Setting up SVN and Trac

I’m using Subversion and Trac for several projects and I always thought that I should write down my workflow to set it up. This time, I did, and I’m sharing it with you. It’s probably not the best way, but it works for me. I will not cover the prerequesites here, like installing Apache 2 with DAV and SVN support or installing Subversion and Trac.

The subversion server is on a Linux box while the client is a Windows XP machine with TortoiseSVN as the SVN front-end.

Repository Setup

First of all, a repository must be initialized on server-side. I have a directory /repositories on my server where all repositories reside. svn-admin is the tool to initialize a new one.

svnadmin create --fs-type fsfs /repositories/project

Next I need a user file which holds Subversion user names and passwords. Create a file called /repositories/project/conf/userfile and edit it as follows. Nothing gets encrypted here, passwords are saved as plain text.

[users]
user1 = password1
user2 = password2

Now that I have a user file, I must adopt the /repositories/project/conf/svnserve.conf file to suit my needs. In particular, I won’t allow anonymous users to access the repository. Remove the # before the [general] tag and change the settings below as follows:

anon-access = none
auth-access = write

Moreover, I point the password-db parameter to my userfile I’ve just created.

password-db = userfile

Sandbox Setup

Now that you’ve created a repository on server-side it’s time to import something from client-side. The common structure for a Subversion repository consists of three directories trunk, branches, tags, so I create a directory for my project and add these subdirectories.

md project
md projecttrunk
md projectbranches
md projecttags

Now perform an import by right-clicking on the created project directory and choosing TortoiseSVN…->Import… from the Explorer context menu.

Your sandbox should now be setup. I tend to delete the directories under project and re-checkout the project again to make sure everything was imported correctly but you may go on as is.

Trac Setup

Back to the server-side. Let’s create a new Trac project.

cd /var/trac
trac-admin /var/trac/project initenv
=> Project Name: project
=> Path to repository: /repositories/project
=> Templates directory: [enter]

Your Trac project now gets created. It’s a good idea to remove anonymous access to Trac and add an own user instead.

trac-admin /var/trac/project/ permission remove anonymous BROWSER_VIEW CHANGESET_VIEW FILE_VIEW LOG_VIEW MILESTONE_VIEW REPORT_SQL_VIEW REPORT_VIEW ROADMAP_VIEW SEARCH_VIEW TICKET_CREATE TICKET_MODIFY TICKET_VIEW TIMELINE_VIEW WIKI_CREATE WIKI_MODIFY WIKI_VIEW
trac-admin /var/trac/project/ permission add >username< TRAC_ADMIN

Apache Setup

Append this to your apache2.conf.

ScriptAlias /project /var/www/projects/project/trac.cgi
<Location "/project">
    SetEnv TRAC_ENV "/var/trac/project"
</Location>
<Location "/project/login">
    AuthType basic
    AuthName "project"
    AuthUserFile "/var/trac/project/userfile"
    Require valid-user
</Location>

As you see, I have a /var/www/projects directory where I create a subdirectory for each project. Do this as you prefer, but change the pathnames accordingly if you decide to do it different.

Now create the directory you referred to in the above snippet and add a symbolic link to Trac’s trac.cgi file.

cd /var/www/projects
mkdir project
cd project
ln -s /usr/share/trac/cgi-bin/trac.cgi .

Trac needs permission to write to its database file. You may have to fiddle around with your group permissions here.

cd /var/trac/project/db/
chmod go+w trac.db
cd ..
chmod go+w db/

Finally, restart Apache. (May work differently with your Linux distribution.)

/etc/init.d/apache2 restart

Now we need an Apache userfile, too, which looks a little bit different than the ordinary userfile we created for Subversion. The password is hashed in this case. You need a tool to create the appropriate hashes (MD5, I believe), so peek around for tools like htpasswd. I have a little script file called script.sh so I use it to crypt a password and copy the result to the file /var/trac/project/userfile:

user1:hashed_password1
user2:hashed_password2

When you point your webbrowser to the subdirectory /project, you should already see the Wiki page and should be able to login.

Allow checkout via Apache

It’s possible to checkout using http so that you can get your sources even e.g. if you’re behind your companies or a customers firewall which blocks outgoing connections to the standard Subversion port.

Get back to your apache2.conf file and append this:

<Location /svn/project>
    DAV svn
    SVNPath /repositories/project

    AuthType basic
    AuthName "project repository"
    AuthUserFile /repositories/project/conf/svn-auth-file
    Require valid-user

    AuthzSVNAccessFile /repositories/project/conf/per-directory-access

    <Limit GET PROPFIND OPTIONS REPORT>
        Require valid-user
    </Limit>
</Location>

The interesting part this time is the AuthUserFile parameter. Basically, this is the same file as /var/trac/project/userfile, so you may point just over there, but I tend to copy it to the conf-directory.

cp /var/trac/project/userfile /repositories/project/conf/svn-auth-file

The AuthzSVNAccessFile parameter points to a second file which contains groups and users for the Apache access. This is the only way I know to limit access to certain parts of your repository to certain users or user groups. My file /repositories/project/conf/per-directory-access looks like this.

[groups]
developers = user1,user2
[/]
@developers = rw

This defines a group “developers” with read/write access to the repository from the root-directory / downward.

Now restart Apache again and you should be able to checkout using the URL http://yourserver/svn/project.

Done

It may take some time until I will create a new project so it’s up to you to verify what I wrote. I worked with Trac 0.8.1 on a Debian machine.

Next Article

Adapter Pattern applied