= Subversion server for orchidee = == Presentation on Trac and Subversion == * From Martial's meeting give monday, the 22th of november, 2010 in [[BR]] http://dods.ipsl.jussieu.fr/orchidee/Trac_Subversion.pdf * WARNING : this presentation has been updated the 1st of december, 2010 : http://dods.ipsl.jussieu.fr/orchidee/Trac_Subversion_1.pdf == SVN commands == Please see [Meetings/Technical/Archives#a17112010 here] to understand SVN '''server tree and authorizations''' for ORCHIDEE. See this link : {{{ http://forge.ipsl.jussieu.fr/orchidee/browser }}} to watch the tree (only open directories). [[BR]] You can use trunk dir or tags/ORCHIDEE_1_9_5. === Subversion server === The right way to get a version is to use : {{{ svn co --username mylogin svn://forge.ipsl.jussieu.fr/orchidee/PATHORCHIDEE LOCALDIR }}} It will ask you for password. Please see section [Tools/Subversion#SVNConfigfiles SVNConfigfiles] if you don't want to enter your password every time. ORCHIDEE default login/password is avaible to read trunk and all tags directories (sechiba/...). === Subversion by ssh === This is the old way to work on SVN for ORCHIDEE. You can use it only if one admin of ORCHIDEE has given a login/password to you ! [[BR]] Then, you will have an access to all versions of the model.[[BR]] This is '''strickly forbidden''' for simple ORCHIDEE developpers ! [[BR]] Thank's to modify only your own reserved branch by this way. [[BR]] Because all the server will be accessible by this way. {{{ svn co svn+ssh://my_forge_login@forge.ipsl.jussieu.fr/ipsl/forge/projets/orchidee/svn/[trunk|tags|branches|perso] }}} == SVN Config files == They are in ~/.subversion directory. This directory must be open only for you ! as in [[BR]] {{{ /home/mylogin 2> ls -la .subversion/ total 104 drwx------ 3 mylogin mygroup 4096 2010-12-01 09:47 . }}} You must change the right if it is not "drwx------" (but "drwxr-xr-x" for example), like this : {{{ /home/mylogin 2> chmod -R og-rx .subversion/ }}} because your ORCHIDEE svn password will be write in some subdir and it is not safe. Two config files are in this .subversion dir : * config * server For config file, you may want to save yours ORCHIDEE password in .subversion tree. There will be no need to enter them again for each of your logins. You can switch on : * store-passwords = yes * store-auth-creds = yes Please read the comment to be sure it is what you want ! For server file, you may want to bypass Subversion message about clearly saving the password. You can switch on the store-plaintext-passwords option of groups section : {{{ [groups] [...] store-plaintext-passwords = yes }}} == For SVN administators only == To add new user on svn list, you must connect on {{{ ssh orchidee@forge.ipsl.jussieu.fr }}} Your rsa public key must have been added in .ssh/authorized_keys file. Ask another valid admin for that. After you are connected, you must modified svn/conf/passwd and svn/conf/authz files. 1. In svn/conf/passwd, you must add login/password for the new user. [[BR]] A good way to do that is to execute a command like this : {{{ > echo "firstname.lastname=userpassword" >> passwd }}} If you want to use another text editor, you must know ACL file rights for extended permissions on forge system. You must verify and correct ACL on this file to prevent break of ORCHIDEE svnserver : * use this command to get ACL on the file : {{{ > getfacl svn/conf/passwd }}} It must give the right for svn system user : {{{ # file: svn/conf/passwd # owner: orchidee # group: orchidee user::rw- user:svn:r-- group::r-- mask::r-- other::--- }}} * If this right has been cleared by your edit, you must apply : {{{ setfacl -m user:svn:r-- svn/conf/passwd }}} * Please read [http://linux.developpez.com/acls/#L3 acl doc] web page, ~orchidee/shell_modif_acl shell output and ~orchidee/svn_acl_all report for explanation about acl right on svn repository. 1. svn/conf/authz gives authorizations on svn tree. You must * Add the new user in user option of `[group]` section. * Add this user to other group if it has been decided. * Add the wiki login if exist to authorized "browse source" access on the orchidee project wiki. * Add his personnal path and rights access at the end of the authz file : {{{ [/perso/hislogin] hislogin=rw }}} After all, you may copy the trunk or a choosen tag version or branch to build the first personnal repository for this new user like this : {{{ > svn copy --username mypersonnaladminlogin svn://forge.ipsl.jussieu.fr/orchidee/the_trunk_tag_branch_choosen svn://forge.ipsl.jussieu.fr/orchidee/hislogin/ }}}