9

Given a typical Subversion/Apache configuration using SVNParentPath, with repositories hosted under /svn/ like this:

<Location /svn>
    DAV svn

    SVNParentPath /srv/source/svn/repos
    SVNReposName "Subversion Repository"

    AuthzSVNAccessFile /srv/source/svn/authz
    Satisfy Any

    AuthType                Basic
    AuthBasicProvider       file
    AuthName "Subversion Repository"
    AuthUserFile /srv/source/svn/htpasswd

    Require valid-user
</Location>

Is there a way to override this configuration for specific repositories without having to host them at a different path? That is, is there any way I can add a Location block like this...

<Location /svn/my_special_repo>
    SVNPath /srv/source/svn/repos/my_special_repo
    AuthzSVNAccessFile /srv/source/svn/repos/my_special_repo/conf/authz
</Location>

...and have it override the configuration provided in the Location block for /svn? My attempts at doing this with the above configuration have been met with weird and unhelpful errors in the Apache error log, such as:

[Wed Feb 02 11:28:35 2011] [error] [client 10.10.209.120]
(20014)Internal error: Can't open file '/srv/source/svn/repos/svn/format':
No such file or directory

All this seems to be mod_dav_svn's way of telling me that I can't do what I'm trying to do. I'm open to solutions or alternatives!

EDIT: Well, I can see that this question has generated a lot of excitement among the readership. For the record, what I may end up doing is generating per-repository configurations for all of our existing repositories, and then abandoning the SVNParentPath based configuration. The per-repo Apache configuration is minimal, especially using something like mod_macro; the hard part will be splitting apart the global authz file. If you've done this before, tips are appreciated.

larsks
  • 41,276
  • 13
  • 117
  • 170
  • I've got the same problem, and solved it by using mod_macro. Thanks!!! (It seems to be an old bug in either Apache or Subversion.) – Achimnol Mar 21 '11 at 14:50

1 Answers1

4

I hate to see my own question languishing there in the unanswered questions list, so here's what we did:

  • In our main server configuration, we have:

      <Location /svn/>
        SVNParentPath /srv/source/svn/repos
  </Location>

  • We adopted the following mod_macro to replicate this behavior for new repositories:

    <Macro LegacySubversionRepo $name>
    # Override SVNParentPath block in main vhost config.
    RewriteRule ^/svn/$name /repo/$name [PT]

    <Location /repo/$name>
            Order                   deny,allow
            Allow                   from all

            Use LdapAuth \
                    "$name svn repository" \
                    /srv/source/svn/htpasswd

            DAV svn
            SVNPath /srv/source/svn/repos/$name
            AuthzSVNAccessFile /srv/source/svn/authz
            SVNAutoversioning On
            Satisfy Any
    </Location>
</Macro>

    The RewriteRule allows the repository configuration to override the <Location /svn/> in the main config that would otherwise match the request.

With this in place, it becomes relatively easily to adopt per-repository authentication and authorization configuration (instead of the global htpasswd file used here).

larsks
  • 41,276
  • 13
  • 117
  • 170