The following page details the Subversion (svn) installation at Codehaus. In addition, it also provides a set of "how-to" documents for both users and administrators of Subversion repositories tailored for the haus installation. If you are not interested in the details of the Codehaus installation, skip ahead to the How To documents at the end of this document.
Codehaus is running the latest and greatest version of Subversion on
beaver.codehaus.org. We're happy to say that we've been using Subversion at the house ever since v0.25 was released. At the time of this writing, the most recent version of Subversion is v1.0.1. When the Subversion team releases a new version, one can expect it to be installed at Codehaus within a few days. The previous installation of Subversion on
hogshead.codehaus.org will be retired after all projects have been migrated to the new server.
The most recent version of Subversion can be found in
/usr/local/subversion directory. In reality, this is a symbolic link to a directory in the form of
version is the current version of the Subversion release. This enables the maintainer to switch back and forth between new and past installations with relative ease without impacting users. All binaries are located in
/usr/local/subversion/bin, which is automatically inserted into your
PATH upon login (via
/etc/profile.d/subversion.sh). The two most frequently used commands are
svnadmin. Their use is illustrated in the How To documents at the end of this document.
The current installation is maintained by Pete Kazmier.
Subversion features several methods to access Subversion repositories. Each access method is described in the following subsections. Please note that not all of these methods are supported by the Codehaus installation at this time. Additionally,
svn.codehaus.org is now registered to facilitate our userbase.
Local filesystem access is of limited use in the Codehaus environment because users should not be working on the Codehaus machine directly. However, there may be times when accessing a local repository is necessary. All Subversion repositories are located in the
/home/projects/FOO/scm directory (where
FOO is the name of the project). Thus, to check out a repository on the local machine, one would type:
Obviously, in order to use this repository access mechanism, you must have a shell account on the Codehaus server. Note: you must specify the full pathname to the repository when using this access method.
Similar to CVS, Subversion includes a mechanism to provide remote anonymous/read-only access to repositories. The
svnserve daemon provides this functionality. This access method enables users that do not have accounts on the Codehaus server to check out the repositories and track changes in their own local working copies. In order to check out a repository using this access method, one would type:
FOO is the name of the project. Note: in this case, the anonymous user does not include the actual filesystem path
/home/projects on the command line. The
svnserve daemon executes as the
apache user for security reasons. Thus, it is important that all Subversion repositories permit read access for the
apache user. By default, all projects are automatically created in this manner.
The ViewCVS installation on Codehaus has been upgraded to a more recent version which supports browsing of Subversion repositories in a manner that is familiar to most CVS users. To access the repository, go to the following URL:
FOO is the name of the project. Again, the only requirement is that all repositoies must be permit read-write access for the
apache user (under which the ViewCVS program is executed). By default, all projects are automatically created in this manner.
Authenticated svnserve via SSH
Secure and authenticated access to the Codehaus Subversion repositories is provided via SSH (similar to the standard CVS access method used at Codehaus). By using SSH, a secure communication channel can be established to Codehaus over which passwords can be sent safely. This method enables all users with accounts on the Codehaus machine to check out repositories in a read-write manner. In order to check out a repository using this access method, one would type:
Note: in this case, you must specify the full path to the repository which includes the actual filesystem path
/home/projects. If your username on the client machine differs from your Codehaus username, you'll need to tell Subversion to invoke SSH differently; see http://svnbook.red-bean.com/html-chunk/ch05s04.html#svn-ch-5-sect-4.2.2 for details.
WebDAV access enables users to access repositories remotely via DAV which is an extension to the HTTP protocol. The Codehaus installation does not support this remote access method for a variety of reasons. This does not indicate Codehaus will never support this access method; however, for the first release of the Subversion at Codehaus, it was decided to eliminate this access method for the following reasons:
The Codehaus web server is currently running 1.x version of Apache. WebDAV and SVN DAV modules are only available for the 2.x version of the Apache web server. At this time, Pete Kazmier did not want to undertake the migration to Apache 2.x. Furthermore, the web server process owner must have read-write access to the Subversion repositories in addition to users accessing the repository with authenticated svnserve.
One of the benefits of using Apache and WebDAV to access remote repositories is that users can be authenticated with any of the typical Apache user-authentication mechanisms. However, this is problematic because the basic authentication mechanism of Apache sends passwords in cleartext (I need to verify if Digest authentication is supported by the svn client). Thus, it now becomes necessary to secure the transport of the HTTP session which leads to the next point.
In order to provide a secure transport channel for WebDAV access to the repositories, the Codehaus Apache server must implement SSL/TLS. To properly configure the Codehaus web server, a valid certificate would have to be purchased (self-signed certificates are not an option as they provide no real security).
Repositoy Backup Strategy
Every night, a hot-backup of each Subversion repository located in
/svnroot (this is a directory of symlinks to each project's
/home/projects/FOO/scm directory) is produced by
/etc/cron.daily/local-svn-backup.rb (a simple wrapper to the
hot-backup.py script provided with Subversion). Theses hot-backups are stored locally on the server in
FOO is the name of the Subversion repository.
Within this directory, ten days-worth of fully-functional hot-backups reside. The naming convention used in this backup directory is
rev is the global revision number of the repository. If a repository has not changed since the previous day (i.e. the revision number has not changed), then the name of the backup is appended with a dash followed by a simple incrementing counter. For example, in the following example, the repository has changed only twice in the previous ten days (revisions 12 and 13):
Finally, remote backups are performed in the event of a local server catastrophe. These backups are part of the system-wide backup that occurs every night via an rsync process. To maximize the efficiency of rsync, a file with a constant name is required so that only differences between the local and remote versions are sent across the network. With the help of a small patch to the standard
hot-backup.py script included with Subversion, a symbolic link to the most recent backup is created in the
/home/services/backup/svn/FOO directory which is named
/home/services/backup/svn/FOO/FOO-CURRENT. This enables the rsync process to efficiently send only the differences over the wire.
Subversion How-To Guides
The following are a series of "how-to" guides for a variety of Subversion-related tasks. The tasks are organized by role of the user.
The Codehaus adminstrator is a user that has root access to the Codehaus servers. This user can create and remove repositories, as well as convert existing CVS repositories to Subversion repositories.
- How to Create a New Subversion Repository
- How to Send Subversion Commit Logs to Email
- How to Setup ViewCVS Access to a Subversion Repository
- How to Convert a CVS Repository to a Subversion Repository
- How to Recover a Subversion Repository
The project committer is a user who has read-write access to a project's source repository. This user can check out code as well as check in capability. The following How-To documents have been organized sequentially for a new Subversion user.
- How to Organize a Subversion Repository
- How to Import Files Into a Subversion Repository
- How to Check Out a Subversion Repository
- How to Tag and Branch a Subversion Repository
- How to Browse a Subversion Repository via ViewCVS
- How to Recover a Subversion Repository
The anonymous user is a user who does not have read-write access to a project or access to the Codehaus servers. This user can only check out read-only versions of a repository.