【subversion】svn服务端部署及帐密权限配置
专题:Linux应用服务配置
各类Linux软件安装配置
更多内容请点击 我的博客 查看,欢迎来访。
Subversion(SVN),是一个集中式项目版本管理工具。
- 可以记录每一次文件和目录的修改情况,以版本号存储,可以根据这个版本号进行还原;
- 不同的用户可以随时从服务器端更新修改的文件,达到在开发中的实时共享;
在线安装
参考官方教程安装: http://subversion.apache.org/packages.html
[root@localhost ~]# yum install -y subversion
已安装:
subversion.x86_64 0:1.7.14-14.el7
作为依赖被安装:
apr.x86_64 0:1.4.8-5.el7 apr-util.x86_64 0:1.5.2-6.el7 gnutls.x86_64 0:3.3.29-9.el7_6
libmodman.x86_64 0:2.0.1-8.el7 libproxy.x86_64 0:0.4.11-11.el7 neon.x86_64 0:0.30.0-4.el7
nettle.x86_64 0:2.7.1-8.el7 pakchois.x86_64 0:0.4-10.el7 perl.x86_64 4:5.16.3-294.el7_6
perl-Carp.noarch 0:1.26-244.el7 perl-Encode.x86_64 0:2.51-7.el7 perl-Exporter.noarch 0:5.68-3.el7
perl-File-Path.noarch 0:2.09-2.el7 perl-File-Temp.noarch 0:0.23.01-3.el7 perl-Filter.x86_64 0:1.49-3.el7
perl-Getopt-Long.noarch 0:2.40-3.el7 perl-HTTP-Tiny.noarch 0:0.033-3.el7 perl-PathTools.x86_64 0:3.40-5.el7
perl-Pod-Escapes.noarch 1:1.04-294.el7_6 perl-Pod-Perldoc.noarch 0:3.20-4.el7 perl-Pod-Simple.noarch 1:3.28-4.el7
perl-Pod-Usage.noarch 0:1.63-3.el7 perl-Scalar-List-Utils.x86_64 0:1.27-248.el7 perl-Socket.x86_64 0:2.010-4.el7
perl-Storable.x86_64 0:2.45-3.el7 perl-Text-ParseWords.noarch 0:3.29-4.el7 perl-Time-HiRes.x86_64 4:1.9725-3.el7
perl-Time-Local.noarch 0:1.2300-2.el7 perl-constant.noarch 0:1.27-2.el7 perl-libs.x86_64 4:5.16.3-294.el7_6
perl-macros.x86_64 4:5.16.3-294.el7_6 perl-parent.noarch 1:0.225-244.el7 perl-podlators.noarch 0:2.5.1-3.el7
perl-threads.x86_64 0:1.87-4.el7 perl-threads-shared.x86_64 0:1.43-6.el7 subversion-libs.x86_64 0:1.7.14-14.el7
trousers.x86_64 0:0.3.14-2.el7
完毕!
[root@localhost ~]# yum install mod_dav_svn -y
已安装:
mod_dav_svn.x86_64 0:1.7.14-14.el7
作为依赖被安装:
httpd.x86_64 0:2.4.6-90.el7.centos httpd-tools.x86_64 0:2.4.6-90.el7.centos mailcap.noarch 0:2.1.41-2.el7
完毕!
# 安装完成后
[root@localhost ~]# svnserve --version
svnserve,版本 1.7.14 (r1542130)
编译于 Apr 11 2018,02:40:28
# 查看安装目录位置
[root@localhost local]# whereis svn
svn: /usr/bin/svn /usr/share/man/man1/svn.1.gz
# 查看运行文件路径
[root@localhost ~]# which svn
/usr/bin/svn
[root@localhost local]# ls /usr/bin/svn*
/usr/bin/svn /usr/bin/svndumpfilter /usr/bin/svnrdump /usr/bin/svnsync
/usr/bin/svnadmin /usr/bin/svnlook /usr/bin/svnserve /usr/bin/svnversion
源码安装
系统初始化时应该安装一些必要的依赖包
[root@localhost ~]# yum install gcc wget expat-devel zip unzip lz4 lz4-devel zlib zlib-devel vim net-tools -y
[root@localhost ~]# mkdir svn
这些依赖包需要在外网环境装好。
访问 http://subversion.apache.org/ 下载 tar.gz
包
[root@localhost svn]# wget http://mirrors.tuna.tsinghua.edu.cn/apache/subversion/subversion-1.12.2.tar.gz
[root@localhost svn]# ll
总用量 11264
-rw-r--r--. 1 root root 11533872 7月 23 20:04 subversion-1.12.2.tar.gz
[root@localhost svn]# tar zxf subversion-1.12.2.tar.gz
[root@localhost svn]# cd subversion-1.12.2
[root@localhost subversion-1.12.2]# ls
aclocal.m4 BUGS build.conf CHANGES configure doc gen-make.py INSTALL Makefile.in README tools
autogen.sh build build-outputs.mk COMMITTERS configure.ac gen-make.opts get-deps.sh LICENSE NOTICE subversion win-tests.py
# 查看安装教程
[root@localhost subversion-1.12.2]# more INSTALL
配置安装
[root@localhost subversion-1.12.2]# ./configure
You probably need to do something similar with the Apache
Portable Runtime Utility (APRUTIL) library and then configure
Subversion with both the --with-apr and --with-apr-util options.
configure: error: no suitable APR found
安装APR
访问 http://apr.apache.org/download.cgi 下载
[root@localhost subversion-1.12.2]# cd ..
[root@localhost svn]# wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.7.0.tar.gz
[root@localhost svn]# tar xzf apr-1.7.0.tar.gz
[root@localhost svn]# cd apr-1.7.0
# 配置
[root@localhost apr-1.7.0]# ./configure
# 编译安装
[root@localhost apr-1.7.0]# make && make install
[root@localhost apr-1.7.0]# whereis apr
apr: /usr/local/apr
# --------------继续报错
[root@localhost apr-1.7.0]# cd ..
[root@localhost svn]# cd subversion-1.12.2
[root@localhost subversion-1.12.2]# ./configure
The Apache Portable Runtime Utility (APRUTIL) library cannot be found.
Install APRUTIL on this system and configure Subversion with the
appropriate --with-apr-util option.
configure: error: no suitable APRUTIL found
安装APRUTIL
同样访问 http://apr.apache.org/download.cgi 下载安装 APR-util
[root@localhost subversion-1.12.2]# cd ..
[root@localhost svn]# wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-util-1.6.1.tar.gz
[root@localhost svn]# tar xzf apr-util-1.6.1.tar.gz
[root@localhost svn]# cd apr-util-1.6.1
[root@localhost apr-util-1.6.1]# ./configure
configure: error: APR could not be located. Please use the --with-apr option.
# 加上apr路径后重新安装
[root@localhost apr-util-1.6.1]# ./configure --with-apr=/usr/local/apr
[root@localhost apr-util-1.6.1]# make && make install
xml/apr_xml.c:35:19: 致命错误:expat.h:没有那个文件或目录
#include <expat.h>
^
编译中断。
make[1]: *** [xml/apr_xml.lo] 错误 1
make[1]: 离开目录“/root/svn/apr-util-1.6.1”
make: *** [all-recursive] 错误 1
安装expat(在线安装)
缺少 expat库,在线安装命令:yum install -y expat-devel
或者访问 https://pkgs.org/download/expat-devel 下载对应的版本,但是结果因为各种依赖问题失败了
[root@localhost apr-util-1.6.1]# cd ..
[root@localhost svn]# wget http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/expat-devel-2.2.5-3.el8.x86_64.rpm
[root@localhost svn]# rpm -ivh expat-devel-2.2.5-3.el8.x86_64.rpm
警告:expat-devel-2.2.5-3.el8.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 8483c65d: NOKEY
错误:依赖检测失败:
expat(x86-64) = 2.2.5-3.el8 被 expat-devel-2.2.5-3.el8.x86_64 需要
# 下载依赖包安装
[root@localhost svn]# wget http://vault.centos.org/8.0.1905/BaseOS/Source/SPackages/expat-2.2.5-3.el8.src.rpm
[root@localhost svn]# rpm -ivh expat-2.2.5-3.el8.src.rpm
警告:expat-2.2.5-3.el8.src.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 8483c65d: NOKEY
正在升级/安装...
1:expat-2.2.5-3.el8 ################################# [100%]
警告:用户mockbuild 不存在 - 使用root
警告:群组mockbuild 不存在 - 使用root
警告:用户mockbuild 不存在 - 使用root
警告:群组mockbuild 不存在 - 使用root
警告:用户mockbuild 不存在 - 使用root
警告:群组mockbuild 不存在 - 使用root
[root@localhost svn]# groupadd mockbuild
[root@localhost svn]# useradd -s /sbin/nologin mockbuild
useradd:mockbuild 组已经存在 - 如果您想将此用户加入到该组,请使用 -g 参数。
[root@localhost svn]# useradd -g mockbuild -s /sbin/nologin mockbuild
[root@localhost svn]# rpm -ivh expat-2.2.5-3.el8.src.rpm
警告:expat-2.2.5-3.el8.src.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 8483c65d: NOKEY
正在升级/安装...
1:expat-2.2.5-3.el8 ################################# [100%]
[root@localhost svn]# rpm -ivh expat-devel-2.2.5-3.el8.x86_64.rpm
警告:expat-devel-2.2.5-3.el8.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 8483c65d: NOKEY
错误:依赖检测失败:
expat(x86-64) = 2.2.5-3.el8 被 expat-devel-2.2.5-3.el8.x86_64 需要
# 还是不行
[root@localhost svn]#
[root@localhost svn]# rpm -ivh expat-2.2.5-3.el8.i686.rpm
警告:expat-2.2.5-3.el8.i686.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 8483c65d: NOKEY
错误:依赖检测失败:
libc.so.6 被 expat-2.2.5-3.el8.i686 需要
libc.so.6(GLIBC_2.0) 被 expat-2.2.5-3.el8.i686 需要
libc.so.6(GLIBC_2.1) 被 expat-2.2.5-3.el8.i686 需要
libc.so.6(GLIBC_2.1.3) 被 expat-2.2.5-3.el8.i686 需要
libc.so.6(GLIBC_2.25) 被 expat-2.2.5-3.el8.i686 需要
libc.so.6(GLIBC_2.3.4) 被 expat-2.2.5-3.el8.i686 需要
libc.so.6(GLIBC_2.4) 被 expat-2.2.5-3.el8.i686 需要
继续安装APRUTIL
[root@localhost svn]# cd apr-util-1.6.1
[root@localhost apr-util-1.6.1]# make && make install
[root@localhost apr-util-1.6.1]# cd ..
[root@localhost svn]# cd subversion-1.12.2
[root@localhost subversion-1.12.2]# ./configure
An appropriate version of sqlite could not be found. We recommmend
3.8.11.1, but require at least 3.8.2.
Please either install a newer sqlite on this system
or
get the sqlite 3.8.11.1 amalgamation from:
https://www.sqlite.org/2015/sqlite-amalgamation-3081101.zip
unpack the archive using unzip and rename the resulting
directory to:
/root/svn/subversion-1.12.2/sqlite-amalgamation
configure: error: Subversion requires SQLite
安装SQLite
首先要安装 unzip,yum install -y zip unzip
[root@localhost svn]# wget https://www.sqlite.org/2015/sqlite-amalgamation-3081101.zip
[root@localhost svn]# ll sqlite-amalgamation-3081101.zip
-rw-r--r--. 1 root root 1648868 7月 30 2016 sqlite-amalgamation-3081101.zip
[root@localhost svn]# unzip sqlite-amalgamation-3081101.zip
# 按要求移动到对应目录
[root@localhost svn]# mv sqlite-amalgamation-3081101 /root/svn/subversion-1.12.2/sqlite-amalgamation
[root@localhost svn]# cd subversion-1.12.2
[root@localhost subversion-1.12.2]# ./configure
configure: zlib library configuration via pkg-config
checking for zlib library... yes
checking for lz4 library via pkg-config... no
configure: lz4 configuration without pkg-config
checking for LZ4_compress_default in -llz4... no
configure: error: Subversion requires LZ4 >= r129, or use --with-lz4=internal
安装LZ4(在线安装)
[root@localhost subversion-1.12.2]# yum install -y lz4 lz4-devel
configure: utf8proc configuration without pkg-config
checking for utf8proc_version in -lutf8proc... no
configure: error: Subversion requires UTF8PROC
安装UTF8PROC
访问 https://github.com/JuliaStrings/utf8proc/releases/tag/v2.4.0 下载
[root@localhost subversion-1.12.2]# cd ..
[root@localhost svn]# wget https://github.com/JuliaStrings/utf8proc/archive/v2.4.0.tar.gz
[root@localhost svn]# wget https://github.com/JuliaStrings/utf8proc/archive/v2.4.0.zip
[root@localhost svn]# unzip v2.4.0.zip
[root@localhost svn]# cd utf8proc-2.4.0/
[root@localhost utf8proc-2.4.0]# make && make install
[root@localhost utf8proc-2.4.0]# cd ..
[root@localhost svn]# cd subversion-1.12.2
[root@localhost subversion-1.12.2]# ./configure
# 终于开始安装svn了,耗时很久
[root@localhost subversion-1.12.2]# make && make install
test -d /usr/local/include/subversion-1 || \
/usr/bin/install -c -d /usr/local/include/subversion-1
(subversion/svnversion/svnversion . 2> /dev/null || \
svnversion . 2> /dev/null || \
echo "unknown"; \
) > /usr/local/include/subversion-1/svn-revision.txt
[root@localhost subversion-1.12.2]# cat /usr/local/include/subversion-1/svn-revision.txt
目录
未版本控制
安装完成
[root@localhost subversion-1.12.2]# whereis svn
svn: /usr/local/bin/svn
[root@localhost subversion-1.12.2]# ls /usr/local/bin/svn*
/usr/local/bin/svn /usr/local/bin/svndumpfilter /usr/local/bin/svnmucc /usr/local/bin/svnsync
/usr/local/bin/svnadmin /usr/local/bin/svnfsfs /usr/local/bin/svnrdump /usr/local/bin/svnversion
/usr/local/bin/svnbench /usr/local/bin/svnlook /usr/local/bin/svnserve
[root@localhost subversion-1.12.2]# svnserve --version
svnserve,版本 1.12.2 (r1863366)
编译于 Oct 24 2019,13:25:09 在 x86_64-unknown-linux-gnu
配置svn单个版本库
创建svn代码库
# 创建一个svn仓库的总仓库,也就是“顶级仓库”,如果之后又多个svn版本库,可以都放在该目录下,便于管理
[root@localhost ~]# mkdir -p /home/svnrepository
# 创建svn版本仓库,也就是“根仓库”,名字为repo_starmeow
[root@localhost ~]# svnadmin create /home/svnrepository/repo_starmeow
# 进入repo_starmeow版本仓库目录,修改配置
[root@localhost ~]# cd /home/svnrepository/repo_starmeow/
[root@localhost repo_starmeow]# ll
总用量 8
drwxr-xr-x. 2 root root 76 10月 24 13:50 conf
drwxr-sr-x. 6 root root 233 10月 24 13:50 db
-r--r--r--. 1 root root 2 10月 24 13:50 format
drwxr-xr-x. 2 root root 231 10月 24 13:50 hooks
drwxr-xr-x. 2 root root 41 10月 24 13:50 locks
-rw-r--r--. 1 root root 246 10月 24 13:50 README.txt
使用svnadmin create
命令创建根仓库时,顶级仓库必须是存在的。根仓库目录是否存在都是可以的,若根仓库不存在,命令会自动创建根仓库目录,也就是说,如果repo_starmeow
这个根仓库目录不管存在与否,都可以通过svnadmin create
成功创建仓库。
配置文件介绍
查看conf
这个目录,这个是存放配置文件的
[root@localhost repo_starmeow]# cd conf/
[root@localhost conf]# ls
authz hooks-env.tmpl passwd svnserve.conf
原始文件内容如下
authz
权限控制
[root@localhost conf]# cat authz
### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
### - a single user,
### - a group of users defined in a special [groups] section,
### - an alias defined in a special [aliases] section,
### - all authenticated users, using the '$authenticated' token,
### - only anonymous users, using the '$anonymous' token,
### - anyone, using the '*' wildcard.
###
### A match can be inverted by prefixing the rule with '~'. Rules can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').
[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average
[groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe
# [/foo/bar]
# harry = rw
# &joe = r
# * =
# [repository:/baz/fuz]
# @harry_and_sally = rw
# * = r
配置说明
# 对所有的版本库,如果svnserve只启动一个版本库,那么只能用仓库路径表示
[/仓库路径] # 如果只有一个版本库, /path/ts 指定仓库路径
用户名1 = rw # 表示用户名1 可读写
用户名2 = r # 表示用户名2 只读
* = # 表示其他用户无任何权限
# 指定版本库,如果svnserve为多个版本库工作,指定启动到顶级目录,权限中就应该指定具体的版本库名。
[版本库名:/仓库路径] # repo_starmeow:/ 表示这个版本仓库下所有文件
用户名1 = rw # 表示用户名1 可读写
用户名2 = r # 表示用户名2 只读
* = # 表示其他用户无任何权限
权限可为r
、w
、rw
,分别代表只可读,只可写,可读可写,这里r
、w
、rw
只针对 仓库路径 最后层级的目录生效。
仓库路径下有子目录,且子目录未配置独立的权限,子目录可以继承父目录的角色权限。
目录中还有目录特别设置权限的话,如果上一级用户拥有权限但是没有拥有特定的这个权限的话,是看不到的该文件夹的。或者说,拥有子目录权限但是没有主目录权限的话,可以直接通过完全的子目录链接来达到访问的目的。
扩展,用户分组表示
[groups]
部门1 = 用户名1,用户名2
部门2 = 用户名3
[<版本库>:/项目/目录]
@部门1 = rw # 部门1中的用户可读写
@部门2 = r # 部门2的用户只读
用户名4 = rw # 用户名4可读写
passwd
帐号密码
[root@localhost conf]# cat passwd
### This file is an example password file for svnserve.
### Its format is similar to that of svnserve.conf. As shown in the
### example below it contains one section labelled [users].
### The name and password for each user follow, one account per line.
[users]
# harry = harryssecret
# sally = sallyssecret
只需要在每一行配置用户名 = 密码
表示
svnserve.conf
SVN服务配置
[root@localhost conf]# cat svnserve.conf
### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository. (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)
### Visit http://subversion.apache.org/ for more information.
[general]
### The anon-access and auth-access options control access to the
### repository for unauthenticated (a.k.a. anonymous) users and
### authenticated users, respectively.
### Valid values are "write", "read", and "none".
### Setting the value to "none" prohibits both reading and writing;
### "read" allows read-only access, and "write" allows complete
### read/write access to the repository.
### The sample settings below are the defaults and specify that anonymous
### users have read-only access to the repository, while authenticated
### users have read and write access to the repository.
# anon-access = read
# auth-access = write
### The password-db option controls the location of the password
### database file. Unless you specify a path starting with a /,
### the file's location is relative to the directory containing
### this configuration file.
### If SASL is enabled (see below), this file will NOT be used.
### Uncomment the line below to use the default password file.
# password-db = passwd
### The authz-db option controls the location of the authorization
### rules for path-based access control. Unless you specify a path
### starting with a /, the file's location is relative to the
### directory containing this file. The specified path may be a
### repository relative URL (^/) or an absolute file:// URL to a text
### file in a Subversion repository. If you don't specify an authz-db,
### no path-based access control is done.
### Uncomment the line below to use the default authorization file.
# authz-db = authz
### The groups-db option controls the location of the file with the
### group definitions and allows maintaining groups separately from the
### authorization rules. The groups-db file is of the same format as the
### authz-db file and should contain a single [groups] section with the
### group definitions. If the option is enabled, the authz-db file cannot
### contain a [groups] section. Unless you specify a path starting with
### a /, the file's location is relative to the directory containing this
### file. The specified path may be a repository relative URL (^/) or an
### absolute file:// URL to a text file in a Subversion repository.
### This option is not being used by default.
# groups-db = groups
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa. The default realm
### is repository's uuid.
# realm = My First Repository
### The force-username-case option causes svnserve to case-normalize
### usernames before comparing them against the authorization rules in the
### authz-db file configured above. Valid values are "upper" (to upper-
### case the usernames), "lower" (to lowercase the usernames), and
### "none" (to compare usernames as-is without case conversion, which
### is the default behavior).
# force-username-case = none
### The hooks-env options specifies a path to the hook script environment
### configuration file. This option overrides the per-repository default
### and can be used to configure the hook script environment for multiple
### repositories in a single file, if an absolute path is specified.
### Unless you specify an absolute path, the file's location is relative
### to the directory containing this file.
# hooks-env = hooks-env
[sasl]
### This option specifies whether you want to use the Cyrus SASL
### library for authentication. Default is false.
### Enabling this option requires svnserve to have been built with Cyrus
### SASL support; to check, run 'svnserve --version' and look for a line
### reading 'Cyrus SASL authentication is available.'
# use-sasl = true
### These options specify the desired strength of the security layer
### that you want SASL to provide. 0 means no encryption, 1 means
### integrity-checking only, values larger than 1 are correlated
### to the effective key length for encryption (e.g. 128 means 128-bit
### encryption). The values below are the defaults.
# min-encryption = 0
# max-encryption = 256
配置文件分析
anon-access = read
auth-access = write
# anon-access(匿名访问)和auth-access(认证访问)选项,分别用于控制未认证用户和与认证用户对svn版本库的访问,其可选值包含 write,read,none,如果设置为none则无对版本库的读写访问权限;设置为write则有可读可写权限;设置为read则只有读权限。
password-db = passwd
# 用于控制密码数据库文件的位置,除非指定了一个带符号‘/’ 的路径,否则文件的位置为包含该配置文件的相对路径,如果开启了SASL,则该文件配置不起作用。
authz-db = authz
# 控制基于路径访问控制的认证规则的位置。除非指定了带‘/’的路径,否则该文件位置为包含该配置文件的相对位置。如果不指定authz-db,则没有基于路径的访问控制。
realm = My First Repository
# 指定了版本库的认证域(authentication realm)。如果两个版本库有同样的认认证域(authentication realm),他们应该有相同的密码数据库,反之亦然。缺省的 realm为版本库的uuid
不修改原始配置启动svn
暂时不修改上面的配置文件,之前已经创建代码库,创建了/home/svnrepository
顶级仓库,也就是存放所有版本库的目录,另外还创建了/home/svnrepository/repo_starmeow
根仓库,主要用于存放项目。
启动根目录为版本库根目录(单库启动)
-r
直接指定到版本库(称之为单库svnserve方式),在这种情况下,一个svnserve只能为一个版本库工作。
[root@localhost conf]# svnserve -d -r /home/svnrepository/repo_starmeow/ --listen-port 3690
[root@localhost conf]# ps -ef | grep svn
root 81637 1 0 08:48 ? 00:00:00 svnserve -d -r /home/svnrepository/repo_starmeow/
root 81639 77434 0 08:48 pts/2 00:00:00 grep --color=auto svn
[root@localhost conf]# netstat -anp | grep svn
tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 81637/svnserve
-
-d
是daemon,使svnserve运行在后台,接收tcp/ip连接,默认端口是3690。 -
-r
是root,指明了svnserve启动的虚拟目录(根目录),上面示例中指定 /home/svnrepository 为虚拟目录。 -
--listen-port
指定端口,如果使用3690,可以不用加该选项。
客户端测试
PS D:\SVNProject> svn checkout svn://192.168.126.134
svn: E170013: Unable to connect to a repository at URL 'svn://192.168.126.134'
svn: E730060: Can't connect to host '192.168.126.134': 由于连接方在一段时间后没有正确答复或连接的主机没有反应,连接尝试 失败。
服务器允许端口通过防火墙
需要允许该端口通过防火墙
[root@localhost conf]# firewall-cmd --permanent --zone=public --add-port=3690/tcp
success
[root@localhost conf]# firewall-cmd --reload
success
客户端检出
PS D:\SVNProject> svn checkout svn://192.168.126.134 # 直接检出到当前目录
Checked out revision 0. # 提示检出版本为0
PS D:\SVNProject> svn checkout svn://192.168.126.134/ D:\SVNProject # 检出到指定目录
Checked out revision 0.
PS D:\SVNProject> svn checkout svn://192.168.126.134:3690 # 如果服务器不是使用的默认端口3690,需要自行指定
Checked out revision 0.
检出完成后会在本地生成一个.svn
隐藏目录,里面内容如下
当使用-r
参数指定根目录为版本库 根仓库 时,是将版本库根目录中的所有文件检出到本地目录。
指定根目录为版本库顶级目录(多库启动)
-r
指定到版本库的上级目录(称之为多库svnserve方式),这种情况,一个svnserve可以为多个版本库工作,
这时如果想限制指定库的指定目录,就应该指定具体的库名称。
[root@localhost conf]# svnserve -d -r /home/svnrepository
[root@localhost conf]# ps -ef | grep svn | grep -v grep
root 81986 1 0 10:17 ? 00:00:00 svnserve -d -r /home/svnrepository
客户端检出
PS D:\SVNProject> svn checkout svn://192.168.126.134
svn: E170013: Unable to connect to a repository at URL 'svn://192.168.126.134'
svn: E210005: No repository found in 'svn://192.168.126.134'
PS D:\SVNProject> svn checkout svn://192.168.126.134/repo_starmeow # 需要指定根仓库repo_starmeow
Checked out revision 0.
如果不指定本地检出目录,则会在当前目录下创建一个根仓库名称,然后在该目录下进行检出。
BLOG_20191026_211957_95PS D:\SVNProject> svn checkout svn://192.168.126.134/repo_starmeow D:\SVNProject\
Checked out revision 0.
如果指定了检出目录,则直接将仓库中的文件检出到本地目录。
BLOG_20191026_211950_65当使用-r
参数指定根目录为版本库 顶级仓库 时,在检出链接中需要指定根仓库名称,且如果不指定本地目录,则会在当前目录下创建根仓库名称的文件夹,然后在其中检出文件。
修改文件配置帐密及权限
切记:每个配置的后面不能添加其他文字,带#的注释也不允许,例如
auth-access = write # 授权用户可写
要求使用帐密登录
将 svnserve.conf 备份并修改
[root@localhost conf]# cp svnserve.conf svnserve.conf.bak
[root@localhost conf]# ls
authz hooks-env.tmpl passwd svnserve.conf svnserve.conf.bak
[root@localhost conf]# vim svnserve.conf
# 修改配置如下
[root@localhost conf]# cat svnserve.conf | grep -v "###"
[general]
# 匿名用户只读,可设置为none,表示匿名用户无法访问
anon-access = none
# 授权用户可写
auth-access = write
# 指定帐密文件
password-db = passwd
# 指定权限文件
# authz-db = authz
# groups-db = groups
# 每个svn项目认证空间名,会在认证提示中显示,建议写项目名称
realm = My Project StarMeow
# force-username-case = none
# hooks-env = hooks-env
[sasl]
# use-sasl = true
# min-encryption = 0
# max-encryption = 256
修改帐密文件
[root@localhost conf]# cat passwd | grep -v "###"
[users]
admin = admin
test = test
user = user
测试使用帐密连接
PS D:\SVNProject> svn list svn://192.168.126.134/
svn: E170013: Unable to connect to a repository at URL 'svn://192.168.126.134'
svn: E210005: No repository found in 'svn://192.168.126.134'
# 同样也是需要执行版本库名称
# 登录的时候提示输入用户名密码
PS D:\SVNProject> svn list svn://192.168.126.134/repo_starmeow
Authentication realm: <svn://192.168.126.134:3690> My Project StarMeow
Password for 'LR': # 默认会用本机用户名登录,再次回车自行输入用户名
Authentication realm: <svn://192.168.126.134:3690> My Project StarMeow
Username: admin
Password for 'admin': *****
# 指定登录用户名密码
PS D:\SVNProject> svn list svn://192.168.126.134/repo_starmeow --username user --password error
Authentication realm: <svn://192.168.126.134:3690> My Project StarMeow
Username: user
Password for 'user': ****
PS D:\SVNProject> svn list svn://192.168.126.134/repo_starmeow --username user --password user
-
--username user
指定登录的用户名为user
。 -
--password user
指定登录的密码为user
。 - 如果帐密出错会要求手动登录。
- 不指定检出目录,会在本地生成一个版本库名称的目录,执行检出。
使用用户权限控制
上面实现了匿名无法访问,用户登录后可读可写,接下来实现对用户权限控制。
修改配置文件,指定权限验证的文件authz-db = authz
,默认为当前目录的authz
文件
[root@localhost conf]# vim svnserve.conf
# 修改配置如下
[root@localhost conf]# cat svnserve.conf | grep -v "###"
[general]
# 匿名用户只读,可设置为none,表示匿名用户无法访问
anon-access = none
# 授权用户可写
auth-access = write
# 指定帐密文件
password-db = passwd
# 指定权限文件
authz-db = authz
# groups-db = groups
# 每个svn项目认证空间名,会在认证提示中显示,建议写项目名称
realm = My Project StarMeow
# force-username-case = none
# hooks-env = hooks-env
[sasl]
# use-sasl = true
# min-encryption = 0
# max-encryption = 256
修改权限文件,对顶级目录做权限控制。
[root@localhost conf]# cp authz authz.bak
[root@localhost conf]# cat authz | grep -v "###"
[groups]
admin = admin
user = test,user
# 代表根目录下所有的资源
[/]
@admin = rw
@user = r
* =
配置文件修改后不需要重启服务,也就是不需要将svnserve
进程关闭后开启
测试连接
可以使用svn客户端进行测试
BLOG_20191026_211939_40当使用@user
这个组内的用户进行访问时,可以读取文件,假如要进行了增删改再提交会报错
以另一个用户重启,输入有写权限的用户,就可以提交成功了。
BLOG_20191026_211927_59多个版本库配置
接下来换一台服务器,同样安装好相应的软件
创建顶级仓库目录
# CentOS7防火墙允许端口
[root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=3690/tcp
success
[root@localhost ~]# firewall-cmd --reload
success
# 使用在线方式安装subversion
[root@localhost ~]# yum install -y subversion
# 进入svn顶层仓库,创建两个svn版本库
[root@localhost ~]# cd /home/svnrepository/
[root@localhost svnrepository]# pwd
/home/svnrepository
创建多个根仓库
# 创建2个版本库,分别为ProjectCC、ProjectXY,可以指定绝对路径
[root@localhost svnrepository]# svnadmin create /home/svnrepository/ProjectCC
[root@localhost svnrepository]# svnadmin create ProjectXY
[root@localhost svnrepository]# ls
ProjectCC ProjectXY
# 创建整个配置文件,用于存放每个版本库共同使用的帐密和权限,而每个版本库对应的配置文件保留在原来位置
[root@localhost svnrepository]# mkdir RootConf
[root@localhost svnrepository]# cp ProjectCC/conf/{authz,passwd} RootConf/
[root@localhost svnrepository]# ls RootConf/
authz passwd
修改各个版本仓库配置
# 接下来修改每个版本库对应的帐密和权限文件
# 修改第一个项目
[root@localhost svnrepository]# vim ProjectCC/conf/svnserve.conf
[root@localhost svnrepository]# cat ProjectCC/conf/svnserve.conf | grep -v "###"
[general]
anon-access = none
auth-access = write
password-db = /home/svnrepository/RootConf/passwd
authz-db = /home/svnrepository/RootConf/authz
realm = Project CC Repository
# force-username-case = none
[sasl]
# use-sasl = true
# min-encryption = 0
# max-encryption = 256
# 修改第二个项目
[root@localhost svnrepository]# vim ProjectXY/conf/svnserve.conf
[root@localhost svnrepository]# cat ProjectXY/conf/svnserve.conf | grep -v "###"
[general]
anon-access = none
auth-access = write
password-db = /home/svnrepository/RootConf/passwd
authz-db = /home/svnrepository/RootConf/authz
realm = Project XY Repository
# force-username-case = none
[sasl]
# use-sasl = true
# min-encryption = 0
# max-encryption = 256
启动svn服务器
# 启动svn服务器,指定根目录为顶级目录
[root@localhost svnrepository]# svnserve -d -r /home/svnrepository && ps aux | grep svn | grep -v grep
root 1418 0.0 0.0 180736 808 ? Ss 13:41 0:00 svnserve -d -r /home/svnrepository
# 查看服务器的IP
[root@localhost svnrepository]# ip a | grep ens33 | grep inet | awk '{print $2}' | awk -F '/' '{print $1}'
192.168.99.100
客户端进行检出
BLOG_20191026_211918_49能弹出这个,表明服务器运行正常了
BLOG_20191026_211913_39配置多个版本库共同帐密和权限文件
接下来配置服务器帐密和权限
[root@localhost svnrepository]# cd RootConf/
[root@localhost RootConf]# ls
authz passwd
# 编辑帐密文件,添加用户名和密码,用于整个svn项目的登录认证
[root@localhost RootConf]# vim passwd
[root@localhost RootConf]# cat passwd | grep -v "###"
[users]
admin = admin_passwd
liuming = liuming_passwd
wangpeng = wangpeng_passwd
liwen = liwen_passwd
zhaohe = zhaohe_passwd
# 如果有多个用户,继续在后面添加即可
# 配置权限文件,对不同的版本库和目录创建不同的权限
[root@localhost RootConf]# vim authz
[root@localhost RootConf]# cat authz | grep -v "###"
[aliases]
[groups]
admin = admin
# CC项目组管理
cc_man = liuming
# CC项目组美术
cc_ms = zhaohe
# CC项目组程序
cc_cx = wangpeng,liwen
#[/]
# 所有版本库权限,管理员组读写,其他人无权限
#@admin = rw
#* =
[ProjectXY:/]
# 存放公共资料,所有人可读
* = r
[ProjectCC:/]
# 超级管理员、项目组管理员所有权限
@admin = rw
@cc_man = rw
* =
# 项目ProjectCC中admin组、cc_man组拥有根目录的读写权限,可以通过svn://192.168.99.100/ProjectCC检出
[ProjectCC:/code]
@admin = rw
@cc_man = rw
# 项目代码只有程序可读可写
@cc_cx = rw
* =
# 项目ProjectCC中admin组、cc_man组拥有根目录的读写权限,由于子目录 /code 配置独立的权限,对该目录专有权限的cc_cx组需要设置读写权限,由于cc_cx组员对svn://192.168.99.100/ProjectCC不可访问,可以通过 svn://192.168.99.100/ProjectCC/code这种完全的子目录链接来达到访问的目的。
[ProjectCC:/resource]
@admin = rw
@cc_man = rw
# 美术资源美术人员读写,程序只读
@cc_ms = rw
@cc_cx = r
* =
客户端用不同权限检出
admin组拥有所有权限,就可以访问到所有目录。
BLOG_20191026_211902_57而对于cc_ms组的只有resource的权限,则只能查看到该目录
BLOG_20191026_211856_49检出整个项目会失败。
BLOG_20191026_211852_18 BLOG_20191026_211846_35然而完全路径是可以检出的。
BLOG_20191026_211841_97也就是只能使用 svn://192.168.99.100/ProjectCC/resource 这种链接去访问。
关闭或重启svn服务
[root@localhost conf]# killall svnserve
[root@localhost conf]# netstat -anp | grep svn
tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 77314/svnserve
[root@localhost conf]# kill -9 77314
[root@localhost conf]# kill -9 `ps -ef | grep svn | grep -v grep | awk '{print $2}'`
[root@localhost conf]# netstat -anp | grep svn
# 重启svn服务
[root@localhost conf]# kill -9 `ps -ef | grep svn | grep -v grep | awk '{print $2}'` && svnserve -d -r /home/svnrepository && ps aux | grep svn | grep -v grep