SVN Authentication and Auto Update: Media Temple, Linux

• Part 1: Media Temple Dedicated Server Setup
• Part 2: Installing Subversion on Apache
• Part 3: Subversion (SVN) Authentication and Auto Update

During the first two parts of my series on setting up a Media Temple dedicated server, I setup subversion (SVN) on apache. Now I want to show you how I setup basic authentication and a SVN hook to automatically deploy files to the server (called continuous integration). This is great because you can check in your files to SVN and see them on the server immediately.

Adding Basic Apache Authentication to your Subversion (SVN) Repository

First lets give apache access to the SVN database (the $ symbol just means it is a shell command).

Bash:

chmod g+s /svnroot/db

Now create a password file with htpasswd, name the file whatever you would like. I chose to make my file hidden by adding the period before the name.

Bash:

htpasswd -cm /etc/.htaccess yourusername

It will prompt you for your password. Now go back to your httpd.conf and than add the last four lines below to your Location code block  - we are adding to what we did in part 2 of the media temple setup series.

Apache:

<Location /svn>
  DAV svn
  SVNParentPath /usr/local/svn
  AuthType Basic
  AuthName "Subversion repository"
  AuthUserFile /etc/.htaccess
  require valid-user
</Location>

For security reasons, we also need to make sure and hide the .svn folders from having apache publicly display them:

Apache:

# Disallow browsing of Subversion working copy administrative dirs.
<DirectoryMatch "^/.*/\.svn/">
    Order deny,allow
    Deny from all
</DirectoryMatch>

Restart apache and when you try to access SVN you should be prompted for authentication. Great, SVN is now secure! You can also add more security by adding SSL to your dedicated server.

Creating a Subversion (SVN) Hook to Auto Update Your Server

I want to automatically deploy my files to my httpdocs without having to manually go in and update the files. So to accomplish this you need to create a SVN hook that runs after every commit.

First, copy the post-commit template from your svnroot/hooks folder. And lets also use chmod to give the file rights to execute.

Bash:

cd /svnroot/hooks/
cp post-commit.tmpl post-commit
chmod +x post-commit

Now we need to create a little C program. You should have GCC installed. This will compile our little C program. Create a new svnupdate.c file and put this code in. Don't forget to change the directory path: "public_html_directory"

C:

#include <stddef.h>
#include <stdlib.h>
#include <unistd.h>
int main(void)
{
  execl("/usr/bin/svn", "svn", "update", "/public_html_direcotry/",
        (const char *) NULL);
  return(EXIT_FAILURE);
}

Complile the file with this command. It will take the whatever.c and compile it into a binary file.

Bash:

gcc -o svnupdate svnupdate.c

Try executing the binary to see if it works with the env command.

Bash:

env - ./svnupdate

Alright now copy the whatever binary into your hooks folder. And we'll also run a couple commands to give it proper priveledges:

Bash:

cp whatever /svnroot/hooks
cd /svnroot/hooks
chown root:root svnupdate
chmod +s svnupdate

Then lets tell the post commit hook to run our binary file name, "svnupdate".

Bash:

vi /svnroot/hooks/post-commit

Inside it the post-commit hook tell it to run the binary using the absolute path:

C:

/svnroot/hooks/svnupdate

Test it out by checking in a file to subversion. It should automatically update at the directory we set in the C program.