I am maintaining a set of rosters on the web that need regular updating and I don't like having myself as a single point of failure. I am not an admin on the hosting machine and I can't create new accounts, so I can't use unix groups to allow multiple people access. The solution I decided on was to use subversion to hold the files and update them on the web automatically. This document details that setup.

This was done on a redhat workstation running SVN-1.05 connecting to a debian server running SVN-1.03. The ssh client and server are OpenSSH v2.x.

1. Log into repository system: ssh user@subversion.host
2. Create repository: svnadmin create ~/svnrepo
3. Generate a ssh key: ssh-keygen -t rsa -f ~/.ssh/subversion.key -C "Subversion repository access key"
4. Add the private key to accepted keys: echo -n "command=\"/usr/bin/svnserve --tunnel --root=svnrepo\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty " >> ~/.ssh/authorized_keys2 cat ~/.ssh/subversion.key.pub >> ~/.ssh/authorized_keys2
5. Copy the private key to the workstation: scp ~/.ssh/subversion.key user@workstation:.ssh/
6. Log out of the remote system: logout
7. Run subversion once to make sure config is created: svn
8. Tell subversion to use the key: cat << EOF >> ~/.subversion/config
## This section adds a new tunnel method to cause subversion
## to use a certain public key when accessing the repository
## on the remote host

[tunnels]
keyssh = ssh -i /home/user/.ssh/subversion.key
EOF
9. Test that you can access the repository: svn list svn+keyssh://subversion.host/
10. Create the initial project: svn checkout svn+keyssh://subversion.host/ repo cd repo svn mkdir project svn commit -m "Creating project directory" svn import ~/project_dir svn+keyssh://subversion.host/project/ -m "Initial import" tar --create --verbose --gzip --file ~/project_pre-subversion.tgz ~/project_dir rm --recursive --verbose --force ~/project_dir svn checkout svn+keyssh://subversion.host/project/ ~/project_dir

Everything should be good to go now.

Notes

Because I want a synced copy of the repository on the web, the file ~/svnrepo/hooks/post-commit runs a script that updates a checked-out copy on the server and runs a Makefile to generate the items not in the repository.

I also have a client which is accessing the system from a computer without subversion installed. To support them I built from source using the option: configure --enable-all-static

One additional thing to be changed later is to add the option --tunnel-user to the key access. As of the current release it is not yet merged into the trunk.