This article discusses creating a development environment for a development project, so that it is useable for your own work, but accessible from the outset as an open Free Software project with all that implies. The assumption is that you will be the only person with shell access to the environment, and all other users will come via the web. It's not impossible to do it differently, but we have to start somewhere!
I'll assume that you control your own subdomain names :-) because that's how I do my own projects … and that your own webserver reliably connected to the Internet. If you don't, why not just go and use SourceForge/Savannah/RubyForge or another fine and free service?
You need to know (and preferably understand) a few key items of data; your own user and group IDs (from the id command) and the user and group ID of the webserver (from the httpd.conf file, or perhaps from ps). Also the location of Trac's templates/static HTML.
Choose somewhere for your project to live – this will be the development environment, and will be open to the public via the webserver. Create a new subdirectory for it, and in there create a ‘log’ directory, with sufficient permissions to be written to by all your apps.
Within the project directory (referred to as $PROJ from now on to save my typing!), we need to create a new, empty subversion repository. To do this, run the command
svnadmin create $PROJ/svn
Now we need to establish the trunk/tags/branches structure that will be essential later in your project (i.e. when you get to milestone releases). Create a temporary directory somewhere, i.e. /tmp/newsvn. Go there and create three subdirectories called, unsurprisingly, “branches” “tags” and “trunk”. Then import those directories into svn :-
svn import /tmp/newsvn file://$PROJ/svn -m "initial import"
Now you have proved that your user can update the Subversion repository.
Setting up the initial Trac environment comes next. In $PROJ, do
trac-admin initenv <projectname> trac <templatepath>
Under a Debian style system, the templatepath will probably be /usr/share/trac/htdocs.
Both Trac and Subversion should have some restrictions placed on their activities, based on username/password. These should be stored in an htpasswd file in $PROJ
htpasswd -cb $PROJ/htpasswd username password
Now we'll set up Apache to grant access to yourTrac instance. I'd suggest an entire virtual host for this, with a name of trac.projectname.domain.
<VirtualHost IPAddress>
ServerName trac.project.domain
DocumentRoot $PROJ/trac
CustomLog $PROJ/log/trac-apache-access.log combined
ErrorLog $PROJ/log/trac-apache-error.log
SetEnv TRAC_ENV "$PROJ/trac"
# Allow access to the Trac static files
Alias /trac/ /usr/share/trac/htdocs/
<Directory /usr/share/trac/htdocs>
AllowOverride None
Order allow,deny
Allow from all
</Directory>
# Route "/" to the Trac cgi processor
ScriptAliasMatch ^/(.*) /usr/share/trac/cgi-bin/trac.cgi/$1
# Set security on the login page, which allows Trac to use HTTP
# Auth as the mechanism for user authentication
<Location "/login">
AuthType Basic
AuthName "GreenTree Trac"
AuthUserFile $PROJ/htpasswd
Require valid-user
</Location>
</VirtualHost>
The set_env declaration is necessary for Trac to know where your environment lives, and the ScriptAliasMatch maps all access into the domain to the trac.cgi. Alias /trac overrides the script alias, so the static HTML and CSS files can be accessed – and the /login authentication makes it possible for you to log in to Trac.
In order for Trac to make changes, which is pretty much the whole point, you have to grant write access for the apache user to the trac/db subdirectory. In order to keep easy access to the directory yourself (via the trac-admin command) you do too …
The suggested mechanism for this is to add group write permissions to the directory and contents, and then chown the it to be owned by the apache user (perhaps www-data).
cd $PROJ chmod -R g+w $PROJ/trac/db sudo chown -R www-data $PROJ/trac/db
Now you have to grant your authenticated user rights to alter Trac, so use trac-admin to add overall administration rights.
cd $PROJ trac-admin trac permission add username TRAC_ADMIN
We have successfully accessed Subversion from the local filesystem, so now it's time to ask Apache2 to use the WebDAV module to grant access over HTTP.
<VirtualHost IPAddress>
ServerName svn.project.domain
DocumentRoot $PROJ/svn
CustomLog $PROJ/log/svn-apache-access.log combined
ErrorLog $PROJ/log/svn-apache-error.log
<Directory $PROJ/svn>
AllowOverride All
Options MultiViews -Indexes Includes FollowSymlinks
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
# WebDAV access
<Location />
DAV svn
SVNPath $PROJ/svn
AuthType Basic
AuthName "GreenTree svn"
AuthUserFile $PROJ/htpasswd
# Allow read-only access to anyone, otherwise require
# authentication
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
</VirtualHost>
The LimitExcept will grant read-only access (the GET, PROPFIND, OPTIONS and REPORT subversion commands) to anyone; any other command will need the user to provide authentication (a username and password).
In the same way that the Trac db needed to writeable by the web server user, the whole Subversion repository needs to be writeable, if you intend to accept checkins from contributors. You still need to be able to write directly to the files yourself, so once again :-
chmod -R g+w $PROJ/svn sudo chown -R www-data $PROJ/svn
You now have a nice Trac install that can be used by the outside world, and a Subversion repository you can work on, that can also be read by the outside world. If you add users to the htpassword file, they will gain write permission over the repository, and can have other permissions granted over the Trac systam as you choose.
Enjoy!