Quick Nav
This is a quick guide on how to setup subversion using svn+ssh. svn+ssh lets us tunnel a subversion session over the secure SSH protocol, which means all data and passwords are encrypted. I like setting subversion up this way because:
This was done on CentOS, but the instructions apply to most any OS.
yum install subversion
/var/svn/repos is a good place. Call your repo whatever you want; I used 'my_code':mkdir /var/svn mkdir /var/svn/repos svnadmin create /var/svn/repos/my_code
svn group, and give access to anybody who needs to access subversion.chown -R :svn /var/svn/repos/chmod -R 775 /var/svn/repos/svn group.svnserve. svnserve is the server component of subversion; when your subversion client connects via SSH, it spawns an instance of svnserve running under your user account. The problem here is the 'under your user account' part; that means it is running under your user account's permissions setup. By default, your permissions don't allow anyone else access to your files, and yet svnserve is going to be writing files in the common user directory at /var/svn/repos that everyone needs write access to. Therefore, we can create a wrapper script that sets a umask for group-writable peermissions right before svnserve is called: #!/bin/sh # set the umask so files are group-wriable umask 002 # call the 'real' svnserve, also passing in the default repo location exec /usr/bin/svnserve "$@" -r /var/svn/repos
Save this somewhere, like /var/svn/svnwrapper.sh. Make a symlink in /usr/local/bin:
cd /usr/local/bin ln -s /var/svn/svnwrapper.sh svnserve chmod 755 /var/svn/svnwrapper.sh
Update 2 Dec 2010: Per the comments from Fred & Timothy Boronczyk, I now recommend that you put the symlink in /usr/local/bin rather than /usr/bin as I originally recommended. This means you avoid having to move the original svnserve binary in /usr/bin. The above scripts have been updated to reflect this new approach.
mkdir code mkdir code/trunk mkdir code/tags mkdir code/branches svn import code svn+ssh://USERNAME@SERVER/my_code -m 'inital import' rm -rf code
That's it. The server is now setup.
svn co svn+ssh://USERNAME@SERVER/my_code my_code_local_dir
In reality, you'll probably want to use a fancy graphical client like TortiseSVN (Windows) or Versions (OS X) to access your subversion server. Getting those setup is beyond the scope of this document, but there are many excellent tutorials.
Discussion
“Note that I really don't like doing this (moving the svnserve binary)” symlinks in /usr/local/bin would have done that job ;)
cd /usr/local/bin
ln -s /home/svn/svnwrapper.sh svn
ln -s /home/svn/svnwrapper.sh svnadmin
ln -s /home/svn/svnwrapper.sh svnlook
ln -s /home/svn/svnwrapper.sh svnserve
Fred-
Yeah, but you still have to move svnserve out of the way before you can create a symlink called 'svnserve'.
David
Nice post actually.
So when you have the svn layout including trunk/branches/tags. How do you create/make a tag that is a snapshot of current trunk. I know they user svn cp but I don't know other parameters in case we use svn+ssh not http.
Thanks
Truyenle
Great write up! But you don't have to move the original svnserve binary. Place a link to svnwrapper.sh in /usr/local/bin, which has priority over /usr/bin in the user's PATH.
$ which svnserve/usr/bin/svnserve
$ ln -s /var/svn/svnwrapper.sh /usr/local/bin/svnserve
$ which svnserve
/usr/local/bin/svnserve
Yep, hadn't caught that. Nice.
I've updated the main article with this suggestion.
I've followed this and had no problems getting it working. But when I try to check in my changes I run into problems. See the error below. Do I need to make pub/private keys? Do I need a similar wrapper for
Transmitting file data ……..svn: Commit failed (details follow):
svn: Can't open file '/var/subversion/repo/db/txn-current-lock': Permission denied
Hi
have you fixed this problem?
I have it!
I get this when I try and svn import:
svn: /usr/bin/svnserve-daemon: not found
Anyone know why this might be?
I'm having the same issue as the above poster. When I try to do the import, I get the following messages:
/usr/local/bin/svnserve: line 7: /usr/bin/svnserve-daemon: No such file or directory
/usr/local/bin/svnserve: line 7: exec: /usr/bin/svnserve-daemon: cannot execute: No such file or directory
svn: Connection closed unexpectedly
In the svnwrapper.sh I think you have to call /usr/bin/svnserve and not svnserve-daemon.
That's propably old, because the first idea of the author was to rename the svnserve to svnserve-daemon.
Robert: Correct. Sorry for not catching that when I updated the article in Dec. I've fixed it now.
What to do if the ssh runs on the different port?
@Bimal :
Update your /home/bimal/.subversion/config and add :
foo = /usr/bin/ssh -oPort=XXX -l your_login -i /home/bimal/.ssh/ssh_key_for_svn
When you want to import, launch : svn co svn+foo:USERNAME@SERVER/my_code my_code_local_dir ;)
What if you want/need multiple svn repository on the same server?
Currently, using apache/https access its a piece of cake. Each svn repos get their own path
https://name.com/Repo1/svn https://name.com/Repo2/svn
How would you do that with svn+ssh ??
Answered my own question…
the -r in the script is the “root” of the svn, I just move it up one and everythign worked, with multipel SVN repos…
This line was causing errors when connecting:
I ended up changing it to:
and setting file system permissions instead of umask:
Just wouldn't seem to work on my box otherwise, couldn't figure out why.
Hey, thanks for this article! I had been looking through all sorts of web resources for setting up svn and they wanted me to do complicated things with Apache etc… All I wanted was svn+ssh. I checked through your simple steps and then, mentally preparing for a lot of troubleshooting, I loaded my private key and pointed TortoiseSVN's repo browser at my home server from work. There it was… My new repository, ready to go! Now I'm going to go persuade my boss to ditch CVS >