In my last blog entry, I talked about how I got Subversion to use Bugzilla accounts and passwords to authenticate users. At the bottom of that entry, I briefly mentioned that I use an “access file” to limit which Bugzilla users are actually authorized to access the Subversion repository.
Now I want to set up a nice web interface to the repository to quickly and easily track changes to the code. This is especially nice for people with “read-only” access so that they don’t have to install a full subversion client.
The tool I settled on for doing this is WebSVN (http://websvn.tigris.org/) which is a web repository viewer specifically designed for Subversion.
Initially, I tried ViewVC (Which is the latest incarnation of ViewCVS, with Subversion support). I liked it very much (it’s what Apache uses for their subversion repository) but I had one problem. I needed to limit access to ViewVC just like I limited access to the repository itself. It was easy enough to reuse the same Bugzilla user authentication, but because ViewVC doesn’t use the Subversion “access file”, every Bugzilla user would have ViewVC access.
ViewVC wasn’t going to work for me, so I tried WebSVN. WebSVN was designed from the ground up to work with Subversion, and it supports access control via the “access file” (at least version 2.0 beta 7 does at the time of this writing; you have to get it directly from their source repository). It’s a PHP based application, so even though I had to grab the “source code’, there was nothing to actually compile.
To get this to work, all I had to do was drop the WebSVN directory somewhere that apache could access it, add WebSVN to the httpd.conf (and enable PHP and include the mod_auth_mysql Bugzilla authentication I mentioned in my last blog entry), and tweak the WebSVN “include/config.inc” file:
$config->parentPath(“/path/to/svn/repositories”)
$config->userAuthenticationFile(“/path/to/svn/accessffile”)
I also configured the wsvn.php file to match where I deployed everthing:
$localwebsvnhttp = "/websvn";
$localwebsvnreal = "/var/www/websvn";
Some other nice things about WebSVN:
- can do diff between versions
- syntax highlighting for source code
- ability to download a “tarball” of any directory
- RSS feed
- BugTraq support (I’ll talk more about BugTraq in a future blog entry)
What I don’t like about WebSVN is that the file listing screen doesn’t show you how long ago each file was last modified, or in what revision, or by who. To find that information, you have to click the “View Log” link for the particular file you’re interested in.
I found the default theme to be pretty bland. It comes with a much better looking theme called “BlueGrey”, but you have to specify it in the “config.inc” file:
$config->setTemplatePath(“$localwebsvnreal/templates/BlueGrey/”)
I also had to add some “.htaccess” files to the WebSNV directory to make sure a user couldn’t view the config files, or any other files they shouldn’t need to have access to.
Comments
I went in circles banging my head trying to figure out just why in the world I still couldn't get the index page to show up when I tried to enable access controls. First things first, this line:
$config->userAuthenticationFile(“/path/to/svn/accessffile”)
should be:
$config->userAuthenticationFile(“/path/to/svn/accessffile”);
That little semi-colon was my real problem. I only figured it out because I finally was going to try a new tack and see if php troubleshooting would give me hints as to why my access file wasn't working. Boy did I feel stupid. I thought me pointing it out might help someone else skip this frustration.
As a result, I also saw a note that pointed to the correct syntax of that top-level access so that repos listing displays correctly, but doesn't overwrite the subsequent repos access:
[/:/]
* = r
This will let anyone that has been authenticated to view the list of repositories.
And finally, if someone else is looking to just get this running to try it out with basic apache authentication, here's what I dropped into httpd.conf. My WebSVN directory is in my doc root (/var/www/html/). You can see that the htpasswd file is /svn/users/passwords.
Options FollowSymLinks
order allow,deny
allow from all
AuthType Basic
AuthName "Subversion Repository"
Require valid-user
AuthUserFile /svn/users/passwords
php_flag magic_quotes_gpc Off
php_flag track_vars On
Note that I'm not using multiview, which would result in some changes based on that configuration.
Hi I need help to set user and password values so only those users can access the repository whose password and username matches with the one in the conf. file.
I was able to set values for user and password. But I am not receiving a prompt for entering my username and password.
Can anyone help me please?
I am using CollabNet Server.
Thanks
I do seem to remember having some problem where I had to make the "unnamed" repository readable by everyone in order to get WebSVN to work.
In my access file, I have 2 groups (a group is a named list of user accounts), a "read/write" group and a "read only" group.
I also have multiple repositories hosted, and originaly I only had entries for these named repositories. But I did have a problem with accessing the WebSVN index page (On the index page, each repository is listed as a link, and you choose which one you want to browse).
To get around this, I added an unnamed repository, and gave "read only" access to everyone, which seemed to solve the problem.
My accessfile looks something like this:
# Subversion Authorization File# Set up our groups
# "developers" get read/write access
# "testers" will only get read access
[groups]
developers = user_one, user_two, user_three
testers = user_four, user_five
# Give "read only" access to everyone
# for the unnamed "root" repository
[/]
@developers = r
@testers = r
# Give read/write access to deveopers,
# read only to testers
[project-one:/]
@developers = rw
@testers = r
[ project-two:/]
@developers = rw
@testers = r
hi, my access file works fine in subversion 1.4.2 + apache 2.2.3, but WebSVN seems to do not support user groups. If I use the user name direct, like
test_one = r
it works fine, but if I use
test_group = test_one, test_two
delvelop_group = dev_one, dev_two
all_group = @test_group, @delvelop_group
@all_group = r
WebSVN will not allow any one to access the repository.
how does that accessffile look like?
I have almost the thing working with authenication.
I'm using this on the websvn folder
allow from all
AuthType Basic
AuthName "Prosjektet 'Bedrift' "
AuthUserFile /mnt/hd3/svn/passwd
Require valid-user
and I have enabled userAuthenticationFile.
but I still can't get it working, the project folder is shown when I login, but I get a premmission error when I enter it,
any tips?
Post new comment