3. Working with Subversion

PSI Website Information: If you see this message, then either your browser doesn't support Javascript or Javascript is disabled. You might want to enable it for this site?

AIT LINUX Support

Version Control

2. Subversion and CVS @ PSI

3. Working with Subversion

4. Working with CVS

5. AFS Tips and Tricks

3. Working with Subversion

3.1. Repository Management

3.1.1. Initializing a new Repository

Creating a new repository take place in several steps. In the first step we initialize the repository. In the following steps you have to set access permissions for the different kind of users.

The following example demonstrates how to create a new repository for a project linux (assuming there is an admin group named linux_adm and you are member of this group):

cd /afs/psi.ch/project/linux
pts creategroup linux_adm:svn_adm -owner linux_adm         

mkdir svn                                                  
fs setacl -dir svn -clear -acl linux_adm:svn_adm rlidwka \;

svnadmin --fs-type fsfs create svn

Create the AFS group for the repository administrators. You must be member of the group linux_adm to execute this command.

Create top directories of the repository and initialize AFS access list.

Initialize Subversion repository.


	Note that you must use the `fsfs` repository format instead of the Berkeley DB format, since the Berkeley DB format does not support network file systems. This implies that you need Subversion 1.1 or newer.

3.1.2. Setting Access Rights.

The access rights depend on ACL's as defined for the AFS directories of your repository. Use the fs listacl command to show ACL's, e.g.:

cd /afs/psi.ch/project/linux
fs listacl .

A typical output may look as follows::

Access list for . is
Normal rights:
  linux rlidwk
  linux_adm rlidwka

In this case all members of the group linux have the rights to read (r), lookup (l), insert (i), delete (d), write (w) and set locks (k) on files in the directory.


	AFS ACL's are defined per directories not per file. Thus all files in a directory share the same access rights. Using `fsfs`, Subversion stores all files of a repository in one (huge) file. For this reason it is not possible to set different access right inside a repository.

3.1.3. Configuration for Direct Read/Write Access

To grant all users within an AFS group read and write access to a repository, set the ACL's as follows:

cd /afs/psi.ch/project/linux/svn/

pts creategroup linux_adm:svn_rw -owner linux_adm:svn_adm  

find . -type d -noleaf \                                   
        -exec fs setacl {} -acl linux_adm:svn_rw rlidw \;
fs setacl locks -acl linux_adm:svn_rw rlk

	Create an AFS groups for users with read/write access. You must be member of the group `linux_adm:svn_adm` to execute this command.
	Set AFS ACL's

The user needs a valid AFS token to access the repository

3.1.4. Configuration for Read/Write Access via the Gateway

The configuration for read/write access via the gateway is the same as for direct read/write access. You will be ask for your AFS password.

3.1.5. Configuration for Read-only Access

To grant all users inside an AFS group read-only access to a repository, set the ACL's as follows:

cd /afs/psi.ch/project/linux/svn/

pts creategroup linux_adm:svn_ro -owner linux_adm:svn_adm  

find . -type d -noleaf \                                   
        -exec fs setacl {} -acl linux:adm_svn_ro rl \;
fs setacl locks -acl linux_adm:svn_ro rlk

	Create an AFS groups for users with read-only access. You must be member of the group `linux_adm:svn_adm` to execute this command.
	Set AFS ACL's

The user needs a valid AFS token to access the repository

3.1.6. Configuration for Direct Anonymous Read-only Access

Direct anonymous read-only access is not recommended!

There are some problems with anonymous read access to a Subversion repository on AFS. The biggest problem is that Subversion must be able to set locks in some files - even for a checkout. Thus any malicious user in the world with an AFS client may set any locks in these files and lock out all other users from using the repository.

The recommended solution is to access the repository via a gateway with CVS over SSH.

3.1.7. Configuration for Anonymous Read-only Access via the Gateway

If anonymous read-only access via the gateway is needed, then you have to set ACL's for the "user" savannah, which is the mapping for the anonymous user on the Savannah gateway.

cd /afs/psi.ch/project/linux/svn/

find . -type d -noleaf -exec fs setacl {} -acl savannah rl \;
fs setacl locks -acl savannah rlk

3.1.8. Example

Supose we have the repository /afs/psi.ch/project/linux/svn/ and all users in the group linux have read/write permissions. The repository may be accessed anonymous via the Savannah gateway. Anonymous access via an AFS client is prohibited.

find /afs/psi.ch/project/linux/svn -noleaf -type d -exec fs listacl {} \;

This will give the output:

Access list for /afs/psi.ch/project/linux/svn/ is
Normal rights:
  linux_adm:svn_adm rlidwka
  linux_adm:svn_rw rlidw
  savannah rl
Access list for /afs/psi.ch/project/linux/svn/dav is
Normal rights:
  linux_adm:svn_adm rlidwka
  linux_adm:svn_rw rlidw
  savannah rl
Access list for /afs/psi.ch/project/linux/svn/locks is
Normal rights:
  linux_adm:svn_adm rlidwka
  linux_adm:svn_rw rlk
  savannah rlk
Access list for /afs/psi.ch/project/linux/svn/hooks is
Normal rights:
  linux_adm:svn_adm rlidwka
  linux_adm:svn_rw rlidw
  savannah rl
Access list for /afs/psi.ch/project/linux/svn/conf is
Normal rights:
  linux_adm:svn_adm rlidwka
  linux_adm:svn_rw rlidw
  savannah rl
Access list for /afs/psi.ch/project/linux/svn/db is
Normal rights:
  linux_adm:svn_adm rlidwka
  linux_adm:svn_rw rlidw
  savannah rl
Access list for /afs/psi.ch/project/linux/svn/db/revs is
Normal rights:
  linux_adm:svn_adm rlidwka
  linux_adm:svn_rw rlidw
  savannah rl
Access list for /afs/psi.ch/project/linux/svn/db/revprops is
Normal rights:
  linux_adm:svn_adm rlidwka
  linux_adm:svn_rw rlidw
  savannah rl
Access list for /afs/psi.ch/project/linux/svn/db/transactions is
Normal rights:
  linux_adm:svn_adm rlidwka
  linux_adm:svn_rw rlidw
  savannah rl

3.2. Accessing Subversion Repositories

3.2.1. Direct Access

This is the case if you are working at PSI and have a working AFS connection, from either Linux or Windows clients. Since the repository is seen within the normal global file system structure you just need to use your normal subversion client using a file URL, e.g.:

svn list file:///afs.psi.ch/project/linux/svn/trunk
svn co   file:///afs/psi.ch/project/linux/svn/trunk

3.2.2. Via SSH from Anywhere

In this case you have to use the Savanna gateway system and use the svn+ssh protocol:

svn co svn+ssh://johnsmith@savannah/afs/psi.ch/project/linux/svn/trunk
  johnsmith@savannah's password:...

Just enter your normal AFS password.

For anonymous access you can use the account svn. The password is svn. Of course the repository must be opened for anonymous access in order for this to work.

3.3. Graphical User Interfaces

In addition to using the command line there are also GUI based subversion tools available:

For Linux clients the programs eSvn and rapidsvn exist.(More info to be added here)

For Windows clients the program TortoiseSvn is available, which integrates the subversion functionality into the Internet Explorer. If you have an AFS client on your computer then you can directly address the software repository via the AFS filesystem. Otherwise you have to use the svn+ssh access method via the savannah server. TortoiseSVN has an SSH client configured. This is done through the TortoiseSVN menu in Windows Explorer TortoiseSVN -> Settings on the Network tab under SSH Client. Fortunately, TortoiseSVN comes with TortoisePLink, an implementation of plink , so normally you only have to set the SSH client as:

C:\Program Files\TortoiseSVN\TortoisePlink.exe -l username

Or if you trust the security on your computer and it's surroundings:

C:\Program Files\TortoiseSVN\TortoisePlink.exe -l username -pw password

Prev		Next
2. Subversion and CVS at PSI	Home	4. Working with CVS