SVN User Manual on CIGI SVN Server

Draft Version

Introduction

The svn server is for internal use and can be accessed by CIGI members and our collaborators at https://svn.cigi.uiuc.edu. The server maintains multiple repositories, most of which require user authentication and corresponding authorization. For open source software projects, anonymous browsing of the code is available for public.

The server is installed as apache+svn to provide HTTP-based access. User needs a svn client to read and write to svn repositories. This manual assumes the command-line client 'svn' which is provided on most Linux platforms. Instructions for other GUI-based svn clients, e.g., sublipse and tortoiseSvn, will be added later. Read-only access is via web browser, e.g., Firefox.

Request a user certificate

If a user needs to write to svn repositories, we require a X.509 user certificate issued by the svn server itself (we will support certificates issued by other CAs (Certificate Authority) later) for authentication purpose. Following steps describe how to request a user certificate (replace smith with user name):

openssl genrsa -des3 -out smith.key 4096

openssl req -new -key smith.key -out smith.csr

cd $HOME/mycerts
openssl pkcs12 -export -in smith.crt -inkey smith.key -out smith.p12

Client setup

Now user can connect to the svn server. But for each connection, the command svn asks two questions: 1) do you trust the server certificate? answer t or p if you do (please do); 2) where is your personal user certificate file to be used for authentication? you will have to input the path to it, e.g., $HOME/mycerts/smith.crt, and password . To eliminate such tedious tasks, create a file $HOME/.subversion/servers with the following content (usually, you have one by default):

[groups]
svncigi = svn.cigi.uiuc.edu
[svncigi]
ssl-client-cert-file = /home/smith/mycerts/smith.p12
ssl-client-cert-password = mypassword
[global]
ssl-authority-files = /hometest/ca.crt

Be sure to make the file readable only by user himself (chmod 400 $HOME/.subversion/servers) ====Client test==== * list projects in a repository svn list https://svn.cigi.uiuc.edu/projects
* create your project (change the name of project) svn import mylocaldir https://svn.cigi.uiuc.edu/projects/myproject -m “my first project”
* get another directory as svn working directory cd mysvndir
* check out your project svn checkout https://svn.cigi.uiuc.edu/project/myproject
cd myproject
* do some changes to one of the files in your project * update svn update
* add a directory/file
svn add mysubdir
* look at local changes
svn status
* commit to repository
svn commit**
====User certificate renewal==== A user certificate expires one year after it is issued. Please send a request email to administrator for renewal.