Setup SVN, https and Post-Commit Shell in Debian (Squeeze)

A different port other than 443 is needed, such as 19903. ( Wanna know why? See http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts2 for more info)

So vim /etc/apache2/ports.conf, and add NameVirtualHost for port 19903:
NameVirtualHost 127.0.0.1:19903
Listen 19903

The name of virtual server can be arbitrary, such as 'test.svn',
So after everything is done, the URL for svn client to use will be https://test.svn:19903/

Create the svn repos and set up the virtual host for them:
mkdir -p /srv/svn/test.svn && svnadmin create /srv/svn/test.svn/project1 && svnadmin create /srv/svn/test.svn/project2 && chown www-data /srv/svn/test.svn/* -R && vim /etc/apache2/sites-available/test.svn

<VirtualHost 127.0.0.1:19903>
ServerAdmin webmaster@localhost
ServerName test.svn
<Location />
DAV svn
SVNParentPath /srv/svn/test.svn
SVNListParentPath on
SVNPathAuthz off
SSLRequireSSL
</Location>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/test.svn/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/test.svn/server.key
</VirtualHost>

The server.crt and the server.key used above need to be generated by the openssl command:
mkdir -p /etc/apache2/ssl/test.svn/ && openssl req -new -x509 -days 7300 -nodes -out /etc/apache2/ssl/test.svn/server.crt -keyout /etc/apache2/ssl/test.svn/server.key

Enter meaningful of meaningless info for the prompt until the process is finished. Now time to enable this svn site:
a2ensite test.svn && /etc/init.d/apache2 restart

In order to access 'test.svn', vim /etc/hosts and add line below into it:
127.0.0.1 test.svn

Open a web browser and navigate to https://test.svn:19903/, where the list of the projects created under /srv/svn/test.svn/ will show up.

For it's testing, the configuration do not restrict the anonymous users. But for production servers, auth configurations is generally a must:

mkdir -p /srv/auth/svn/test.svn/
vim /etc/apache2/sites-available/test.svn, And change its locations configuration to content below by adding the auth configures:

DAV svn
SVNParentPath /srv/svn/test.svn
SVNListParentPath on
SVNPathAuthz off
SSLRequireSSL
AuthType Basic
AuthName "svn repos for testing"
AuthUserFile /srv/auth/svn/test.svn/auth.htpasswd
Require valid-user


Now add a user(test) to access this repo:
htpasswd -cm /srv/auth/svn/test.svn/auth.htpasswd test

Provide a password(such as 'password' etc) to the 'htpasswd' prompt and then restart apache:
/etc/init.d/apache2 restart

Refresh https://test.svn:19903/ page, account info to login will be asked to continue.

Checkout the first work-copy:
mkdir -p /srv/www/test/test.svn && svn checkout https://test.svn:19903/project1 /srv/www/test/test.svn/p1.workcopy --username test

Try out the svn commands like svn update, svn add, svn delete and svn commit, if no error info encountered, then the svn+https part is done.

But still sometimes when the svn server happens to be the testing server as well, administrators often want to do 'svn update' on the server upon the 'svn commit' actions from any svn clients, which is configured in the post-commit shell on the svn server side.

Suppose the folder /srv/www/test/test.svn/p1.workcopy is the workcopy to make changes, and the folder /srv/www/test/test.svn/public_html is the test-www folder to be used as testing site and updated automatically upon committing.

Checkout the test-www folder for the first time:
svn checkout file:///srv/svn/test.svn/project1 /srv/www/test/test.svn/public_html --username test

Setup the post-commit shell for project1:
vim /srv/svn/test.svn/project1/hooks/post-commit and put in content as follow:
#!/bin/sh
export LANG="en_US.UTF-8" #depends on server's local value, avoid spaghetti/lousy code when commiting on some systems of non-en locale
/usr/bin/svn cleanup /srv/www/test/test.svn/public_html # in case workcopy locked
/usr/bin/svn update /srv/www/test/test.svn/public_html --username test --password password #the svn update action

As the shell will be executed by the apache user(www-data), so:
chmod +x /srv/svn/test.svn/project1/hooks/post-commit && chown www-data /srv/svn/test.svn/project1/ -R && chown www-data /srv/www/test/test.svn/public_html/ -R

OK, it's done. Do some tests on the workcopy and check the test-www folder to see whether the post-commit shell is working correctly:

Testing to add file:
echo 'test' >> /srv/www/test/test.svn/p1.workcopy/test && svn add /srv/www/test/test.svn/p1.workcopy/test && svn commit -m'~ Testing post-commit: add file' /srv/www/test/test.svn/p1.workcopy/test && svn info /srv/www/test/test.svn/public_html

Testing to change file:
echo 'test' >> /srv/www/test/test.svn/p1.workcopy/test && svn commit -m'~ Testing post-commit: modify' /srv/www/test/test.svn/p1.workcopy/test && svn info /srv/www/test/test.svn/public_html

Testing to delete file:
svn delete /srv/www/test/test.svn/p1.workcopy/test && svn commit -m'~ Testing post-commit: delete' /srv/www/test/test.svn/p1.workcopy/test && svn info /srv/www/test/test.svn/public_html

If the svn info of /srv/www/test/test.svn/public_html do update upon each svn action, it's done.

For the whole process, there maybe other kinds of small issues. While Google can generally helps to solve it. Also security considerations should be taken more seriously for a production server among operations stated above, while for a svn server to be used in a small range such as 10 - 30 people, it's close to secure.

English

Comments

When restarting apache, if you get error info regarding DAV like below:

Syntax error on line 5 of /etc/apache2/sites-enabled/test.svn:
Unknown DAV provider: svn
Action 'configtest' failed.
The Apache error log may have more information.
failed!

Try:
apt-get install the libapache2-svn
a2enmod dav && a2enmod dav_svn

And for error below:

Syntax error on line 9 of /etc/apache2/sites-enabled/test.svn:
Invalid command 'SSLRequireSSL', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
failed!

try:
a2enmod ssl

Add new comment