Hello community, here is the log from the commit of package subversion for openSUSE:Factory checked in at 2013-05-27 10:02:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/subversion (Old) and /work/SRC/openSUSE:Factory/.subversion.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "subversion" Changes: -------- --- /work/SRC/openSUSE:Factory/subversion/subversion.changes 2013-05-16 16:32:23.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.subversion.new/subversion.changes 2013-05-27 10:02:43.000000000 +0200 @@ -1,0 +2,20 @@ +Tue May 21 19:41:36 UTC 2013 - andreas.stie...@gmx.de + +- use svnserveautocheck.sh and davautocheck.sh for unit tests, + greatly reducing complexity of spec file and adding support + for running unit tests with httpd 2.4 in factory +- add subversion-1.7.9-davautocheck-LD_LIBRARY_PATH.patch to + not overwrite LD_LIBRARY_PATH in davautocheck.sh to make + auth-test pass + +------------------------------------------------------------------- +Mon May 20 19:30:52 UTC 2013 - andreas.stie...@gmx.de + +- add systemd support for svnserve +- package now contains user and group svn +- adjust and extend README.SuSE to cover a quickstart with both + mod_dav_svn and svnserve, mention the user/group requirement for + parallel operation and make text more compact by referencing the + template config file [bnc#781980] + +------------------------------------------------------------------- Old: ---- subversion-tests-httpd-users subversion-tests-httpd.conf.tmpl New: ---- subversion-1.7.9-davautocheck-LD_LIBRARY_PATH.patch svnserve.service svnserve.tmpfiles ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ subversion.spec ++++++ --- /var/tmp/diff_new_pack.CGWIyR/_old 2013-05-27 10:02:44.000000000 +0200 +++ /var/tmp/diff_new_pack.CGWIyR/_new 2013-05-27 10:02:44.000000000 +0200 @@ -45,6 +45,9 @@ %define with_bashcomp 1 %endif +%define svngroup svn +%define svnuser svn + Name: subversion Version: 1.7.9 Release: 0 @@ -63,6 +66,14 @@ BuildRequires: python-xml BuildRequires: update-alternatives BuildRequires: zlib-devel +Requires(pre): pwdutils +# +%if 0%{?suse_version} > 1140 +BuildRequires: pkgconfig(systemd) +%{?systemd_requires} +%define has_systemd 1 +%endif +# %if %with_bashcomp BuildRequires: bash-completion %endif #with_bashcomp @@ -108,8 +119,9 @@ %endif # suse_version > 1030 %endif # with neon %if %{with regression_tests} -# for check section, to find a free port: -BuildRequires: iproute2 +# svnserveautocheck.sh davautocheck.sh requirements +BuildRequires: net-tools +BuildRequires: wget %endif # with regression_tests # %define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services @@ -138,6 +150,8 @@ Source10: subversion.sysconfig.svnserve Source12: subversion.sysconfig.svnserve.remoteaccess Source13: subversion.xinetd.svnserve +Source14: svnserve.service +Source15: svnserve.tmpfiles Source42: subversion.svngrep.sh Source43: subversion.svndiff.sh # https://people.apache.org/keys/group/subversion.asc @@ -160,8 +174,6 @@ %requires_ge libsqlite3-0 %endif # with_intree_sqlite Source92: %{name}.rpmlintrc -Source93: subversion-tests-httpd.conf.tmpl -Source94: subversion-tests-httpd-users # Patch11: subversion.libtool-verbose.patch # build fixes @@ -173,6 +185,7 @@ Patch38: subversion-neon-systemproxy.patch Patch39: subversion-1.7.4-ruby-1.9-RbConfig.patch Patch40: subversion-1.7.8-TestHarness_run_py_test_exit_code.patch +Patch41: subversion-1.7.9-davautocheck-LD_LIBRARY_PATH.patch # %if %with_ruby %if %{!?rb_arch:1}0 @@ -348,6 +361,7 @@ %patch38 %patch39 -p1 %patch40 -p1 +%patch41 -p1 SQLITE_RECOMMENDED_VER=$(grep -E '^SQLITE_RECOMMENDED_VER=' configure.ac|cut -f2 -d=|cut -f2 -d\") #" @@ -582,6 +596,13 @@ ln -sv /etc/init.d/svnserve $RPM_BUILD_ROOT/usr/sbin/rcsvnserve install -m 644 -D %{S:10} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.svnserve install -m 644 -D %{S:12} $RPM_BUILD_ROOT/%{_fwdefdir}/svnserve +%{__install} -d -m 0755 %{buildroot}/srv/svn +%if 0%{?has_systemd} +install -m 644 -D %{S:14} $RPM_BUILD_ROOT/%{_unitdir}/svnserve.service +%{__install} -d -m 0755 %{buildroot}/var/run/svnserve/ +%{__install} -d -m 0755 %{buildroot}/usr/lib/tmpfiles.d/ +%{__install} -m 0644 %{SOURCE15} %{buildroot}/usr/lib/tmpfiles.d/svnserve.conf +%endif #useless libtool stuff rm -f %{buildroot}%{_libdir}/*.la if [ "$with_jdk" != "" ] ; then @@ -639,91 +660,21 @@ # During "make check", auth-test loads DSOs at runtime and can't find # them if we don't set up LD_LIBRARY_PATH as below. export LD_LIBRARY_PATH="$PWD/subversion/libsvn_auth_kwallet/.libs:$PWD/subversion/libsvn_auth_gnome_keyring/.libs:$LD_LIBRARY_PATH" -CHECK_FS_TYPE=fsfs # run tests over ra_local (file://) -%__make check CLEANUP=true FS_TYPE="$CHECK_FS_TYPE" - -SVNSERVE_PIDFILE="$PWD/svnserve.pid" -HTTPD_PIDFILE="$PWD/httpd.pid" -# hook up cleanup routine -function on_exit { - if [ -e "$SVNSERVE_PIDFILE" ]; then - pid=`cat "$SVNSERVE_PIDFILE" 2>/dev/null || :` - test -n "$pid" && kill -9 "$pid" || : - fi - if [ -e "$HTTPD_PIDFILE" ]; then - pid=`cat "$HTTPD_PIDFILE" 2>/dev/null || :` - test -n "$pid" && kill -9 "$pid" || : - fi -} -trap on_exit EXIT - -# find next free port -function find_next_free_port { - if [ -z "$free_port" ]; then # on first invocation - local start_port=1025 # start with user port range - else # on subsequent invocations - local start_port=$free_port; # look for ports above the last - let start_port++; # as the daemon might still use it - fi - free_port="" - # in the OBS build VMs, the call to ss actually fails, resulting in all port to be returned as unused, - # subsequent calls to the function will use a sequence from 1025, which are always available in VM. - # For local builds this takes into account locally used ports. Either way works to get a usable port. - for p in `/usr/sbin/ss -nat|tail +2|awk '{ split($4, a, ":"); if (a[2] > 1024) { print a[2]; }}'`; do used_port[$p]="$p"; done - for p in `seq $start_port 65535`; do - if [ -z "${used_port[$p]}" ]; then - free_port="$p" - break - fi - done - if [ -z "$free_port" ]; then - echo "ERROR: failed to find a free port" >&2 - echo "Used TCP ports: ${used_port[*]}" >&2 - exit 1 - fi -} -find_next_free_port +%__make check CLEANUP=true FS_TYPE=fsfs # run tests over ra_svn (svn://) -"$PWD/subversion/svnserve/svnserve" --listen-host 127.0.0.1 --listen-port "$free_port" --pid-file "$SVNSERVE_PIDFILE" -d -r "$PWD/subversion/tests/cmdline" -%__make check CLEANUP=true FS_TYPE="$CHECK_FS_TYPE" BASE_URL="svn://127.0.0.1:$free_port" -kill -9 `cat "$SVNSERVE_PIDFILE" 2>/dev/null` -%__rm "$SVNSERVE_PIDFILE" +%__make svnserveautocheck CLEANUP=true FS_TYPE=fsfs # run tests over ra_neon (http://) %if %{with neon} -find_next_free_port -# create apache configuration -%__cp "%{SOURCE94}" users -APACHE_LIBEXECDIR="%{apache_libexecdir}" -< "%{SOURCE93}" \ - sed "s/REPLACE_PORT/$free_port/g" | \ - sed "s/REPLACE_BUILDROOT/${RPM_BUILD_ROOT//\//\\/}/g" | \ - sed "s/REPLACE_BUILDDIR/${PWD//\//\\/}/g" | \ - sed "s/REPLACE_APACHE_LIBEXECDIR/${APACHE_LIBEXECDIR//\//\\/}/g" > httpd.conf -LD_LIBRARY_PATH="%{buildroot}%{_libdir}:$LD_LIBRARY_PATH" /usr/sbin/httpd2 -d "$PWD" -f httpd.conf -%__make check CLEANUP=true FS_TYPE="$CHECK_FS_TYPE" BASE_URL=http://127.0.0.1:$free_port HTTP_LIBRARY=neon -kill -9 `cat "$HTTPD_PIDFILE" 2>/dev/null` -%__rm "$HTTPD_PIDFILE" +%__make davautocheck CLEANUP=true FS_TYPE=fsfs HTTP_LIBRARY=neon %endif # neon # run tests over ra_serf (http://) %if %{with serf} -find_next_free_port -# create apache configuration -%__cp "%{SOURCE94}" users -APACHE_LIBEXECDIR="%{apache_libexecdir}" -< "%{SOURCE93}" \ - sed "s/REPLACE_PORT/$free_port/g" | \ - sed "s/REPLACE_BUILDROOT/${RPM_BUILD_ROOT//\//\\/}/g" | \ - sed "s/REPLACE_BUILDDIR/${PWD//\//\\/}/g" | \ - sed "s/REPLACE_APACHE_LIBEXECDIR/${APACHE_LIBEXECDIR//\//\\/}/g" > httpd.conf -LD_LIBRARY_PATH="%{buildroot}%{_libdir}:$LD_LIBRARY_PATH" /usr/sbin/httpd2 -d "$PWD" -f httpd.conf -%__make check CLEANUP=true FS_TYPE="$CHECK_FS_TYPE" BASE_URL=http://127.0.0.1:$free_port HTTP_LIBRARY=serf -kill -9 `cat "$HTTPD_PIDFILE" 2>/dev/null` -%__rm "$HTTPD_PIDFILE" +%__make davautocheck CLEANUP=true FS_TYPE=fsfs HTTP_LIBRARY=serf %endif # serf %if %with_java @@ -743,16 +694,33 @@ %clean %__rm -rf "%{buildroot}" +%pre +getent group %{svngroup} >/dev/null || groupadd -r %{svngroup} +getent passwd %{svnuser} >/dev/null || useradd -r -g %{svngroup} -d /srv/svn -s /sbin/nologin -c "user for Apache Subversion svnserve" %{svnuser} +%if 0%{?has_systemd} +%service_add_pre svnserve.service +%endif + %preun %stop_on_removal svnserve +%if 0%{?has_systemd} +%service_del_preun svnserve.service +%endif %post %{fillup_and_insserv -n svnserve svnserve} +%if 0%{?has_systemd} +%service_add_post svnserve.service +systemd-tmpfiles --create /usr/lib/tmpfiles.d/svnserve.conf +%endif /sbin/ldconfig %postun %restart_on_update svnserve %{insserv_cleanup} +%if 0%{?has_systemd} +%service_del_postun svnserve.service +%endif /sbin/ldconfig %post -n subversion-python -p /sbin/ldconfig @@ -790,7 +758,13 @@ %attr(754,root,root) /etc/init.d/svnserve %attr(754,root,root) /usr/sbin/rcsvnserve /var/adm/fillup-templates/sysconfig.svnserve +%dir %attr(755,%{svnuser},%{svngroup}) /srv/svn %config %{_fwdefdir}/* +%if 0%{?has_systemd} +%{_unitdir}/svnserve.service +%ghost %dir %attr(755,%{svnuser},%{svngroup}) /var/run/svnserve +/usr/lib/tmpfiles.d/svnserve.conf +%endif # %attr(755,root,root) /usr/bin/svn %attr(755,root,root) /usr/bin/svnadmin ++++++ subversion-1.7.9-davautocheck-LD_LIBRARY_PATH.patch ++++++ From: Andreas Stieger <andreas.stie...@gmx.de> Date: 2013-05-21 17:43:00 +0100 Subject: [PATCH] do not clear LD_LIBRARY_PATH in davautocheck.sh Upstream: merged References: http://svn.apache.org/viewvc?view=revision&revision=1197065 During "make check", auth-test loads DSOs at runtime and cannot find them unless LD_LIBRARY_PATH inlucdes subversion/libsvn_auth_kwallet/.libs and /subversion/libsvn_auth_gnome_keyring/.libs. Adjust davautocheck.sh so that LD_LIBRARY_PATH is prepended to rather than overwritten so that the spec file can set the required paths for the auth-tests to pass. Actually then found to have been fixed in the trunk in r1197065. Required for unit tests with 1.7.x but not 1.8.x --- subversion/tests/cmdline/dav-mirror-autocheck.sh | 2 +- subversion/tests/cmdline/davautocheck.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Index: subversion-1.7.9/subversion/tests/cmdline/dav-mirror-autocheck.sh =================================================================== --- subversion-1.7.9.orig/subversion/tests/cmdline/dav-mirror-autocheck.sh 2011-04-21 12:42:32.000000000 +0100 +++ subversion-1.7.9/subversion/tests/cmdline/dav-mirror-autocheck.sh 2013-05-21 20:32:40.000000000 +0100 @@ -323,7 +323,7 @@ fi [ -r "$MOD_AUTHZ_SVN" ] \ || fail "authz_svn_module not found, please use '--enable-shared --enable-dso --with-apxs' with your 'configure' script" -export LD_LIBRARY_PATH="$ABS_BUILDDIR/subversion/libsvn_ra_neon/.libs:$ABS_BUILDDIR/subversion/libsvn_ra_local/.libs:$ABS_BUILDDIR/subversion/libsvn_ra_svn/.libs" +export LD_LIBRARY_PATH="$ABS_BUILDDIR/subversion/libsvn_ra_neon/.libs:$ABS_BUILDDIR/subversion/libsvn_ra_local/.libs:$ABS_BUILDDIR/subversion/libsvn_ra_svn/.libs:$LD_LIBRARY_PATH" MASTER_REPOS="${MASTER_REPOS:-"$HTTPD_ROOT/master_repos"}" SLAVE_REPOS="${SLAVE_REPOS:-"$HTTPD_ROOT/slave_repos"}" Index: subversion-1.7.9/subversion/tests/cmdline/davautocheck.sh =================================================================== --- subversion-1.7.9.orig/subversion/tests/cmdline/davautocheck.sh 2012-05-13 05:03:03.000000000 +0100 +++ subversion-1.7.9/subversion/tests/cmdline/davautocheck.sh 2013-05-21 20:32:40.000000000 +0100 @@ -198,7 +198,7 @@ fi [ -r "$MOD_AUTHZ_SVN" ] \ || fail "authz_svn_module not found, please use '--enable-shared --enable-dso --with-apxs' with your 'configure' script" -export LD_LIBRARY_PATH="$ABS_BUILDDIR/subversion/libsvn_ra_neon/.libs:$ABS_BUILDDIR/subversion/libsvn_ra_local/.libs:$ABS_BUILDDIR/subversion/libsvn_ra_svn/.libs" +export LD_LIBRARY_PATH="$ABS_BUILDDIR/subversion/libsvn_ra_neon/.libs:$ABS_BUILDDIR/subversion/libsvn_ra_local/.libs:$ABS_BUILDDIR/subversion/libsvn_ra_svn/.libs:$LD_LIBRARY_PATH" case "`uname`" in Darwin*) LDD='otool -L' ++++++ subversion.README.SuSE ++++++ --- /var/tmp/diff_new_pack.CGWIyR/_old 2013-05-27 10:02:44.000000000 +0200 +++ /var/tmp/diff_new_pack.CGWIyR/_new 2013-05-27 10:02:44.000000000 +0200 @@ -1,220 +1,175 @@ +Quickstart document for Apache Subversion on openSUSE. + +For the full documentation, install the package subversion-doc and see +/usr/share/doc/packages/subversion/html/book/svn-book.html +An online version can be found at http://svnbook.red-bean.com/ + Topics: -1. backup and restore your repository data -2. create svn user/group for svnserve -3. mini-howto for 2 projects -4. quickstart for mod_dontdothat +1. mini-howto +2. allowing anonymous read access +3. serving several repositories with SVNParentPath +4. serving the repositories at "/" +5. running svnserve +6. quickstart for mod_dontdothat ================================================================================ -1. backup and restore your repository data +1. mini-howto -subversion repositories use either the Berkeley Database system libraries, -or the FSFS database format which comes with the subversion package. -Since the BDB system libraries often introduce a new incompatible format during -version upgrade, a backup/restore of all the subversion repositories must be -performed _BEFORE_ doing such a system upgrade. -'svnadmin dump' will write the repository to stdout in a 'dumpfile' format. -This dumpfile can be loaded later with 'svnadmin load'. +To run a subversion server, you need to configure apache2 to load two modules: +mod_dav and mod_dav_svn. + zypper in subversion-server + a2enmod dav + a2enmod dav_svn -2. create svn user/group for svnserve +A default/example configuration of the dav_svn module can be found in +/etc/apache2/conf.d/subversion.conf. The current default configuration +automatically includes this file the default server configuration. -subversion repositories can be served either via http, or via the svnserve -daemon and a special network protocol. svnserve should not run as root user. -The startup script rcsvnserve expects a user/group named 'svn', configureable -via /etc/sysconfig/svnserve. +Create some directories to contain the repositories and other files: -But this user/group must be created before first use: + mkdir -p /srv/svn/repos + mkdir -p /srv/svn/user_access + mkdir -p /srv/svn/html - groupadd svn - useradd -d /srv/svn -s /bin/false -g svn svn +Edit /etc/apache2/conf.d/subversion.conf and uncomment the desired sections. +The first section "project related HTML files" is optional and will allow you +to return some static content when /repos is accessed alone. If you do not need +this, discard this section. -3. mini-howto for 2 projects +If instead you wish to show a list of repositories, set "SVNListParentPath on" +later. See for details: +http://svnbook.red-bean.com/en/1.7/svn.serverconfig.httpd.html#svn.serverconfig.httpd.extra.browsing.reposlisting -To run a subversion server, you need to configure apache2 to load two apache2 -modules: mod_dav and mod_dav_svn. (mod_dav is needed by mod_dav_svn, it is -installed together with apache2.) +The section following that will configure a repository to be served out of +the path /srv/svn/repos/myproject1. Note that the location "/repo/myproject1" +and "SVNPath" is specified explicitly, see section 3 for an alternative. -This is done by adding the dav and dav_svn modules to the apache2 configuration -(a2enmod dav; a2enmod dav_svn), and restarting the server. +To create the repository itself: -A default/example configuration of the dav_svn module can be found in -/etc/apache2/conf.d/subversion.conf. With more recent apache -packages, this configuration is *not* loaded automatically by -the apache server, since many people configure virtual hosts -and it is unlikely that the repositories shall be available -from any virtual host. To load the configuration for a certain -virtual host, add - Include /etc/apache2/conf.d/subversion.conf -or - Include /path/to/your_subversion_configuration -in the respective virtual host configuration. This *may* be done in the default -virtual host (/etc/apache2/default-server.conf). - - - -Minihowto: - - -The plan: - -host 2 source projects with subversion -both must have anonymous read access -both must have limited write access for a few users -they are accessed only via HTTP, not (!) locally -they will be reachable via: - - http://hostname/repos/project1 - http://hostname/repos/project2 - -Both will have the official version of the source tree and our modified -version for the distribution. Projects in question are: -project1 -project2 - -The realisation: - -find a machine to host the projects. Keep backup (and restore!) in mind -when hunting for hardware. - -install needed packages -(you might check for update packages on -ftp://ftp.suse.com/pub/projects/apache/ ) - -rpm -Uvh \ - apache2 \ - apache2-doc \ - apache2-prefork \ - libapr1 \ - libapr-util1 \ - neon \ - subversion \ - subversion-doc \ - subversion-server - - - -# Update /etc/sysconfig/apache2 by -# adding 'dav dav_svn' to $APACHE_MODULES: -a2enmod dav -a2enmod dav_svn - -create a few directories: -mkdir -p /srv/svn/repos -mkdir -p /srv/svn/user_access -mkdir -p /srv/svn/html - -Add the http repository data to /etc/apache2/conf.d/subversion.conf: -#------------------------------------------------------------------------ -# -# project related HTML files -# -<IfModule mod_alias.c> -Alias /repos "/srv/svn/html" -</IfModule> -<Directory /srv/svn/html> - Options +Indexes +Multiviews -FollowSymLinks - IndexOptions FancyIndexing \ - ScanHTMLTitles \ - NameWidth=* \ - DescriptionWidth=* \ - SuppressLastModified \ - SuppressSize - - order allow,deny - allow from all -</Directory> - - -# project repository files for project1 -<Location /repos/project1> - DAV svn - SVNPath /srv/svn/repos/project1 - - # Limit write access to certain people - AuthType Basic - AuthName "Authorization for project1 required" - AuthUserFile /srv/svn/user_access/project1_passwdfile - AuthGroupFile /srv/svn/user_access/project1_groupfile - <LimitExcept GET PROPFIND OPTIONS REPORT> - Require group project1_committers - </LimitExcept> - - # Limit read access to certain people - <Limit GET PROPFIND OPTIONS REPORT> - Require group project1_committers - Require group project1_readers - </Limit> - -</Location> - -# project repository files for project2 -<Location /repos/project2> - DAV svn - SVNPath /srv/svn/repos/project2 - - # Limit write permission to list of valid users. - <LimitExcept GET PROPFIND OPTIONS REPORT> - # Require SSL connection for password protection. - # SSLRequireSSL - - AuthType Basic - AuthName "Authorization for project2 required" - AuthUserFile /srv/svn/user_access/project2_passwdfile - Require valid-user - </LimitExcept> -</Location> -#------------------------------------------------------------------------ - -create the repositories itself: -cd /srv/svn/repos -svnadmin create project1 -chown -R wwwrun:www project1/{dav,db,locks} -svnadmin create project2 -chown -R wwwrun:www project2/{dav,db,locks} + cd /srv/svn/repos + svnadmin create project1 + chown -R wwwrun:www project1/{db,locks} +If using svnserve is not planned, /srv/svn/repos may be owned by wwrun:www. +Otherwise see instruction in the svnserve section on how to use the user and +group svn. The webserver must be (re)started: -rcapache2 restart -Now create the user access files: -project1 is a restricted project. -read access requires a password -write access is limited to a few users -touch /srv/svn/user_access/project1_passwdfile -chown root:www /srv/svn/user_access/project1_passwdfile -chmod 640 /srv/svn/user_access/project1_passwdfile + rcapache2 restart + +To create the user access files: + + touch /srv/svn/user_access/project1_passwdfile + chown root:www /srv/svn/user_access/project1_passwdfile + chmod 640 /srv/svn/user_access/project1_passwdfile -htpasswd2 /srv/svn/user_access/project1_passwdfile olaf -htpasswd2 /srv/svn/user_access/project1_passwdfile olh + htpasswd2 /srv/svn/user_access/project1_passwdfile user1 + htpasswd2 /srv/svn/user_access/project1_passwdfile user2 -this is the group file for project1: -/srv/svn/user_access/project1_groupfile -content: -project1_committers: olh -project1_readers: olaf olh +Create the group file for project1: + /srv/svn/user_access/project1_groupfile -project2 is world readable, but only a few can commit to the sources. -touch /srv/svn/user_access/project2_passwdfile -chown root:www /srv/svn/user_access/project2_passwdfile -chmod 640 /srv/svn/user_access/project2_passwdfile -htpasswd2 /srv/svn/user_access/project2_passwdfile olaf + project1_committers: user2 + project1_readers: user1 user2 -You should be able to connect to the server: -http://host/repos/project2 -http://host/repos/project1 -Now import the data, e.g. -svn import /path/to/project2-tree http://host/repos/project2 +You can test access by: + svn info http://127.0.0.1/repos/project1 +================================================================================ + +2. allowing anonymous read access + +To allow anonymous read access, remove the <Limit GET...> section and move the +three Auth* statements into the <LimitExcept GET...> section. + +================================================================================ +3. serving several repositories with SVNParentPath + +When serving several repositories, instead of specifying each location with +SVNPath in a separate location, you can use SVNParentPath with a single location. +Change the <Location ...> directive form the template to start with the following: + + <Location /repos/> + DAV svn + SVNParentPath /srv/svn/repos + SVNListParentPath on + +Do not forget to restart the apache service to make the configuration effective. + + service apache2 restart + +================================================================================ + +4. serving the repositories at "/" + +Include the configuration into the relevant vhost configuration. Uncomment the +section in the template files labeled 'Hosting svn at "/"' and adjust as required. +Note that this example uses "SVNParentPath" as given in the previous section. + +================================================================================ +5. running svnserve +Subversion repositories can be via the svnserve daemon and a special network +protocol. svnserve should not run as root user. The startup scripts expects a +user/group named 'svn', configureable via /etc/sysconfig/svnserve. + +The subversion package now creates a user and group svn. + +If you want to expose the repository via both svnserve and mod_dav_svn +(Apache httpd) in parallel, ensure that the apache user is part of the +svn group. + + usermod -A svn wwwrun + +This requires a restart of the apache2 service to become effective. + +Change the permissions to let the svn group write, and set the setgid flag +on the repositories. + + chown -R svn:svn /srv/svn/repos + chmod -R g+ws /srv/svn/repos + +Then proceed to create reposititories using svnadmin create described above. + +In either case, if using svnserve, ensure that the repositories are owned by +svn:svn. + +The settings files with the options passed to the daemon is is located in: + + /etc/sysconfig/svnserve + +To start, ensure proper ownership of repositories and run: + + service svnserve start + +For further information about multi-method repository access, see +http://svnbook.red-bean.com/en/1.7/svn.serverconfig.multimethod.html + +You can test repository access by: + + svn info svn://127.0.0.1/project1 + +Please note that by default, svnserve is configured to be started with -R, +meaning read-only access only. Remove to allow write access, after you have +configued access via + + /srv/svn/repos/repo1/conf/svnserve.conf + +To configue authentication for svnserve, see +http://svnbook.red-bean.com/en/1.7/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.auth + +================================================================================ -4. quickstart for mod_dontdothat +6. quickstart for mod_dontdothat The apache module mod_dontdothat can be used to prevent users from causing high load on the server, e.g. checking out the root of the tree or the tags or @@ -227,7 +182,7 @@ <Location /> DAV svn - SVNParentPath /srv/svn/repositories/ + SVNParentPath /srv/svn/repos/ SVNListParentPath on # [...other configuration...] <IfModule mod_dontdothat.c> ++++++ subversion.conf ++++++ --- /var/tmp/diff_new_pack.CGWIyR/_old 2013-05-27 10:02:44.000000000 +0200 +++ /var/tmp/diff_new_pack.CGWIyR/_new 2013-05-27 10:02:44.000000000 +0200 @@ -1,5 +1,7 @@ # Example configuration for a subversion repository -# see /usr/share/doc/packages/subversion for the full documentation +# Install the package subversion-doc and see +# /usr/share/doc/packages/subversion for the full documentation +# An online version can be found at http://svnbook.red-bean.com/ # <IfModule mod_dav_svn.c> @@ -28,17 +30,26 @@ #<Location /repos/myproject1> # DAV svn # SVNPath /srv/svn/repos/myproject1 - +# +# AuthType Basic +# AuthName "Authorization Realm" +# AuthUserFile /srv/svn/user_access/myproject1_passwdfile +# +# # Limit read access to certain people +# <Limit GET PROPFIND OPTIONS REPORT> +# # uncomment to require SSL connection for password protection. +# # SSLRequireSSL +# Require group project1_committers +# Require group project1_readers +# </Limit> +# # # Limit write permission to list of valid users. # <LimitExcept GET PROPFIND OPTIONS REPORT> -# # Require SSL connection for password protection. +# # uncomment to require SSL connection for password protection. # # SSLRequireSSL -# -# AuthType Basic -# AuthName "Authorization Realm" -# AuthUserFile /srv/svn/user_access/myproject1_passwdfile -# Require valid-user +# Require project1_committers # </LimitExcept> +# #</Location> ## @@ -73,7 +84,7 @@ # # # <Location /> # DAV svn -# SVNParentPath /srv/svn/repositories/ +# SVNParentPath /srv/svn/repos/ # SVNListParentPath on # AuthType Basic # AuthName "subversion repository" ++++++ subversion.sysconfig.svnserve ++++++ --- /var/tmp/diff_new_pack.CGWIyR/_old 2013-05-27 10:02:45.000000000 +0200 +++ /var/tmp/diff_new_pack.CGWIyR/_new 2013-05-27 10:02:45.000000000 +0200 @@ -8,7 +8,7 @@ # The -R option enforces read-only access, i.e. write operations to the # repository (such as commits) will not be allowed. # Authentication should be configured before allowing write access. -# See http://svnbook.red-bean.com/en/1.5/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.auth +# See http://svnbook.red-bean.com/en/1.7/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.auth # SVNSERVE_OPTIONS="-d -R -r /srv/svn/repos" @@ -16,8 +16,12 @@ ## Default "svn" # # svnserve should run as unprivileged user. -# The userid/groupid svn is not created during package install. -# Run 'groupadd svn; useradd -d /srv/svn -s /bin/false -g svn svn' to create the userid/groupid. +# If you want to expose the repository via both svnserve and mod_dav_svn +# (Apache httpd) in parallel, ensure that the apache user is part of the +# svn group and the setgid flag is set on the repositories +# usermod -A svn wwwrun +# chmod -R g+s /srv/svn/repos +# See http://svnbook.red-bean.com/en/1.7/svn.serverconfig.multimethod.html # SVNSERVE_USERID="svn" @@ -25,7 +29,11 @@ ## Default "svn" # # svnserve should run as unprivileged user. -# The userid/groupid svn is not created during package install. -# Run 'groupadd svn; useradd -d /srv/svn -s /bin/false -g svn svn' to create the userid/groupid. +# If you want to expose the repository via both svnserve and mod_dav_svn +# (Apache httpd) in parallel, ensure that the apache user is part of the +# svn group and the setgid flag is set on the repositories +# usermod -A svn wwwrun +# chmod -R g+s /srv/svn/repos +# See http://svnbook.red-bean.com/en/1.7/svn.serverconfig.multimethod.html # SVNSERVE_GROUPID="svn" ++++++ svnserve.service ++++++ [Unit] Description=Subversion protocol daemon After=syslog.target network.target [Service] Type=forking EnvironmentFile=/etc/sysconfig/svnserve User=svn Group=svn PIDFile=/var/run/svnserve/svnserve.pid ExecStart=/usr/bin/svnserve --daemon --pid-file=/var/run/svnserve/svnserve.pid $SVNSERVE_OPTIONS [Install] WantedBy=multi-user.target ++++++ svnserve.tmpfiles ++++++ D /var/run/svnserve 0755 svn svn - -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org