Subversion : HTTP でアクセスする2021/06/18 |
[svnserve] を起動せず、HTTP でリポジトリにアクセスできるよう設定します。
|
|
[1] | |
[2] | |
[3] | 必要なパッケージをインストールしておきます。 |
[root@dlp ~]# dnf -y install mod_dav_svn
|
[4] | Apache httpd の設定です。 例として [/var/svn/repos/project] リポジトリにアクセスできるよう設定します。 |
[cent@dlp ~]#
vi /etc/httpd/conf.d/subversion.conf # 新規作成 <Location /project> DAV svn AuthType Basic AuthName "DAV SVN" AuthUserFile /var/svn/.svnpasswd Require valid-user SVNPath /var/svn/repos/project </Location> # ユーザー登録 [root@dlp ~]# htpasswd -c /var/svn/.svnpasswd cent New password: Re-type new password: Adding password for user cent [root@dlp ~]# chown -R apache. /var/svn/repos/project [root@dlp ~]# systemctl restart httpd |
[5] | アクセス権を設定する場合は以下のようにします。 [svnserve] サービス起動時のアクセス権設定とは別の設定です。 |
[root@dlp ~]#
vi /var/svn/repos/project/conf/authzsvn.conf # 新規作成 # グループを定義 [groups] developer = cent,fedora operator = redhat # ルートディレクトリのアクセス権は [Read] [/] * = r # [trunk] 配下のアクセス権は [developer] のみ [Read/Write] [project:/trunk] @developer = rw # [branches] 配下のアクセス権は [operator] のみ [Read/Write] [project:/branches] @operator = rw # [tags] 配下のアクセス権は [operator] のみ [Read/Write] [project:/tags] @operator = rw
[root@dlp ~]#
vi /etc/httpd/conf.d/subversion.conf <Location /project> DAV svn AuthType Basic AuthName "DAV SVN" AuthUserFile /var/svn/.svnpasswd Require valid-user SVNPath /var/svn/repos/project # 追記 AuthzSVNAccessFile /var/svn/repos/project/conf/authzsvn.conf </Location>[root@dlp ~]# systemctl restart httpd |
[6] | SELinux を有効にしている場合は、ポリシーの変更が必要です。 |
[root@dlp ~]#
vi svn-httpd.te # 以下の内容で新規作成 module svn-httpd 1.0; require { type svnserve_content_t; type httpd_t; class file { append create getattr lock open read rename setattr unlink write }; class dir { add_name create read remove_name rmdir write }; } #============= httpd_t ============== allow httpd_t svnserve_content_t:dir { add_name create read remove_name rmdir write }; allow httpd_t svnserve_content_t:file { append create getattr lock open read rename setattr unlink write }; checkmodule -m -M -o svn-httpd.mod svn-httpd.te checkmodule: loading policy configuration from svn-httpd.te checkmodule: policy configuration loaded checkmodule: writing binary representation (version 19) to svn-httpd.mod [root@dlp ~]# semodule_package --outfile svn-httpd.pp --module svn-httpd.mod [root@dlp ~]# semodule -i svn-httpd.pp |
[7] | 任意のホストから HTTP/HTTPS アクセスして設定を確認します。 |
[redhat@node01 ~]$ svn --username cent list https://dlp.srv.world/project
Authentication realm: <https://dlp.srv.world:443> DAV SVN
Password for 'cent': ********
-----------------------------------------------------------------------
ATTENTION! Your password for authentication realm:
<https://dlp.srv.world:443> DAV SVN
can only be stored to disk unencrypted! You are advised to configure
your system so that Subversion can store passwords encrypted, if
possible. See the documentation for details.
You can avoid future appearances of this warning by setting the value
of the 'store-plaintext-passwords' option to either 'yes' or 'no' in
'/home/cent/.subversion/servers'.
-----------------------------------------------------------------------
Store password unencrypted (yes/no)? no
branches/
tags/
trunk/
[cent@node01 work]$ svn --username cent co https://dlp.srv.world/project Authentication realm: <https://dlp.srv.world:443> DAV SVN Password for 'cent': ******** A project/branches A project/tags A project/trunk A project/trunk/index.html A project/trunk/test.txt A project/trunk/testfile.txt Checked out revision 6.
[redhat@node01 work]$
cd project/trunk
# 適当にバージョン管理下の任意のファイル編集後に # [redhat] ユーザーで [trunk] へ [commit] [redhat@node01 trunk]$ echo index.html >> index.html [redhat@node01 trunk]$ svn --username redhat ci index.html -m "update by redhat"
Authentication realm: <https://dlp.srv.world:443> DAV SVN
Password for 'redhat': ********
Sending index.html
Transmitting file data .svn: E195023: Commit failed (details follow):
svn: E195023: Changing file '/home/redhat/work/project/trunk/index.html' is forbidden by the server
svn: E175013: While preparing '/home/redhat/work/project/trunk/index.html' for commit
svn: E175013: Access to '/project/!svn/txr/6-6/trunk/index.html' forbidden
# 設定通り拒否された
# [fedora] ユーザーで [trunk] へ [commit] [redhat@node01 trunk]$ svn --username fedora ci index.html -m "update by fedora"
Authentication realm: <https://dlp.srv.world:443> DAV SVN
Password for 'fedora': ********
Sending index.html
Transmitting file data .done
Committing transaction...
Committed revision 7.
# 設定通り [commit] できた
|
[8] | HTTP のため Web ブラウザで参照アクセスすることもできます。 |
Sponsored Link |