svn(subversion)是近年来崛起的版本管理工具,是cvs的接班人。目前,绝大多数开源软件都使用svn作为代码版本管理软件。
svn服务器有2种运行方式:
1. 独立服务器(本帖将重点讨论这种方式)
2. 借助apache,目前nginx还不支持。
二种方式各有利弊,可以根据自己的需要进行配置,我不需要Http进行访问,只需要客户端可以Commit & update 就可以,下面是我选择的第一种方式-独立的SVN服务器。
系统环境:Centos-5.5 + Php-5.3.3 + Nginx-0.8.49 + Mysql-5.5.5m3+subersion-1.6.12
================================================================
============ 以上介绍系统完成,下面开始SVN安装 ==============
================================================================
获取svn安装包,直接切换到root用户进行所有操作:
最新版下载地址:http://subversion.apache.org/
直接到下载页面:http://svn.haxx.se/dev/archive-2010-06/0320.shtml
[[email protected]]$ wget "http:// subversion.tigris.org/downloads/ subversion- 1.6.12.tar.gz"
[[email protected]]$ wget "http:// subversion.tigris.org/downloads/ subversion-deps- 1.6.12.tar.gz"
下载完成之后,开始编译:
[[email protected]]$ tar xfvz subversion- 1.6.12.tar.gz
[[email protected]]$ tar xfvz subversion-deps- 1.6.12.tar.gz
[[email protected]]$ cd subversion- 1.6.12
[[email protected]]$ ./configure -–prefix=/usr/local/svn --without-berkeley-db
注:以svnserve方式运行,不加apache编译参数。以fsfs格式存储版本库,不编译berkeley-db
如果最后出现下面WARNING,我们直接忽略即可。因为不使用BDB存储。
configure: WARNING: we have configured without BDB filesystem support
You don't seem to have Berkeley DB version 4.0.14 or newer
installed and linked to APR-UTIL. We have created Makefiles which
will build without the Berkeley DB back-end; your repositories will
use FSFS as the default back-end. You can find the latest version of
Berkeley DB here:
http://www.sleepycat.com/download/index.shtml
编译完成之后,开始安装:
[[email protected]]$ make && make install
如果 make install 出现下面错误:
error while loading shared libraries: libiconv.so.2: cannot open shared object file: No such file or directory
解决办法:
#1、编辑/etc/ld.so.conf文件:
[[email protected]]$ vi /etc/ld.so.conf
# 添加下面一行
/usr/local/lib
#2、保存后运行ldconfig。
[[email protected]]$ /sbin/ldconfig
#3、再重新运行make install 问题得到解决。
[[email protected]]$ make install
#注:ld.so.conf和ldconfig用于维护系统动态链接库
测试是否安装成功:
[[email protected]]$ /usr/local/svn/bin/svnserve --version
如果显示如下,svn安装成功:
svnserve, version 1.6.12 (r955767)
compiled Sep 1 2010, 01:36:17
Copyright (C) 2000-2009 CollabNet. Subversion is open source software, see http:// subversion.tigris.org/
This product includes software developed by CollabNet (http://www.Collab.Net/).
The following repository back-end (FS) modules are available:
* fs_fs : Module for working with a plain file (FSFS) repository.
Cyrus SASL authentication is available.
================================================================
============ 为了方便下操作,下面将SVN的BIN添加到PATH ====================
================================================================
在/etc/profile最后加入 SVN Path 以方便操作:
[[email protected]]$ vi /etc/profile
#比如像下面这样添加:
PATH=/usr/local/php/bin:/usr/local/mysql/bin:/usr/local/svn/bin:$PATH
#添加完成执行,马上生效:
[[email protected]]$ source /etc/profile
#测试查看设置是否成功
[[email protected]]$ echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/php/bin:/usr/local/mysql/bin:/usr/local/svn/bin:......
#上面已经包含了“/usr/local/svn/bin”,说明已经成功。
================================================================
============ 以上安装完成,下面开始建立SVN版本库 =============
================================================================
svn版本库可建多个比如:repos,repos1,repos2….:
新建目录和初始化版本库:
#新建SVN存放数据文件的版本库目录
[[email protected]]$ mkdir -p /data/svn/repos
#初始化版本库,生成相关配置文件:
[[email protected]]$ svnadmin create /data/svn/repos
初始化版本库完成,开始设置配置svnserve.conf:
[[email protected]]$ vi /data/svn/repos/conf/svnserve.conf### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository. (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)
### Visit http:// subversion.tigris.org/ for more information.
[general]
### These options control access to the repository for unauthenticated
### and authenticated users. Valid values are "write", "read",
### and "none". The sample settings below are the defaults.
anon-access = none # 注意这里必须设置,否则所有用户不用密码就可以访问
auth-access = write
### The password-db option controls the location of the password
### database file. Unless you specify a path starting with a /,
### the file's location is relative to the directory containing
### this configuration file.
### If SASL is enabled (see below), this file will NOT be used.
### Uncomment the line below to use the default password file.
password-db = passwd
### The authz-db option controls the location of the authorization
### rules for path-based access control. Unless you specify a path
### starting with a /, the file's location is relative to the the
### directory containing this file. If you don't specify an
### authz-db, no path-based access control is done.
### Uncomment the line below to use the default authorization file.
authz-db = authz
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa. The default realm
### is repository's uuid.
realm = repos
[sasl]
### This option specifies whether you want to use the Cyrus SASL
### library for authentication. Default is false.
### This section will be ignored if svnserve is not built with Cyrus
### SASL support; to check, run 'svnserve --version' and look for a line
### reading 'Cyrus SASL authentication is available.'
# use-sasl = true
### These options specify the desired strength of the security layer
### that you want SASL to provide. 0 means no encryption, 1 means
### integrity-checking only, values larger than 1 are correlated
### to the effective key length for encryption (e.g. 128 means 128-bit
### encryption). The values below are the defaults.
# min-encryption = 0
# max-encryption = 256
注意:对用户配置文件的修改立即生效,不必重启svn。
初始化版本库完成,开始设置passwd 用户账号信息:
[[email protected]]$ vi /data/svn/repos/conf/passwd.
### This file is an example password file for svnserve.
### Its format is similar to that of svnserve.conf. As shown in the
### example below it contains one section labelled [users].
### The name and password for each user follow, one account per line.
# 在下面添加用户和密码,每行一组 username = password
[users]
# harry = harryssecret
# sally = sallyssecret
wangyong = password1
zhangsan = password2
初始化版本库完成,开始设置authz 用户访问权限:
### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
### - a single user,
### - a group of users defined in a special [groups] section,
### - an alias defined in a special [aliases] section,
### - all authenticated users, using the '$authenticated' token,
### - only anonymous users, using the '$anonymous' token,
### - anyone, using the '*' wildcard.
###
### A match can be inverted by prefixing the rule with '~'. Rules can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').
[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average
# [groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe
# [/foo/bar]
# harry = rw
# &joe = r
# * =
# [repository:/baz/fuz]
# @harry_and_sally = rw
# * = r
#### ==================== 下面我新加的 ==================== ###
[groups]
grp_hexu = zhangsan, wangyong # grp_hexu 组包括两个用户zhangsan, wangyong
[/]
zhangsan = # zhangsan 对根目录没有任何权限
wangyong = rw # wangyong 对根目录有读写权限
[repos:/hexu.org] # 对repos仓库的hexu.org项目进行权限 限制
@grp_hexu = rw # 限制grp_hexu 组对hexu.org项目有读写权限
wangyong = # 限制wangyong所有权限,其它用户有读写权限
[repos:/test.org] # 对repos仓库的test.org项目进行权限 限制
@grp_hexu = rw # 限制grp_hexu 组对test.org项目有读写权限
zhangsan = r # 限制zhangsan只有读权限,其它用户有读写权限
其中,1个用户组可以包含1个或多个用户,用户间以逗号分隔。
下面是举例一个最简单的svnserver.conf & passwd & authz配置:
## svnserver.conf 配置
[[email protected]]$ vi /data/svn/repos/conf/svnserve.conf
[general]
anon-access = none
auth-access = write
password-db = passwd
authz-db = authz
realm = repos
## passwd 配置
[[email protected]]$ vi /data/svn/repos/conf/passwd
[users]
#user1 = password1
#user2 = password2
zhangsan = ZhanGSan
## authz 配置
[[email protected]]$ vi /data/svn/repos/conf/authz
[aliases]
[groups]
[/]
zhangsan = rw
启动svn服务器和新建svn用户:
# 以SVN身份运行,新建用户:
[[email protected]]$ useradd svn
#设置SVN版本库的用户和组:
[[email protected]]$ chown -R svn:svn /data/svn
#启动svn:
[[email protected]]$ su - svn -c "svnserve -d --listen-port 9999 -r /data/svn"
#检查是否启动:
[[email protected]]$ps -ef|grep svn
#如果显示如下,即为启动成功:
svn 6941 1 0 15:07 ? 00:00:00 svnserve -d –listen-port 9999 -r /data/svn
额外说明:
su - svn表示以用户svn的身份启动svn
-d表示以daemon方式(后台运行)运行
–listen-port 9999表示使用9999端口,可以换成你需要的端口。但注意,使用1024以下的端口需要root权限
-r /data/svn 指定SVN服务的根目录是/data/svn
通过web方式访问svn有很多方法,请参阅配置websvn或配置bsSvnBrowser的方法。
好了所有配置完成,可以使用客户端SVN进行操作了。
================================================================
============ 以上介绍SVN版本库完成,下面开始测试 =============
================================================================
服务测试方法 1:
[[email protected]]$ cd /tmp
[[email protected]]$ mkdir test
[[email protected]]$ touch test.txt
[[email protected]]$ svn import /tmp/test/ file:///usr/local/svndata/repos -m "this is thie first import"
[[email protected]]$ mkdir -p /tmp/test2
[[email protected]]$ cd /tmp/test2
[[email protected]]$ svn co file:///usr/local/svndata/repos /tmp/test2/
#或者:
[[email protected]]$ svn co svn://{your-server-ip}:9999/repos/
#这时应该可以看到文件test.txt.
服务测试方法 2:
[[email protected]]$ telnet {your-server-ip} 9999 检查端口是不是通的
如果telnet 检查不通,有可能是防火墙(iptables)里面端口没开:
[[email protected]]$ vi /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -p tcp --dport 9999 -j ACCEPT
#保存完成,重启 iptables
[[email protected]]$ /etc/init.d/iptables restart
#或
[[email protected]]$ service iptables restart