Previous 1 2 3 Next 33 Replies Latest reply: Nov 8, 2012 3:05 AM by jeff barclay
Bidit Mazumder Level 1 Level 1 (20 points)

I set up Subversion on my home Mac Pro OS X 10.7.3 (Lion) and wrote down the steps for my reference.

 

Posting it here may help someone. Feedback is appreciated.

 

Lion already ships with Subversion 1.6.17, OpenSSH_5.6p1 and OpenSSL 0.9.8r. So we just need to use them.

 

First, let's create a group that will be given permissions to access the repositories, and anything else you may add in the future.

 

There is no groupadd and usermod in Mac so we'll use dscl to create a group (coders) and dseditgroup to add users to this group.

1.  sudo dscl . create /groups/coders gid 1000

2.  sudo dseditgroup -o edit -a <your_username> -t user coders

 

You can use the groups command to verify your account is a member of the coders group.

 

Create the directory structure for your repositories.

3.  sudo mkdir /usr/local/svn

4.  sudo mkdir /usr/local/svn/repos

 

And set the access permissions.

5.  sudo chgrp coders /usr/local/svn/repos

6.  sudo chmod g+w /usr/local/svn/repos

7.  sudo chmod g+s /usr/local/svn/repos

 

We can now create our project repository, in the repos directory.

 

Set the file mode creation mask to give the group write permissions to the repository we are about to create.

8. umask 002

 

Create the repository for your project.

9. svnadmin create /usr/local/svn/repos/<project_name>

 

And set the user mask to the default value.

10. umask 022

 

You now have an empty repository, so let's create a working copy by checking out the current version to your home directory.

11. cd ~

12. svn co file:///usr/local/svn/repos/<project_name>

 

Create the basic structure and commit your changes to the repository.

13. cd <project_name>

14. svn mkdir branches tags trunk

15. svn ci -m "initial structures"

 

 

Now, let's enable remote access to the repository.

 

First, let's set up svnserve, the Subversion server program, so we can access the repository using the svn protocol.

(We're only going to access the repository securely, using svn+ssh, but it's nice to know svnserve is there if we ever need it.)

 

Create a passwords file that will be used across repositories.

16. sudo vi /usr/local/svn/passwd-coders

 

The structure of the file should be as follows:

[users]

<user_1> = <password_1>

<user_2> = <password_2>

<user_3> = <password_3>

 

Save the file and change its permissions, so it's only readable by the owner (root).

17. sudo chmod 600 /usr/local/svn/passwd-coders

 

Each Subversion repository has a configuration file that controls how it can be accessed by svnserve.

 

Edit this configuration file for the repository we created earlier.

18. vi /usr/local/svn/repos/<project_name>/conf/svnserve.conf

 

Paste the following after [general] (line 8):

anon-access = none

password-db = /usr/local/svn/passwd-coders

realm = coders

 

And save the file.

 

Stuff you might want to know (from the man pages):

The realm setting sets the authentication realm of the repository. If two repositories have the same password database, they should have the same realm, and vice versa; this association allows clients to use a single cached password for several repositories.

 

Let's launch svnserve as a foreground process (--foreground) so we can kill it after the test with Ctrl+C.

19. sudo svnserve -d --foreground -r /usr/local/svn/repos

 

You should be in your home directory (use pwd to check). If so, delete the working copy that was checked out previously or cd to another directory.

 

Now, checkout the pristine version using the svn protocol.

20. svn checkout svn://<server_ip>/<project_name> --username <user>

Replace <server_ip> with the IP address of your server or 127.0.0.1 if you are testing on the same machine.

 

You can go ahead and kill the svnserve process; we won't need it for svn+ssh.

 

 

We’re most of the way there, I promise. We just need to start our SSH server.

 

The only setup this requires, on a Mac, is to enable Remote Login from System Preferences > Sharing and add the coders group to the list of allowed users.

This will start sshd, the OpenSSH daemon, and set it to launch at startup.

 

Now you can checkout using svn+ssh and your login password.

21. svn checkout svn+ssh://<server_ip>/usr/local/svn/repos/<project_name> --username <user>

 

That's it!


Mac Pro, Mac OS X (10.7.3)
  • etresoft Level 7 Level 7 (26,655 points)

    I have some suggesteions...

     

    There is already a _developer group that all Xcode users need to be in. I suggest using that. That would reduce your usage of sudo too.

    You can use "mkdir -p /usr/local/svn/repos" by itself. The "-p" flag will create intermediate directories.

    I think "sudo chown -R :_developer svn" and "sudo chmod -R g+w+s svn" will setup your permissions.

    I suggest setting up a dedicated subversion user and then using ssh into that user account for all access. On the Mac, the Keychain acts as a ssh-agent so you can have a private key with a password.

  • Bidit Mazumder Level 1 Level 1 (20 points)

    You're right. Using the _developer group is the right thing to do here.

     

    For the permissions, I believe you have to set the new file mode creation mask to make the repository group writable.

    svn.png

     

    Thank you for the feedback.

    mkdir -P is clever!

     

     

    ~Bidit

     

     

    BTW, Ribbons was my dog. Just in case you're wondering.

  • Bidit Mazumder Level 1 Level 1 (20 points)

    Is it possible to delete this thread?

    I have revised the guide with feedback provided by etresoft and would like to post the updated guide.

     

    ~Bidit

  • etresoft Level 7 Level 7 (26,655 points)

    Bidit Mazumder wrote:

     

    Is it possible to delete this thread?

    I have revised the guide with feedback provided by etresoft and would like to post the updated guide.

    Usually the hosts only delete a thread if there is some privacy or abuse issue. Just post a revised guide here.

  • Bidit Mazumder Level 1 Level 1 (20 points)

    This is the revised guide. I still think posting as a new thread would be better.

     

    I set up Subversion on my home Mac Pro OS X 10.7.3 (Lion) and wrote down the steps for my reference.

     

    Lion already ships with Subversion 1.6.17, OpenSSH_5.6p1 and OpenSSL 0.9.8r. We just need to use them.

     

    Create the directory structure for your repositories.

    1.  sudo mkdir -p /usr/local/svn/repos

     

    We are going to use the _developer group that all Xcode users need to be in.

    Thanks to etresoft for this tip and other clever shortcuts.

    (Use the groups command to verify your account is a member of the _developer group.)

     

    Set the access permissions.

    2.  sudo chgrp _developer /usr/local/svn/repos

    3.  sudo chmod g+w+s /usr/local/svn/repos

     

    We are now ready to create our project repository, in the repos directory.

     

    Set the file mode creation mask to give the group write permissions to the repository we are about to create.

    4.  umask 002

     

    Create the repository for your project.

    5.  svnadmin create /usr/local/svn/repos/<project_name>

     

    And set the user mask to the default value.

    6.  umask 022

     

    You now have an empty repository, so let's create a working copy by checking out the current version to your home directory.

    7.  cd ~

    8.  svn co file:///usr/local/svn/repos/<project_name>

     

    Create the basic structure and commit your changes to the repository.

    9.  cd <project_name>

    10. svn mkdir branches tags trunk

    11. svn ci -m "initial structures"

     

     

    Now, let's enable remote access to the repository.

     

    First, let's set up svnserve, the Subversion server program, so we can access the repository using the svn protocol.

    (We're only going to access the repository securely, using svn+ssh, but it's nice to know svnserve is there if we ever need it.)

     

    Create a passwords file that will be used across repositories.

    12. sudo vi /usr/local/svn/passwd-developers

     

    The structure of the file should be as follows:

    [users]

    <user_1> = <password_1>

    <user_2> = <password_2>

    <user_3> = <password_3>

     

    Save the file and change its permissions, so it's only readable by the owner (root).

    13. sudo chmod 600 /usr/local/svn/passwd-developers

     

    Each Subversion repository has a configuration file that controls how it can be accessed by svnserve.

     

    Edit this configuration file for the repository we created earlier.

    14. vi /usr/local/svn/repos/<project_name>/conf/svnserve.conf

     

    Paste the following after [general] (line 8):

    anon-access = none

    password-db = /usr/local/svn/passwd-developers

    realm = developers

     

    And save the file.

     

    Stuff you might want to know (from the man pages):

    The realm setting sets the authentication realm of the repository. If two repositories have the same password database, they should have the same realm, and vice versa; this association allows clients to use a single cached password for several repositories.

     

    Let's launch svnserve as a foreground process (--foreground) so we can kill it after the test with Ctrl+C.

    15. sudo svnserve -d --foreground -r /usr/local/svn/repos

     

    You should be in your home directory (use pwd to check). If so, delete the working copy that was checked out previously or cd to another directory.

     

    Now, checkout the pristine version using the svn protocol.

    16. svn checkout svn://<server_ip>/<project_name> --username <user>

    Replace <server_ip> with the IP address of your server or 127.0.0.1 if you are testing on the same machine.

     

    You can go ahead and kill the svnserve process; we won't need it for svn+ssh.

     

     

    We’re most of the way there, I promise. We just need to start our SSH server.

     

    The only setup this requires, on a Mac, is to enable Remote Login from System Preferences > Sharing and add the _developer group to the list of allowed users.

    This will start sshd, the OpenSSH daemon, and set it to launch at startup.

     

    Now you can checkout using svn+ssh and your (Mac) login password.

    17. svn checkout svn+ssh://<server_ip>/usr/local/svn/repos/<project_name> --username <user>

     

    That's it!

  • A Programmer Level 1 Level 1 (0 points)

    Bidit Mazumder wrote:

    mkdir -P is clever!

    It's mkdir -p not mkdir -P.

  • Bidit Mazumder Level 1 Level 1 (20 points)

    Yes, that was a typo. Sorry.

  • jeff barclay Level 1 Level 1 (0 points)

    Your post is excellent, I'm new to unix/mac and followed your post fine, SVN working well with several repos and permissions. I'm not clear on the CHMOD for groups but will research and read. My question is... I have also setup WebSVN 2.3.3 and it too works fine, however it gives full access to all my repos? I set a seperate access file and only get "You don't have necessary permissions"... If I login via http from initial setup and enter user/password, then go to /WebSVN page i have access for that user... but otherwise I never get a user prompt from the WebSVN pages, only above permissions message. Could this be I need to change dir permissions on  the WebSVN site/page, and if so... How? it resides in the default site locations for the mac /library/webserver/documents/websvn

  • etresoft Level 7 Level 7 (26,655 points)

    You should be able to use .htaccess files for this.

  • jeff barclay Level 1 Level 1 (0 points)

    i'm not getting a user or password prompt.

  • jeff barclay Level 1 Level 1 (0 points)

    I might be confused as to what password file to use. There are 3 locations for password, One for svn:// one for http://localhost/repos and yet another for http://localhost/websvn

     

    I set the umask 002 initially when creating my first repo and set _developer group. The http in apache also wants a _www group.

     

    I'm trying to keep them all separate.

  • etresoft Level 7 Level 7 (26,655 points)

    There seem to be some apache modules that will provide an authentication hook into your established Subversion authentications. Unfortunately, Subversion has extremely poor documentation. I am also unfamiliar with it so I can't recommend any particular site. Here is one example, there are many more.

  • Bidit Mazumder Level 1 Level 1 (20 points)

    Hi Jeff,

     

    I've never messed with WebSVN but I think it's possible to use a global access file (as etresoft said).

     

     

    ~Bidit

  • jeff barclay Level 1 Level 1 (0 points)

    I'm already using the httpd.conf for <location> access? should i use .htaccess in addition to to this?

     

    mine is in /private/etc/apache2/users/yourUser.conf and looks like:

     

    <Directory "/Users/iMac/Sites/">

        Options Indexes MultiViews

        AllowOverride None

        Order allow,deny

        Allow from all

    </Directory>

    LoadModule dav_svn_module     libexec/apache2/mod_dav_svn.so

      <Location /repos>

        DAV svn

        SVNParentPath /usr/local/svn/repos

        AuthType Basic

        AuthName "Restricted Files"

        # (FOLLOWING LINE OPTIONAL)

        # AuthBasicProvider file

        AuthUserFile /etc/apache2/passwd/passwords

        # Require vaild-user

        Require user barclay

      </Location>

    #  <Location /websvn>

    #    DAV svn

    #    # SVNParentPath /usr/local/svn/repos

    #    SVNParentPath /Library/WebServer/Documents/Websvn

    #    AuthType Basic

    #    AuthName "Restricted Files"

    #    AuthUserFile /etc/apache2/passwd/passwords

    #    Require user barclay

    #  </Location>

     

     

    <Location websvn/wsvn/>

      Satisfy Any

      Require valid-user

      AuthType Basic

      AuthName "Restricted Files"

      AuthUserFile etc/apache2/passwd/passwords

    </Location>

Previous 1 2 3 Next