direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Page Content

SVN for Departments

The following instructions will show you how to provide a SVN repository using a coventional website. We will introduce the directory structure of the web directory tree and the required files. Furthermore we will show options to limit access permissions.

These instructions require that you are already familiar with the concept of version adminstration system and Subversion (SVN) in particular. Some actions are explained as an example but we will not cover the entire features of SVN. If you encounter any conceptional or feature related questions, please use the numerous online documentations and literature about the topic.

Directory Structure / Files

In the confirmation e-mail which you receive after the setup of your conventional website, you will find the AFS base path of your website. Among others you will find the folders: auth, svn-layout, svn

In the folder auth: there are the files svnpasswd and svnauthz. With these files the access to the repositories is configured.
In the folder svn: you can store your repositories.
In the folder svn-layout: there are two files allowing you to change the appearance of the webinterface (only read access for the most recent version): svnindex.css and svnindex.xsl.

Im Ordner auth: befinden sich die beiden Dateien svnpasswd sowie svnauthz. Mit diesen Dateien wird der Zugriff auf die Repositories gesteuert.
Im Ordner svn: können Sie Ihre Repositories ablegen.
Im Ordner svn-layout: befinden sich zwei Dateien, die für das Aussehen des Webinterfaces (nur lesender Zugriff auf die aktuellste Version) verantwortlich sind: svnindex.css und svnindex.xsl.

Create a Repository

Repositories have to be created in the folder svn/ subordinated to the base directory of your website. The following command will create a repository with the name "projekt1":

  • svnadmin create $BASEDIR/svn/projekt1

Alternatively you can use other graphical tools such as Tortoise for Windows. You should know check the access permissions for your new repository.

The directory names are "case-sensitive", upper and lower case have to be regarded. If the directory "Projekt1" is created, you will have to use "Projekt1" later in the SVN-URI too. The lower case version "projekt1" would result in an error.

Please note: The creation of repositories is not done via http! You need direct AFS access. Using Linux your AFS will be usually reachable at /afs/tu-berlin.de/units/Fak_XY/Orgname/. Using Windows you will have to map a network drive.
In case you do not have a direct AFS access, you can also login via SSH at sshgate.tu-berlin.de, the required SVN tools are installed and AFS access is possible.

AFS Access Permissions

Files in your AFS section are accessible world-wide as long as the user has the correspondent AFS rights. Therefore it is important to check the permissions of your repositories.

Initially the following AFS permissions are issued:

Your webgroup: ([Admin-ID]:svc-w3-xxxx): all
(svc-w3-xxxx): l
AFS-Admin-Group: (units:[OrgName]): la
svc-w3: write
system:backup rl

As member of the webgroup you have full access and can create new repositories.

Note: For the use of the repository via HTTP(S) the users do not require any AFS rights. In fact: They should not have any AFS rights if they do not administrate the repositories. A provisioned user account is also not required for the HTTP(S) usage.

Caution: Every person owning the AFS read permission can read the repositories directly via AFS. The mechanism described below for access control via HTTP(S) are NOT active in that case! Grant AFS permissions to your SVN administrators only!

SVN Access Permissions

For HTTP(S) access permissions and usernames/passwords are set at different places. This can be confusing but offers the option grant rights to both anonymous and authenticated users.

Access permissions: $BASEDIR/auth/svnauthz
In this file you can enter the access permissions for all repositories. By default there are no users and the anonymous access is prohibited for all repositories:

[/]
* =

With the squared brackets you can specify the repository for the following data.
Example:

# refers to the path / of all repositories
[/]
# refers to the path "trunk" of the repository "project1"

Then you can specify which users respectively which groups should receive which rights. There are exactly 3 combinations for rights:

r => read right
rw => read and write right
[empty] => no rights

Note: In case user did not receive any rights explicitely he does not have any rights. This does not apply if rights have been assigned to anonymous users.

Examples:
# anonymous users obtain the read right
* = r

# user max receives write right
max = rw

# group "fremd" does not receive access permission
@fremd =

You can define groups in the file svnauthz:

[groups]
fremd = harry, sally, joe
developers = frank, sally, jane
everyone = harry, sally, joe, frank, sally, jane

Add a user:

With conventional websites which have been created after 12.12.2012 you can enter provisioned users directly. You are not required to create own users. For TUB external persons this option is still valid.

If you applied for your conventional website before 12.12.2012 the employment of provisioned users is not implemented. If you are interested in using that feature, simply write an  with the name of your conventional website.

Caution: The self created users have priority! If a mueller exists in htpasswd a provisioned user of the same name, only the mueller with the password from htpasswd can login. A login with the password of the provisioned user is not possible. In order to avoid name conflicts you can add a prefix to your own users (e.g. ORGNAME_).

Achtung: Die selbst angelegten Benutzer haben Vorrang! Existiert ein mueller in der htpasswd und ein gleichnamiger provisionierter  Benutzer, kann sich nur der  mueller mit dem Passwort aus der htpasswd anmelden. Eine Anmeldung mit dem Passwort des prov.  Benutzers ist nicht moeglich. Um Namenskonflikte zu vermeiden,  könnten Sie Ihren eigenen Benutzern ein Suffix voranstellen, z.B. ORGNAME_.

Own users: $BASEDIR/auth/svnpasswd

Here you can add your own users and grant access to TUB externals.

Websites issued after 12.12.2012 employ AuthType Basic. New users have to be created using the tool htpasswd.
# htpasswd $BASEDIR /auth/svnpasswd  [username] 

Websites issued before 12.12.2013 employ AuthType Digest. New users have to be created using the tool htdigest.
# htdigest $BASEDIR/auth/svnpasswd subversion [Benutzername]

Afterwards a password will be assigned to that username.

Learn how to use htdigest using Windows here.

If you do not have direct AFS access, you can login via SSH at sshgate.tu-berlin.de. The requried SVN tools are installed and AFS access is possible.

SVN Access Permissions - Exemplary Configuration:

You want to deny anonymous access for all repositories. The group named "developer" should have full access to all repositories and members of the group "user" should have read rights for the repository "documentation".

The content of the file $BASEDIR/auth/svnauthz has to be:

[groups]
developer = max, erika, paul
user = franka, birgit, hans

[/]
* =
@developer = rw

[documentation:/]
@user = r

Add users in the file $BASEDIR/auth/svnpasswd:
# htdigest  $BASEDIR/auth/svnpasswd subversion max
...
# htdigest  $BASEDIR/auth/svnpasswd subversion erika
...
# htdigest  $BASEDIR/auth/svnpasswd subversion paul
...
etc.

HTTP or HTTPS ?

Your repositories can be accessed unencrypted using HTTP or encrypted using HTTPS. We recommend using the encrypted access via HTTPS.

For conventional websites which have been generated after 12.12.2012 you will be automatically redirected from HTTP to HTTPS. If you try making a repository checkout via HTTP the program will likely give an error of the type "The project archive has been permanently moved to [...]". Simply use the same URL with https:// instead of http:// .

Checkout / Create a working copy

For the checkout of a repository you need to specify how it should be accessed. Assuming that your web address is www.orgname.tu-berlin.de then your repository can be reached like that:

www.orgname.tu-berlin.de/svn/[Name des Repositories]

Using Linux the checkout of the repository "projekt1" in the current directory could look like this:

svn checkout www.orgname.tu-berlin.de/svn/projekt1 ./

You can also use a graphical tool. Just enter the web address followed by svn/[name of the repository]/ into the correspondet field.

!!!Caution!!!
The repository names are case-sensitive.

Web Access (read access)

You can access the current revision (head revision) with any web browser. Just enter the URL of your website followed by /svn/[name of the repository]/ into your brower's address bar. If the anynomous access is denied, you will be asked to enter a username and password.

Umlauts and special characters in folder and file names

We recommend not using any umlauts or special characters (äöü,?,% ...) in your folder and file names within your repository. This especially applies if the repository is accessed using different operating system with differing language and encoding settings and different SVN tools.

Hooks

Hooks - scripts which are executed on the server before or after an repository action - are not allowed. Scripts which are stored in folders will not be executed while using the web service. There are no exceptions.

Literature

A good work of reference is the official "SVN book". You can find it online at http://svnbook.red-bean.com/

You can find print media at the established literature vendors using the catchword "Subversion".

Zusatzinformationen / Extras

Quick Access:

Schnellnavigation zur Seite über Nummerneingabe

Auxiliary Functions