SVN-with-Trac Configuration

Prepare

  • Make repository directories for SVN and Trac

md Repository
cd Repository
md svn
md trac
md svn/PrjA
md trac/PrjA
md svn/PrjB
md trac/PrjB

Add Users

我們可以讓 Trac 和 Subversion 的使用者共用同一組帳號,而這些帳號可以由 Apache 的 htpasswd 指令來建立1

假設我們把帳號密碼檔放置在 D:\Repository\users.passed 這個文字檔裡,那麼我們可以在命令提示列中輸入以下指令 (粗體字部份) :

D:\Repository> htpasswd -c users.passwd admin

Automatically using MD5 format.
New password: ******
Re-type new password: ******
Adding password for user admin

上面的指令會先建立一個 project-users.db 文字檔,這個就是我們存放帳號密碼的地方;然後我們需要為帳號 admin 設定一組密碼,這樣一來,帳號 admin 將會是往後我們為所有專案所預設的最高管理員。

新增一個使用者叫 andy ,他的密碼是 ooxx:

D:\Repository> htpasswd -b users.passwd andy ooxx

htpasswd 的參數用法如下

D:\Repository> htpasswd —help

Usage:
    htpasswd [-cmdpsD] passwordfile username
    htpasswd -b[cmdpsD] passwordfile username password

    htpasswd -n[mdps] username
    htpasswd -nb[mdps] username password
 -c Create a new file.
 -n Don't update file; display results on stdout.
 -m Force MD5 encryption of the password (default).
 -d Force CRYPT encryption of the password.
 -p Do not encrypt the password (plaintext).
 -s Force SHA encryption of the password.
 -b Use the password from the command line rather than prompting for it.
 -D Delete the specified user.
On Windows, NetWare and TPF systems the '-m' flag is used by default.
On all other systems, the '-p' flag will probably not work.

Create a New Project

D:\repository\svn> svnadmin create DVP-A1006

md foo
cd foo
md trunk
md branches
md tags

svn import . http://terra/svn/DVP-A1006 -m "Initial repository layout"

Note of SVN on Apache2

  • 設定 SVNParentPath 或 ParentPath 時要注意
    • 同一條 Path 上不可有多個 SVN Repository
    • 同一條 Path 上的多個 SVN Repository ,只有最靠近 root 的那個會有作用,例如
      • 若 prjA 及 prjB 都是 SVN Repository
      • /repos/svn/foo/prjA 和 /repos/svn/prjB 就是在同一條 path 上,所以只有 /svn/prjB 會有作用
    • 多個 SVN Repository 可以共用 root ,例如
      • 若 prjA 及 prjB 都是 SVN Repository
      • /reops/svn/prjA 和 /repos/svn/prjB 共用 /repos/svn
      • /repos/svn1/prjA 和 /repos/svn2/prjB 共用 /repos
    • 換句話說,SVN Repository 只能在 directory 的 leaf 上
  • SVN Repository 可以更換路徑(用 copy 或 move 甚至 rename 都可以),只要 apache2 啟動前,將 path 設定對就好了

Apache2 Setting: Authentication Examples

SVN 設定

假如希望某專案的 svn 的路徑是長成這樣:

http://localhost:8000/svn/projectname

那麼就需要在 httpd.conf 的最後面加上以下設定:

# for SVN
<Location /svn>
  DAV svn
  SVNParentPath D:/Repository/svn
  #<LimitExcept GET PROPFIND OPTIONS REPORT>
    AuthType Basic
    AuthName "SVN with Trac"
    AuthUserFile "D:/Repository/users.passwd"
    Require valid-user
  #</LimitExcept>
</Location>
  • 這樣不論任何要存取檔案庫的動作 (例如 Checkout 或 Commit ) ,SVN 用戶端都會詢問帳號和密碼。
  • 如果希望 Checkout 時不詢問帳號密碼 (也就是匿名帳號可取得檔案) ,那麼就將 LimitExcept 部份的註解拿掉。

Trac 設定

如果希望用以下網址來連到某專案的 Trac 管理系統:

http://localhost:8000/trac/projectname

那麼也是在 httpd.conf 的最後面加上:

<Location /trac>
  SetHandler mod_python
 
  PythonHandler trac.web.modpython_frontend
 
  PythonOption TracEnvParentDir D:/Repository/trac
  PythonOption TracUriRoot /trac
  AuthType Basic
  AuthName "SVN with Trac"
  AuthUserFile "D:/Repository/users.passwd"
  Require valid-user
</Location>
  • 這樣任何人在連線到該網址時,都會詢問帳號密碼;這樣在權限控管上會較為安全一點。
  • 不過這樣會有一個缺點,那就是到時 Trac 的 logout 功能會沒有作用。

如果想讓匿名帳號可以先連進來,然後再使用 Trac 的 login 功能來登入的話,可以改成以下方式:

# for Trac (ref. http://blog.roodo.com/jaceju/archives/2703934.html)
<Location /trac>
  SetHandler mod_python
  PythonHandler trac.web.modpython_frontend
  PythonOption TracEnvParentDir D:/Repository/trac
  PythonOption TracUriRoot /trac
  SetEnv PYTHON_EGG_CACHE D:/AppServ/PythonEGGCache
</Location>
 
<LocationMatch "/trac/[^/]+/login">
  AuthType Basic
  AuthName "SVN with Trac"
  AuthUserFile "D:/Repository/users.passwd"
  Require valid-user
</LocationMatch>

NOTE

無法正常 logout 的問題,請參閱 True logout mechanism for Basic/Digest Authentication 的解法

Access Control Policy: Authorization Example 1

Reference:

httpd, the Apache HTTP server
httpd,Apache 的 HTTP 服务器

File: httpd.conf

# for SVN -- JYK
<Location /svn>
  DAV svn
  SVNParentPath D:/Repository/svn
 
  # our Authorization (access control) policy
  AuthzSVNAccessFile D:/Repository/svn/users.access
 
  # try anonymous access first, resort to real
  # authentication if necessary.
  Satisfy Any
  Require valid-user
 
  # how to authenticate a user
  AuthType Basic
  AuthName "SVN with Trac"
  AuthUserFile "D:/Repository/users.passwd"
</Location>

File: users.access

[groups]
Administrators = admin, York, Mark
HW-team = Andy, Bob, Cindy, David, Eric, Francis, Gina, Helen, Iris, John, Kevin, Linda
IC-team = Darcy, Eva, Frank, Gino, Hugo, Ivan, Jack, Ken, Lee
FW-team = Mark, Neil, Oscar, Peter, Queen, Robert, Sam, Tom, Ula, Vicky, Wendy, Xenia, York

DVP-A1009NA-team = York
DVP-A1006-team = Mark, York

# give at least read permission to all users at the root of the repository
[/]
* = r

[DVP-A1006:/trunk]
@Administrators = rw
@DVP-A1006-team = rw
@FW-team = r

[DVP-A1006:/branches]
@Administrators = rw
* =

[DVP-A1006:/tags]
@Administrators = rw
* =

[DVP-A1009NA:/trunk]
@Administrators = rw
@DVP-A1009NA-team = rw
@FW-team = r

[DVP-A1009NA:/branches]
@Administrators = rw
* =

[DVP-A1009NA:/tags]
@Administrators = rw
* =

Access Control Policy: Authorization Example 2

File: httpd.conf

...
# JYK
Include D:/svn/conf/*.project

File: test.project

<Location /svn/test>
  DAV svn
  SVNPath D:\svn\test
 
  # our access control policy
  AuthzSVNAccessFile D:\svn\conf\test.access
 
  # try anonymous access first, resort to real
  # authentication if necessary.
  Satisfy Any
  Require valid-user
 
  # how to authenticate a user
  AuthType Basic
  AuthName "Subversion repository: test"
  AuthUserFile D:\svn\conf\passwd
</Location>

File: test.access

[groups]
AdminGroup = York
MemberGroup = Andy, Jack
GuestGroup = guest

[/]
* = r

[test:/trunk]
@AdminGroup = rw
@MemberGroup = rw
@GuestGroup = r

[test:/branches]
@AdminGroup = rw
* =

[test:/tags]
@AdminGroup = rw
* =

File:passwd

York:$apr1$ZO2.....$GRubepm6lI.jouz7gHTeD0
guest:$apr1$AP2.....$tv1cexPyTMGgRq/9QvE7M1

Virtual Host

1. From C:\WINDOWS\system32\drivers\etc\hosts add (virtual) host names

...
127.0.0.1 localhost trac.terra svn.terra

2. Open file: "httpd.conf" and add the following

 ...
 
NameVirtualHost *:80
 
# The Default Virtual Host
<VirtualHost *:80>
  ServerAdmin york@terra
  DocumentRoot D:/repository
  ServerName terra
  ErrorLog logs/terra.error_log
  CustomLog logs/terra.access_log combined
 
  # for SVN
  # ref. http://blog.roodo.com/jaceju/archives/2703934.html
  <Location /svn>
    DAV svn
 
    # any "D:/repository/svn/foo" URL will map to a repository D:/repository/svn/foo
    SVNParentPath D:/repository/svn
 
    #<LimitExcept GET PROPFIND OPTIONS REPORT>
      AuthType Basic
      AuthName "CompanyName"
      AuthUserFile "D:/repository/project-users.db"
      Require valid-user
    #</LimitExcept>
  </Location>
 
  # for Trac
  # ref. http://blog.roodo.com/jaceju/archives/2703934.html
  <Location /trac>
    SetHandler mod_python
    PythonHandler trac.web.modpython_frontend
    PythonOption TracEnvParentDir D:/repository/trac
    PythonOption TracUriRoot /trac
    AuthType Basic
    AuthName "CompanyName"
    AuthUserFile "D:/repository/project-users.db"
    Require valid-user
  </Location>
</VirtualHost>

NOTE:

  • VirtualHost 跟非 VirtualHost 會衝突,且 Virtual Host 優先權較高
  • 搭配 include 指令,設定多個專案時,就可以不必再更改 httpd.conf

Note

  • Subversion 透過 http protocol 時,其 URL 不區分大小寫可成功 checkout, export 等 ,但 commit 時大小寫要對。
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License