Strony

środa, 30 czerwca 2010

Subversion server running on Fedora 13

Running subversion server using apache daemon should be an easy task, except you're security n00b like me.


  1. Installing required binaries:
    sudo yum install subversion httpd mod_dav_svn


  2. mod_dav_svn creates scratch configuration file subversion.conf for httpd daemon in
    /etc/httpd/conf.d/. Unfortunately in this file there is a bug in comments dealing with new repository creation:


    #
    # Example configuration to enable HTTP access for a directory
    # containing Subversion repositories, "/var/www/svn".  Each repository
    # must be both:
    #
    #   a) readable and writable by the 'apache' user, and
    #
    #   b) labelled with the 'http_sys_content_rw_t' context if using
    #   SELinux
    #

    #
    # To create a new repository "http://localhost/repos/stuff" using
    # this configuration, run as root:
    #
    #   # cd /var/www/svn
    #   # svnadmin create stuff   
    #   # chown -R apache.apache stuff
    #   # chcon -R -t http_sys_content_t stuff

    Last line should rather set SELinux context to http_sys_content_rw_t:

    chcon -R -t http_sys_content_rw_t stuff

    But anyway let's set our httpd configuration to be:

    • path for all repositories /var/www/svn

    • for apache authentication I choose the simplest one Basic with password file stored in /var/svn/passwd

    • finally I choose to store global svn authorization file in /var/svn/svnauth


    so using above presettings our subversion.conf would look like:

    LoadModule dav_svn_module     modules/mod_dav_svn.so
    LoadModule authz_svn_module   modules/mod_authz_svn.so
    <Location /repos>
       DAV svn
       SVNParentPath /var/www/svn
       AuthzSVNAccessFile /var/svn/svnauth 
       SSLRequireSSL
       Order deny,allow  
       AuthType Basic
       AuthName "Subversion repository"
       AuthUserFile /var/svn/passwd
       Require valid-user
    </Location>
    ## logger for svn: /var/log/httpd/svn_log
    CustomLog logs/svn_log "%t %u %{SVN-ACTION}e" env=SVN-ACTION



  3. apache authentication file is of course produced using htpasswd command:

    # for 1st user we're creating a file (-c) and choose MD5 encryption (-m)
    sudo htpasswd -cm /var/svn/passwd cibak 
     New password: xxxxx
     Retype new password: xxxxx
     Adding password for user cibak
    # all the others users only added with the same encryption
    sudo htpasswd -m /var/svn/passwd jack
     ...
     ...

    Once this file is ready we have to set correct SELinux policy:

    sudo chcon -t httpd_sys_content_t /var/svn/passwd


  4. creation of a new repository:

    sudo svnadmin create /var/www/svn/myrepo
    sudo chown -R apache:apache /var/www/svn/myrepo
    sudo chcon -R -t http_sys_content_rw_t /var/www/svn/myrepo



  5. creation of subversion authorization file /var/svn/svnauth in what ever you choose editor (I prefer emacs):

    # cibak has read-write rights to the whole repository, jack could only read 
    [myrepo:/]
    cibak = rw
    jack = r
    # but jack is able to write in his own directory  
    [myrepo:/jack]
    jack = rw

    Syntax of this file is better described in the Subversion bible.

    Of course ones again we should remember to set correct SELinux policy context:

    sudo chcon -t httpd_sys_content_t /var/svn/svnauth



  6. restarting of httpd deamon is a last step to switch our repo on:

    sudo /etc/init.d/./httpd restart


    7. et voila, our repository is accessible under https://localhost/repos/myrepo URL.
Autor: o Brak komentarzy:
Etykiety: , , , ,

wtorek, 1 czerwca 2010

Fedora 13 on MBP

Fedora 13. Download iso, put into CD drive, choose upgrade, wait for about 40 minutes, reboot, update GPT/MBRin reFit, boot. Whole procedure took me about one hour. Niiice!

But of course it could be harder if you want to install it from scratch. I had Fedora 12 installed already, so it was quick and easy task.
Autor: o Brak komentarzy:
Etykiety: ,
Subskrybuj: Posty (Atom)