Setting Up Subversion

The initial command-line work

I did the software installation described in the documentation. I pick back up here with the command-line stuff for you to follow.

Here's illustrating the command-line work. I frequently do a directory listing for the help it is to know what, if anything, has happened in the current working directory.

russ@tuonela:~> sudo mkdir /home/svn
russ@tuonela:~> pu /home/svn
/home/svn ~
russ@tuonela:/home/svn> sudo mkdir myproject
russ@tuonela:/home/svn> ll
total 0
drwxr-xr-x 2 root root 48 2010-10-08 12:09 myproject
russ@tuonela:/home/svn> sudo svnadmin create /home/svn/myproject
russ@tuonela:/home/svn> ll
total 0
drwxr-xr-x 6 root root 200 2010-10-08 12:34 myproject
russ@tuonela:/home/svn> tree myproject/
myproject/
|-- conf
|   |-- authz
|   |-- passwd
|   `-- svnserve.conf
|-- db
|   |-- current
|   |-- format
|   |-- fsfs.conf
|   |-- fs-type
|   |-- min-unpacked-rev
|   |-- rep-cache.db
|   |-- revprops
|   |   `-- 0
|   |       `-- 0
|   |-- revs
|   |   `-- 0
|   |       `-- 0
|   |-- transactions
|   |-- txn-current
|   |-- txn-current-lock
|   |-- txn-protorevs
|   |-- uuid
|   `-- write-lock
|-- format
|-- hooks
|   |-- post-commit.tmpl
|   |-- post-lock.tmpl
|   |-- post-revprop-change.tmpl
|   |-- post-unlock.tmpl
|   |-- pre-commit.tmpl
|   |-- pre-lock.tmpl
|   |-- pre-revprop-change.tmpl
|   |-- pre-unlock.tmpl
|   `-- start-commit.tmpl
|-- locks
|   |-- db.lock
|   `-- db-logs.lock
`-- README.txt

10 directories, 28 files
russ@tuonela:/home/svn> ll
total 0
drwxr-xr-x 6 root root 200 2010-10-08 12:34 myproject
russ@tuonela:/home/svn> sudo chown -R www-data:subversion myproject
russ@tuonela:/home/svn> sudo chmod -R g+rws myproject
russ@tuonela:/home/svn> ll
total 0
drwxrwsr-x 6 www-data subversion 200 2010-10-08 12:34 myproject

Here it is condensed; you replace myproject with the name of your own project.

sudo mkdir myproject
sudo svnadmin create /home/svn/myproject
sudo chown -R www-data:subversion myproject
sudo chmod -R g+rws myproject

Checking out our first project

After creating /home/russ/dev/projects as a place to put all my checked-out projects, I go there and check out myproject.

russ@tuonela:~/dev/projects> svn co file:///home/svn/myproject
Checked out revision 0.
russ@tuonela:~/dev/projects> tree myproject/
myproject/

0 directories, 0 files

Or, a different way:

russ@tuonela:~/dev/projects> svn co file://localhost/home/svn/myproject
Checked out revision 0.

I wanted two users to have access to the repository. My colleague's username is aneill. I added aneill as a user and added him to the subversion group on Ubuntu using System -> Administration > Users and Groups. I also tried checking out the project under his user just to make certain that works. (More on users and passwords in a moment.)

Adding and committing an existing project

Here's how to take an existing project and set it up in Subversion. First, as noted above, you must create the empty project. Next, follow these steps, which are illustrated afterward and assume all the files to be committed are already in the project subdirectory.

1. Check out the new, empty project somewhere. It can just be where the root of the project already exists since it's empty and your files will not be overwritten.
2. Make the root of the project your currect working directory.
3. Add everything you wish to be part of the project (under source-code control) to the project.
4. Commit the contents of the project.

russ@tuonela:~/dev/projects> svn co file:///home/svn/myproject
Checked out revision 0.
russ@tuonela:~/dev/projects> cd myproject
russ@tuonela:~/dev/projects/myproject> svn add *
A         basic-prefs.epf
A         README.txt
russ@tuonela:~/dev/projects/myproject> svn add .*
A         .project
russ@tuonela:~/dev/projects/myproject> svn commit
Adding         .project
Adding         README.txt
Adding         basic-prefs.epf
Transmitting file data ...
Committed revision 1.

Web access

Now on to making our repository available via HTTP. I like to consume it both from Linux and from Windows. I have several of each both at home and at work. I use Tortoise SVN on Windows and plain, old command-line svn on Linux, and/or Eclipse's Subclipse connector.

WebDAV

Sorting out some errors

After setting up Apache (and PHP and MySQL), I tried to start the web server and got this error:

root@tuonela:/etc/apache2/mods-available> /etc/init.d/apache2 start
Starting web server apache2   Syntax error on line 57 of /etc/apache2/mods-enabled/dav_svn.conf:
Invalid command 'SNVPath', perhaps misspelled or defined by a module not
included in the server configuration [fail]

Notice that I misspelled SVNPath. I fixed this in dav_svn.conf. I had also misspelled SVNParentPath. Then I got this error:

root@tuonela:/etc/apache2/mods-available> /etc/init.d/apache2 start
Starting web server apache2   Syntax error on line 58 of /etc/apache2/mods-enabled/dav_svn.conf:
SVNParentPath cannot be defined at same time as SVNPath.  [fail]

Reading out there... I found that you can't specify both. You must use the "parent" one if you wish to share more than on repository. This wasn't so much my problem as sheer idiocy: I didn't get the second edit of the file correct. I had to change to use these two lines:

    SVNParentPath /home/svn
    SVNListParentPath On

Then, on to the next "failure":

root@tuonela:/etc/apache2/mods-available> /etc/init.d/apache2 start
Starting web server apache2   apache2: Could not reliably determine the server's fully qualified domain name,
using 127.0.1.1 for ServerName [ OK ]

Actually, Apache started up, but I had to add

ServerName localhost

to /etc/apach2/httpd.conf file, which ships zero-length now (unlike the early days of my Apache apprenticeship). I bounced Apache and got the "it works" response (out of /var/www/index.html). I want to leave things like that (instead of switching to the /home/username/public_html solution) for now since I'm not trying to use my Linux development host to serve up formal domain content.

Users and passwords

Next, I added passwords for both aneill and me.

root@tuonela:/etc/apache2/mods-available> cd /etc/subversion/
root@tuonela:/etc/subversion> ll
total 16
-rw-r--r-- 1 root root 6813 2009-12-11 23:03 config
-rw-r--r-- 1 root root 7674 2009-12-11 23:03 servers
root@tuonela:/etc/subversion> htpasswd -c /etc/subversion/passwd russ
New password:
Re-type new password:
Adding password for user russ
root@tuonela:/etc/subversion> htpasswd -c /etc/subversion/passwd aneill
New password:
Re-type new password:
Adding password for user aneill
root@tuonela:/etc/subversion> ll
total 20
-rw-r--r-- 1 root root 6813 2009-12-11 23:03 config
-rw-r--r-- 1 root root   21 2010-10-08 14:06 passwd
-rw-r--r-- 1 root root 7674 2009-12-11 23:03 servers
root@tuonela:/etc/subversion> cat passwd
aneill:KsXddINDzjHhU

I was uncertain as to why my user doesn't show up in this file, then I realized that I'd left the -c (create) option and simply wiped myself out when I added aneill's password:

root@tuonela:/etc/subversion> htpasswd -c /etc/subversion/passwd russ
New password:
Re-type new password:
Adding password for user russ
root@tuonela:/etc/subversion> htpasswd /etc/subversion/passwd aneill
New password:
Re-type new password:
Adding password for user aneill
root@tuonela:/etc/subversion> cat passwd
russ:gbsy49Koad.jU
aneill:UFyuCMYWgchJA

Trying it out from a browser

Then, I tried it out using HTTP from the command line first:

aneill@tuonela:~/projects$ svn co http://localhost/svn/myproject myproject --username aneill
Checked out revision 0.
aneill@tuonela:~/projects$ ll
total 0
drwxr-xr-x 3 aneill aneill  80 2010-10-08 14:11 ./
drwxr-xr-x 4 aneill aneill 248 2010-10-08 14:04 ../
drwxr-xr-x 3 aneill aneill  72 2010-10-08 14:11 myproject/

Spiffily, I went to a browser and typed http//localhost/svn/ and it worked. Then, I went to my Windows host and typed http://192.168.1.7/svn/ and that worked too. Clicking on myproject, that also worked:

I wasn't asked for passwords. I don't know why this was.

I need to set this up with SSL encryption to make use of WebDAV in order...

1. to require authentication (why doesn't it already require that?).
2. for clear-text passwords not to be transmitted over the wire.

OpenSSL and signed certificates

Installing the SSL certificate

Looking around, it appears to me that the keys may be put anywhere and merely referenced from httpd.conf or whether we decide to reference them from. So, I've put them at /etc/apache2/conf.d/ssl-keys.

root@tuonela:/etc/apache2/conf.d> ll ssl-keys/
total 16
-rw-r--r-- 1 root root 1058 2010-10-08 14:53 server.crt
-rw-r--r-- 1 root root  846 2010-10-08 14:31 server.csr
-rw-r--r-- 1 root root  891 2010-10-08 14:43 server.key
-rw-r--r-- 1 root root  963 2010-10-08 14:33 server.key.tmp

The only doc I've seen has me modify, not httpd.conf, but virtual hosts files. I'm not doing virtual hosts yet, so I'll have to look around for an alternative, or go enable virtual hosting. We're supposed to add this to the configuration file:

SSLEngine on
SSLCertificateFile /etc/apache2/conf.d/ssl-keys/server.crt
SSLCertificateKeyFile /etc/apache2/conf.d/ssl-keys/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

And then restart Apache, which I'm sure will fail to restart unless we've got our ducks waddling in a row. Remember, we excised the passphrase from the key in order not to have to be present when Apache is bounced. Remember also that this isn't a real, signed certificate. It will give a warning that it's of unknown origin when asking the user to accept it in his browser.

Abandoning this vein a little...

Requiring user-authentication

Later, I got back to work on enforcing user authentication since I don't want to leave my repository open to just anyone.

Wrap-up

At the end of this effort, here are the subdirectory and files we've created or modified:

root@tuonela:/etc/apache2/sites-available> ll
total 16
-rw-r--r-- 1 root root  968 2010-10-30 10:16 default
-rw-r--r-- 1 root root 7467 2010-10-30 10:25 default-ssl
-rw-r--r-- 1 root root 1755 2010-10-30 10:26 ssl

root@tuonela:/etc/apache2/sites-available> ll ../sites-enabled/
total 0
lrwxrwxrwx 1 root root 26 2010-10-08 11:57 000-default -> ../sites-available/default
lrwxrwxrwx 1 root root 22 2010-10-12 10:12 ssl -> ../sites-available/ssl

/etc/apache2/httpd.conf:

ServerName localhost

# Here's installing an SSL certificate for Subversion use. The passphrase is
# actually "xxxxxxxxxxxxx."
#SSLEngine on
#SSLCertificateFile    /etc/apache2/conf.d/ssl-keys/server.crt
#SSLCertificateKeyFile /etc/apache2/conf.d/ssl-keys/server.key
#SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
#CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

All we've done plus this (/home/svn revisited) concludes this exercise.

russ@tuonela:~> ll /home/svn
total 0
drwxrwsr-x 2 www.data subversion  48 2010-10-11 17:51 myproject
drwxrwsr-x 7 www.data subversion 224 2010-10-21 16:15 Tmts

Appendix: TortoiseSVN llustrations

Here are some illustrations of hitting the repository from TortoiseSVN:

Get Subversion running between taliesin (my Windows 7 host) and tuonela. See mediocre results (I clicked Accept once):

Appendix: Useful links

These links aren't for setting up Subversion on your computer host, but for learning how best to structure your source code repositories.

Appendix: Project structure and set-up

Best or, at least, wide-spread practice encourages the following structure for a project committed to Subversion, where project-name is the human name for the project or, more likely, product, such as libc, jvm, Retain, etc.

Underneath trunk is the subproject structure, a list of all major projects that are part of the product.

Steps to create

Outside of the new repository, set up the above structure, starting with project-name. Then, if you already have the subproject(s) themselves, move them to the trunk directory. Fix up ownership of the the new, ready structure:

$ chmod -R 770 project-name
$ chgrp -R subversion project-name
$ chmod g+s project-name

At this point, we're ready to import the source code into Subversion. Remember, in the command below, project-name is in your current working directory and is what was created in the previous step: the root dominating your entire source code repository. The scope and granularity of this is up to you since you can create several of these rather than one big one.

$ svn import project file://localhost/home/svn/project-name -m "Initial import"

The original directory structure, created above, may now be deleted although it would be a good idea to check out and verify that Subversion has your back first.

Appendix: Setting up an SSL cert

Bouncing Apache, it became evident that I must get SSL up on my host. It's already set up if the first command below comes back with a path. This is a sort of journal of what I did another time to get an SSL certificate running.

There is an Apache configuration file, subversion.conf in /etc/apache2/sites-available linked to from /etc/apache2/sites-enabled.

root@tuonela:/etc/apache2/sites-enabled> which openssl
/usr/bin/openssl
root@tuonela:/etc/apache2/sites-enabled> cd ../
root@tuonela:/etc/apache2> ll
total 56
-rw-r--r-- 1 root root 7994 2010-11-18 14:16 apache2.conf
drwxr-xr-x 2 root root 176 2011-01-13 09:18 conf.d
-rw-r--r-- 1 root root 1169 2010-11-18 14:16 envvars
-rw-r--r-- 1 root root 0 2011-01-13 09:18 httpd.conf
drwxr-xr-x 2 root root 80 2011-01-14 14:17 logs
-rw-r--r-- 1 root root 31063 2010-11-18 14:16 magic
drwxr-xr-x 2 root root 3016 2011-01-14 13:01 mods-available
drwxr-xr-x 2 root root 1080 2011-01-14 13:31 mods-enabled
-rw-r--r-- 1 root root 750 2011-01-14 15:01 ports.conf
drwxr-xr-x 2 root root 224 2011-02-17 10:35 sites-available
drwxr-xr-x 2 root root 160 2011-02-17 10:35 sites-enabled
root@tuonela:/etc/apache2> mkdir ssl
root@tuonela:/etc/apache2> cd ssl
root@tuonela:/etc/apache2/ssl> openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.......++++++
..............................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key: tuonela-subversion
Verifying - Enter pass phrase for server.key: tuonela-subversion
root@tuonela:/etc/apache2/ssl> openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key: tuonela-subversion
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:UT
Locality Name (eg, city) []:Provo
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Etretat Logiciels, LLC
Organizational Unit Name (eg, section) []:Engineering
Common Name (eg, YOUR name) []:repository-server
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:bocaraton
An optional company name []:IBM
root@tuonela:/etc/apache2/ssl> ll
total 8
-rw-r--r-- 1 root root 765 2011-02-17 11:09 subversion.csr
-rw-r--r-- 1 root root 963 2011-02-17 10:59 subversion.key
root@tuonela:/etc/apache2/ssl> cp subversion.key subversion.key.org
root@tuonela:/etc/apache2/ssl> openssl rsa -in subversion.key.org -out subversion.key
Enter pass phrase for subversion.key.org: tuonela-subversion
writing RSA key
root@tuonela:/etc/apache2/ssl> openssl x509 -req -days 365 -in subversion.csr -signkey subversion.key -out subversion.crt
Signature ok
subject=/C=US/ST=UT/L=Provo/O=Etretat Logiciels, LLC/OU=Engineering/CN=repository-server/[email protected]
Getting Private key

Prematurely, I attempt to bounce Apache httpd:

root@tuonela:/etc/apache2/ssl> /etc/init.d/apache2 restart
[Thu Feb 17 11:13:41 2011] [warn] module proxy_module is already loaded, skipping
[Thu Feb 17 11:13:41 2011] [warn] module proxy_http_module is already loaded, skipping
[Thu Feb 17 11:13:41 2011] [warn] module rewrite_module is already loaded, skipping
[Thu Feb 17 11:13:41 2011] [warn] module jk_module is already loaded, skipping
Syntax error on line 34 of /etc/apache2/sites-enabled/subversion.conf:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
...fail!

I repent and issue this which I knew I would need:

root@tuonela:/etc/apache2/ssl> a2enmod proxy ssl proxy_http
Module proxy already enabled
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Considering dependency proxy for proxy_http:
Module proxy already enabled
Module proxy_http already enabled
Run '/etc/init.d/apache2 restart' to activate new configuration!

Watch me attempt to bounce Apache httpd:

root@tuonela:/etc/apache2/ssl> /etc/init.d/apache2 restart
* Restarting web server apache2
[Thu Feb 17 11:15:24 2011] [warn] module proxy_module is already loaded, skipping
[Thu Feb 17 11:15:24 2011] [warn] module proxy_http_module is already loaded, skipping
[Thu Feb 17 11:15:24 2011] [warn] module rewrite_module is already loaded, skipping
[Thu Feb 17 11:15:24 2011] [warn] module jk_module is already loaded, skipping
[Thu Feb 17 11:15:24 2011] [warn] NameVirtualHost *:80 has no VirtualHosts
[Thu Feb 17 11:15:24 2011] [warn] NameVirtualHost *:80 has no VirtualHosts
... waiting .[Thu Feb 17 11:15:26 2011] [warn] module proxy_module is already loaded, skipping
[Thu Feb 17 11:15:26 2011] [warn] module proxy_http_module is already loaded, skipping
[Thu Feb 17 11:15:26 2011] [warn] module rewrite_module is already loaded, skipping
[Thu Feb 17 11:15:26 2011] [warn] module jk_module is already loaded, skipping
[Thu Feb 17 11:15:26 2011] [warn] NameVirtualHost *:80 has no VirtualHosts
[Thu Feb 17 11:15:26 2011] [warn] NameVirtualHost *:80 has no VirtualHosts
Action 'start' failed.
The Apache error log may have more information.
root@tuonela:/etc/apache2/ssl> /etc/init.d/apache2 status
Apache2 is NOT running.

I peeked at /var/log/apache2/error.log and saw:

[Thu Feb 17 11:15:26 2011] [error] Server should be SSL-aware but has no certificate configured
[Hint: SSLCertificateFile] (/etc/apache2/sites-enabled/subversion.conf:33)

So, I added

SSLCertificateFile /etc/apache2/ssl/subversion.crt
SSLCertificateKeyFile /etc/apache2/ssl/subversion.key

...to the bottom of the VirtualHost section in subversion.conf. This eliminated the failure when I bounced Apache.

root@tuonela:/etc/apache2/ssl> /etc/init.d/apache2 restart
* Restarting web server apache2
[Thu Feb 17 11:28:54 2011] [warn] module proxy_module is already loaded, skipping
[Thu Feb 17 11:28:54 2011] [warn] module proxy_http_module is already loaded, skipping
[Thu Feb 17 11:28:54 2011] [warn] module rewrite_module is already loaded, skipping
[Thu Feb 17 11:28:54 2011] [warn] module jk_module is already loaded, skipping
[Thu Feb 17 11:28:54 2011] [warn] NameVirtualHost *:80 has no VirtualHosts
[Thu Feb 17 11:28:54 2011] [warn] NameVirtualHost *:80 has no VirtualHosts
[Thu Feb 17 11:28:54 2011] [warn] module proxy_module is already loaded, skipping
[Thu Feb 17 11:28:54 2011] [warn] module proxy_http_module is already loaded, skipping
[Thu Feb 17 11:28:54 2011] [warn] module rewrite_module is already loaded, skipping
[Thu Feb 17 11:28:54 2011] [warn] module jk_module is already loaded, skipping
[Thu Feb 17 11:28:54 2011] [warn] NameVirtualHost *:80 has no VirtualHosts
[Thu Feb 17 11:28:54 2011] [warn] NameVirtualHost *:80 has no VirtualHosts
root@tuonela:/etc/apache2/ssl> /etc/init.d/apache2 status
Apache2 is running (pid 16421).