| @@ -0,0 +1,210 @@
+Topics:
+
+1. backup and restore your repository data
+2. create svn user/group for svnserve
+3. mini-howto for 2 projects
+
+================================================================================
+
+1. backup and restore your repository data
+
+subversion repositories use either the Berkeley Database system libraries,
+or the FSFS database format which comes with the subversion package.
+Since the BDB system libraries often introduce a new incompatible format during
+version upgrade, a backup/restore of all the subversion repositories must be
+performed _BEFORE_ doing such a system upgrade.
+'svnadmin dump' will write the repository to stdout in a 'dumpfile' format.
+This dumpfile can be loader later with 'svnadmin load'.
+
+
+2. create svn user/group for svnserve
+
+subversion repositories can be served either via http, or via the svnserve
+daemon and a special network protocol. svnserve should not run as root user.
+The startup script rcsvnserve expects a user/group named 'svn', configureable
+via /etc/sysconfig/svnserve.
+But this user/group must be created before first use:
+
+ useradd svn
+ groupadd svn
+
+
+3. mini-howto for 2 projects
+
+To run a subversion server, you need to configure apache2 to load two apache2
+modules: mod_dav and mod_dav_svn. (mod_dav is needed by mod_dav_svn, it is
+installed together with apache2.)
+
+This is done by adding the dav and dav_svn modules to the apache2 configuration
+(a2enmod dav; a2enmod dav_svn), and restarting the server.
+
+A default/example configuration of the dav_svn module can be found in
+/etc/apache2/conf.d/subversion.conf. With more recent apache
+packages, this configuration is *not* loaded automatically by
+the apache server, since many people configure virtual hosts
+and it is unlikely that the repositories shall be available
+from any virtual host. To load the configuration for a certain
+virtual host, add
+ Include /etc/apache2/conf.d/subversion.conf
+or
+ Include /path/to/your_subversion_configuration
+in the respective virtual host configuration. This *may* be done in the default
+virtual host (/etc/apache2/default-server.conf).
+
+
+
+Minihowto:
+
+
+The plan:
+
+host 2 source projects with subversion
+both must have anonymous read access
+both must have limited write access for a few users
+they are accessed only via HTTP, not (!) locally
+they will be reachable via:
+
+ http://hostname/repos/project1
+ http://hostname/repos/project2
+
+Both will have the official version of the source tree and our modified
+version for the distribution. Projects in question are:
+project1
+project2
+
+The realisation:
+
+find a machine to host the projects. Keep backup (and restore!) in mind
+when hunting for hardware.
+
+install needed packages
+(you might check for update packages on
+ftp://ftp.suse.com/pub/projects/apache/ )
+
+rpm -Uvh \
+ apache2 \
+ apache2-doc \
+ apache2-prefork \
+ libapr1 \
+ libapr-util1 \
+ neon \
+ subversion \
+ subversion-doc \
+ subversion-server
+
+
+
+# Update /etc/sysconfig/apache2 by
+# adding 'dav dav_svn' to $APACHE_MODULES:
+a2enmod dav
+a2enmod dav_svn
+
+create a few directories:
+mkdir -p /srv/svn/repos
+mkdir -p /srv/svn/user_access
+mkdir -p /srv/svn/html
+
+Add the http repository data to /etc/apache2/conf.d/subversion.conf:
+#------------------------------------------------------------------------
+#
+# project related HTML files
+#
+<IfModule mod_alias.c>
+Alias /repos "/srv/svn/html"
+</IfModule>
+<Directory /srv/svn/html>
+ Options +Indexes +Multiviews -FollowSymLinks
+ IndexOptions FancyIndexing \
+ ScanHTMLTitles \
+ NameWidth=* \
+ DescriptionWidth=* \
+ SuppressLastModified \
+ SuppressSize
+
+ order allow,deny
+ allow from all
+</Directory>
+
+
+# project repository files for project1
+<Location /repos/project1>
+ DAV svn
+ SVNPath /srv/svn/repos/project1
+
+ # Limit write access to certain people
+ AuthType Basic
+ AuthName "Authorization for project1 required"
+ AuthUserFile /srv/svn/user_access/project1_passwdfile
+ AuthGroupFile /srv/svn/user_access/project1_groupfile
+ <LimitExcept GET PROPFIND OPTIONS REPORT>
+ Require group project1_committers
+ </LimitExcept>
+
+ # Limit read access to certain people
+ <Limit GET PROPFIND OPTIONS REPORT>
+ Require group project1_committers
+ Require group project1_readers
+ </Limit>
+
+</Location>
+
+# project repository files for project2
+<Location /repos/project2>
+ DAV svn
+ SVNPath /srv/svn/repos/project2
+
+ # Limit write permission to list of valid users.
+ <LimitExcept GET PROPFIND OPTIONS REPORT>
+ # Require SSL connection for password protection.
+ # SSLRequireSSL
+
+ AuthType Basic
+ AuthName "Authorization for project2 required"
+ AuthUserFile /srv/svn/user_access/project2_passwdfile
+ Require valid-user
+ </LimitExcept>
+</Location>
+#------------------------------------------------------------------------
+
+create the repositories itself:
+cd /srv/svn/repos
+svnadmin create project1
+chown -R wwwrun:www project1/{dav,db,locks}
+svnadmin create project2
+chown -R wwwrun:www project2/{dav,db,locks}
+
+
+The webserver must be (re)started:
+rcapache2 restart
+
+Now create the user access files:
+project1 is a restricted project.
+read access requires a password
+write access is limited to a few users
+touch /srv/svn/user_access/project1_passwdfile
+chown root:www /srv/svn/user_access/project1_passwdfile
+chmod 640 /srv/svn/user_access/project1_passwdfile
+
+htpasswd2 /srv/svn/user_access/project1_passwdfile olaf
+htpasswd2 /srv/svn/user_access/project1_passwdfile olh
+
+this is the group file for project1:
+/srv/svn/user_access/project1_groupfile
+content:
+project1_committers: olh
+project1_readers: olaf olh
+
+project2 is world readable, but only a few can commit to the sources.
+touch /srv/svn/user_access/project2_passwdfile
+chown root:www /srv/svn/user_access/project2_passwdfile
|
