This is a statically-linked compile of Subversion (dynamically linked against standard system libraries like libz, libc, etc). Exact library versions used are included in the build_NN* scripts located in the svn-mac-build.zip file in this directory. * If you are upgrading an existing 1.2.* installation of this package * and if you had run svn_wrappers for use with a local svnserve * installation, you should back up your prior scripts and then run * the command to undo those changes before running the package * installer below. * * cd /usr/local/bin * sudo tar cvf /tmp/svn.bak.tar svn* * sudo ./svn_wrappers undo * * If you had previously installed one of the older subversion-1.1.* or * 1.0.* builds that I had done, there will be an extraneous svnserve.exe * and .wrapper files that should be removed. * * sudo /bin/rm -f /usr/local/bin/svnserve.exe /usr/local/bin/svnserve.wrap* It is wrapped up as a standard Mac OS X .pkg on a disk image. Open the disk image and double-click on the .pkg file to start the installer. When finished, the binaries will be installed under /usr/local/bin. This install also contains a script that builds wrappers if this machine will be used as an svnserve-based server. This new strategy differs from my older subversion-1.1.* and 1.0.* builds by *not* setting permissions or setgid privs unless explicitly told to do so. It also sets up wrappers for ALL executables not just svnserve (this is necessary to ensure svnadmin or svn .. file:/// operations don't alter permissions in a Berkely-based repository). Before running svn_wrappers, make sure that you have the "svn" group already set up (typically in /etc/group). You can give it a different name or GID, but I suggest "svn" for the name and "800" for the GID. Then add each user that needs to be part of the svn group. An example /etc/group entry is: svn:x:800:larry,moe,curly Then run the svn_wrappers script in the same directory as your svn* binaries, typically /usr/local/bin: cd /usr/local/bin sudo ./svn_wrappers You will be prompted for the name of your group, just hit if the default of "svn" is OK. It then moves each binary to .exe, creates a wrapper script with the binary name () to set the umask, then sets restrictive permissions on both the .exe and new wrapper script. The .exe gets permissions set with the SGID flag so that any new files created will default to being owned by your "svn" group. (You may remove this option if you feel it is a security hole by "chmod g-s svn*"). The svnserve wrapper will look for a system-wide config file, named either /etc/sysconfig/svnserve or /etc/svnserve. This config file can specify a different location for the SVNSERVE_EXE executable or add additional arguments to the svnserve command in SVNSERVE_ARGS, such as restricting the root directory: SVNSERVE_EXE="/some/other/path/to/svnserve.exe" SVNSERVE_ARGS="--root /var/opt/svnroot" Next, any existing repositories should have their permissions set so that ONLY users in the svn group will be able to read/write: REPOS=/path/to/repos sudo chown -R root:svn $REPOS sudo chmod -R o+rwX,g+rwX,o-rwx $REPOS find $REPOS -type d | sudo xargs chmod g+s The last command adds the "setgid" bit on all repository directories, ensuring that any new files created in those directories are assigned the correct "svn" group.