Hosting Subversion Repositories

This page describes how to set up, on the CS Department servers, Subversion repositories that you can use to collaborate with other people (whether or not those other people are at Johns Hopkins). This is a somewhat complicated process. If you're comfortable with any of the distributed version control systems (Git, Mercurial, Bazaar, Darcs), you should use those instead, as the setup is a lot simpler. Instructions for those systems can be found on our general version control page.

Overview

What we'll be doing here is creating a WebDAV interface to a collection of Subversion repositories. You don't have to use more than one repository if you don't want to, but the option is there if you need it. You will have complete control over (and responsibility for) who can access the contents of these repositories.

In order to allow access to both you and our webserver, the repository has some moderately complicated Access Control Lists (ACLs) that need to be set up. This should be a one-time operation, but be aware that they may make some of the file permissions within the repositories work differently than you might expect.

The URL for your repository will be https://www.cs.jhu.edu/~your-account/svn/your-repository. Note that it starts with "https"; if you leave off the "s", it will not work.

About the Procedures Here

All of these commands must be run from the command line on one of our grad net Linux clients. Subversion repositories are not supported for undergraduate accounts.

All of the examples will use the text "your-account" anywhere you should use your CS account name. Similarly, the text "your-repository" should be replaced by the name of the Subversion repository you want to create.

Things You Do Once

There are a few things you have to do just once, when you want to get all of this started.

First, Tell CS IT Support

There are some changes that need to be made to the department's webserver in order for this to work, so the first thing to do is for you to email support@cs.jhu.edu and let us know that you need to set up a hosted Subversion repository, so that we can do our part.

You can continue with the rest of the instructions on this page while you wait for a response, but you won't be able to use your repositories via https://www.cs.jhu.edu URLs until we've made the necessary changes on our end. We'll email you once we've completed those changes.

Create a Directory for the Repositories

Next, you need to create a directory to hold your repositories. We expect it to be named .svnrepos and be in the root of your home directory.

mkdir ~/.svnrepos

Allow the Webserver to Access Your Repositories

You need to run the following three commands to give the webserver access to your repositories. These will also give you access to the files created by the webserver once the repository is in use.

(Note that you should be putting your own account name into the first command in two places!)

setfacl --mask -Rm user::rwx,default:user::rwx,user:your-account:rwx,default:user:your-account:rwx ~/.svnrepos
setfacl --mask -Rm group::000,default:group::000,group:apache:rwx,default:group:apache:rwx,mask:000 ~/.svnrepos
setfacl --mask -Rm other:000,default:other:000 ~/.svnrepos

Create a Web-Access Directory

mkdir -p ~/public_html/svn
chmod 0701 ~/public_html
chmod 0701 ~/public_html/svn

Create a .htaccess File

You will need a ~/public_html/svn/.htaccess file with the following contents:

(NOTE: You'll need to modify the file per the instructions within the file.)

# These first two lines give general access to your Subversion repositories.
# These lines won't interfere with your ability to limit access to particular
# people later.
Order allow,deny
Allow from all

### Authentication

# You can use any name here.  It will show up when people try to do checkouts,
# so you should pick something informative.  Note that the AuthUserFile
# directive needs to have your account name in it.
AuthName "your-name's Subversion Repositories"
AuthType Basic
AuthUserFile /users/your-account/public_html/svn/.htpasswd

# This just prevents people from grabbing your configuration files.  The CS
# webserver actually has this as a global setting, but it doesn't hurt to repeat
# it here, just to be safe.
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

### Authorization

# This is your Subversion access file.  Replace "your-account" appropriately.
AuthzSVNAccessFile /users/your-account/public_html/svn/.svnaccess

# Just like the earlier <Files> section, this prevents people from grabbing your
# entire access ruleset.
<Files .svnaccess>
    Order allow,deny
    Deny from all
</Files>

# Finally, this is the directive that actually prevents people from accessing
# your repositories if they're not logged in.
Require valid-user

Make sure you replace all of the occurrences of "your-account".

After saving the file, make sure the webserver can access it:

chmod 0604 ~/public_html/svn/.htaccess

Create a .htpasswd File

Give yourself a login with the following commands:

htpasswd -c ~/public_html/svn/.htpasswd your-account
chmod 0604 ~/public_html/svn/.htpasswd

Create a .svnaccess file

Create a file named ~/public_html/svn/.svnaccess and give it appropriate permissions:

touch ~/public_html/svn/.svnaccess
chmod 0604 ~/public_html/svn/.svnaccess

You'll add content to this file later.

Things You Need to do For Each Repository

If you only need one repository, you only need to do these once, but you might need to repeat these steps if you decide you need more than one repository.

Create a Repository

svnadmin create --compatible-version 1.6.11 ~/.svnrepos/your-repository

The --compatible-version parameter is important. If you don't use it, the repository will not be compatible with our webserver.

Copy an Existing Repository, if Needed

If you have an existing repository (located elsewhere) that you want to move to the CS webserver, you need to copy its data over. (If you're starting from scratch, you can skip this step.)

You do need to create an empty repository in ~/.svnrepos first. Once that's done, you can use svnadmin dump on the old system and svnadmin load on a CS Linux client to move the data over.

If the old system is also Unix-based, you can often elegantly transfer the data by running the following command on the old system:

svnadmin dump /path/to/old/repository | ssh your-account@gradx.cs.jhu.edu svnadmin load .svnrepos/your-repository

More generically, you take the Subversion software installed on the system that currently holds the repository and use that software to create a repository dump file. Then you copy that file to one of our Linux clients and run:

svnadmin load .svnrepos/your-repository </path/to/dump/file

Give Yourself Access to the Repository

In ~/public_html/svn/.svnaccess, add the following lines:

[~your-account:/svn/your-repository]
your-account = rw

The tilde ("~") needs to be in that first line; only replace "your-account" and "your-repository".

Things You Need to do For Each Collaborator

Each collaborator needs to be given access to the appropriate repositories or projects. Here's how you do that.

Add the Person to the .htpasswd File

For each person who needs access to your repositories, have them run the following command on a Unix system:

htpasswd -n their-account

Then have them email you the line that htpasswd printed out. It should look something like this:

their-account:$apr1$2jhnkFa.$xrH3blITnJftTnwwHSULb/

Add that line to the end of your ~/public_html/svn/.htpasswd file.

Add the Person to the .svnaccess File

The short version of this step is to edit your ~/public_html/svn/.svnaccess file, find the section for the repository the person should be able to access, and add a line for them in that section that looks like this (replacing their-account with the person's account name):

their-account = rw

For more flexible control over who can access which projects and repositories, you'll need to read (at least) the Path-Based Authorization section of the Version Control with Subversion book.

Note that because of the way Subversion is set up on our systems, the "repository name" is always "~your-account" and the path always starts with "/svn/your-repository".

Finished!

Congratulations! You're done!

You can now access your repository via the URL https://www.cs.jhu.edu/~your-account/svn/your-repository and work with it just as you would with a file- or ssh-based repository. If you need to use svnadmin on the repository, just remember that it's in ~/.svnrepos.

If you have any problems with the instructions or just need extra help, please feel free to email support@cs.jhu.edu.