CentOS Stream 8
Sponsored Link

Subversion : Access to Repositories via HTTP2021/06/18

 
Access to Repositories via HTTP, without running [svnserve].
This setting is not effective to the case you access via [svn://] or [file://].
[1]
[2]
[3] Install required packages.
[root@dlp ~]#
dnf -y install mod_dav_svn
[4] Configure Apache httpd.
For example, Set HTTP access to [/var/svn/repos/project] repository.
[cent@dlp ~]#
vi /etc/httpd/conf.d/subversion.conf
# create new

<Location /project>
    DAV svn
    AuthType Basic
    AuthName "DAV SVN"
    AuthUserFile /var/svn/.svnpasswd
    Require valid-user
    SVNPath /var/svn/repos/project
</Location> 

# add users

[root@dlp ~]#
htpasswd -c /var/svn/.svnpasswd cent

New password:
Re-type new password:
Adding password for user cent
[root@dlp ~]#
chown -R apache. /var/svn/repos/project

[root@dlp ~]#
systemctl restart httpd

[5] If also set access permission, Configure like follow.
[root@dlp ~]#
vi /var/svn/repos/project/conf/authzsvn.conf
# create new

# set group

[groups]
developer = cent,fedora
operator = redhat
# everyone can [Read] access on root directory

[/]
* = r
# only [developer] group can [Read/Write] under the [trunk] directory

[project:/trunk]
@developer = rw
# only [operator] group can [Read/Write] under the [branches] directory

[project:/branches]
@operator = rw
# only [operator] group can [Read/Write] under the [tags] directory

[project:/tags]
@operator = rw
[root@dlp ~]#
vi /etc/httpd/conf.d/subversion.conf
<Location /project>
    DAV svn
    AuthType Basic
    AuthName "DAV SVN"
    AuthUserFile /var/svn/.svnpasswd
    Require valid-user
    SVNPath /var/svn/repos/project
    # add the line
    AuthzSVNAccessFile /var/svn/repos/project/conf/authzsvn.conf
</Location> 

[root@dlp ~]#
systemctl restart httpd

[6] If SELinux is enabled, change policy.
[root@dlp ~]#
vi svn-httpd.te
# create new

module svn-httpd 1.0;

require {
        type svnserve_content_t;
        type httpd_t;
        class file { append create getattr lock open read rename setattr unlink write };
        class dir { add_name create read remove_name rmdir write };
}

#============= httpd_t ==============
allow httpd_t svnserve_content_t:dir { add_name create read remove_name rmdir write };
allow httpd_t svnserve_content_t:file { append create getattr lock open read rename setattr unlink write };

[root@dlp ~]#
checkmodule -m -M -o svn-httpd.mod svn-httpd.te

checkmodule: loading policy configuration from svn-httpd.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 19) to svn-httpd.mod
[root@dlp ~]#
semodule_package --outfile svn-httpd.pp --module svn-httpd.mod

[root@dlp ~]#
semodule -i svn-httpd.pp

[7] Verify settings to access via HTTP/HTTPS from any Hosts.
[redhat@node01 ~]$
svn --username cent list https://dlp.srv.world/project

Authentication realm: <https://dlp.srv.world:443> DAV SVN
Password for 'cent': ********

-----------------------------------------------------------------------
ATTENTION!  Your password for authentication realm:

   <https://dlp.srv.world:443> DAV SVN

can only be stored to disk unencrypted!  You are advised to configure
your system so that Subversion can store passwords encrypted, if
possible.  See the documentation for details.

You can avoid future appearances of this warning by setting the value
of the 'store-plaintext-passwords' option to either 'yes' or 'no' in
'/home/cent/.subversion/servers'.
-----------------------------------------------------------------------
Store password unencrypted (yes/no)? no
branches/
tags/
trunk/

[redhat@node01 ~]$
echo 'store-plaintext-passwords = no' >> ~/.subversion/servers
[redhat@node01 ~]$
mkdir work

[redhat@node01 ~]$
cd work
[cent@node01 work]$
svn --username cent co https://dlp.srv.world/project

Authentication realm: <https://dlp.srv.world:443> DAV SVN
Password for 'cent': ********

A    project/branches
A    project/tags
A    project/trunk
A    project/trunk/index.html
A    project/trunk/test.txt
A    project/trunk/testfile.txt
Checked out revision 6.

[redhat@node01 work]$
cd project/trunk
# after creating or editing any files under the repository,

# try to [commit] with [redhat] user

[redhat@node01 trunk]$
echo index.html >> index.html

[redhat@node01 trunk]$
svn --username redhat ci index.html -m "update by redhat"

Authentication realm: <https://dlp.srv.world:443> DAV SVN
Password for 'redhat': ********

Sending        index.html
Transmitting file data .svn: E195023: Commit failed (details follow):
svn: E195023: Changing file '/home/redhat/work/project/trunk/index.html' is forbidden by the server
svn: E175013: While preparing '/home/redhat/work/project/trunk/index.html' for commit
svn: E175013: Access to '/project/!svn/txr/6-6/trunk/index.html' forbidden
# denied normally as settings

# [commit] with [fedora] user

[redhat@node01 trunk]$
svn --username fedora ci index.html -m "update by fedora"

Authentication realm: <https://dlp.srv.world:443> DAV SVN
Password for 'fedora': ********

Sending        index.html
Transmitting file data .done
Committing transaction...
Committed revision 7.
# done normally as settings
[8] It's also possible to access on Web browser (read only).
Matched Content