This is a statically-linked compile of Subversion (dynamically linked against standard system libraries like libz, libc, etc). Exact library versions used are included in the build_NN* scripts located in the svn-solaris-build.zip file in this directory. * If you are upgrading an existing 1.2.* installation of this package * and if you had run svn_wrappers for use with a local svnserve * installation, you should back up your prior scripts and then run * the command to undo those changes before running the package * installer below. * * cd /usr/local/bin # or bin subdir of wherever package was installed * tar cvf /tmp/svn.bak.tar svn* * ./svn_wrappers undo * * If you had previously installed one of the older subversion-1.1.* or * 1.0.* builds that I had done, there will be an extraneous svnserve.exe * and .wrapper files that should be removed. * * /bin/rm -f ./bin/svnserve.exe ./bin/svnserve.wrapper It is intended to be extracted in your system's /usr/local/ directory (or similar location). Assuming root priveleges: cd /usr/local/ gzip -dc subversion-1.*.tar.gz | tar xvf - # or: gzip -dc subversion-1.*.tar.gz | sudo tar xvf - ls -l bin/svn* Note that root priveleges are not necessary - this package may just as easily be installed in a user's home directory or an arbitrary path or NFS share. This tarball also contains a script that builds wrappers if this machine will be used as an svnserve-based server. This new strategy differs from my older subversion-1.1.* and 1.0.* builds by *not* setting permissions or setgid privs unless explicitly told to do so. It also sets up wrappers for ALL executables not just svnserve (this is necessary to ensure svnadmin or svn .. file:/// operations don't alter permissions in a Berkely-based repository -- less critical on the new fsfs repositories but still a good idea). Before running svn_wrappers, make sure that you have the "svn" group already set up (typically in /etc/group). You can give it a different name or GID, but I suggest "svn" for the name and "800" for the GID. Then add each user that needs to be part of the svn group. An example /etc/group entry is: svn:x:800:larry,moe,curly Then run the svn_wrappers script in the same directory as your svn* binaries, typically /usr/local/bin: cd /usr/local/bin ./svn_wrappers You will be prompted for the name of your group, just hit if the default of "svn" is OK. It then moves each binary to .exe, creates a wrapper script with the binary name () to set the umask, then sets restrictive permissions on both the .exe and new wrapper script. The .exe gets permissions set with the SGID flag so that any new files created will default to being owned by your "svn" group. (You may remove this option if you feel it is a security hole by "chmod g-s svn*"). The svnserve wrapper will look for a system-wide config file, named either /etc/sysconfig/svnserve or /etc/svnserve. This config file can specify a different location for the SVNSERVE_EXE executable or add additional arguments to the svnserve command in SVNSERVE_ARGS, such as restricting the root directory: SVNSERVE_EXE="/some/other/path/to/svnserve.exe" SVNSERVE_ARGS="--root /var/opt/svnroot" Next, any existing repositories should have their permissions set so that ONLY users in the svn group will be able to read/write: REPOS=/path/to/repos chown -R root:svn $REPOS chmod -R o+rwX,g+rwX,o-rwx $REPOS find $REPOS -type d | xargs chmod g+s The last command adds the "setgid" bit on all repository directories, ensuring that any new files created in those directories are assigned the correct "svn" group.