Forge Overview and Subversion Services¶
- Table of contents
- Forge Overview and Subversion Services
Single Signon¶All users log in at typo3.org and use single-signon from there to log into forge.
- The SSO Adapter which creates the users in the local database resides in /var/www/vhosts/forge.typo3.org/home/sso/redmine_sso.php
- The password is transferred to forge.typo3.org with SSO as well, and stored in encrypted form.
HTTP Authentication with Single-Signon¶
- SVN uses the same login credentials as typo3.org. That's why we needed a method to check a http authentication against an external database. To our rescue came mod_auth_external, which provides us exactly that.
- mod_auth_external uses a script residing in /home/forge/svn-helpers/apache-svn-authenticator.php which checks the usernames and passwords against the redmine database.
- With the following snippet in an htaccess file, you can enable external authentication against this database:
AuthType Basic AuthName Administration AuthBasicProvider external AuthExternal forge-auth Require user Enter-Users-Here
Redmine live and development instance¶
The redmine development instance uses a different database than the live instance. It is reachable at http://devel.forge.typo3.org. As the devel instance uses the encrypted usernames and passwords stored in the forge database, everybody who at least logged in once on forge can log in on the development instance.
Steps for a change¶
- first change the things you need in /var/rails/devel.forge.typo3.org.
- If the change is ready and well-tested, commit the change to git by doing git commit -a
- Update the live (/var/rails/forge.typo3.org) instance with git pull and restart the live instance with touch /var/rails/forge.typo3.org/tmp/restart.txt
- Check that the live instance still works and the new feature runs
How to update Redmine on forge¶
- first, go to devel.forge.typo3.org, i.e. /var/rails/devel.forge.typo3.org
- then do a "svn update" -- the changes are pulled from the redmine SVN repository.
- Look for conflicts, and review the changes with "git diff"
- if all is fine, commit the changes with "git commit -a"
- then, do the same as above ("How to change something on forge")
- We use several SVN repositories which are all located in subdirectories of /var/svn.
- The subdirectories correspond to the structure below.
- If you browse https://svn.typo3.org, the first directories are delivered from the apache server.
- If the user clicks on a link where a repository is located (f.e. https://forge.typo3.org/TYPO3v4) mod_svn kicks in and answers the request.
- This is configured in /usr/local/etc/apache22/vhosts.d/svn.conf
(Bold entries are SVN repositories)
- As the authentication of users is done through mod_auth_external (explained above), we only have to care about per-directory access control for the users.
- Every repository has an authz file in conf/authz which is being managed by redmine.
- Do not change this file by hand, as it is completely rewritten on changes by redmine!
- If somebody joins a project or gets a role assigned which is either Member or Leader, then all authz files are automatically written.
- TODO - explain more
Redmine SVN-Plugin (flow_svn_permission)¶
- Caused by the fact that this is an open source project you can download the redmine-plugin and all other stuff that is needed for integrating subversion control in redmine: