SVN User Manual on CIGI SVN Server

Draft Version

Introduction

The svn server is for internal use and can be accessed by CIGI members and our collaborators at https://svn.cigi.uiuc.edu. The server maintains multiple repositories, most of which require user authentication and corresponding authorization. For open source software projects, anonymous browsing of the code is available for public.

The server is installed as apache+svn to provide HTTP-based access. User needs a svn client to read and write to svn repositories. This manual assumes the command-line client 'svn' which is provided on most Linux platforms. Instructions for other GUI-based svn clients, e.g., sublipse and tortoiseSvn, will be added later. Read-only access is via web browser, e.g., Firefox.

Request a user certificate

If a user needs to write to svn repositories, we require a X.509 user certificate issued by the svn server itself (we will support certificates issued by other CAs (Certificate Authority) later) for authentication purpose. Following steps describe how to request a user certificate (replace smith with user name):

  • make sure that openssl is installed on your Linux box
  • create a key named smith.key

openssl genrsa -des3 -out smith.key 4096

  • create a certificate request named smith.csr by giving user identity information, e.g., US as country, Illinois as state, Urbana as city, UIUC as organization, NCSA as unit, as well as user name, email address, and password

openssl req -new -key smith.key -out smith.csr

  • send the request file to svn server administrator (yanliu@uiuc.edu)
  • you will get an email with a signed user certificate named smith.crt and server's CA cert (svncigi_ca.crt). The server's CA cert will be used to setup default trust to the svn server
  • save the user certificate and key together in a directory, e.g. $HOME/mycerts
  • svn require pkcs#12 certificate format, issue the conversion command to get the cert named smith.pk12

cd $HOME/mycerts
openssl pkcs12 -export -in smith.crt -inkey smith.key -out smith.p12

  • import smith.pk12 into your web browser for web access. In Firefox, it is done by Edit→Preference→Advanced→Encryption→View Certifcates→Import

Client setup

Now user can connect to the svn server. But for each connection, the command svn asks two questions: 1) do you trust the server certificate? answer t or p if you do (please do); 2) where is your personal user certificate file to be used for authentication? you will have to input the path to it, e.g., $HOME/mycerts/smith.crt, and password . To eliminate such tedious tasks, create a file $HOME/.subversion/servers with the following content (usually, you have one by default):

[groups]
svncigi = svn.cigi.uiuc.edu
[svncigi]
ssl-client-cert-file = /home/smith/mycerts/smith.p12
ssl-client-cert-password = mypassword
[global]
ssl-authority-files = /hometest/ca.crt

Be sure to make the file readable only by user himself (chmod 400 $HOME/.subversion/servers) ====Client test==== * list projects in a repository svn list https://svn.cigi.uiuc.edu/projects
* create your project (change the name of project) svn import mylocaldir https://svn.cigi.uiuc.edu/projects/myproject -m “my first project”
* get another directory as svn working directory cd mysvndir
* check out your project svn checkout https://svn.cigi.uiuc.edu/project/myproject
cd myproject
* do some changes to one of the files in your project * update svn update
* add a directory/file
svn add mysubdir
* look at local changes
svn status
* commit to repository
svn commit**
====User certificate renewal==== A user certificate expires one year after it is issued. Please send a request email to administrator for renewal.