Skip navigation

Subversion on Lion OS X 10.7.3

10574 Views 33 Replies Latest reply: Nov 8, 2012 3:05 AM by jeff barclay RSS
1 2 3 Previous Next
Bidit Mazumder Level 1 Level 1 (20 points)
Currently Being Moderated
Apr 13, 2012 1:33 PM

I set up Subversion on my home Mac Pro OS X 10.7.3 (Lion) and wrote down the steps for my reference.

 

Posting it here may help someone. Feedback is appreciated.

 

Lion already ships with Subversion 1.6.17, OpenSSH_5.6p1 and OpenSSL 0.9.8r. So we just need to use them.

 

First, let's create a group that will be given permissions to access the repositories, and anything else you may add in the future.

 

There is no groupadd and usermod in Mac so we'll use dscl to create a group (coders) and dseditgroup to add users to this group.

1.  sudo dscl . create /groups/coders gid 1000

2.  sudo dseditgroup -o edit -a <your_username> -t user coders

 

You can use the groups command to verify your account is a member of the coders group.

 

Create the directory structure for your repositories.

3.  sudo mkdir /usr/local/svn

4.  sudo mkdir /usr/local/svn/repos

 

And set the access permissions.

5.  sudo chgrp coders /usr/local/svn/repos

6.  sudo chmod g+w /usr/local/svn/repos

7.  sudo chmod g+s /usr/local/svn/repos

 

We can now create our project repository, in the repos directory.

 

Set the file mode creation mask to give the group write permissions to the repository we are about to create.

8. umask 002

 

Create the repository for your project.

9. svnadmin create /usr/local/svn/repos/<project_name>

 

And set the user mask to the default value.

10. umask 022

 

You now have an empty repository, so let's create a working copy by checking out the current version to your home directory.

11. cd ~

12. svn co file:///usr/local/svn/repos/<project_name>

 

Create the basic structure and commit your changes to the repository.

13. cd <project_name>

14. svn mkdir branches tags trunk

15. svn ci -m "initial structures"

 

 

Now, let's enable remote access to the repository.

 

First, let's set up svnserve, the Subversion server program, so we can access the repository using the svn protocol.

(We're only going to access the repository securely, using svn+ssh, but it's nice to know svnserve is there if we ever need it.)

 

Create a passwords file that will be used across repositories.

16. sudo vi /usr/local/svn/passwd-coders

 

The structure of the file should be as follows:

[users]

<user_1> = <password_1>

<user_2> = <password_2>

<user_3> = <password_3>

 

Save the file and change its permissions, so it's only readable by the owner (root).

17. sudo chmod 600 /usr/local/svn/passwd-coders

 

Each Subversion repository has a configuration file that controls how it can be accessed by svnserve.

 

Edit this configuration file for the repository we created earlier.

18. vi /usr/local/svn/repos/<project_name>/conf/svnserve.conf

 

Paste the following after [general] (line 8):

anon-access = none

password-db = /usr/local/svn/passwd-coders

realm = coders

 

And save the file.

 

Stuff you might want to know (from the man pages):

The realm setting sets the authentication realm of the repository. If two repositories have the same password database, they should have the same realm, and vice versa; this association allows clients to use a single cached password for several repositories.

 

Let's launch svnserve as a foreground process (--foreground) so we can kill it after the test with Ctrl+C.

19. sudo svnserve -d --foreground -r /usr/local/svn/repos

 

You should be in your home directory (use pwd to check). If so, delete the working copy that was checked out previously or cd to another directory.

 

Now, checkout the pristine version using the svn protocol.

20. svn checkout svn://<server_ip>/<project_name> --username <user>

Replace <server_ip> with the IP address of your server or 127.0.0.1 if you are testing on the same machine.

 

You can go ahead and kill the svnserve process; we won't need it for svn+ssh.

 

 

We’re most of the way there, I promise. We just need to start our SSH server.

 

The only setup this requires, on a Mac, is to enable Remote Login from System Preferences > Sharing and add the coders group to the list of allowed users.

This will start sshd, the OpenSSH daemon, and set it to launch at startup.

 

Now you can checkout using svn+ssh and your login password.

21. svn checkout svn+ssh://<server_ip>/usr/local/svn/repos/<project_name> --username <user>

 

That's it!

Mac Pro, Mac OS X (10.7.3)
  • etresoft Level 7 Level 7 (23,895 points)
    Currently Being Moderated
    Apr 13, 2012 4:52 PM (in response to Bidit Mazumder)

    I have some suggesteions...

     

    There is already a _developer group that all Xcode users need to be in. I suggest using that. That would reduce your usage of sudo too.

    You can use "mkdir -p /usr/local/svn/repos" by itself. The "-p" flag will create intermediate directories.

    I think "sudo chown -R :_developer svn" and "sudo chmod -R g+w+s svn" will setup your permissions.

    I suggest setting up a dedicated subversion user and then using ssh into that user account for all access. On the Mac, the Keychain acts as a ssh-agent so you can have a private key with a password.

  • etresoft Level 7 Level 7 (23,895 points)
    Currently Being Moderated
    Apr 15, 2012 1:24 PM (in response to Bidit Mazumder)

    Bidit Mazumder wrote:

     

    Is it possible to delete this thread?

    I have revised the guide with feedback provided by etresoft and would like to post the updated guide.

    Usually the hosts only delete a thread if there is some privacy or abuse issue. Just post a revised guide here.

  • A Programmer Calculating status...
    Currently Being Moderated
    Apr 17, 2012 1:21 PM (in response to Bidit Mazumder)

    Bidit Mazumder wrote:

    mkdir -P is clever!

    It's mkdir -p not mkdir -P.

    Mac Pro, Mac OS X (10.7.3)
  • jeff barclay Calculating status...
    Currently Being Moderated
    May 7, 2012 5:24 AM (in response to Bidit Mazumder)

    Your post is excellent, I'm new to unix/mac and followed your post fine, SVN working well with several repos and permissions. I'm not clear on the CHMOD for groups but will research and read. My question is... I have also setup WebSVN 2.3.3 and it too works fine, however it gives full access to all my repos? I set a seperate access file and only get "You don't have necessary permissions"... If I login via http from initial setup and enter user/password, then go to /WebSVN page i have access for that user... but otherwise I never get a user prompt from the WebSVN pages, only above permissions message. Could this be I need to change dir permissions on  the WebSVN site/page, and if so... How? it resides in the default site locations for the mac /library/webserver/documents/websvn

  • etresoft Level 7 Level 7 (23,895 points)
    Currently Being Moderated
    May 7, 2012 6:24 AM (in response to jeff barclay)

    You should be able to use .htaccess files for this.

  • jeff barclay Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 7, 2012 6:49 AM (in response to etresoft)

    i'm not getting a user or password prompt.

  • jeff barclay Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 7, 2012 8:26 AM (in response to etresoft)

    I might be confused as to what password file to use. There are 3 locations for password, One for svn:// one for http://localhost/repos and yet another for http://localhost/websvn

     

    I set the umask 002 initially when creating my first repo and set _developer group. The http in apache also wants a _www group.

     

    I'm trying to keep them all separate.

  • etresoft Level 7 Level 7 (23,895 points)
    Currently Being Moderated
    May 7, 2012 8:55 AM (in response to jeff barclay)

    There seem to be some apache modules that will provide an authentication hook into your established Subversion authentications. Unfortunately, Subversion has extremely poor documentation. I am also unfamiliar with it so I can't recommend any particular site. Here is one example, there are many more.

  • jeff barclay Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 7, 2012 2:22 PM (in response to Bidit Mazumder)

    I'm already using the httpd.conf for <location> access? should i use .htaccess in addition to to this?

     

    mine is in /private/etc/apache2/users/yourUser.conf and looks like:

     

    <Directory "/Users/iMac/Sites/">

        Options Indexes MultiViews

        AllowOverride None

        Order allow,deny

        Allow from all

    </Directory>

    LoadModule dav_svn_module     libexec/apache2/mod_dav_svn.so

      <Location /repos>

        DAV svn

        SVNParentPath /usr/local/svn/repos

        AuthType Basic

        AuthName "Restricted Files"

        # (FOLLOWING LINE OPTIONAL)

        # AuthBasicProvider file

        AuthUserFile /etc/apache2/passwd/passwords

        # Require vaild-user

        Require user barclay

      </Location>

    #  <Location /websvn>

    #    DAV svn

    #    # SVNParentPath /usr/local/svn/repos

    #    SVNParentPath /Library/WebServer/Documents/Websvn

    #    AuthType Basic

    #    AuthName "Restricted Files"

    #    AuthUserFile /etc/apache2/passwd/passwords

    #    Require user barclay

    #  </Location>

     

     

    <Location websvn/wsvn/>

      Satisfy Any

      Require valid-user

      AuthType Basic

      AuthName "Restricted Files"

      AuthUserFile etc/apache2/passwd/passwords

    </Location>

1 2 3 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (5)

This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.