Hello community,
here is the log from the commit of package subversion for openSUSE:Factory
checked in at 2013-05-27 10:02:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/subversion (Old)
and /work/SRC/openSUSE:Factory/.subversion.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "subversion"
Changes:
--------
--- /work/SRC/openSUSE:Factory/subversion/subversion.changes 2013-05-16
16:32:23.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.subversion.new/subversion.changes
2013-05-27 10:02:43.000000000 +0200
@@ -1,0 +2,20 @@
+Tue May 21 19:41:36 UTC 2013 - andreas.stie...@gmx.de
+
+- use svnserveautocheck.sh and davautocheck.sh for unit tests,
+ greatly reducing complexity of spec file and adding support
+ for running unit tests with httpd 2.4 in factory
+- add subversion-1.7.9-davautocheck-LD_LIBRARY_PATH.patch to
+ not overwrite LD_LIBRARY_PATH in davautocheck.sh to make
+ auth-test pass
+
+-------------------------------------------------------------------
+Mon May 20 19:30:52 UTC 2013 - andreas.stie...@gmx.de
+
+- add systemd support for svnserve
+- package now contains user and group svn
+- adjust and extend README.SuSE to cover a quickstart with both
+ mod_dav_svn and svnserve, mention the user/group requirement for
+ parallel operation and make text more compact by referencing the
+ template config file [bnc#781980]
+
+-------------------------------------------------------------------
Old:
----
subversion-tests-httpd-users
subversion-tests-httpd.conf.tmpl
New:
----
subversion-1.7.9-davautocheck-LD_LIBRARY_PATH.patch
svnserve.service
svnserve.tmpfiles
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ subversion.spec ++++++
--- /var/tmp/diff_new_pack.CGWIyR/_old 2013-05-27 10:02:44.000000000 +0200
+++ /var/tmp/diff_new_pack.CGWIyR/_new 2013-05-27 10:02:44.000000000 +0200
@@ -45,6 +45,9 @@
%define with_bashcomp 1
%endif
+%define svngroup svn
+%define svnuser svn
+
Name: subversion
Version: 1.7.9
Release: 0
@@ -63,6 +66,14 @@
BuildRequires: python-xml
BuildRequires: update-alternatives
BuildRequires: zlib-devel
+Requires(pre): pwdutils
+#
+%if 0%{?suse_version} > 1140
+BuildRequires: pkgconfig(systemd)
+%{?systemd_requires}
+%define has_systemd 1
+%endif
+#
%if %with_bashcomp
BuildRequires: bash-completion
%endif #with_bashcomp
@@ -108,8 +119,9 @@
%endif # suse_version > 1030
%endif # with neon
%if %{with regression_tests}
-# for check section, to find a free port:
-BuildRequires: iproute2
+# svnserveautocheck.sh davautocheck.sh requirements
+BuildRequires: net-tools
+BuildRequires: wget
%endif # with regression_tests
#
%define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services
@@ -138,6 +150,8 @@
Source10: subversion.sysconfig.svnserve
Source12: subversion.sysconfig.svnserve.remoteaccess
Source13: subversion.xinetd.svnserve
+Source14: svnserve.service
+Source15: svnserve.tmpfiles
Source42: subversion.svngrep.sh
Source43: subversion.svndiff.sh
# https://people.apache.org/keys/group/subversion.asc
@@ -160,8 +174,6 @@
%requires_ge libsqlite3-0
%endif # with_intree_sqlite
Source92: %{name}.rpmlintrc
-Source93: subversion-tests-httpd.conf.tmpl
-Source94: subversion-tests-httpd-users
#
Patch11: subversion.libtool-verbose.patch
# build fixes
@@ -173,6 +185,7 @@
Patch38: subversion-neon-systemproxy.patch
Patch39: subversion-1.7.4-ruby-1.9-RbConfig.patch
Patch40: subversion-1.7.8-TestHarness_run_py_test_exit_code.patch
+Patch41: subversion-1.7.9-davautocheck-LD_LIBRARY_PATH.patch
#
%if %with_ruby
%if %{!?rb_arch:1}0
@@ -348,6 +361,7 @@
%patch38
%patch39 -p1
%patch40 -p1
+%patch41 -p1
SQLITE_RECOMMENDED_VER=$(grep -E '^SQLITE_RECOMMENDED_VER=' configure.ac|cut
-f2 -d=|cut -f2 -d\")
#"
@@ -582,6 +596,13 @@
ln -sv /etc/init.d/svnserve $RPM_BUILD_ROOT/usr/sbin/rcsvnserve
install -m 644 -D %{S:10}
$RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.svnserve
install -m 644 -D %{S:12} $RPM_BUILD_ROOT/%{_fwdefdir}/svnserve
+%{__install} -d -m 0755 %{buildroot}/srv/svn
+%if 0%{?has_systemd}
+install -m 644 -D %{S:14} $RPM_BUILD_ROOT/%{_unitdir}/svnserve.service
+%{__install} -d -m 0755 %{buildroot}/var/run/svnserve/
+%{__install} -d -m 0755 %{buildroot}/usr/lib/tmpfiles.d/
+%{__install} -m 0644 %{SOURCE15} %{buildroot}/usr/lib/tmpfiles.d/svnserve.conf
+%endif
#useless libtool stuff
rm -f %{buildroot}%{_libdir}/*.la
if [ "$with_jdk" != "" ] ; then
@@ -639,91 +660,21 @@
# During "make check", auth-test loads DSOs at runtime and can't find
# them if we don't set up LD_LIBRARY_PATH as below.
export
LD_LIBRARY_PATH="$PWD/subversion/libsvn_auth_kwallet/.libs:$PWD/subversion/libsvn_auth_gnome_keyring/.libs:$LD_LIBRARY_PATH"
-CHECK_FS_TYPE=fsfs
# run tests over ra_local (file://)
-%__make check CLEANUP=true FS_TYPE="$CHECK_FS_TYPE"
-
-SVNSERVE_PIDFILE="$PWD/svnserve.pid"
-HTTPD_PIDFILE="$PWD/httpd.pid"
-# hook up cleanup routine
-function on_exit {
- if [ -e "$SVNSERVE_PIDFILE" ]; then
- pid=`cat "$SVNSERVE_PIDFILE" 2>/dev/null || :`
- test -n "$pid" && kill -9 "$pid" || :
- fi
- if [ -e "$HTTPD_PIDFILE" ]; then
- pid=`cat "$HTTPD_PIDFILE" 2>/dev/null || :`
- test -n "$pid" && kill -9 "$pid" || :
- fi
-}
-trap on_exit EXIT
-
-# find next free port
-function find_next_free_port {
- if [ -z "$free_port" ]; then # on first invocation
- local start_port=1025 # start with user port range
- else # on subsequent invocations
- local start_port=$free_port; # look for ports above the last
- let start_port++; # as the daemon might still
use it
- fi
- free_port=""
- # in the OBS build VMs, the call to ss actually fails, resulting in all
port to be returned as unused,
- # subsequent calls to the function will use a sequence from 1025, which
are always available in VM.
- # For local builds this takes into account locally used ports. Either way
works to get a usable port.
- for p in `/usr/sbin/ss -nat|tail +2|awk '{ split($4, a, ":"); if (a[2] >
1024) { print a[2]; }}'`; do used_port[$p]="$p"; done
- for p in `seq $start_port 65535`; do
- if [ -z "${used_port[$p]}" ]; then
- free_port="$p"
- break
- fi
- done
- if [ -z "$free_port" ]; then
- echo "ERROR: failed to find a free port" >&2
- echo "Used TCP ports: ${used_port[*]}" >&2
- exit 1
- fi
-}
-find_next_free_port
+%__make check CLEANUP=true FS_TYPE=fsfs
# run tests over ra_svn (svn://)
-"$PWD/subversion/svnserve/svnserve" --listen-host 127.0.0.1 --listen-port
"$free_port" --pid-file "$SVNSERVE_PIDFILE" -d -r
"$PWD/subversion/tests/cmdline"
-%__make check CLEANUP=true FS_TYPE="$CHECK_FS_TYPE"
BASE_URL="svn://127.0.0.1:$free_port"
-kill -9 `cat "$SVNSERVE_PIDFILE" 2>/dev/null`
-%__rm "$SVNSERVE_PIDFILE"
+%__make svnserveautocheck CLEANUP=true FS_TYPE=fsfs
# run tests over ra_neon (http://)
%if %{with neon}
-find_next_free_port
-# create apache configuration
-%__cp "%{SOURCE94}" users
-APACHE_LIBEXECDIR="%{apache_libexecdir}"
-< "%{SOURCE93}" \
- sed "s/REPLACE_PORT/$free_port/g" | \
- sed "s/REPLACE_BUILDROOT/${RPM_BUILD_ROOT//\//\\/}/g" | \
- sed "s/REPLACE_BUILDDIR/${PWD//\//\\/}/g" | \
- sed "s/REPLACE_APACHE_LIBEXECDIR/${APACHE_LIBEXECDIR//\//\\/}/g" >
httpd.conf
-LD_LIBRARY_PATH="%{buildroot}%{_libdir}:$LD_LIBRARY_PATH" /usr/sbin/httpd2 -d
"$PWD" -f httpd.conf
-%__make check CLEANUP=true FS_TYPE="$CHECK_FS_TYPE"
BASE_URL=http://127.0.0.1:$free_port HTTP_LIBRARY=neon
-kill -9 `cat "$HTTPD_PIDFILE" 2>/dev/null`
-%__rm "$HTTPD_PIDFILE"
+%__make davautocheck CLEANUP=true FS_TYPE=fsfs HTTP_LIBRARY=neon
%endif # neon
# run tests over ra_serf (http://)
%if %{with serf}
-find_next_free_port
-# create apache configuration
-%__cp "%{SOURCE94}" users
-APACHE_LIBEXECDIR="%{apache_libexecdir}"
-< "%{SOURCE93}" \
- sed "s/REPLACE_PORT/$free_port/g" | \
- sed "s/REPLACE_BUILDROOT/${RPM_BUILD_ROOT//\//\\/}/g" | \
- sed "s/REPLACE_BUILDDIR/${PWD//\//\\/}/g" | \
- sed "s/REPLACE_APACHE_LIBEXECDIR/${APACHE_LIBEXECDIR//\//\\/}/g" >
httpd.conf
-LD_LIBRARY_PATH="%{buildroot}%{_libdir}:$LD_LIBRARY_PATH" /usr/sbin/httpd2 -d
"$PWD" -f httpd.conf
-%__make check CLEANUP=true FS_TYPE="$CHECK_FS_TYPE"
BASE_URL=http://127.0.0.1:$free_port HTTP_LIBRARY=serf
-kill -9 `cat "$HTTPD_PIDFILE" 2>/dev/null`
-%__rm "$HTTPD_PIDFILE"
+%__make davautocheck CLEANUP=true FS_TYPE=fsfs HTTP_LIBRARY=serf
%endif # serf
%if %with_java
@@ -743,16 +694,33 @@
%clean
%__rm -rf "%{buildroot}"
+%pre
+getent group %{svngroup} >/dev/null || groupadd -r %{svngroup}
+getent passwd %{svnuser} >/dev/null || useradd -r -g %{svngroup} -d /srv/svn
-s /sbin/nologin -c "user for Apache Subversion svnserve" %{svnuser}
+%if 0%{?has_systemd}
+%service_add_pre svnserve.service
+%endif
+
%preun
%stop_on_removal svnserve
+%if 0%{?has_systemd}
+%service_del_preun svnserve.service
+%endif
%post
%{fillup_and_insserv -n svnserve svnserve}
+%if 0%{?has_systemd}
+%service_add_post svnserve.service
+systemd-tmpfiles --create /usr/lib/tmpfiles.d/svnserve.conf
+%endif
/sbin/ldconfig
%postun
%restart_on_update svnserve
%{insserv_cleanup}
+%if 0%{?has_systemd}
+%service_del_postun svnserve.service
+%endif
/sbin/ldconfig
%post -n subversion-python -p /sbin/ldconfig
@@ -790,7 +758,13 @@
%attr(754,root,root) /etc/init.d/svnserve
%attr(754,root,root) /usr/sbin/rcsvnserve
/var/adm/fillup-templates/sysconfig.svnserve
+%dir %attr(755,%{svnuser},%{svngroup}) /srv/svn
%config %{_fwdefdir}/*
+%if 0%{?has_systemd}
+%{_unitdir}/svnserve.service
+%ghost %dir %attr(755,%{svnuser},%{svngroup}) /var/run/svnserve
+/usr/lib/tmpfiles.d/svnserve.conf
+%endif
#
%attr(755,root,root) /usr/bin/svn
%attr(755,root,root) /usr/bin/svnadmin
++++++ subversion-1.7.9-davautocheck-LD_LIBRARY_PATH.patch ++++++
From: Andreas Stieger <andreas.stie...@gmx.de>
Date: 2013-05-21 17:43:00 +0100
Subject: [PATCH] do not clear LD_LIBRARY_PATH in davautocheck.sh
Upstream: merged
References: http://svn.apache.org/viewvc?view=revision&revision=1197065
During "make check", auth-test loads DSOs at runtime and cannot find them
unless LD_LIBRARY_PATH inlucdes subversion/libsvn_auth_kwallet/.libs and
/subversion/libsvn_auth_gnome_keyring/.libs.
Adjust davautocheck.sh so that LD_LIBRARY_PATH is prepended to rather
than overwritten so that the spec file can set the required paths for
the auth-tests to pass.
Actually then found to have been fixed in the trunk in r1197065. Required
for unit tests with 1.7.x but not 1.8.x
---
subversion/tests/cmdline/dav-mirror-autocheck.sh | 2 +-
subversion/tests/cmdline/davautocheck.sh | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Index: subversion-1.7.9/subversion/tests/cmdline/dav-mirror-autocheck.sh
===================================================================
--- subversion-1.7.9.orig/subversion/tests/cmdline/dav-mirror-autocheck.sh
2011-04-21 12:42:32.000000000 +0100
+++ subversion-1.7.9/subversion/tests/cmdline/dav-mirror-autocheck.sh
2013-05-21 20:32:40.000000000 +0100
@@ -323,7 +323,7 @@ fi
[ -r "$MOD_AUTHZ_SVN" ] \
|| fail "authz_svn_module not found, please use '--enable-shared
--enable-dso --with-apxs' with your 'configure' script"
-export
LD_LIBRARY_PATH="$ABS_BUILDDIR/subversion/libsvn_ra_neon/.libs:$ABS_BUILDDIR/subversion/libsvn_ra_local/.libs:$ABS_BUILDDIR/subversion/libsvn_ra_svn/.libs"
+export
LD_LIBRARY_PATH="$ABS_BUILDDIR/subversion/libsvn_ra_neon/.libs:$ABS_BUILDDIR/subversion/libsvn_ra_local/.libs:$ABS_BUILDDIR/subversion/libsvn_ra_svn/.libs:$LD_LIBRARY_PATH"
MASTER_REPOS="${MASTER_REPOS:-"$HTTPD_ROOT/master_repos"}"
SLAVE_REPOS="${SLAVE_REPOS:-"$HTTPD_ROOT/slave_repos"}"
Index: subversion-1.7.9/subversion/tests/cmdline/davautocheck.sh
===================================================================
--- subversion-1.7.9.orig/subversion/tests/cmdline/davautocheck.sh
2012-05-13 05:03:03.000000000 +0100
+++ subversion-1.7.9/subversion/tests/cmdline/davautocheck.sh 2013-05-21
20:32:40.000000000 +0100
@@ -198,7 +198,7 @@ fi
[ -r "$MOD_AUTHZ_SVN" ] \
|| fail "authz_svn_module not found, please use '--enable-shared
--enable-dso --with-apxs' with your 'configure' script"
-export
LD_LIBRARY_PATH="$ABS_BUILDDIR/subversion/libsvn_ra_neon/.libs:$ABS_BUILDDIR/subversion/libsvn_ra_local/.libs:$ABS_BUILDDIR/subversion/libsvn_ra_svn/.libs"
+export
LD_LIBRARY_PATH="$ABS_BUILDDIR/subversion/libsvn_ra_neon/.libs:$ABS_BUILDDIR/subversion/libsvn_ra_local/.libs:$ABS_BUILDDIR/subversion/libsvn_ra_svn/.libs:$LD_LIBRARY_PATH"
case "`uname`" in
Darwin*) LDD='otool -L'
++++++ subversion.README.SuSE ++++++
--- /var/tmp/diff_new_pack.CGWIyR/_old 2013-05-27 10:02:44.000000000 +0200
+++ /var/tmp/diff_new_pack.CGWIyR/_new 2013-05-27 10:02:44.000000000 +0200
@@ -1,220 +1,175 @@
+Quickstart document for Apache Subversion on openSUSE.
+
+For the full documentation, install the package subversion-doc and see
+/usr/share/doc/packages/subversion/html/book/svn-book.html
+An online version can be found at http://svnbook.red-bean.com/
+
Topics:
-1. backup and restore your repository data
-2. create svn user/group for svnserve
-3. mini-howto for 2 projects
-4. quickstart for mod_dontdothat
+1. mini-howto
+2. allowing anonymous read access
+3. serving several repositories with SVNParentPath
+4. serving the repositories at "/"
+5. running svnserve
+6. quickstart for mod_dontdothat
================================================================================
-1. backup and restore your repository data
+1. mini-howto
-subversion repositories use either the Berkeley Database system libraries,
-or the FSFS database format which comes with the subversion package.
-Since the BDB system libraries often introduce a new incompatible format during
-version upgrade, a backup/restore of all the subversion repositories must be
-performed _BEFORE_ doing such a system upgrade.
-'svnadmin dump' will write the repository to stdout in a 'dumpfile' format.
-This dumpfile can be loaded later with 'svnadmin load'.
+To run a subversion server, you need to configure apache2 to load two modules:
+mod_dav and mod_dav_svn.
+ zypper in subversion-server
+ a2enmod dav
+ a2enmod dav_svn
-2. create svn user/group for svnserve
+A default/example configuration of the dav_svn module can be found in
+/etc/apache2/conf.d/subversion.conf. The current default configuration
+automatically includes this file the default server configuration.
-subversion repositories can be served either via http, or via the svnserve
-daemon and a special network protocol. svnserve should not run as root user.
-The startup script rcsvnserve expects a user/group named 'svn', configureable
-via /etc/sysconfig/svnserve.
+Create some directories to contain the repositories and other files:
-But this user/group must be created before first use:
+ mkdir -p /srv/svn/repos
+ mkdir -p /srv/svn/user_access
+ mkdir -p /srv/svn/html
- groupadd svn
- useradd -d /srv/svn -s /bin/false -g svn svn
+Edit /etc/apache2/conf.d/subversion.conf and uncomment the desired sections.
+The first section "project related HTML files" is optional and will allow you
+to return some static content when /repos is accessed alone. If you do not need
+this, discard this section.
-3. mini-howto for 2 projects
+If instead you wish to show a list of repositories, set "SVNListParentPath on"
+later. See for details:
+http://svnbook.red-bean.com/en/1.7/svn.serverconfig.httpd.html#svn.serverconfig.httpd.extra.browsing.reposlisting
-To run a subversion server, you need to configure apache2 to load two apache2
-modules: mod_dav and mod_dav_svn. (mod_dav is needed by mod_dav_svn, it is
-installed together with apache2.)
+The section following that will configure a repository to be served out of
+the path /srv/svn/repos/myproject1. Note that the location "/repo/myproject1"
+and "SVNPath" is specified explicitly, see section 3 for an alternative.
-This is done by adding the dav and dav_svn modules to the apache2 configuration
-(a2enmod dav; a2enmod dav_svn), and restarting the server.
+To create the repository itself:
-A default/example configuration of the dav_svn module can be found in
-/etc/apache2/conf.d/subversion.conf. With more recent apache
-packages, this configuration is *not* loaded automatically by
-the apache server, since many people configure virtual hosts
-and it is unlikely that the repositories shall be available
-from any virtual host. To load the configuration for a certain
-virtual host, add
- Include /etc/apache2/conf.d/subversion.conf
-or
- Include /path/to/your_subversion_configuration
-in the respective virtual host configuration. This *may* be done in the default
-virtual host (/etc/apache2/default-server.conf).
-
-
-
-Minihowto:
-
-
-The plan:
-
-host 2 source projects with subversion
-both must have anonymous read access
-both must have limited write access for a few users
-they are accessed only via HTTP, not (!) locally
-they will be reachable via:
-
- http://hostname/repos/project1
- http://hostname/repos/project2
-
-Both will have the official version of the source tree and our modified
-version for the distribution. Projects in question are:
-project1
-project2
-
-The realisation:
-
-find a machine to host the projects. Keep backup (and restore!) in mind
-when hunting for hardware.
-
-install needed packages
-(you might check for update packages on
-ftp://ftp.suse.com/pub/projects/apache/ )
-
-rpm -Uvh \
- apache2 \
- apache2-doc \
- apache2-prefork \
- libapr1 \
- libapr-util1 \
- neon \
- subversion \
- subversion-doc \
- subversion-server
-
-
-
-# Update /etc/sysconfig/apache2 by
-# adding 'dav dav_svn' to $APACHE_MODULES:
-a2enmod dav
-a2enmod dav_svn
-
-create a few directories:
-mkdir -p /srv/svn/repos
-mkdir -p /srv/svn/user_access
-mkdir -p /srv/svn/html
-
-Add the http repository data to /etc/apache2/conf.d/subversion.conf:
-#------------------------------------------------------------------------
-#
-# project related HTML files
-#
-<IfModule mod_alias.c>
-Alias /repos "/srv/svn/html"
-</IfModule>
-<Directory /srv/svn/html>
- Options +Indexes +Multiviews -FollowSymLinks
- IndexOptions FancyIndexing \
- ScanHTMLTitles \
- NameWidth=* \
- DescriptionWidth=* \
- SuppressLastModified \
- SuppressSize
-
- order allow,deny
- allow from all
-</Directory>
-
-
-# project repository files for project1
-<Location /repos/project1>
- DAV svn
- SVNPath /srv/svn/repos/project1
-
- # Limit write access to certain people
- AuthType Basic
- AuthName "Authorization for project1 required"
- AuthUserFile /srv/svn/user_access/project1_passwdfile
- AuthGroupFile /srv/svn/user_access/project1_groupfile
- <LimitExcept GET PROPFIND OPTIONS REPORT>
- Require group project1_committers
- </LimitExcept>
-
- # Limit read access to certain people
- <Limit GET PROPFIND OPTIONS REPORT>
- Require group project1_committers
- Require group project1_readers
- </Limit>
-
-</Location>
-
-# project repository files for project2
-<Location /repos/project2>
- DAV svn
- SVNPath /srv/svn/repos/project2
-
- # Limit write permission to list of valid users.
- <LimitExcept GET PROPFIND OPTIONS REPORT>
- # Require SSL connection for password protection.
- # SSLRequireSSL
-
- AuthType Basic
- AuthName "Authorization for project2 required"
- AuthUserFile /srv/svn/user_access/project2_passwdfile
- Require valid-user
- </LimitExcept>
-</Location>
-#------------------------------------------------------------------------
-
-create the repositories itself:
-cd /srv/svn/repos
-svnadmin create project1
-chown -R wwwrun:www project1/{dav,db,locks}
-svnadmin create project2
-chown -R wwwrun:www project2/{dav,db,locks}
+ cd /srv/svn/repos
+ svnadmin create project1
+ chown -R wwwrun:www project1/{db,locks}
+If using svnserve is not planned, /srv/svn/repos may be owned by wwrun:www.
+Otherwise see instruction in the svnserve section on how to use the user and
+group svn.
The webserver must be (re)started:
-rcapache2 restart
-Now create the user access files:
-project1 is a restricted project.
-read access requires a password
-write access is limited to a few users
-touch /srv/svn/user_access/project1_passwdfile
-chown root:www /srv/svn/user_access/project1_passwdfile
-chmod 640 /srv/svn/user_access/project1_passwdfile
+ rcapache2 restart
+
+To create the user access files:
+
+ touch /srv/svn/user_access/project1_passwdfile
+ chown root:www /srv/svn/user_access/project1_passwdfile
+ chmod 640 /srv/svn/user_access/project1_passwdfile
-htpasswd2 /srv/svn/user_access/project1_passwdfile olaf
-htpasswd2 /srv/svn/user_access/project1_passwdfile olh
+ htpasswd2 /srv/svn/user_access/project1_passwdfile user1
+ htpasswd2 /srv/svn/user_access/project1_passwdfile user2
-this is the group file for project1:
-/srv/svn/user_access/project1_groupfile
-content:
-project1_committers: olh
-project1_readers: olaf olh
+Create the group file for project1:
+ /srv/svn/user_access/project1_groupfile
-project2 is world readable, but only a few can commit to the sources.
-touch /srv/svn/user_access/project2_passwdfile
-chown root:www /srv/svn/user_access/project2_passwdfile
-chmod 640 /srv/svn/user_access/project2_passwdfile
-htpasswd2 /srv/svn/user_access/project2_passwdfile olaf
+ project1_committers: user2
+ project1_readers: user1 user2
-You should be able to connect to the server:
-http://host/repos/project2
-http://host/repos/project1
-Now import the data, e.g.
-svn import /path/to/project2-tree http://host/repos/project2
+You can test access by:
+ svn info http://127.0.0.1/repos/project1
+================================================================================
+
+2. allowing anonymous read access
+
+To allow anonymous read access, remove the <Limit GET...> section and move the
+three Auth* statements into the <LimitExcept GET...> section.
+
+================================================================================
+3. serving several repositories with SVNParentPath
+
+When serving several repositories, instead of specifying each location with
+SVNPath in a separate location, you can use SVNParentPath with a single
location.
+Change the <Location ...> directive form the template to start with the
following:
+
+ <Location /repos/>
+ DAV svn
+ SVNParentPath /srv/svn/repos
+ SVNListParentPath on
+
+Do not forget to restart the apache service to make the configuration
effective.
+
+ service apache2 restart
+
+================================================================================
+
+4. serving the repositories at "/"
+
+Include the configuration into the relevant vhost configuration. Uncomment the
+section in the template files labeled 'Hosting svn at "/"' and adjust as
required.
+Note that this example uses "SVNParentPath" as given in the previous section.
+
+================================================================================
+5. running svnserve
+Subversion repositories can be via the svnserve daemon and a special network
+protocol. svnserve should not run as root user. The startup scripts expects a
+user/group named 'svn', configureable via /etc/sysconfig/svnserve.
+
+The subversion package now creates a user and group svn.
+
+If you want to expose the repository via both svnserve and mod_dav_svn
+(Apache httpd) in parallel, ensure that the apache user is part of the
+svn group.
+
+ usermod -A svn wwwrun
+
+This requires a restart of the apache2 service to become effective.
+
+Change the permissions to let the svn group write, and set the setgid flag
+on the repositories.
+
+ chown -R svn:svn /srv/svn/repos
+ chmod -R g+ws /srv/svn/repos
+
+Then proceed to create reposititories using svnadmin create described above.
+
+In either case, if using svnserve, ensure that the repositories are owned by
+svn:svn.
+
+The settings files with the options passed to the daemon is is located in:
+
+ /etc/sysconfig/svnserve
+
+To start, ensure proper ownership of repositories and run:
+
+ service svnserve start
+
+For further information about multi-method repository access, see
+http://svnbook.red-bean.com/en/1.7/svn.serverconfig.multimethod.html
+
+You can test repository access by:
+
+ svn info svn://127.0.0.1/project1
+
+Please note that by default, svnserve is configured to be started with -R,
+meaning read-only access only. Remove to allow write access, after you have
+configued access via
+
+ /srv/svn/repos/repo1/conf/svnserve.conf
+
+To configue authentication for svnserve, see
+http://svnbook.red-bean.com/en/1.7/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.auth
+
+================================================================================
-4. quickstart for mod_dontdothat
+6. quickstart for mod_dontdothat
The apache module mod_dontdothat can be used to prevent users from causing high
load on the server, e.g. checking out the root of the tree or the tags or
@@ -227,7 +182,7 @@
<Location />
DAV svn
- SVNParentPath /srv/svn/repositories/
+ SVNParentPath /srv/svn/repos/
SVNListParentPath on
# [...other configuration...]
<IfModule mod_dontdothat.c>
++++++ subversion.conf ++++++
--- /var/tmp/diff_new_pack.CGWIyR/_old 2013-05-27 10:02:44.000000000 +0200
+++ /var/tmp/diff_new_pack.CGWIyR/_new 2013-05-27 10:02:44.000000000 +0200
@@ -1,5 +1,7 @@
# Example configuration for a subversion repository
-# see /usr/share/doc/packages/subversion for the full documentation
+# Install the package subversion-doc and see
+# /usr/share/doc/packages/subversion for the full documentation
+# An online version can be found at http://svnbook.red-bean.com/
#
<IfModule mod_dav_svn.c>
@@ -28,17 +30,26 @@
#<Location /repos/myproject1>
# DAV svn
# SVNPath /srv/svn/repos/myproject1
-
+#
+# AuthType Basic
+# AuthName "Authorization Realm"
+# AuthUserFile /srv/svn/user_access/myproject1_passwdfile
+#
+# # Limit read access to certain people
+# <Limit GET PROPFIND OPTIONS REPORT>
+# # uncomment to require SSL connection for password protection.
+# # SSLRequireSSL
+# Require group project1_committers
+# Require group project1_readers
+# </Limit>
+#
# # Limit write permission to list of valid users.
# <LimitExcept GET PROPFIND OPTIONS REPORT>
-# # Require SSL connection for password protection.
+# # uncomment to require SSL connection for password protection.
# # SSLRequireSSL
-#
-# AuthType Basic
-# AuthName "Authorization Realm"
-# AuthUserFile /srv/svn/user_access/myproject1_passwdfile
-# Require valid-user
+# Require project1_committers
# </LimitExcept>
+#
#</Location>
##
@@ -73,7 +84,7 @@
# #
# <Location />
# DAV svn
-# SVNParentPath /srv/svn/repositories/
+# SVNParentPath /srv/svn/repos/
# SVNListParentPath on
# AuthType Basic
# AuthName "subversion repository"
++++++ subversion.sysconfig.svnserve ++++++
--- /var/tmp/diff_new_pack.CGWIyR/_old 2013-05-27 10:02:45.000000000 +0200
+++ /var/tmp/diff_new_pack.CGWIyR/_new 2013-05-27 10:02:45.000000000 +0200
@@ -8,7 +8,7 @@
# The -R option enforces read-only access, i.e. write operations to the
# repository (such as commits) will not be allowed.
# Authentication should be configured before allowing write access.
-# See
http://svnbook.red-bean.com/en/1.5/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.auth
+# See
http://svnbook.red-bean.com/en/1.7/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.auth
#
SVNSERVE_OPTIONS="-d -R -r /srv/svn/repos"
@@ -16,8 +16,12 @@
## Default "svn"
#
# svnserve should run as unprivileged user.
-# The userid/groupid svn is not created during package install.
-# Run 'groupadd svn; useradd -d /srv/svn -s /bin/false -g svn svn' to create
the userid/groupid.
+# If you want to expose the repository via both svnserve and mod_dav_svn
+# (Apache httpd) in parallel, ensure that the apache user is part of the
+# svn group and the setgid flag is set on the repositories
+# usermod -A svn wwwrun
+# chmod -R g+s /srv/svn/repos
+# See http://svnbook.red-bean.com/en/1.7/svn.serverconfig.multimethod.html
#
SVNSERVE_USERID="svn"
@@ -25,7 +29,11 @@
## Default "svn"
#
# svnserve should run as unprivileged user.
-# The userid/groupid svn is not created during package install.
-# Run 'groupadd svn; useradd -d /srv/svn -s /bin/false -g svn svn' to create
the userid/groupid.
+# If you want to expose the repository via both svnserve and mod_dav_svn
+# (Apache httpd) in parallel, ensure that the apache user is part of the
+# svn group and the setgid flag is set on the repositories
+# usermod -A svn wwwrun
+# chmod -R g+s /srv/svn/repos
+# See http://svnbook.red-bean.com/en/1.7/svn.serverconfig.multimethod.html
#
SVNSERVE_GROUPID="svn"
++++++ svnserve.service ++++++
[Unit]
Description=Subversion protocol daemon
After=syslog.target network.target
[Service]
Type=forking
EnvironmentFile=/etc/sysconfig/svnserve
User=svn
Group=svn
PIDFile=/var/run/svnserve/svnserve.pid
ExecStart=/usr/bin/svnserve --daemon --pid-file=/var/run/svnserve/svnserve.pid
$SVNSERVE_OPTIONS
[Install]
WantedBy=multi-user.target
++++++ svnserve.tmpfiles ++++++
D /var/run/svnserve 0755 svn svn -
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
