This is very easy as Subversion ships with Fedora Core 4. As of writing (7 November 2005) the RPMS are being kept up to date with version 1.3.x releases. Be aware that the RedHat policy on updates is to roll security fixes into their current release.
This will be an Apache based Subversion server.
Start up the package management tool system-config-packages. Make sure these items are ticked:
Hit update and feed it the CDs. You should also do a yum update to get the most recent version of Subversion.
Once the install completes make sure mod_dav_svn is installed - if it isn't do a yum install mod_dav_svn.
Note: the Berkely DB libraries as shipped with Fedora Core 4 are built to use the Native Posix Thread Library (nptl). If you install Fedora Core 4 on an i386, i486 or i586 processor the version of glibc which is installed does not support nptl so when you get to do the svnadmin create command you will see an error like this:
svn: Berkeley DB error svn: Berkeley DB error while creating environment for filesystem /tmp/x1/db: Invalid argument
See this bug report for full details.
The fix is to install a version of Berkely DB which has been compiled to not use nptl and which can be downloaded from here (you will have to right click on the file name and choose to download it as the server these files are on thinks that .rpm files are some kind of music file). Use a comand like this to install the RPMS you require:
rpm -Uhv --replacepkgs --replacefiles rpmfilename
I am hoping that installs all you need! Check that the mod_dav_svn module is installed - if it isn't then find it in the Fedora distribution and install it (using yum install mod_dav_svn is a good option).
You will need to be the root user to do this.
Let's say you want your repository to be in /svn/repos, type in this command:
svnadmin create /svn/repos
Now make sure that httpd can access all the files in the repository:
chown -R apache.apache /svn/repos chmod g+s /svn/repos/db
The chmod means that were you to access the repository as a user other than apache there is a fighting chance that the apache httpd server will still be able to access the database files.
The installation of the Subversion RPMS created a file in /etc/httpd/conf.d called subversion.conf. This configuration file loads the Subversion modules into Apache. You need to set up the URL for the repository in Apache. This is done using the Location directive.
The Location directive in subversion.conf as installed looks like this:
#<Location /svn/repos> # DAV svn # SVNPath /home/svnroot # # # Limit write permission to list of valid users. # <LimitExcept GET PROPFIND OPTIONS REPORT> # # Require SSL connection for password protection. # # SSLRequireSSL # # AuthType Basic # AuthName "Authorization Realm" # AuthUserFile /path/to/passwdfile # Require valid-user # </LimitExcept> #</Location>
The SVNPath must point to the repository created by the svnadmin command so uncomment the first three lines and the last one and change the
path to /svn/repos to get this (comment lines omitted):
<Location /svn/repos> DAV svn SVNPath /svn/repos </Location>
If the httpd service is not yet running type this to start it:
service httpd start
If httpd is started type this to reload the configuration:
service httpd reload
The Subversion server should be running. Point your browser at http://your.server.name/svn/repos and you should see something like this:
Revision 0: /
Powered by Subversion version 1.0.4 (r9844).
You have a working server but with no user authentication so anyone can use it. This has the knock on effect that the server doesn't know who is making commits and so cannot set the svn:author propery on that revision.
Subversion supports http basic authentication. To use this you need to add the following to the Apache Location directive:
AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/httpd/passwd/passwords Require valid-user
Then you must create the passwords file:
mkdir /etc/httpd/passwd htpasswd -c /etc/httpd/passwd/passwords username password
You don't have to put the password file at this location, change the paths if you would prefer to store it somewhere else. The -c flag creates a new file, to add more users leave out the -c.
Now if you visit the URL http://your.server.name/svn/repos you should be prompted for your user name and password.
That's it, you now have a fully functional Subversion server.
This is implemented by the mod_authz_svn Apache module. Make sure the module is loaded, this should be in the Apache configuration file:
LoadModule authz_svn_module modules/mod_authz_svn.so
Create a permissions file /etc/httpd/passwd/svnauthz.conf. When using the SVNPath directive this file will give read write access to fred and read-only access to bill:
[/] fred = rw bill = r
For more detailed information see the book.
Now add this to the Location directive for the Subversion repository in the Apache configuration file:
AuthzSVNAccessFile /etc/httpd/passwd/svnauthz.conf
Reload the Apache configuration using service httpd reload and these permissions will take effect.
Problems with Redhat
I got everything working, except I kept getting an Error 500, permission denied.
Apparently it's due to Redhat nailing down apache for extra security.
I had to run chcon -R -h -t httpd_sys_content_t /svn/testrepos/ to make the repository accessible by apache
I'm not entirely sure of what this does (I am a bit of a newbie to Linux) so if somebody could explain it I'd appreciate it.
SELinux
You have enabled SELinux, the
chconcommand changes the context of the files. If you don't understand SELinux I would suggest you turn it off, SELinux is a very complex role based security system.For further information about SELinux on Fedora see the fedora project wiki.
Forbidden 403
I have closed SElinux, still not working! What shall I do more?
thanks in advance Patrik
Where does it go wrong?
At which point in the above instructions do you get the forbidden status?
403 at the end of point "Configure Apache"
I´m getting the same 403 page.
I changed subversion.conf and did a reload of the configuration but the result of a request to http://127.0.0.1/svn/repos is a 403 page. Even if I stup basic authentication like explained in the next step "Securing Your Server".
had the same problem, but fixed it
I was having the same 403 problem with the above instructions. I believe it's just a matter of making sure the paths are correct. Here's my config...
I then added the following to
/etc/httpd/conf.d/subversion.confThen I went to:
http://localhost/svn/repos/junk/and it worked! Now go back and figure out the authentication part...
-Brian
403 at the end of point "Configure Apache"
Are you quite sure that SELinux is disabled and that the ownership of the files in
/svn/reposis correct?Configure Apache
I have found that the problem with apache over Windows is the same problem here. The "LoadModule dav_svn_module modules/mod_dav_svn.so" is not located in the httpd.conf file although the physical file itself is on the machine in the modules location.
Once that line was added and the deamon reloaded the resulting http url was as expected.
Have the same issue
Martin,
I have the same issue. I have the repository at /svn/repository with ownership of apache.apache and SELinux has been turned off. Trying the URL "http://localhost/svn/repository" I receive the same 403 Forbidden message. I can go into httpd.conf and create an alias and get to the directory that way. However, of course, I am seeing the entire directory structure and nothing of the database. Does the problem have to do with the repository lying outside of the DocumentRoot of the http server?
Thanks.