Linux下SVN使用笔记

概述

Subversion是一个开源版本控制系统，以下是个人在Linux系统下使用的笔记，如有出错,恳请指正。

安装

• 安装Apache
  yum install httpd
  验证 httpd -version

• 安装Apache 模块
  yum install mod_dav_svn
  验证 查看 /etc/httpd/modules/目录下是否有如下两个模块
  mod_dav_svn.so
  mod_authz_svn.so

• 安装SVN服务
  yum install subversion
  验证 svnserve –version

  还有一种不需要apache的运行方式，就是安装好subversion后，直接用如下命令来启动
  /usr/bin/svnserve –daemon –pif-file=/var/run/subversion.pid –listen-port 80 -r /some/dir/svn
  参数说明参考 svnserve –help

创建仓库

mkdir /some/dir/svncd /some/dir/svnsvnadmin create repository1chown -R apache:apache repository1

配置

在每个存储库的子目录conf下包含authz、 passwd和svnserve.conf这3个配置文件

• svnserve.conf 在每个存储库的基础上控制svnserve守护程序的行为
• passwd 用户名及其密码
• authz 访问策略

为了避免对每个存储库去配置，就不在各个存储库中去配置了，可以拷贝某个存储库下的authz文件到指定路径，然后在apache来配置。
vi /etc/httpd/conf.d/subversion.conf
在其文件内配置如下数据：

<Location /zhuku>   DAV svn   SVNParentPath /some/dir/svn#   # Limit write permission to list of valid users.#   <LimitExcept GET PROPFIND OPTIONS REPORT>#      # Require SSL connection for password protection.#      # SSLRequireSSL#      AuthType Basic      AuthName "Some Repository"      AuthzSVNAccessFile /some/dir/svn/authz      AuthUserFile /some/dir/svn/passwd      Require valid-user#   </LimitExcept></Location>

配置完后需要重性启动apache
验证： 在浏览器输入 http://ip:port/repos/Some Repository 会弹出帐号登录框即表示成功

存储库配置(svnserve.conf)

anon-access = none|read|write
Determines the access level for unauthenticated users. write access allows all repository operations. read access allows all operations except committing and changing revi‐ sion properties. none access allows no access. The default level is read.

auth-access = none|read|write
Determines the access level for authenticated users, using the same access levels as above. The default level is write.

password-db = filename
Sets the location of the password database. filename may be relative to the repository conf directory. There is no default value. The password database has the same overall format as this file. It uses only one section “users”; each variable within the section is a username, and each value is a password.

authz-db = filename
The authz-db option controls the location of the authorization rules for path-based access control. filename may be relative to the repository conf directory. There is no default value. If you don’t specify an authz-db, no path-based access control is done.

realm = realm-name
Sets the authentication realm of the repository. If two repositories have the same password database, they should have the same realm, and vice versa; this association allows clients to use a single cached password for several repositories. The default realm value is the repository’s uuid.

# 示例：[general]anon-access = noneauth-access = readpassword-db = passwd

用户配置(passwd)

htpasswd：

htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of HTTP users. If htpasswd cannot access a file, such as not being able to write to the output file or not being able to read the file in order to update it, it returns an error status and makes no changes.
Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htpasswd. This program can only manage usernames and passwords stored in a flat-file. It can encrypt and display password information for use in other types of data stores, though. To use a DBM database see dbmmanage or htdbm.
htpasswd encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA1, or the system’s crypt() routine. Files managed by htpasswd may contain a mixture of different encoding types of passwords; some user records may have bcrypt or MD5-encrypted passwords while others in the same file may have passwords encrypted with crypt().
密码长度限制在255个字符串内

详情参考 htpasswd –help，以下列出常用两项命令：
- 增加用户 htpasswd svn/passwd username
- 删除用户 htpasswd -D svn/passwd username

访问策略配置(authz)

• 权限

  • whois = r 读
  • whois = w 写
  • whois = 没有任何权限
  • whois = rw 读写

• 路径（SVNParentPath）
  路径的匹配顺序是从子目录到父目录，且子目录集成父目录的权限

# 示例：[repo:/some/dir/bug-142]whois = rwsally = r

• [/] 匹配所有存储库
• [/some/dir] 匹配所有存储库下/some/dir路径
• [repo:/] 匹配repo存储库下所有路径
• [repo:/some/dir] 匹配repo存储库下/some/dir路径
• [repo:/some/dir/file.txt] 匹配repo存储库下/some/dir/file.txt文件

借助 mod_dav_svn 模块的指令，可以将路径定义为一个人性化的名称，不过在访问策略时还是仅能通过路径来配置

<Location /svn/calc>
SVNPath /var/svn/calc
SVNReposName "Calculator Application"


• 魔法变量（magic token）

  • $anonymous 匿名访客
  • $authenticated 认证用户

• 排除标识（～）

[repo:/some/dir]~$authenticated = r~$anonymous = rw

• 任意用户(* )

[/]* = r

• 用户别名（aliases）
  

  一些身份验证系统（如使用LDAP存储或SSL客户端证书的身份验证系统）可能会携带更复杂的用户名。例如，在LDAP保护的系统中，Harry的用户名可能是CN = Harold Hacker，OU = Engineers，DC = red-bean，DC = com。直接在访问策略（authz）文件里用这样的用户名来配置，会使配置文件显得非常臃肿，且容出错。使用别名就能解决这个问题。

[aliases]harry = CN=Harold Hacker,OU=Engineers,DC=red-bean,DC=comsally = CN=Sally Swatterbug,OU=Engineers,DC=red-bean,DC=comjoe = CN=Gerald I. Joseph,OU=Engineers,DC=red-bean,DC=com

在使用别名时，需要在别名前面加个&字符号，其它与普通用户名一样。示例：

[groups]web-developers = &harry, &sally, &joeapp-developers = &frank, &sally, &jane

• 用户组（groups）

[groups]web-developers = harry, sally, joeapp-developers = frank, sally, jane# 使用组,这里everyone也是一个组，组亦可以包含组。everyone = @web-developers, @app-developers# 常用示例：[repo:/some/dir]whois = r@app-developers = rw

• 单个用户（single user）
  [repo:/some/dir]
  whois = r

使用

1. 新增用户
   
   • htpasswd /some/dir/svn/passwd username 新增用户名及配置密码
   • vi /some/dir/svn/authz 根据用户配置相应权限
2. 删除用户
   
   • vi /some/dir/svn/authz 剔除用户权限
   • htpasswd -D /some/dir/svn/passwd username 删除用户帐号
3. 迁移仓库
4. 备份数据

附录

• 在线学习资料：http://svnbook.red-bean.com/