2008-03-18

Subversion over xinetd on Ubuntu for local development

I really like Subversion for using it in distributed manner, with several people involved in project. However, for simplest case I wanted to setup a Subverion server on my own computer to use exclusively for my own development project.

However, installing a 'subversion' package is definitely not enough for Ubuntu (where I experimented). I used the following resources:

After reading the docs I knew what I don't want:

  • I don't intend to run Apache so repositories could be served via http and https protocols (no need to mess with htpasswd and installing SSL certificate, plus one less attack vector on the machine)
  • I don't intend to run SSH server so svnserve could be invoked over svn+ssh protocol
  • And I really don't want to start 'svnserve -d' manually every time I start development and want to grab some info or update the repository

Having some prior knowledge I decided to use 'xinetd' so the server could be started automatically, but only when needed. However, there's obviously no (direct) support for running subversion over xinetd in Ubuntu. So I followed the Ubuntu docs to a point, but then I experimented somewhat.

  1. I added a 'subversion' group, using a specific group id (I used the same number as svn port):

    $ sudo addgroup --system --gid 3690 subversion

  2. Next I and added 'www-data' and my account to this newly created group. Remember to substitute mylogin (and optionally repeat this step) for all real accounts that should be able to do check ins to repositories:

    $ sudo adduser www-data subversion
    $ sudo adduser mylogin subversion

    Note that logging out and logging back is required for this change to be effective.

  3. Then I created the /home/svn directory:

    $ sudo mkdir /home/svn

  4. I used 'svnadmin' to create the 'myproject' repository and applied the required rights, so the repository would not be read-only:

    $ cd /home/svn
    $ sudo svnadmin create myproject
    $ sudo chown -R www-data:subversion myproject
    $ sudo chmod -R g+rws myproject

  5. I added the file: /etc/xinetd.d/svn

    # default: on
    # Subversion server

    service svn
    {
    socket_type = stream
    protocol = tcp
    user = www-data
    wait = no
    disable = no
    server = /usr/bin/svnserve
    server_args = -i -r /home/svn
    port = 3690
    only_from = localhost
    }

    Note that only_from option in the above file locks the svn access to localhost, so if you don't want it just remove or comment out a line with this option.

  6. I restarted the xinetd service.

  7. Since then 'svn list svn://localhost/myproject' works, so there is a read-only access to the repository. Now only the write access should be configured.

  8. I modified the file: repo/conf/svnserve.conf

    [general]
    password-db = userfile
    realm = repo developers

    # anonymous users aren't allowed
    anon-access = none

    # authenticated users can both read and write
    auth-access = write

  9. I also created the file: repo/conf/userfile

    [users]
    bigdog = foopass
    smalldog = barpass


This is it. I declare victory!

No comments: