I’m using Subversion and Trac for several projects and I always thought that I should write down my workflow to set it up. This time, I did, and I’m sharing it with you. It’s probably not the best way, but it works for me. I will not cover the prerequesites here, like installing Apache 2 with DAV and SVN support or installing Subversion and Trac.
The subversion server is on a Linux box while the client is a Windows XP machine with TortoiseSVN as the SVN front-end.
First of all, a repository must be initialized on server-side. I have a directory /repositories on my server where all repositories reside. svn-admin is the tool to initialize a new one.
svnadmin create --fs-type fsfs /repositories/project
Next I need a user file which holds Subversion user names and passwords. Create a file called /repositories/project/conf/userfile and edit it as follows. Nothing gets encrypted here, passwords are saved as plain text.
user1 = password1
user2 = password2
Now that I have a user file, I must adopt the /repositories/project/conf/svnserve.conf file to suit my needs. In particular, I won’t allow anonymous users to access the repository. Remove the # before the [general] tag and change the settings below as follows:
anon-access = none
auth-access = write
Moreover, I point the password-db parameter to my userfile I’ve just created.
password-db = userfile
Now that you’ve created a repository on server-side it’s time to import something from client-side. The common structure for a Subversion repository consists of three directories trunk, branches, tags, so I create a directory for my project and add these subdirectories.
Now perform an import by right-clicking on the created project directory and choosing TortoiseSVN…->Import… from the Explorer context menu.
Your sandbox should now be setup. I tend to delete the directories under project and re-checkout the project again to make sure everything was imported correctly but you may go on as is.
Back to the server-side. Let’s create a new Trac project.
trac-admin /var/trac/project initenv
=> Project Name: project
=> Path to repository: /repositories/project
=> Templates directory: [enter]
Your Trac project now gets created. It’s a good idea to remove anonymous access to Trac and add an own user instead.
trac-admin /var/trac/project/ permission remove anonymous BROWSER_VIEW CHANGESET_VIEW FILE_VIEW LOG_VIEW MILESTONE_VIEW REPORT_SQL_VIEW REPORT_VIEW ROADMAP_VIEW SEARCH_VIEW TICKET_CREATE TICKET_MODIFY TICKET_VIEW TIMELINE_VIEW WIKI_CREATE WIKI_MODIFY WIKI_VIEW
trac-admin /var/trac/project/ permission add >username< TRAC_ADMIN
Append this to your apache2.conf.
ScriptAlias /project /var/www/projects/project/trac.cgi
SetEnv TRAC_ENV "/var/trac/project"
As you see, I have a /var/www/projects directory where I create a subdirectory for each project. Do this as you prefer, but change the pathnames accordingly if you decide to do it different.
Now create the directory you referred to in the above snippet and add a symbolic link to Trac’s trac.cgi file.
ln -s /usr/share/trac/cgi-bin/trac.cgi .
Trac needs permission to write to its database file. You may have to fiddle around with your group permissions here.
chmod go+w trac.db
chmod go+w db/
Finally, restart Apache. (May work differently with your Linux distribution.)
Now we need an Apache userfile, too, which looks a little bit different than the ordinary userfile we created for Subversion. The password is hashed in this case. You need a tool to create the appropriate hashes (MD5, I believe), so peek around for tools like htpasswd. I have a little script file called script.sh so I use it to crypt a password and copy the result to the file /var/trac/project/userfile:
When you point your webbrowser to the subdirectory /project, you should already see the Wiki page and should be able to login.
Allow checkout via Apache
It’s possible to checkout using http so that you can get your sources even e.g. if you’re behind your companies or a customers firewall which blocks outgoing connections to the standard Subversion port.
Get back to your apache2.conf file and append this:
AuthName "project repository"
<Limit GET PROPFIND OPTIONS REPORT>
The interesting part this time is the AuthUserFile parameter. Basically, this is the same file as /var/trac/project/userfile, so you may point just over there, but I tend to copy it to the conf-directory.
cp /var/trac/project/userfile /repositories/project/conf/svn-auth-file
The AuthzSVNAccessFile parameter points to a second file which contains groups and users for the Apache access. This is the only way I know to limit access to certain parts of your repository to certain users or user groups. My file /repositories/project/conf/per-directory-access looks like this.
developers = user1,user2
@developers = rw
This defines a group “developers” with read/write access to the repository from the root-directory / downward.
Now restart Apache again and you should be able to checkout using the URL http://yourserver/svn/project.
It may take some time until I will create a new project so it’s up to you to verify what I wrote. I worked with Trac 0.8.1 on a Debian machine.