Subversion on Lion OS X 10.7.3

You're right. Using the _developer group is the right thing to do here.

For the permissions, I believe you have to set the new file mode creation mask to make the repository group writable.

Thank you for the feedback.

mkdir -P is clever!

~Bidit

BTW, Ribbons was my dog. Just in case you're wondering.

Is it possible to delete this thread?

I have revised the guide with feedback provided by etresoft and would like to post the updated guide.

~Bidit

This is the revised guide. I still think posting as a new thread would be better.

I set up Subversion on my home Mac Pro OS X 10.7.3 (Lion) and wrote down the steps for my reference.

Lion already ships with Subversion 1.6.17, OpenSSH_5.6p1 and OpenSSL 0.9.8r. We just need to use them.

Create the directory structure for your repositories.

1. sudo mkdir -p /usr/local/svn/repos

We are going to use the _developer group that all Xcode users need to be in.

Thanks to etresoft for this tip and other clever shortcuts.

(Use the groups command to verify your account is a member of the _developer group.)

Set the access permissions.

2. sudo chgrp _developer /usr/local/svn/repos

3. sudo chmod g+w+s /usr/local/svn/repos

We are now ready to create our project repository, in the repos directory.

Set the file mode creation mask to give the group write permissions to the repository we are about to create.

4. umask 002

Create the repository for your project.

5. svnadmin create /usr/local/svn/repos/<project_name>

And set the user mask to the default value.

6. umask 022

You now have an empty repository, so let's create a working copy by checking out the current version to your home directory.

7. cd ~

8. svn co file:///usr/local/svn/repos/<project_name>

Create the basic structure and commit your changes to the repository.

9. cd <project_name>

10. svn mkdir branches tags trunk

11. svn ci -m "initial structures"

Now, let's enable remote access to the repository.

First, let's set up svnserve, the Subversion server program, so we can access the repository using the svn protocol.

(We're only going to access the repository securely, using svn+ssh, but it's nice to know svnserve is there if we ever need it.)

Create a passwords file that will be used across repositories.

12. sudo vi /usr/local/svn/passwd-developers

The structure of the file should be as follows:

[users]

<user_1> = <password_1>

<user_2> = <password_2>

<user_3> = <password_3>

Save the file and change its permissions, so it's only readable by the owner (root).

13. sudo chmod 600 /usr/local/svn/passwd-developers

Each Subversion repository has a configuration file that controls how it can be accessed by svnserve.

Edit this configuration file for the repository we created earlier.

14. vi /usr/local/svn/repos/<project_name>/conf/svnserve.conf

Paste the following after [general] (line 8):

anon-access = none

password-db = /usr/local/svn/passwd-developers

realm = developers

And save the file.

Stuff you might want to know (from the man pages):

The realm setting sets the authentication realm of the repository. If two repositories have the same password database, they should have the same realm, and vice versa; this association allows clients to use a single cached password for several repositories.

Let's launch svnserve as a foreground process (--foreground) so we can kill it after the test with Ctrl+C.

15. sudo svnserve -d --foreground -r /usr/local/svn/repos

You should be in your home directory (use pwd to check). If so, delete the working copy that was checked out previously or cd to another directory.

Now, checkout the pristine version using the svn protocol.

16. svn checkout svn://<server_ip>/<project_name> --username <user>

Replace <server_ip> with the IP address of your server or 127.0.0.1 if you are testing on the same machine.

You can go ahead and kill the svnserve process; we won't need it for svn+ssh.

We’re most of the way there, I promise. We just need to start our SSH server.

The only setup this requires, on a Mac, is to enable Remote Login from System Preferences > Sharing and add the _developer group to the list of allowed users.

This will start sshd, the OpenSSH daemon, and set it to launch at startup.

Now you can checkout using svn+ssh and your (Mac) login password.

17. svn checkout svn+ssh://<server_ip>/usr/local/svn/repos/<project_name> --username <user>

That's it!

Yes, that was a typo. Sorry.

Hi Jeff,

I've never messed with WebSVN but I think it's possible to use a global access file (as etresoft said).

~Bidit

Hi Jeff,

I installed WebSVN and found there are certain problems with sharing the svnserve authentication file with Apache.

Apache starts as root, performs a few preliminary activities such as reading SSL certificates and opening log files, then spawns several child processes which run as _www.

These child processes do the work of listening for requests, answering requests and authenticating clients.

This means a _www child process must be able to read the /usr/local/svn/passwd-developers file used by svnserve for authentication.

We can change the file permissions to 0644 but the (authentication) file formats used by svnserve and Apache are different.

The good news is we can easily set up WebSVN with (basic) authentication so we can browse our Subversion repositories using HTTP.

Let's do that now.

1. Edit the /etc/apache2/httpd.conf file.

Uncomment line 95.

LoadModule php5_module libexec/apache2/libphp5.so

And add a WebSVN specific include, just after the SSL/TLS includes (line 635), between <IfDefine !MACOSXSERVER> and </IfDefine>.

# WebSVN

Include /private/etc/apache2/extra/httpd-websvn.conf

NOTE: We used /private/etc because Apple has symlinked /etc to /private/etc.

2. Create the file we just included (/etc/apache2/extra/httpd-websvn.conf) and paste the following.

<Location /websvn>

Require valid-user

AuthType Basic

AuthName "WebSVN"

AuthUserFile /usr/local/svn/.htpasswd

</Location>

NOTE: We have only set up (basic) authentication; not authorization. This means every authenticated user has full access to browse our repository via WebSVN.

3. Create the .htpasswd file that will be used by Apache to authenticate users who access /websvn.

sudo htpasswd -c /usr/local/svn/.htpasswd <user>

4. Download WebSVN, extract the archive and move the folder to your DocumentRoot.

tar -x -v -f websvn-2.3.3.tar.gz

sudo mv websvn-2.3.3 /Library/WebServer/Documents/websvn

Optionally, clear the extra attributes using xattr -c -r /Library/WebServer/Documents/websvn.

5. Make a copy of the original configuration file.

sudo cp /Library/WebServer/Documents/websvn/include/distconfig.php /Library/WebServer/Documents/websvn/include/config.php

And add the following line in the // {{{ REPOSITORY SETUP section (line 105).

$config->parentPath('/usr/local/svn/repos');

Now start Apache and you should be able to access /websvn after authentication.

~Bidit