Subversion includes Svnserve - a lightweight stand-alone server which uses a custom protocol over an ordinary TCP/IP connection. It is ideal for smaller installations, or where a full blown Apache server cannot be used.
In most cases svnserve is easier to setup and runs faster than the Apache based server, although it doesn't have some of the advanced features. And now that SASL support is included it is easy to secure as well.
Get the latest version of Subversion from http://subversion.tigris.org/servlets/ProjectDocumentList?folderID=91. Alternatively get a pre-packaged installer from CollabNet at http://www.collab.net/downloads/subversion. This installer will setup svnserve as a Windows service, and also includes some of the tools you need if you are going to use SASL for security.
Jika Anda sudah mempunyai versi Subversion terinstalasi, dan svnserve berjalan, Anda perlu menghentikannya sebelum melanjutkan.
Run the Subversion installer. If you run the installer on your server (recommended) you can skip step 4.
Buka windows-explorer, pergi ke direktori instalasi Subversion (biasanya C:\Program Files\Subversion) dan dalam bin directory, cari file svnserve.exe, intl3_svn.dll, libapr.dll, libapriconv.dll, libapriutil.dll, libdb*.dll, libeay32.dll dan ssleay32.dll - salin file ini, atau cukup salin semua yang ada dalam direktori bin, ke dalam direktori pada server Anda, contoh: c:\svnserve
Sekarang svnserve sudah diinstalasi, Anda perlu menjalankan pada server Anda. Pendekatan paling sederhana adalah menjalankan shell DOS berikut atau membuat jalan pintas windows:
svnserve.exe --daemon
svnserve sekarang akan mulai menunggu permintaan masuk pada port 3690. Saklar --daemon memberitahu svnserve agar berjalan sebagai proses daemon, maka ia akan tetap ada sampai diakhiri secara manual.
Jika Anda belum membuat repositori, ikuti instruksi yang diberikan dengan penyiapan server Apache “Konfigurasi”.
Untuk menguji apakah svnserve bekerja, gunakan → untuk melihat repositori.
Beranggapan repositori Anda ditempatkan dalam c:\repos\TestRepo, dan server Anda disebut localhost, masukkan:
svn://localhost/repos/TestRepo
ketika ditanya oleh repo browser.
You can also increase security and save time entering URLs with svnserve by using the --root switch to set the root location and restrict access to a specified directory on the server:
svnserve.exe --daemon --root drive:\path\to\repository\root
Using the previous test as a guide, svnserve would now run as:
svnserve.exe --daemon --root c:\repos
And in TortoiseSVN our repo-browser URL is now shortened to:
svn://localhost/TestRepo
Note that the --root switch is also needed if your repository is located on a different partition or drive than the location of svnserve on your server.
Svnserve akan melayani berapapun repositori. Cukup tempatkan mereka pada suatu tempat dibawah folder akar yang Anda baru saja definisikan, dan akses mereka dengan suatu URL yang relatif terhadap akar itu.
Jangan membuat atau mengakses repositori Berkeley DB pada jaringan berbagi. Ia tidak bisa berada pada sistem file remote. Bahkan tidak jika Anda mempunyai drive jaringan yang dipetakan ke sautu huruf drive. Jika Anda mencoba untuk menggunakan Berkeley DB pada jaringan berbagi, hasilnya tidak bisa ditebak - Anda mungkin melihat kesalahan misterius segera, atau mungkin berbulan-bulan sebelum Anda menemukan bahwa database repositori sudah rusak.
Menjalankan svnserve sebagai suatu pengguna biasanya bukan jalan yang terbaik. Itu berarti Anda selalu memerlukan seorang pengguna untuk log in dalam server Anda, dan mengingat-ingat untuk memulainya kembali setelah sebuah reboot. Cara yang lebih baik adalah menjalankan svnserve sebagai suatu layanan windows. Dimulai dengan Subversion 1.4, svnserve bisa diinstalasi sebagai layanan murni windows, dalam versi sebelumnya bisa diinstalasi menggunakan pembungkus.
To install svnserve as a native windows service, execute the following command all on one line to create a service which is automatically started when windows starts.
sc create svnserve binpath= "c:\svnserve\svnserve.exe --service
--root c:\repos" displayname= "Subversion" depend= tcpip
start= auto
If any of the paths include spaces, you have to use (escaped) quotes around the path, like this:
sc create svnserve binpath= "
\"C:\Program Files\Subversion\bin\svnserve.exe\"
--service --root c:\repos" displayname= "Subversion"
depend= tcpip start= auto
You can also add a description after creating the service. This will show up in the Windows Services Manager.
sc description svnserve "Subversion server (svnserve)"
Perlu dicatat bahwa sc menggunakan format yang agak tidak lazim. Dalam pasangan key= value harus tidak ada spasi di antara kunci dan = tetapi harus ada sebuah spasi sebelum nilai tersebut.
Microsoft now recommend services to be run as under either the Local Service or Network Service account. Refer to The Services and Service Accounts Security Planning Guide. To create the service under the Local Service account, append the following to the example above.
obj= "NT AUTHORITY\LocalService"
Note that you would have to give the Local Service account appropriate rights to both Subversion and your repositories, as well as any applications which are used by hook scripts. The built-in group for this is called "LOCAL SERVICE".
Setelah Anda memasang layanan tersebut, Anda perlu untuk pergi ke services manager untuk memulainya (hanya kali ini; layanan tersebut akan dimulai secara otomatis saat server reboot).
Untuk informasi yang lebih terperinci, silakan lihat Windows Service Support for Svnserve.
If you installed an earlier version of svnserve using the SVNService wrapper, and you now want to use the native support instead, you will need to unregister the wrapper as a service (remember to stop the service first!). Simply use the command
svnservice -remove
to remove the service registry entry.
The default svnserve setup provides anonymous read-only access. This means that you can use an svn:// URL to checkout and update, or use the repo-browser in TortoiseSVN to view the repository, but you won't be able to commit any changes.
Untuk menghidupkan akses tulis ke repositori, Anda perlu mengedit file conf/svnserve.conf dalam direktori repositori Anda. File ini mengontrol konfigurasi dari svnserve daemon, dan juga berisi dokumentasi berguna.
Anda bisa menghidupkan akses tulis anonim dengan menyeting:
[general] anon-access = write
Tetapi, Anda tidak akan mengetahui siapa yang telah membuat perubahan ke repositori, karena properti svn:author akan kosong. Anda juga tidak akan bisa mengontrol siapa yang membuat perubahan ke repositori. Ini adalah sesuatu penyiapan yang riskan!
One way to overcome this is to create a password database:
[general] anon-access = none auth-access = write password-db = userfile
Where userfile is a file which exists in the same directory as svnserve.conf. This file can live elsewhere in your file system (useful for when you have multiple repositories which require the same access rights) and may be referenced using an absolute path, or a path relative to the conf directory. If you include a path, it must be written /the/unix/way. Using \ or drive letters will not work. The userfile should have a structure of:
[users] username = password ...
This example would deny all access for unauthenticated (anonymous) users, and give read-write access to users listed in userfile.
If you maintain multiple repositories using the same password database, the use of an authentication realm will make life easier for users, as TortoiseSVN can cache your credentials so that you only have to enter them once. More information can be found in the Subversion book, specifically in the sections Create a 'users' file and realm and Client Credentials Caching
The Cyrus Simple Authentication and Security Layer is open source software written by Carnegie Mellon University. It adds generic authentication and encryption capabilities to any network protocol, and as of Subversion 1.5 and later, both the svnserve server and TortoiseSVN client know how to make use of this library.
For a more complete discussion of the options available, you should look at the Subversion book in the section Using svnserve with SASL. If you are just looking for a simple way to set up secure authentication and encryption on a Windows server, so that your repository can be accessed safely over the big bad Internet, read on.
To activate specific SASL mechanisms on the server, you'll need to do three things. First, create a [sasl] section in your repository's svnserve.conf file, with this key-value pair:
use-sasl = true
Second, create a file called svn.conf in a convenient location - typically in the directory where subversion is installed.
Thirdly, create two new registry entries to tell SASL where to find things. Create a registry key named [HKEY_LOCAL_MACHINE\SOFTWARE\Carnegie Mellon\Project Cyrus\SASL Library] and place two new string values inside it: SearchPath set to the directory path containing the sasl*.dll plug-ins (normally in the Subversion install directory), and ConfFile set to the directory containing the svn.conf file. If you used the CollabNet installer, these registry keys will already have been created for you.
Edit the svn.conf file to contain the following:
pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: DIGEST-MD5 sasldb_path: C:\TortoiseSVN\sasldb
The last line shows the location of the authentication database, which is a file called sasldb. This could go anywhere, but a convenient choice is the repository parent path. Make sure that the svnserve service has read access to this file.
If svnserve was already running, you will need to restart it to ensure it reads the updated configuration.
Now that everything is set up, all you need to do is create some users and passwords. To do this you need the saslpasswd2 program. If you used the CollabNet installer, that program will be in the install directory. Use a command something like this:
saslpasswd2 -c -f C:\TortoiseSVN\sasldb -u realm username
The -f switch gives the database location, realm must be the same as the value you defined in your repository's svnserve.conf file, and username is exactly what you expect it to be. Note that the realm is not allowed to contain space characters.
You can list the usernames stored in the database using the sasldblistusers2 program.
To enable or disable different levels of encryption, you can set two values in your repository's svnserve.conf file:
[sasl] use-sasl = true min-encryption = 128 max-encryption = 256
The min-encryption and max-encryption variables control the level of encryption demanded by the server. To disable encryption completely, set both values to 0. To enable simple checksumming of data (i.e., prevent tampering and guarantee data integrity without encryption), set both values to 1. If you wish to allow (but not require) encryption, set the minimum value to 0, and the maximum value to some bit-length. To require encryption unconditionally, set both values to numbers greater than 1. In our previous example, we require clients to do at least 128-bit encryption, but no more than 256-bit encryption.
Another way to authenticate users with a svnserve based server is to use a secure shell (SSH) to tunnel requests through. It is not as simple to set up as SASL, but it may be useful is some cases.
Dengan pendekatan ini, svnserve tidak berjalan sebagai proses daemon, sebaliknya, secure shell memulai svnserve bagi Anda, menjalankannya sebagai pengguna terotentikasi SSH. Untuk menghidupkan ini, Anda memerlukan secure shell daemon pada server Anda.
A basic method for setting up your server is given in Lampiran G, Mengamankan Svnserve dengan SSH. You can find other SSH topics within the FAQ by searching for “SSH”.
Informasi selanjutnya mengenai svnserve bisa ditemukan dalam Version control with Subversion.
Dimulai dengan Subversion 1.3, svnserve mendukung skema otorisasi berbasis-path mod_authz_svn yang sama tersedia dengan server Apache. Anda perlu mengedit file conf/svnserve.conf dalam direktori repositori Anda dan menambahkan baris yang merujuk ke file otorisasi Anda.
[general] authz-db = authz
Disini, authz adalah file yang Anda buat untuk mendefinisikan perijinan akses. Anda bisa menggunakan file terpisah untuk setiap repositori, atau Anda bisa menggunakan file yang sama untuk beberapa repositori. Baca “Path-Based Authorization” untuk penjelasan dari format file.