= Locking a Branch in Subversion =

If you branch your code in your subversion repository, you may eventually want to 'lock' or 'freeze' one of the branches you've created, so that developers can't continue to check in code in that branch. 

Subversion has a nice [[http://svnbook.red-bean.com/en/1.5/svn.ref.svn.c.lock.html|lock command]], but it doesn't do what we want. It's designed only to indicate to other svn users that a particular developer is working on a file, and as such you can only lock files and anyone can 'steal' a lock.

Instead, the best way to 'lock' a branch is to use path-based access control to make part of your repository read-only. The subversion manual  [[http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html|has all the gory details]], but briefly, you'll want to:
 * Setup an AuthZ rules file
 * Add rules to that file to lock certain branches or tags

Here's how you do it.

== Setup a AuthZ Rules File ==

You need to setup a configuration file to hold the rules governing what part of your repo should be locked. 

==== Apache Setup ====

If you're using apache to serve your subversion repos, you'll want to use the ''AuthzSVNAccessFile'' directive to point to your file. Be sure you're loading the ''mod_authz_svn'' module in your main ''httpd.conf''.

Here's roughly what your virtual host should look like. Note that I've also included ''.htaccess'' authentication.

<code>
<VirtualHost  10.0.0.10:80>
  ServerName  svn.mydomain.com

  <Location />
    DAV  svn
    SVNParentPath  /var/svn/repos

    AuthType  Basic
    AuthName  "My SVN Repo"
    AuthUserFile  /path/to/.htaccess/file
    Require  valid-user

    AuthzSVNAccessFile  /path/to/.authz/file

  </Location>
  ...
</VirtualHost>
</code>

I usually put the ''.authz'' file in the same place as my ''.htaccess'' file, so I can easily edit both at once.

=== svnserve setup ===

If you're using ''svnserve'', you need to make the ''authz-db'' variable (within ''svnserve.conf'') point to your rules file.

== Setup the Rules ==

Once you have the ''.authz'' file setup, you'll need to put some rules in. First, you'll probably want to allow anyone who's authenticated full access to your repo (*). Then, you'll want to make certain paths read only. Your authz file might look like this:

<code>
# Allow full access to all repos
[/]
* = rw

# Lock MyRepo Branch_A
# Note that you only need the MyRepo: prefix if you have more than one repo
[MyRepo:/branches/branch_a]
* = r

# Lock all tags in all repos; only allow 'david' to create new tags.
[/tags]
* = r
david = rw
</code>

(*) **Important Note:** I'm assuming here that you're a private developer who does not want to make her repository available to the world. Your users will authenticate via either ''svnserve'' or apache's ''.htaccess'' mechanism, and only //after// that will they have full access to the repo. If that's not your situation, you may want to adjust your setup.

== For More ==

For more on this, check out:
 * A great Stack Overflow post on [[http://stackoverflow.com/questions/81361/how-to-setup-access-control-in-svn|access control in subversion]]
 * [[http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html|Path based access control]] in the subversion manual.