mirror of
https://github.com/Zeckmathederg/glfs.git
synced 2025-01-26 08:42:12 +08:00
b59e5eb3ea
phrasal verb, it is spelled as two words. This commit fixes most of the misspelled "set up" instances in the BLFS book.
290 lines
10 KiB
XML
290 lines
10 KiB
XML
<?xml version="1.0" encoding="ISO-8859-1"?>
|
|
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
<!ENTITY % general-entities SYSTEM "../../general.ent">
|
|
%general-entities;
|
|
]>
|
|
|
|
<sect1 id="svnserver" xreflabel="Running a Subversion Server">
|
|
<?dbhtml filename="svnserver.html"?>
|
|
|
|
|
|
<title>Running a Subversion Server</title>
|
|
|
|
<sect2 role="package">
|
|
<title>Running a Subversion Server</title>
|
|
|
|
<para>
|
|
This section will describe how to set up, administer and secure
|
|
a <application>Subversion</application> server.
|
|
</para>
|
|
|
|
<bridgehead renderas="sect3">Subversion Server Dependencies</bridgehead>
|
|
|
|
<bridgehead renderas="sect4">Required</bridgehead>
|
|
<para role="required">
|
|
<xref linkend="subversion"/> and
|
|
<xref linkend="openssh"/>
|
|
</para>
|
|
|
|
</sect2>
|
|
|
|
<sect2 role="configuration">
|
|
<title>Setting up a Subversion Server.</title>
|
|
|
|
<para>
|
|
The following instructions will install a
|
|
<application>Subversion</application> server, which will be set up
|
|
to use <application>OpenSSH</application> as the secure remote access
|
|
method, with <command>svnserve</command> available for anonymous
|
|
access.
|
|
</para>
|
|
|
|
<para>
|
|
Configuration of the <application>Subversion</application> server
|
|
consists of the following steps:
|
|
</para>
|
|
|
|
<sect3>
|
|
<title>1. Set Uup Users, Groups, and Permissions</title>
|
|
|
|
<para>
|
|
You'll need to be user
|
|
<systemitem class='username'>root</systemitem> for the initial portion
|
|
of configuration. Create the <systemitem
|
|
class="username">svn</systemitem> user and group with the following
|
|
commands:
|
|
</para>
|
|
|
|
<screen role="root"><userinput>groupadd -g 56 svn &&
|
|
useradd -c "SVN Owner" -d /home/svn -m -g svn -s /bin/false -u 56 svn</userinput></screen>
|
|
|
|
<para>
|
|
If you plan to have multiple repositories, you should have a
|
|
group dedicated to each repository for ease of administration. Create
|
|
the <systemitem class="groupname">svntest</systemitem> group for the
|
|
test repository and add the <systemitem
|
|
class="username">svn</systemitem> user to that group with the
|
|
following commands:
|
|
</para>
|
|
|
|
<screen role="root"><userinput>groupadd -g 57 svntest &&
|
|
usermod -G svntest -a svn</userinput></screen>
|
|
|
|
<para>
|
|
Additionally you should set <command>umask 002</command> while
|
|
working with a repository so that all new files will be writable by
|
|
owner and group. This is made mandatory by creating a wrapper script
|
|
for <command>svn</command> and <command>svnserve</command>:
|
|
</para>
|
|
|
|
<screen role="root"><userinput>mv /usr/bin/svn /usr/bin/svn.orig &&
|
|
mv /usr/bin/svnserve /usr/bin/svnserve.orig &&
|
|
cat >> /usr/bin/svn << "EOF"
|
|
<literal>#!/bin/sh
|
|
umask 002
|
|
/usr/bin/svn.orig "$@"</literal>
|
|
EOF
|
|
cat >> /usr/bin/svnserve << "EOF"
|
|
<literal>#!/bin/sh
|
|
umask 002
|
|
/usr/bin/svnserve.orig "$@"</literal>
|
|
EOF
|
|
chmod 0755 /usr/bin/svn{,serve}</userinput></screen>
|
|
|
|
<note>
|
|
<para>
|
|
If you use <application>Apache</application> for working with
|
|
the repository over HTTP, even for anonymous access, you should wrap
|
|
<command>/usr/sbin/httpd</command> in a similar script.
|
|
</para>
|
|
</note>
|
|
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>2. Create a Subversion repository.</title>
|
|
|
|
<para>
|
|
There are several ways to set up a subversion repository. It is
|
|
recommended to have a look at the <ulink
|
|
url="https://svnbook.red-bean.com/nightly/en/svn.reposadmin.html">SVN
|
|
Book</ulink> corresponding chapter. A basic repository can be set up
|
|
with the instructions below.
|
|
</para>
|
|
|
|
<para>
|
|
Create a new <application>Subversion</application> repository with
|
|
the following commands (as the <systemitem class="username">root
|
|
</systemitem> user):
|
|
</para>
|
|
|
|
<screen role="root"><userinput>install -v -m 0755 -d /srv/svn &&
|
|
install -v -m 0755 -o svn -g svn -d /srv/svn/repositories &&
|
|
svnadmin create /srv/svn/repositories/svntest</userinput></screen>
|
|
|
|
<para>
|
|
Now that the repository is created, it should be populated with
|
|
something useful. You'll need to have a predefined directory
|
|
layout set up exactly as you want your repository to look. For
|
|
example, here is a sample BLFS layout setup with a root of
|
|
<filename>svntest/</filename>. You'll need to set up a directory
|
|
tree similar to the following:
|
|
</para>
|
|
|
|
<screen><literal>svntest/ # The name of the repository
|
|
trunk/ # Contains the existing source tree
|
|
BOOK/
|
|
bootscripts/
|
|
edguide/
|
|
patches/
|
|
scripts/
|
|
branches/ # Needed for additional branches
|
|
tags/ # Needed for tagging release points</literal></screen>
|
|
|
|
<para>
|
|
Once you've created your directory layout as shown above, you
|
|
are ready to do the initial import:
|
|
</para>
|
|
|
|
<screen role="root"><userinput>svn import -m "Initial import." \
|
|
<replaceable></path/to/source/tree></replaceable> \
|
|
file:///srv/svn/repositories/svntest</userinput></screen>
|
|
|
|
<para>
|
|
Now change owner and group information on the
|
|
repository, and add an unprivileged user to the
|
|
<systemitem class="groupname">svn</systemitem> and
|
|
<systemitem class="groupname">svntest</systemitem> groups:
|
|
</para>
|
|
|
|
<screen role="root"><userinput>chown -R svn:svntest /srv/svn/repositories/svntest &&
|
|
chmod -R g+w /srv/svn/repositories/svntest &&
|
|
chmod g+s /srv/svn/repositories/svntest/db &&
|
|
usermod -G svn,svntest -a <replaceable><username></replaceable></userinput></screen>
|
|
|
|
<para>
|
|
<systemitem class="groupname">svntest</systemitem> is the group
|
|
assigned to the svntest repository. As mentioned earlier, this eases
|
|
administration of multiple repositories when using
|
|
<application>OpenSSH</application> for authentication. Going forward,
|
|
you'll need to add your unprivileged user, and any additional users
|
|
that you wish to have write access to the repository, to the
|
|
<systemitem class="groupname">svn</systemitem> and <systemitem
|
|
class="groupname">svntest</systemitem> groups.
|
|
</para>
|
|
|
|
<para>
|
|
In addition, you'll notice that the new repository's
|
|
<filename>db</filename> directory is set-groupID. If the reasoning is
|
|
not immediately obvious, when using any external authentication method
|
|
(such as <command>ssh</command>), the sticky bit is set so that all
|
|
new files will be owned by the user, but group of
|
|
<systemitem class="groupname">svntest</systemitem>. Anyone in the
|
|
<systemitem class="groupname">svntest</systemitem> group can create
|
|
files, but still give the entire group write access to those
|
|
files. This avoids locking out other users from the repository.
|
|
</para>
|
|
|
|
<para>
|
|
Now, return to an unprivileged user account, and take a
|
|
look at the new repository using <command>svnlook</command>:
|
|
</para>
|
|
|
|
<screen><userinput>svnlook tree /srv/svn/repositories/svntest/</userinput></screen>
|
|
|
|
<note>
|
|
<para>
|
|
You may need to log out and back in again to refresh your group
|
|
memberships. <command>su
|
|
<replaceable><username></replaceable></command>
|
|
should work as well.
|
|
</para>
|
|
</note>
|
|
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>3. Configure the Server</title>
|
|
|
|
<para>
|
|
As mentioned previously, these instructions will configure the
|
|
server to use only <command>ssh</command> for write access to the
|
|
repository and to provide anonymous access using
|
|
<command>svnserve</command>. There are several other ways to provide
|
|
access to the repository. These additional configurations are best
|
|
explained at <ulink url="https://svnbook.red-bean.com/"/>.
|
|
</para>
|
|
|
|
<para>
|
|
Access configuration needs to be done for each repository.
|
|
Create the <filename>svnserve.conf</filename> file for the svntest
|
|
repository using the following commands:
|
|
</para>
|
|
|
|
<screen role="root"><userinput>cp /srv/svn/repositories/svntest/conf/svnserve.conf \
|
|
/srv/svn/repositories/svntest/conf/svnserve.conf.default &&
|
|
|
|
cat > /srv/svn/repositories/svntest/conf/svnserve.conf << "EOF"
|
|
<literal>[general]
|
|
anon-access = read
|
|
auth-access = write</literal>
|
|
EOF</userinput></screen>
|
|
|
|
<para>
|
|
There is not a lot to the configuration file at all. You'll notice
|
|
that only the general section is required. Take a look at the
|
|
<filename>svnserve.conf.default</filename> file for information on
|
|
using <command>svnserve</command>'s built-in authentication method.
|
|
</para>
|
|
|
|
</sect3>
|
|
|
|
<sect3 id="svnserver-init">
|
|
<title>4. Starting the Server</title>
|
|
|
|
<para revision="sysv">
|
|
To start the server at boot time, install the svn
|
|
bootscript included in the <xref linkend="bootscripts"/> package:
|
|
</para>
|
|
|
|
<para revision="systemd">
|
|
To start the server at boot time, install the
|
|
<filename>svnserve.service</filename> unit from the
|
|
<xref linkend="systemd-units"/> package:
|
|
</para>
|
|
|
|
<indexterm zone="svnserver svnserver-init" revision="sysv">
|
|
<primary sortas="f-svn">svn</primary>
|
|
</indexterm>
|
|
|
|
<screen role="root" revision="sysv"><userinput>make install-svn</userinput></screen>
|
|
|
|
<indexterm zone="svnserver svnserver-init" revision="systemd">
|
|
<primary sortas="f-svnserve">svnserve</primary>
|
|
</indexterm>
|
|
|
|
<screen role="root" revision="systemd"><userinput>make install-svnserve</userinput></screen>
|
|
|
|
<para revision="systemd">
|
|
Additionally, the instructions above require
|
|
that svn server uses <command>umask 002</command> so that all new files
|
|
will be writable by owner and group. This can be achieved by creating
|
|
a systemd unit override file by running the following command:
|
|
</para>
|
|
|
|
<screen role="root" revision="systemd"><userinput>mkdir -p /etc/systemd/system/svnserve.service.d
|
|
echo "UMask=0002" > /etc/systemd/system/svnserve.service.d/99-user.conf</userinput></screen>
|
|
|
|
<para revision="systemd">
|
|
Options which are passed to
|
|
<command>svnserve</command> daemon can be changed in
|
|
<filename>/etc/default/svnserve</filename>.
|
|
</para>
|
|
|
|
</sect3>
|
|
|
|
</sect2>
|
|
|
|
</sect1>
|