOGS.COM/RICKSUN/ARTICLES/1564905.HTML1, preface

It took 72 hours to finally get to the beginning of Subversion. From a layman who does not know what version control is, it is still stuck in the middle of the day to configure an entry for precise access to each directory. Which cost a lot of strength, groping the experiment many times, but also almost gave up, but the harvest is huge. Now put my configuration and learning process written down for everyone to reference, but also let beginners less detours.

The following is only the Windows platform for example, Unix/linux platform please refer to the relevant information. If there are errors in the place, including typos, please contact me for amendment.

Technology in the sharing of progress!

2. Basic Concepts

2.1. What is version control

In simple terms, versioning is the Data warehouse, which can record every change you make to a file. This way, even if you change the pitch darkness for a few months after the boss said no, or as in the past, you will not be crazy, simple recovery version of the operation will take care of everything.

2.2. What is Subversion

Subversion is a free/open source version control system that manages files and directories that can transcend time. A set of files is stored in the central repository, which is much like an ordinary file server, except that it can record every file and directory modification, which allows you to obtain the previous version of the data, so that you can check the changes made. From this perspective, many people regard the version control system as a "time Machine".

Subversion can access its repository over the network, allowing users to use it on different computers. To a certain extent, allowing users to modify the same data in their respective locations facilitates collaboration. Progress can be very rapid, and without a channel where all the changes will be effective, since all work has a historical version, you do not have to worry about the quality due to the loss of a certain channel, if there is an incorrect change, just cancel the change.

Some version control systems are also software configuration management (SCM) systems that have been specifically designed to manage source code, and have many features about software development-understanding the programming language itself, or providing tools for building programs. However, subversion is not such a system, it is a universal system that can manage any kind of file set, for you this may be the source code, to others, may be a goods quotation or a manuscript etc.

2.3. Version library (repository)

The core of Subversion is repository, the Chinese translation into the "repository." is located on the server side, the unified management and storage of data place.

3. Installation Configuration

3.1 Installing a standalone server Svnserver

Environment

Os:windows XP SP2

Web:apache 2.2.6

svn:svn-win32-1.4.6

First, the preparatory work

1. Get the Subversion server program

Download the latest server Installer to the official website (http://subversion.tigris.org/). Currently, the latest version is 1.4.6, specific to:Http://subversion.tigris.org/servlets/ProjectDocumentList?folderID=8100&expandFolder =8100&folderid=91 , look for the for Apache 2.2.x version.

2. Get TortoiseSVN client program

Get the latest tortoisesvn from the official website http://tortoisesvn.net/downloads . TortoiseSVN is a client-side program used to communicate with the Subvers server. Subversion comes with a client-side program Svn.exe, but TortoiseSVN is better to operate and improve efficiency.

Second, install the server side and the client

First install Apache 2.2.6, the specific installation method you refer to the relevant information, or I wrote the "installation of Apache 2.2.x under Windows."

Second, install Subversion (hereinafter referred to as SVN) server side and client. Download down the server side is a ZIP compression package, direct decompression can, for example, I extracted to E:\subversion. The client installation file is an EXE executable file, run as prompt to install, the client after the installation is completed prompt restart.

Third, build the Repository (Repository)

Running the Subversion server requires that you first build a repository (Repository). Repositories can be seen as places where data is centrally stored and managed on the server.

Start building the repository. Start by establishing the E:\SVN empty folder as the root directory for all repository. Then, go to the command line and switch to the Subversion bin directory. Enter the following command:

Svnadmin Create E:\svn\repos1

This command establishes a repository repos1 under E:\SVN. Repos1 some folders and files are automatically generated below.

We can also use TortoiseSVN to graphically complete this step:

First set up empty directory E:\SVN\REPOS1, notice must be empty. Then on the Repos1 folder "right->tortoisesvn->create Repository here ...", then you can choose the repository mode, where the default Fsfs is used, and a series of folders and files are created. Same as the command line.

Iv. running a standalone server

At this point, the Subversion service has not yet started, only through its command to build the repository. Continue typing in the command window just now:

Svnserve.exe--daemon

Svnserve will wait for the request on Port 3690, and the--daemon (two dash) option tells Svnserve to run as daemon so that it does not exit until it is manually terminated. Be careful not to close the command-line window, and closing the window will stop Svnserve.

To verify that Svnserve is working correctly, use TORTOISESVN-repo-browser to view the repository. In the Popup URL dialog box, enter:

Svn://localhost/svn/repos1

Click OK button to see the REPOS1 repository of the directory tree structure, only then REPOS1 is an empty library.

You can also use the--root option to set the root location to restrict the server's access to the directory, thereby increasing security and saving time for entering the Svnserve URL:

Svnserve.exe--daemon--root drive:\path\to\repository

Taking the previous test as an example, Svnserve will run as:

Svnserve.exe--daemon--root E:\SVN

The Repository browser URL in TortoiseSVN is then reduced to:

Svn://localhost/repos1

V. Configuring Users and Permissions

Open the E:\svn\repos1\conf directory with a text editor and modify the svnserve.conf:

Will:

# password-db = passwd

Switch

Password-db = passwd

That is, remove the previous # comment and note that there must be no spaces ahead.

Then modify the passwd file of the same directory and add an account number:

Will:

[Users]
# Harry = Harryssecret
# sally = Sallyssecret

Add Account:

[Users]
#harry = Harryssecret
#sally = Sallyssecret
Test = Test

Vi. Initializing the Import

Here's how to import our data (project) into this repository and later manage our data from the repository. Any changes we make are recorded in the repository, and even our own repositories can help us retrieve the data when we lose it or change the data incorrectly.

For example, I have a guestbook folder under the D:\wwwroot, which is stored in the guestbook program I wrote. On this folder, "Right click-TortoiseSVN, Import ...", enter "Svn://localhost/repos1/guestbook" in the "URL of repository" of the popup dialog box. Enter "Import entire guest book" as a comment in the "import message".
After you click OK, you need to enter your account. We enter test at the user name and password. When you are finished, the contents of guestbook are all imported into the Svn://localhost/svn/repos1/guestbook.

We see no change in the E:\SVN\REPOS1, even a guestbook folder is not established, the only change is the E:\SVN\REPOS1 capacity has become larger. In fact, the contents of our source guestbook have been imported into the REPOS1 repository, and the source guestbook folder can be deleted.

It is important to note that this step can be done entirely on another client computer with TortoiseSVN installed. For example, the IP of the host running Svnserve is 133.96.121.22, and the URL part of the input is "svn://133.96.121.22".

VII. Basic Operating Procedures

1. Remove (check out)

Remove Repository to a working copy:

To any empty directory, such as creating an empty folder F:\work in the F partition. "Right-click SVN Checkout". Enter "Svn://localhost/svn/repos1/guestbook" in "URL of repository" so we get a working copy of the content in the guestbook.

2. Deposit (check in)/Submit (Commit)

Make changes in the working copy and submit:

Open a file in a guestbook working copy, make changes, and then "right-click SVN Commit ... ”。 This allows us to submit the changes to the repository, and the repository stores the data we submit, as appropriate.

On the modified file, "right-TortoiseSVN, Show Log", you can see all the commits to this file. On the different revision entries, right-Compare with working copy, we can compare the difference between the working copy file and the selected revision version.

3.2 Installing the APACHESVN server

Subversion is designed to include an abstract network layer, which means that the repository can be accessed through various server processes. In theory, subversion can be implemented with an unlimited number of network protocols, and there are two kinds of servers in practice.

• Svnserver:svnserve is a small (also called lightweight), standalone server that uses its own defined protocols and clients. (Author Note: This server is called "Svnserver Server", the above installation configuration is to install the Svnserver server.) ）
• Apachesvn:apache is the most popular Web server, and by using the MOD_DAV_SVN module, Apache has access to the repository and can be accessed by the client using the Extended protocol Webdav/deltav for HTTP. (The author note: This server is called "APACHESVN server")

Access to the repository via the Http protocol is one of the highlights of Subversion. APACHESVN Servers have many features that svnserve servers do not have, and are more flexible to use, but a bit difficult to configure, and flexibility often brings complexity.

Because Subversion requires versioned control, the standard Http protocol does not meet the requirements. For Apache to work with Subversion, you need to use WebDAV (web-based distributed Authoring and Versioning:) Web Distributed Authoring and Versioning). WebDAV is an extension of HTTP 1.1, and you can refer to the IETF RFC 2518 for the specification and working principles of WebDAV.

First, the necessary conditions

In order for your repository to use the HTTP network, you must have the following conditions:

1. Configure HTTPd 2.2.x, and start with Mod_dav.
2. Install the MOD_DAV_SVN plugin for Mod_dav.
3. Configure your httpd.conf so that the HTTP protocol can access the repository.

The following is explained in detail in my configuration process.

Environment:

Os:windows XP SP2

Web:apache 2.2.6

svn:svn-win32-1.4.6

Second, installation

1. Installing Apache

Specific installation methods see: "install Apache 2.2.x under Windows"

2. Install Subversion

The downloaded svn-win32-1.4.6.zip can be extracted directly, such as I extract to e:\subversion.
Copy the Intl3_svn.dll, Libdb44.dll, mod_authz_svn.so, mod_dav_svn.so from the bin subdirectory of the Subversion installation directory to the Apache module directory (Apache installation directory Modules folder).

Three, basic Apache configuration

Modify the Apache configuration file httpd.conf and use LoadModule to load the MOD_DAV_SVN module.

Will:

#LoadModule Dav_module modules/mod_dav.so

Change to:

LoadModule Dav_module modules/mod_dav.so

That is, remove the "#" from the front.

Add to:

LoadModule Dav_svn_module modules/mod_dav_svn.so

Make sure it's behind Mod_dav.

Now that you've set up Apache and subversion, Apache doesn't know how to handle subversion clients, such as TORTOISESVN. In order for Apache to know which directory is used as the Subversion repository, you need to edit the Apache configuration file using an editor such as Notepad.

At the end of the configuration file, add the following lines:

<Location/repository/>
DAV SVN
Svnpath E:/SVN/REPOS1
</Location>

This configuration tells Apache to first need to enable Dav_module and then load Dav_svn_module. The Repository external URL is:/HTTP server ip/repository/, all Subversion repository is physically located in e:/svn/repos1/.

After the configuration is complete, restart Apache, open the browser, enter http://server ip/repository/will see the following screen.

This means that Apache's DAV_SVN module is ready to function. Users can use any kind of Subversion client to access your repository via the Http protocol.

If you want to specify more than one repository, you can use multiple location tags or svnparentpath instead of svnpath, such as having multiple repository repos1,repos2 under E:\SVN, and so on, as specified in the following ways:

<Location/repository/>
DAV SVN
Svnparentpath E:/SVN
</Location>

"Svnparentpath e:/svn" means that each subdirectory under E:\SVN is a repository. can be accessed via http:/server ip/repository/repos1/,http://server ip/repository/repos2/.

Now anyone in your repository can access it and have full write permissions. This means that anyone can read, modify, commit, and delete content from the repository anonymously (note: You do not need to configure the E:\svn\repos\conf\svnserve.conf file at this time, and you do not need to start the E:\subversion\bin\ Svnserve.exe. Because the submission is handled by Apache's DAV module, not by Svnservice. )。 We use the TortoiseSVN client to verify that it is known.

Obviously, most of the occasions this is not in line with demand. So how to set the permissions, Apache provides the basic permission settings:

IV. Certification Options

1. Basic HTTP Authentication

The simplest way to authenticate a client is through the HTTP Basic authentication mechanism, which simply uses the user name and password to verify the identity of a user. Apache provides a HTPASSWD tool to manage a user file that contains user names and encrypted passwords, which are the users you want to give special privileges to Subversion. The htpasswd can be found under the Apache Bin installation directory. Here's how to use it:

To create a user file:
Htpasswd-c E:\usr\Apache2.2\bin\passwd.conf username

Add a new user (-m means to encrypt the password with MD5, optional):
htpasswd [-m] E:\usr\Apache2.2\bin\passwd.conf Newusername

change user password:
htpasswd [-m] E:\usr\Apache2.2\bin\passwd.conf username

Delete the user (to use uppercase D):
Htpasswd–d E:\usr\Apache2.2\bin\passwd.conf username

Next, modify the httpd.conf to include the following in the Location tab:

AuthType Basic
AuthName "SVN repos"
AuthUserFile e:/usr/apache2.2/bin/passwd.conf
Require Valid-user

Description

AuthType Basic: Enables fundamental authentication, such as username/password pairs.

AuthName "SVN repos": Information that appears in the authentication dialog box when an authentication dialog box pops up. (preferably in English, TortoiseSVN does not support Chinese, except for the installation of language packs.) ）

AuthUserFile e:/usr/apache2.2/bin/passwd: Specifies that E:\USR\APACHE2.2\BIN\PASSWD is the user file that is used to authenticate the user's user name and password.

Require valid-user: Restrict users to access this path only after entering the correct user name and password

Restart Apache and open the browser to access the repository. Apache will prompt you to enter a username and password to authenticate the login, now only the users set in the passwd file can access the repository. You can also configure only specific users to be able to access, replacing the above "Require Valid-user" as "Require user Tony Robert" will have access to the repository only for Tony and Robert in the user files.

Sometimes it may not be necessary to have such strict access controls, for example, most open source projects allow anonymous read operations, and only authenticated users allow write operations. For more granular permission authentication, you can use the Limit and limitexcept tags. For example:

<limitexcept GET PROPFIND OPTIONS report>
Require Valid-user
</LimitExcept>

The above configuration will allow anonymous users to have read permissions, and only users who are configured in passwd can use write operations.

If this does not meet your requirements, you want to control the repository directory access accurately, you can use the Apache MOD_AUTHZ_SVN module to authenticate each directory.

2. Using MOD_AUTHZ_SVN for Directory access control

First you need to have Apache load the MOD_AUTHZ_SVN module in. Locate the MOD_AUTH_SVN module in the Subversion installation directory and copy it to the modules subdirectory of the Apache installation directory. Modify the httpd.conf file to add:

LoadModule Authz_svn_module modules/mod_authz_svn.so

You can now use the Authz feature in the Location tab. A basic Authz configuration is as follows:

<Location/repository/>
DAV SVN
Svnparentpath E:/SVN

# Our Access control Policy
Authzsvnaccessfile e:/usr/apache2.2/bin/accesspolicy.conf

# Try anonymous access first, resort to real
# Authentication if necessary.
Satisfy any
Require Valid-user

# How to authenticate a user
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile e:/usr/apache2.2/bin/passwd.conf
</Location>

Authzsvnaccessfile points to the Authz policy file, and the detailed permission control can be specified in this policy file. The syntax for accessing the file accesspolicy.conf is very similar to the svnserve.conf and Apache configuration files, and the lines beginning with (#) are ignored; In its simple form, each section names a repository and a path inside. The authentication user name is the option name in each section, and the value of each option describes the level at which the user accesses the repository: R (read-only) or RW (read-write), which is not allowed if the user is not mentioned or the value is left blank; * Indicates that all users use it to control the access rights of anonymous users; Such as:

[Groups]
Committers = Paulex, Richard
Developers = Jimmy, Michel, Spark, Sean

[/]
* = R
@committers = RW

[/branches/dev]
@developers = RW

[/tags]
Tony = RW
[/private]
* =
@committers = R

When you use Svnparentpath instead of Svnpath to specify the parent directory for multiple repositories, all of the repositories will be configured according to this policy file. For example, in the example above, Tony will have read and write access to the/tags directory in all repositories. If you want to configure each repository, use the following syntax:

[Groups]
Project1_committers = Paulex, Richard
Project2_committers = Jimmy, Michel, Spark, Tony, Robert

[repos1:/]
* = R
@ project1_committer = RW

[repos2:/]
* = R
@ project2_committer = RW

This way, the Project1_committer group of Project 1 can only write permissions to files under the REPOS1 repository and cannot modify the repository Repos2, and the Project2_commiter group of Project 2 cannot modify the REPOS1 repository files.

SVN server configuration description "Go"