It’s surprising that, given Subversion (SVN) is an Apple officially supported revision control system for development (Xcode has support for it), Leopard Server has no real GUI support for getting a subversion server up and running (or any other revision control system server). Yes, Leopard Server does ship with Subversion. But to use it for your internal projects there is quite a bit of setup required.

There are a number of resources on the net showing how to setup Subversion on Leopard Server, but just about every tutorial I’ve seen ends up with something that works – but if you make any unrelated changes to your web server with the Server Admin tool at a later date you end up changing your SVN settings and having to redo them.

What I propose below is a general way to avoid this problem that can be applied to Subversion and other tools. I also try and do this in the most OS X way I can, using OS X style folder locations and naming, and the Server Admin tool wherever possible. Further, I show how to integrate with Open Directory for authentication (the standard user authentication method used by Leopard Server).

Creating the repository

The first thing we need is a repository on Leopard Server to store all your files that are under SVN control. In OS X style, I have chosen to store this repository in /Library/Subversion. I will set it up to have multiple repositories – my first is called “projects“. You should change as you see fit. As “projects” will later be accessible via a url, where most url components are lowercase, I chose to name all our repositories in lowercase.

You will need to open Terminal, and type the following. You will need to enter your admin password.

sudo svnadmin create \
/Library/Subversion/Repository/projects
sudo chown -R www:admin /Library/Subversion
sudo chmod -R 770 /Library/Subversion

Using Server Admin

Start up Server Admin on Leopard Server, and go to the Web section. Click on Sites at the top of the Server Admin screen. In my setup, I’ve chosen to have two sites – our intranet on port 80, and our SVN services on port 443 (i.e. we will access SVN using https). Do this by selecting the + button under the list of domains.

Under the General tab, fill in the details for your server. In particular, make sure your domain name is set correctly, and will not change later. In the example below, our machine is called “yamato” and the domain is “yamato.internal” – an internal domain that isn’t used outside of the VPN.

General Tab

Under the Options tab, select “WebDAV”.

Options Tab

Under the Realms tab, we create a new Realm. This will be used in the future to add new users giving them access to SVN (or not). You create a new Realm by clicking on the + button under the Realms list. Fill in the dialog box that slides out as shown below.

Create Realm - SVN

I call my Subversion Realm “Subversion”. Once created, to the right I add the users I want to allow access to SVN, giving them appropriate access (in this case all my users have “Browse and Read/Write WebDAV”).

Realms Tab - SVN

Under the Security tab, select “Enable Secure Sockets Layer (SSL)”. I created a new certificate, but you can use the default that Leopard Server creates for you on installation.

Security Tab

Now save your changes.

Click on Settings at the top, and choose the Modules tab. In this tab, find “dav_svn_module” and enable it by ticking the appropriate check box.

Modules - SVN

Save your changes.

Back to the Terminal

In Terminal, go to the directory /etc/apache2/sites. Here you will find configuration files for your domains. Of particular interest is the domain I have setup for SVN:

0001_any_443_yamato.internal.conf

We want to avoid changing this file as much as possible, only changing it enough to load the changes we need, and changing areas that won’t change if we make further changes to this file via Server Admin. To do this we create a sub-directory called 0001_any_443_yamato.internal.

cd /etc/apache2/sites
sudo mkdir 0001_any_443_yamato.internal

Now, edit 0001_any_443_yamato.internal.conf using your favourite command-line editor.

sudo vi 0001_any_443_yamato.internal.conf

In the file, find the line:

LogLevel warn

Above this line put:

Include “/etc/apache2/sites/0001_any_443_yamato.internal/*.conf”

Replacing the name of the server with the name of your server.

Now, go to the directory you created, and create a new file called httpd_svn.conf.

cd /etc/apache2/sites/0001_any_443_yamato.internal
sudo vi httpd_svn.conf

In this file, type the following

<Location “/svn”>
DAV svn
SVNParentPath /Library/Subversion/Repositories
</Location>

and save your changes.

Back to Server Admin

Restart the web server, by clicking Stop Web and then Start Web.

Almost done

Now you just need to add a new project. You’ll need to create the usual SVN directory structure for a project, and import the project with svn import. The URL for the projects repository, in my example, is https://yamato.internal/svn/projects. Authentication will use usernames and passwords of users in your Open Directory.

And that should be it. Now you should be able to add and remove people from the Subversion Realm at will, without having to mess with the configuration files. The general idea of putting extra configuration files in to a subdirectory makes extending Apache much easier while maintaining the use of Server Admin for day to day GUI tasks – I’ll show you how easy that is soon in another blog article on getting Trac up and running on Leopard Server.

Troubleshooting

At a later date we discovered that svn status -u didn’t work – giving an error. We found that we could only get this working by turning off the Forward Proxy we had configured under Web Settings in Server Admin. It is quite possible this could be fixed by adding an appropriate ProxyPass directive in httpd_svn.conf, but haven’t figured that out yet. If you do, please let me know.

Subversion on Leopard Server

8 thoughts on “Subversion on Leopard Server

  • August 3, 2008 at 9:41 pm
    Permalink

    Nice tutorial, I have SVN on my leopard server but getting it to work with open directory is something I need to look into.

    Keep the articles coming! I love the site.

  • August 14, 2008 at 1:22 pm
    Permalink

    This is the only tutorial I’ve followed that worked and it worked the first time. Thanks a whole bunch.

    Any more clever tutorials?

  • August 15, 2008 at 5:39 pm
    Permalink

    There are a few more Richard. Check out the archive or check out the Mac category – there is one on Trac, and some on LDAP. I also have some more coming on Leopard Server in the next few weeks.

  • August 27, 2008 at 10:20 am
    Permalink

    Thanks! This worked great.

    The only thing I missed was the fact that the http URL will have the repository name at the end of it. (In case someone else gets stuck on that)

  • October 16, 2008 at 3:37 am
    Permalink

    Great post! I used this as the basis for our setup, but our Programmers wanted 1.5.2. To use the most recent version of SVN, all you need to do (prior to using this guide) is install the binary version of SVN 1.5.2, copy the 1.5.2 versions of mod_dav_svn.so and mod_authz.svn.so to libexec/apache2, and adjust the PATH line (under/etc/paths) so that 1.5.2 is default after reboot. Once you’ve done that, this guide takes you the rest of the way perfectly.

  • Pingback: Curmi the Blog » Blog Archive » Trac on Leopard Server

  • March 4, 2009 at 11:45 am
    Permalink

    Is Basic authentication for the subversion realm secure?

    I had followed these instructions long ago, hadn’t used subversion for a while, then tried to use it and it failed. It turned out I had changed the authentication for the Subversion realm from Basic to Digest at some point, thinking it might be a security hole. Versions.app had problems with this, which were fixed when I reverted to Basic authentication. I’m wondering if this is a problem for a machine in data center directly connected to the internet. My guess is, as long as I always access the server with a https URI, it’s safe. Enabling SSL in server admin doesn’t mean it’s required.

Leave a Reply

Your email address will not be published.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Anti-spam image