Ubuntu下Subversion集成Redmine用户认证

事实上,没有什么事比这件更让人上火。在此之前,一切如此顺利,apt-get和少有的几个小修改就可以解决,而且Google之后可以得来的资料非常丰富。这一件呢?搜索出来的结果居然会导致配置错误。

话说要完成集成认证,首先要安装这个模块libapache2-mod-auth-mysql,因为我安装的Redmine后台使用的是mysql,如果postgresql或sqlite,那就自行找相关的模块吧。

sudo apt-get install libapache2-auth-mysql

创建视图:

CREATE VIEW users_auth_external AS
SELECT u.login AS username,
       u.hashed_password AS passwd,
       GROUP_CONCAT(p.identifier) AS groups
FROM `members` m
INNER JOIN users u ON m.user_id = u.id
INNER JOIN projects p ON m.project_id = p.id
WHERE u.status = 1
GROUP BY username

配置:

下面列出了两种配置方式,新版本是我在Ubuntu 10.10下缺省使用apt-get安装后可用的版本,但是搜索一般得来的结果以第一种居多(最恶的是在这个模块sourceforge的主站上得到的居然是老版本的内容):

# 老版本 新版本
# AuthMySQLEnable On

AuthMySQLHost 192.168.xxx.xxx

AuthMySQLUser redmine

AuthMySQLPassword redmine_password

AuthMySQLDB redmine087

AuthMySQLUserTable “users, members” #注意这儿跟上不一样

AuthMySQLNameField login

AuthMySQLPasswordField hashed_password

AuthMySQLPwEncryption sha1

AuthMySQL On

AuthMySQL_Authoritative on

AuthMySQL_Host localhost

AuthMySQL_DB my_database

AuthMySQL_User my_database_user

AuthMySQL_Password my_database_password

AuthMySQL_Password_Table users_auth_external

AuthMySQL_Group_Table users_auth_external

AuthMySQL_Username_Field username

AuthMySQL_Password_Field passwd

AuthMySQL_Group_Field groups

AuthMySQL_Encryption_Types SHA1Sum

经常搞不懂这种修改有什么意义。因为看起来就是改变了名字而已。也许是开发人员的习惯或者本尊更换以致于见不得不同风格的内容,但是这种变化给人带来的不便却是显而易见的。即便是开源软件,即便是施福于人的东西,这种变更也让人心生不满。虽然渐近不惑,惑日渐多。不过也容易明白,有时候自己也会做错事。或许不惑之说无外乎警醒我们年华已逝,剩下的时间多干点正事儿吧,又或许是说你想怎么干就怎么干,爽才是真正的不惑吧。

参照:

1. 使用Apache为subversion做出认证
2. Authenticate Apache against Redmine with AuthMySQL
3. libapache2-auth-mysql主站

我在使用的开源软件

我刚刚做出一个艰难的决定,在未来一段时间内,尽可能将我常用的开源软件介绍给大家。但是与某站的列表类似,我将只提供这些软件的名字,至于他们是做什么的,相信您会了解是比我清楚:

Ubuntu,SVN,Redmine,Freemind,Dia,VirtualBox,vim

python,ruby,PHP, Lazarus

OpenOffice,Planner,MySQL,PySVN Workbench

wxWidgets

Apache2

翻译:Subversion on Ubuntu

为了安装trac和subversion,准备学习这些资料。先把它们翻译一下。
Do things what you want to do.
https://help.ubuntu.com/community/Subversion

Subversion
This wiki document explains how to setup Subversion alias SVN on Ubuntu. The intended audience is experienced Linux users and system administrators.
本篇wiki文档解释了如何在Ubuntu上安装和设置Subversion,别名SVN。本文的预期读者是有经验的Linux用户和系统管理员。

Introduction
If you are new to Subversion, this section provides a quick introduction.
如果你是Subversion新手,本节内容给你提供了一份简介。
Subversion is an open source version control system. Using Subversion, you can record the history of source files and documents. It manages files and directories over time. A tree of files is placed into a central repository. The repository is much like an ordinary file server, except that it remembers every change ever made to files and directories.
Subversion是一个开源的版本控制系统。如果使用Subversion你可以记录下源文件、文档的修改历史。它随着时间的推移管理文件和目录。一个目录树下的文件将被放到一个中心仓库中。这个仓库有点象一个普通的文件服务器,当然,除了它会记住文件和目录的曾经做过的每一个变化。

Assumptions
It is assumed that you are aware of how to run Linux commands, edit files, start/stop services in an Ubuntu system. It is also assumed that Ubuntu is running, you have sudo access and you want to use Subversion software.
本文假设你了解如何在Ubuntu系统中,运行Linux命令,编辑文件,开始和停止服务。同时,也假定你的Ubuntu系统正在运行,你使用了sudo访问并且想要使用Subversion软件。
It is also assumed you have an internet connection.
也假定你有一个internet连接。

Scope of this document
To make an SVN repository available to access using the HTTP protocol, you must install & configure web server. Apache 2 is proven to work with SVN. The installation of Apache 2 Webserver is beyond the scope of this document. (See ./ApacheHTTPserver.) However, the configuration of Apache 2 Webserver for SVN is covered in this document.
如果想要可以使用http协议访问一个SVN仓库,你必须安装和配置一个web服务器。Apache 2已经被证实可以与SVN一起工作。安装Apache2 Web服务器的说明不在本文范围之内,请参阅ApacheHTTPserver(https://help.ubuntu.com/community/ApacheHTTPserver)。当然,为SVN配置Apache2服务器是在本文范围之内。
To access an SVN repository using HTTPS protocol, you must install & configure digital certificate in your Apache 2 web server. The installation and configuration of digital certificate is beyond the scope of this document. (See forum/server/apache2/SSL.)
要想使用HTTPS协议访问SVN仓库,你必须安装配置你Apache2服务器上的数字证书。当然,安装和配置这些证书显然又不在本文范围之内了,还是看https://help.ubuntu.com/community/forum/server/apache2/SSL吧。

Installation
Subversion is already in the main repository, so to install Subversion you can simply install the subversion package (see InstallingSoftware).
因为Subversion已经在主仓库之中(即apt-get之中),所以安装Subversion,你只需要简单的安装subversion包就可以了(参见安装软件)。
If it fails reporting dependencies, please locate the packages and install them. If it reports any other issues, please resolve them. If you cannot resolve the issue, please refer the mailing list archive of those packages.
如果安装失败报告缺少依赖,请找到那些包并安装它们。如果报告了其它问题,请解决它们。如果你无法解决这些问题,请反馈给这些包的邮件列表。

Server Configuration
This step assumes you have installed above mentioned packages on your system. This section explains how to create SVN repository and access the project.
本步骤假设你已经在你的系统中安装了上述软件包。本节将解释如何建立SVN仓库并访问该项目。

Create SVN Repository
There are several typical places to put a Subversion repository; most common places are: /srv/svn, /usr/local/svn and /home/svn. For clarity’s sake, we’ll assume we are putting the Subversion repository in /home/svn, and your project’s name is simply ‘myproject’
保存Subversion仓库有几个典型的目录。一般常用的是/srv/svn, /usr/loca/svn和/home/svn。为了表达得更清楚,我们假设Subversion仓库设置在/home/svn,你的项目名称是简单的myproject。
There are also several common ways to set permissions on your repository. However, this area is the most common source of errors in installation, so we will cover it thoroughly. Typically, you should choose to create a new group called ‘subversion’ that will own the repository directory. To do this (see [AddUsersHowto] for details):
对于设置你的仓库的权限有数种方式。然而,在安装过程中会有一些经常会遇到的错误,我们需要先解决它。特别是,你需要先创建一个新的叫做“subversion”的组,它将拥有仓库目录的所有权。要做这个步骤,参考一下如何创建用户。
1. Choose System > Administration > Users and Groups from your Ubuntu menu.
从你的Ubuntu系统菜单中选择系统->系统管理->用户和组
2. Select the Group tab
选择“组”这一页
3. Click the ‘Add Group’ button
点击“增加组”按钮
4. Name the group ‘subversion’
给你的组命名为:subversion。
5.Add yourself and www-data (the Apache user) as users to this group
(Note: in order to see www-data you may need to see FixShowAllUsers)
将你自己和www-data(就是apache的用户)增加为这个组的用户(注:为了看到www-data用户,你需要看一下FixShowAllUsers的帮助文档)
6. Select ‘OK’ to commit your changes and exit the app.
选择“确定”来提交你的改动,退出这个程序。

You have to logout and login again before you are a member of the subversion group, and can do check ins.
在你成为subversion组的成员之前,你需要退出登录然后重新登录,之后你可以提交内容了。

Now issue the following commands:
现在来看下面的命令:

[code language=”bash”]
$ sudo mkdir /home/svn
$ cd /home/svn
$ sudo mkdir myproject
[/code]

The SVN repository can be created using the following command:
使用下面的指令就可以创建SVN仓库了:

$ sudo svnadmin create /home/svn/myproject

And use the following commands to correct file permissions:
使用下面的命令来修正文件的权限:
[code language=”bash”]
$ cd /home/svn
$ sudo chown -R www-data:subversion myproject
$ sudo chmod -R g+rws myproject
[/code]
The last command sets gid for proper permissions on all new files added to your Subversion repository.
最后的命令将对加入到Subversion仓库中的所有新文件设置正确的权限。

If you want to use WebDAV as an access method described below, repeat the chmod -R g+rws myproject command again. This is because svnadmin will create directories and files without group write access. This is no problem for read only access or using the custom svn protocol but when Apache tries to commit changes to the repository linux will deny it access. Also the owner and group are set as root. This can be changed by repeating the chown and chgrp commands listed above.
如果你想如下面描述一样使用WebDAV作为一种访问方式,需要再重复一下chmod -R g+rws myproject命令。这是因为svnadmin将创建目录和文件,但是没有组的写入权限。这对于只读的访问或者使用定制的svn协议是没有任何问题的,但是Apache会试图向仓库提交改变,这时Linux将拒绝它的访问。同时,所有者和组都设置成了root用户。这些都可以通过下面重复的chown和chgrp命令来改变。

Access Methods
Subversion repositories can be accessed (checkout) through many different methods-on local disk, or through various network protocols. A repository location, however, is always a URL. The table describes how different URL schemas map to the available access methods.
Subversion的仓库可以有几种不同的访问方式(或称被检出),本地磁盘访问或者通过不同的网络协议。仓库的位置,自然,是一个URL形式。下面的表格描述了不同的URL模式所对应的访问方式。

Schema Access Method
file:/// direct repository access (on local disk)
直接访问仓库(就在本地磁盘)
http:// Access via WebDAV protocol to Subversion-aware Apache 2 web server
采用WebDAV协议来访问与Subversion配合的Apache2服务器
https:// Same as http://, but with SSL encryption
与http://协议相同,但是采用了SSL加密
svn:// Access via custom protocol to an svnserve server
通过svn服务定制协议进行访问
svn+ssh:// Same as svn://, but through an SSH tunnel
与svn://相同,但是通过SSH隧道

In this section, we will see how to configure SVN for all these access methods. Here, we cover the basics. For more advanced usage details, you are always recommended to refer the svn book.
本节中,我们可以看到如何为SVN配置所有的这些访问方式。这里我们会谈到基础内容。如果要更多高级用法的详细说明,强烈建议你查阅svn图书。

Direct repository access (file://)
直接仓库访问(file://)
This is the simplest of all access methods. It does not require any SVN server process to be running. This access method is used to access SVN from the same machine. The syntax is as follows:
这是所有访问方式中最为简单的一种。它不需要运行任何SVN服务进程。这种访问方式可以用于访问同一台机器中的SVN。表达方式如下:
[code language=”bash”]
$ svn co file:///home/svn/myproject
[/code]
or
[code language=”bash”]
$ svn co file://localhost/home/svn/myproject
[/code]
NOTE: Please note, if you do not specify the hostname, you must use three forward slashes (///). If you specify the hostname, you must use two forward slashes (//).
注意:请注意,如果你没有指定主机名,你一定要使用三个斜杠(///)。如果你指定了主机名,你要使用两个斜杠(//)。

The repository permission is dependant on filesystem permission. If the user has read/write permission, he can checkout/commit the changes to the repository. If you set permissions as above, you can give new users the ability to checkout/commit by simply adding them to the Subversion group you added above.
仓库中的权限是依赖于文件系统的权限的。如果用户有读写权限,他就可以向仓库做检出和提交变化的动作。如果你象上面一样设置了权限,你可以简简单单地将新用户加入上面你创建的Subversion组就可以让他们具有检出和提交的能力。

Access via WebDAV protocol (http://)
使用WebDAV协议访问
To access the SVN repository via WebDAV protocol, you must configure your Apache 2 web server.
要通过WebDAV协议访问SVN仓库,您老需要配置一下你的Apache2服务器。

First install the following package libapache2-svn (see InstallingSoftware).
首先要安装下面的包:libapache2-svn(见安装软件,注:[code language=”bash”]sudo apt-get install libapache2-svn[/code])

You must add the following snippet in your /etc/apache2/mods-available/dav_svn.conf file:
你需要将下面代码片断加到你的/etc/apache2/mods-available/dav_svn.conf文件中去:
[code language=”xml”]

DAV svn
SVNPath /home/svn/myproject
AuthType Basic
AuthName “myproject subversion repository”
AuthUserFile /etc/subversion/passwd Require valid-user

[/code]
NOTE: The above configuration assumes that all Subversion repositories are available under /home/svn directory.
注意:上面的配置假定的是所有的subversion仓库都是真实存在于/home/svn目录中。

TIP: If you want the ability to browse all projects on this repository by going to the root url (http://www.serveraddress.com/svn) use the following in dav_svn.conf instead of the previous listing:
小提示:如果你想拥有通过根url(http://www.serveraddress.com/svn)来浏览本仓库中所有项目的能力,那你就不能使用前面列出的配置,要使用下面的dav_svn.conf:
[code language=”xml”]

DAV svn
SVNParentPath /home/svn
SVNListParentPath On
AuthType Basic
AuthName “Subversion Repository”
AuthUserFile /etc/subversion/passwd Require valid-user

[/code]

NOTE: To limit any connection to the SVN-Server (private SVN), remove the lines and .
注意:要限制对SVN服务器的访问(即私有的SVN),移除行。

Alternatively, you can allow svn access on a per-site basis. This is done by adding the previous snippet into the desired site configuration file located in /etc/apache2/sites-available/ directory.
或者,你可以采取让svn访问基于单站点的方式访问。这个可以通过将上面代码片断加入位于/etc/apache2/sites-available/目录中设定的站点配置文件中。

Once you add the above lines, you must restart apache2 web server. To restart apache2 web server, you can run the following command:
当你添加完上面的代码,你就可以重新启动apache2服务器了。要重新启动apache2服务器,你可以运行下面的命令:
[code language=”bash”]
sudo /etc/init.d/apache2 restart
[/code]

Next, you must create /etc/subversion/passwd file. This file contains user authentication details.
下一步,你要创建/etc/subversion/passwd文件。这个文件包含了用户授权的详细信息。

If you have just installed SVN, the passwd file will not yet exist and needs to be created using the “-c” switch. Adding any users after that should be done without the “-c” switch to avoid overwriting the passwd file.
如果你刚刚安装好SVN,那么passwd还不存在,需用”-c”开关来创建它。之后增加用户则无需”-c”开关即可,这样可以避免覆盖passwd文件。

To add the first entry, ie.. to add the first user, you can run the following command:
为了增加第一条记录,就是增加一个用户,你要运行下面的命令:

[code language=”bash”]
sudo htpasswd -c /etc/subversion/passwd user_name
[/code]

It prompts you to enter the password. Once you enter the password, the user is added.
它提示你输入密码。一旦你输入了密码,用户就增加完成了。

To add more users after that, you can run the following command:
这之后再增加用户,你可以运行下面的命令:

[code language=”bash”]
sudo htpasswd /etc/subversion/passwd second_user_name
[/code]

If you are uncertain whether the passwd file exists, running the command below will tell you whether the file already exists:
如果你还不知道是否存在这个passwd文件存在,运行下面的命令会告诉你这个文件是否存在:

[code language=”bash”]
cat /etc/subversion/passwd
[/code]

Now, to access the repository you can run the following command:
现在,就可以用下面的命令来访问仓库了:
[code language=”bash”]
$ svn co http://hostname/svn/myproject myproject –username user_name
[/code]

It prompts you to enter the password. You must enter the password configured using htpasswd2 command. Once it is authenticated the project is checked out. If you encounter access denied, please remember to logout and login again for your memebership of the subversion user-group to take effect.
它会提示你输入密码。你需要输入通过htpasswd2命令时输入的密码。一旦验证通过,项目就被检出。如果你遇到拒绝访问,请记得要退出登录,然后重新登录以让你的subversion组成员身份被确认生效。

WARNING: The password is transmitted as plain text. If you are worried about password snooping, you are advised to use SSL encryption. For details, please refer next section.
警告:密码会以明文发送。如果你担心密码被偷窥,可以建议你用SSL加密。详细内容,请看下一节。

Access via WebDAV protocol with SSL encryption (https://)
通过采用SSL加密的WebDAV协议访问
Accessing SVN repository via WebDAV protocol with SSL encryption (https://) is similar to http:// except you must install and configure the digital certificate in your Apache 2 web server.
通过SSL加密的WebDAV协议访问SVN仓库与http方式大致是一样的,区别是你必须在你的Apache2服务器里安装和配置数字证书。

You can install a digital certificate issued by Signing authority like Verisign. Alternatively, you can install your own self signed certificate.
你可以安装一份由签名机构如Verisign签发的数字证书。或者,你可以安装你自己的签名的证书。

This step assumes you have installed and configured digital certificate in your Apache 2 web server. Now to access SVN repository please refer the above section. You must use https:// to access the SVN repository.
这一步假定你安装并配置好了你Apache2服务器的数字证书。现在参考上面的章节访问SVN仓库。你必须用https://访问SVN仓库。

Access via custom protocol (svn://)
通过定制协议(svn://)访问
Once the SVN repository is created, you can configure the access control. You can edit /home/svn/myproject/conf/svnserve.conf file to configure the access control.
当SVN仓库创建好之后,你可以配置访问控制。你可以编辑/home/svn/myproject/conf/svnserve.conf这个文件,来控制访问控制。

NOTE: svnserve.conf is sensitive to whitespace, be sure not to leave any whitespace at the start of a line or it will not be able to read the file.
注意:svnserver.conf文件对空格敏感,所以要确认不要在一行的开始编辑空格,否则,它将无法读取文件。

For example, to setup authentication you can uncomment the following lines in the configuration file:
例如,想要设置验证的话你可以在配置文件中取消下面这些这些行的注释:

[code language=”bash”]
# [general]
# password-db = passwd
[/code]

After uncommenting the above lines, you can maintain the user list in passwd file. So, edit the file passwd in the same directory and add new user. The syntax is as follows:
在取消上面这些行的注释之后,你可以维护一下passwd文件中的用户列表。编辑相同目录下的passwd文件,增加新的用户,表达式如下:

[code language=”bash”]
username = password
[/code]

For more details, please refer the file.
更多详细信息,请参照该文件。

Now, to access SVN via svn:// custom protocol either from the same machine or different machine, you can run svnserver using svnserve command. The syntax is as follows:
现在,无论是在同一台机器还是不同的机器,要通过svn://定制协议访问SVN,你需要通过svnserver命令运行runserver。写法如下:

[code language=”bash”]
$ svnserve -d –foreground -r /home/svn
# -d — daemon mode
# –foreground — run in foreground (useful for debugging)
# -r — root of directory to serve
[/code]

For more usage details, please refer,
想了解更多详细的用法,请参照:
[code language=”bash”]
$ svnserve –help
[/code]

Once you run this command, SVN starts listening on default port (3690). To access the project repository, you must run the following command:
当你运行了这句命令时,SVN开始侦听缺省的3690端口。

[code language=”bash”]
$ svn co svn://hostname/myproject myproject –username user_name
[/code]

Based on server configuration, it prompts for password. Once it is authenticated, it checks out the code from SVN repository.
基于服务器的配置,它会提示要求输入密码。当密码被验证之后,它将从SVN仓库中检出代码。

To synchronize the project repository with the local copy, you can run update sub-command. The syntax is as follows:
想要与本地的拷贝同步项目仓库,你可以使用update这个子命令。写法如下:
[code language=”bash”]
$ cd project_dir
$ svn update
[/code]

For more details about using each SVN sub-command, you can refer the manual. For example, to learn more about co (checkout) command, please run:
想要了解每一个SVN的子命令,你可以参考用户手册。例如,想要了解co(checkout)命令,请运行 :

[code language=”bash”]
$ svn help co
[/code]

Start svnserve at bootup
在系统起动时运行svnserve

One can start the svnserve daemon at bootup using an initd script. Look at Michał Wojciechowski Blog post for instructions and a good initd script for svnserve.
用户可以使用initd脚本在系统起动时开始svnserve守护进程。 可以看看Michał Wojciechowski博客上的安装指南和svnserve的不错的initd脚本。

Access via custom protocol with SSL encryption (svn+ssh://)
通过SSL加密的定制协议(svn+ssh://)访问

It is not necessary to run the SVN server (svnserve) in order to access SVN repositories on a remote machine using this method. However, it is assumed that the SSH server is running in the remote machine with the repository and it is allowing incoming connections. To confirm, please try to login to that machine using ssh. If you can login, then everything is perfect. If you cannot login, please address it before continuing further.
如果用这种方式要访问另一台机器上的SVN仓库,其实无需运行 SVN服务器(svnserve)。然而,它要假设SSH服务器已经运行,并且允许进来的访问。为了确定这些,请使用ssh登录那台机器。如果你可以登录,所有事情都非常完美。

The svn+ssh:// protocol is used for accessing SVN repositories with SSL encryption for secure data transfer. To access a repository using this method, run the following command:
svn+ssh://协议被用来访问由SSL加密的SVN仓库,用来保护数据传输。用这种方式来访问仓库,运行下面的命令:

[code language=”bash”]
$ svn co svn+ssh://hostname/home/svn/myproject myproject –username user_name
[/code]

NOTE: You must use full path (/home/svn/myproject) to access an SVN repository using this method.
注意:用这种方法你必须使用全路径(/home/sv/myproject)来访问SVN仓库。

Based on the SSH server configuration, it prompts for password. You must enter the password you use to login via ssh. Once it is authenticated, it checks out the code from SVN repository.
基于SSH服务的配置,它会提示密码输入。你必须输入密码来登录ssh。登录成功之后,它会检出SVN仓库中的代码。

You can also refer the SVN book for details about the svn+ssh:// protocol.
你可以查阅SVN书来获得关于svn+ssh://协议的详细信息。

References 参考
Setting up Apache on Ubuntu 在Ubuntu中安装配置Apache
SVN Home page SVN主页
SVN Book SVN图书
Apache 2 Documentation Apache 2文档
Mod-SSL
Apache-SSL

非常棒的连续剧。Don’t do that even if it so long ago.
Cold Case

SVN Client – pysvn WorkBench

pysvn WorkBench

  • Supports all svn client features
  • Supports svn transaction features required to write svn pre-commit hooks
  • Easy to learn and use
  • Python like interface
  • Good Documentation and examples
  • No need to understand the Subversion C API

wb_main_window

Ubuntu packages pysvn and workbench.

sudo apt-get install python-svn
sudo apt-get install svn-workbench

Fedora packages pysvn

yum install pysvn

免费的SCM环境SVN搭建

习惯已经养成。从2002年左右开始使用CVS,到2007年转向SVN,源码管理工具的使用,让工作更有条理。不过可惜的是,一直使用Tortoise系列的工具,TortoiseCVS, TortoiseSVN, TortoiseGit(用于git), TortoiseHG(用于Mercurial),命令的参数可是一个都记不全。可能只有co/clone吧。 继续阅读“免费的SCM环境SVN搭建”