- Installing required binaries:
sudo yum install subversion httpd mod_dav_svn - mod_dav_svn creates scratch configuration file subversion.conf for httpd daemon in
/etc/httpd/conf.d/. Unfortunately in this file there is a bug in comments dealing with new repository creation:
#
# Example configuration to enable HTTP access for a directory
# containing Subversion repositories, "/var/www/svn". Each repository
# must be both:
#
# a) readable and writable by the 'apache' user, and
#
# b) labelled with the 'http_sys_content_rw_t' context if using
# SELinux
#
#
# To create a new repository "http://localhost/repos/stuff" using
# this configuration, run as root:
#
# # cd /var/www/svn
# # svnadmin create stuff
# # chown -R apache.apache stuff
# # chcon -R -t http_sys_content_t stuff
Last line should rather set SELinux context to http_sys_content_rw_t:
chcon -R -t http_sys_content_rw_t stuff
But anyway let's set our httpd configuration to be:- path for all repositories /var/www/svn
- for apache authentication I choose the simplest one Basic with password file stored in /var/svn/passwd
- finally I choose to store global svn authorization file in /var/svn/svnauth
so using above presettings our subversion.conf would look like:
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
<Location /repos>
DAV svn
SVNParentPath /var/www/svn
AuthzSVNAccessFile /var/svn/svnauth
SSLRequireSSL
Order deny,allow
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /var/svn/passwd
Require valid-user
</Location>
## logger for svn: /var/log/httpd/svn_log
CustomLog logs/svn_log "%t %u %{SVN-ACTION}e" env=SVN-ACTION - apache authentication file is of course produced using htpasswd command:
# for 1st user we're creating a file (-c) and choose MD5 encryption (-m)
sudo htpasswd -cm /var/svn/passwd cibak
New password: xxxxx
Retype new password: xxxxx
Adding password for user cibak
# all the others users only added with the same encryption
sudo htpasswd -m /var/svn/passwd jack
...
...
Once this file is ready we have to set correct SELinux policy:
sudo chcon -t httpd_sys_content_t /var/svn/passwd - creation of a new repository:
sudo svnadmin create /var/www/svn/myrepo
sudo chown -R apache:apache /var/www/svn/myrepo
sudo chcon -R -t http_sys_content_rw_t /var/www/svn/myrepo - creation of subversion authorization file /var/svn/svnauth in what ever you choose editor (I prefer emacs):
# cibak has read-write rights to the whole repository, jack could only read
[myrepo:/]
cibak = rw
jack = r
# but jack is able to write in his own directory
[myrepo:/jack]
jack = rw
Syntax of this file is better described in the Subversion bible.
Of course ones again we should remember to set correct SELinux policy context:
sudo chcon -t httpd_sys_content_t /var/svn/svnauth - restarting of httpd deamon is a last step to switch our repo on:
sudo /etc/init.d/./httpd restart
et voila, our repository is accessible under https://localhost/repos/myrepo URL.
Brak komentarzy:
Prześlij komentarz