Installing SVNserve on Mac OS X

I recently wanted to install a version control server on a Mac mini and serve it to some other users (you're already using version control, right?), so I investigated around a little. I got recommendations for git and Mercurial, and looked a bit into bazaar which I'd been positively impressed with before, but the simple matter of the fact was that I couldn't find any working GUI clients to use to talk to them, and documentation on installing a server on a Mac wasn't that impressive either.

So, I went back to Subversion, but different from last time I decided to try svnserve. It's a more lightweight setup, but of course lacks the nice HTML browsing experience of Apache2 and WebDAV. Here's the short rundown:

Getting the server

You can find the Subversion server (and the client) on CollabNet's Subversion Community Builds page. It's a simple Mac OS X package installer that installs the command line tools in /opt/subversion/bin, keeping them nicely separate from anything Apple's developer tools might install for you.

Starting the server at login time

Once you've installed svnserve, you'll of course want it to automatically launch whenever a request comes in. It would be annoying to have to open a terminal window and start it every time you restart your Mac. To do that, you can create a launchd launch daemon, which will start up the server as needed. There's a nice description at Joyent's CodeSnippets. Here's what I recommend:

Create a new file org.tigris.subversion.svnserve.plist in /Library/LaunchDaemons. You may have to use sudo pico /Library/LaunchDaemons/org.tigris.subversion.svnserve.plist to create and edit this file, because it's deep in the system folder. This is our Launch Daemon. Write the following in it:

Once you've done that, create a new user (standard user, not an administrator), e.g. using System Preferences, and name it subversion. The server will run as this user, to make it less likely that someone hacking the server can get at your data or administrate your Mac. The UserName entry with the string subversion in our launch daemon above is the name of this user (so if you named it "jeffsubversion", change that line accordingly). The GroupName with the string staff is the group this user is a member of. You can determine this by typing id subversion in Terminal (where "subversion" is the name of the user whose group you're interested in), and then look for "gid" in the output from this command. In my case, it wrote:

uid=502(subversion) gid=20(staff) ...

Also note the --root=/Users/subversion/Documents/Repositories part. That is where svnserve will expect us to create our repositories. If you want to, you can even specify an external hard disk there (e.g. /Volumes/MySubversionRAIDArray), or any other partition. If you choose to not use a separate disk, be aware that this means that you could accidentally fill up your startup disk using Subversion and your Mac would then crash because there's no swap space left.

So, log in as your new subversion user for a moment and create the "Repositories" folder using Finder, or just make sure that your external drive is accessible for your user. Once that folder is there and accessible, create your actual repository inside it using a line like:

svnadmin create /Users/subversion/Documents/Repositories/sourcecode

svnadmin create /Volumes/MySubversionRAIDArray/sourcecode

We've now created a repository and installed a server and made sure it launches, however, we still have to do some last set-up work on the server. You see, by default, and for security reasons, the server is locked down. Nobody can write to it. So what you have to do is go into your repository folder and edit the conf/svnserve.conf inside it that svnadmin helpfully created for you. There are a bunch of comments in that file (their lines start with # signs) that explain what what does.

It says the defaults are auth-access = write, this tells the server than write access will be granted to everyone who provides a valid user name and password, and anon-access = read, which means that anyone can read the files even without a user name and password. You might want to change that first line to anon-access = none, if you want only people who have a valid user name and password to see your code in the repository.

Next, remove the "#" and the space at the start of the line password-db = passwd. This, as the comment above tells you, will make svnserve look for a file passwd right next to svnserve.conf as its source of user names and passwords. Save this file and open the file passwd next to it. It contains two sample entries that will seem familiar if you've read The Subversion Book.

Simply replace those entries with username = password pairs of your own and save your changes, and you should be able to access your repository using the URLs mentioned above and the username/password pairs you wrote in this file. All you need to do is restart. Or, if you don't want to restart, you can just log in as an administrator user again and tell launchd that you added a daemon by writing in the Terminal:

sudo launchctl load /Library/LaunchDaemons/org.tigris.subversion.svnserve.plist

Reader Comments: (RSS Feed)

MT writes: Hey, thanks for the plist. Worked great. Used the default _svn user/group already defined under 10.6.

Uli Kusterer replies: ★ Thank the Joyent guys, this plist is essentially ripped from their pages.

Rupert writes: Why installing svn on os-x? svn is ready installed in 10.5 and 10.6 out of the box! But your configuration-info's are very nice! Thank you Rupert

Uli Kusterer replies: ★ Rupert, you are right, it seems that svnserve is now installed by the OS as well (at least on 10.6). I wasn't aware of that. Handy!

Stephen Mcconnell writes: Followed your EXCELLENT tutorial and had svn up and running. I didn't know svnserve was in 10.5 and 10.6 out of the box, but it worked anyway (Prior to installing it, however I was getting a "svn command not found" type error, so I'm not sure it was configured correctly). I am using the Subclipse plug-in in Eclipse to access my repository on my localhost. I received a: Can't open file '<path to repositiory>/db/txn-current-lock': Permission denied Error. Did a look up on google and came across this thread http://www.svnforum.org/2017/viewtopic.php?t=6519 discussing the problem. I changed the permissions on my repository folder to 770 and it worked like a champ with Subclipse. I am also able to access the repository over my local home network from other computers... which is EXACTLY what my purpose was. Now to set up TRAC on my local computer and Maven and I'm set up to do most of my work at home.

Harald writes: Finally a working tutorial. Thanks a lot!

Mente, Argu writes: Hi. I followed your tutorial, but somehow I'm stuck with the firewall of snow leopard. When I try 'launchctl load /Library/LaunchDaemons/org.tigris.subversion.svnserve.plist' I receive the message: bind(): Operation not permitted bind(): Operation not permitted and in console I can see the messages: Firewall[1333] Deny svnserve binding to 0.0.0.0:3690 proto=6 Firewall[1333] Deny svnserve binding to :::3690 proto=6 Disabling the mac os firewall solves the problem, but is obviously not the way to do it... any hint on how to get svnserve to bind correctly?

Josh Olden writes: Try websvn (www.websvn.info)

mapple writes: When I try 'launchctl load /Library/LaunchDaemons/org.tigris.subversion.svnserve.plist' I receive the message: launchctl: Dubious ownership on file (skipping): /Library/LaunchDaemons/org.tigris.subversion.svnserve.plist nothing found to load what could be the problem? what should I do now?

Matthew Cook writes: Worked for me once I changed /opt/subversion/bin/svnserve to /usr/bin/svnserve Thanks!

Max writes: For those having problem connecting to svnserve, due to leopard/lion firewall: I experienced that launching svnserve as deamon prevent him to be reached through firewall, even if added to the list of authorized applications. The workaround is to keep it as a background job by launching it this way, from terminal: svnserve -d --foreground & The goud point is that you can easily stop the deamon by fg'ing the job. I did not use automatic launch trough launchd so no hint for this case.

syd writes: Good, and helpful, but needs instructions for configuring apache2 located here: http://www.sonzea.com/articles/subversion-trac.html Otherwise, you get "svn: OPTIONS of 'http://host/repo/project/trunk': 200 OK (http://host)" style errors because apache does not know what to do with the URL you give it.

Jason writes: Max, your comment about not being able to access the daemonized process because of the firewall seems not realated to just this. I found this page searching for, "lion firewall daemon" on google after having trouble with the Macports openvpn server. The answer in that case

Or E-Mail Uli privately.