Installing Trac and Subversion on Ubuntu Ibex

These are basically my notes from installing Trac and Subversion on an Ubuntu Intrepid Ibex server.

Install Software Packages

sudo aptitude install libapache2-mod-python libapache2-svn python-setuptools subversion python-subversion
sudo easy_install Trac

Create the Trac Environments Directory

sudo mkdir /var/lib/trac sudo chown www-data:www-data /var/lib/trac

Setup Apache2

Using the default Ubuntu Apache virtual server setup, create a virtual server instance for Trac. This single instance will be used for all Trac projects on the server.

sudo vi /etc/apache2/sites-available/trac.websitename.com

Your file will look a lot like the following. Use your website name instead of websitename.com and use a valid e-mail addressinstead of webmaster@websitename.com.

<VirtualHost *:80>
 ServerAdmin webmaster@websitename.com
 ServerName trac.websitename.com
 DocumentRoot /motuit/var/www/trac.websitename.com/public
 LogLevel warn
 ErrorLog /motuit/var/www/trac.websitename.com/logs/error.log
 CustomLog /motuit/var/www/trac.websitename.com/logs/combined.log combined
 # DirectoryIndex index.html
 
 
  SetHandler mod_python
  PythonInterpreter main_interpreter
  PythonHandler trac.web.modpython_frontend
  PythonOption TracEnvParentDir /var/lib/trac
  PythonOption TracUriRoot /projects
  PythonOption PYTHON_EGG_CACHE /tmp
 
 
 # use the following for one authorization for all projects 
 # (names containing "-" are not detected):
 
  AuthType Basic
  AuthName "trac"
  AuthUserFile /etc/apache2/htpassword.websitename.com
  Require valid-user
 
</VirtualHost>

Now, use the Debian/Ubuntu utility a2ensite to create a link in apache2/sites-enabled to the file you just created in apache2/sites-available. Then, reload apache2 to enable the new subdomain.

sudo a2ensite trac
sudo  /etc/init.d/apache2 reload

You will also need to create a DNS A record to point to the server for this subdomain, but this is outside the scope of this blog entry.

Create Trac and Subversion Environments

Here we will make directories and create the Subversion repositories.

sudo mkdir /var/lib/svn
sudo mkdir /usr/share/trac
sudo svnadmin create /var/lib/svn/project1
sudo svnadmin create /var/lib/svn/project2

Set some permissions:

sudo chown -R www-data /var/lib/svn
sudo chown -R www-data /usr/share/trac
sudo  /etc/init.d/apache2 reload

Set up Trac

sudo mkdir /var/lib/trac

Initialize Trac for one of your projects.

sudo trac-admin /var/lib/trac/project1 initenv

The utility will ask for:

Project Name [My Project]>: project1
Database connection string [sqlite:db/trac.db]>:
Repository type [svn]>:
Path to repository [/path/to/repos]>: /var/lib/svn/project1

Repeat the above for the following, substituting the project code for each:

sudo trac-admin /var/lib/trac/project2 initenv

sudo chown -R www-data /var/lib/trac

Get Subversion Running

Modify /etc/apache2/mods-available/dav_svn.conf

sudo vi /etc/apache2/mods-available/dav_svn.conf

  DAV svn
 
  SVNParentPath /var/lib/svn
  SVNListParentPath On
 
  AuthType Basic
  AuthName "Subversion Repository"
  AuthUserFile /etc/apache2/htpassword.websitename.com
 
  # To enable authorization via mod_authz_svn
  #AuthzSVNAccessFile /etc/apache2/dav_svn.authz
 
  
    Require valid-user
   
 

Install More aptitude packages for Trac plugins

Install some packages that will be needed.

sudo aptitude install build-essential graphviz
sudo aptitude install enscript
sudo aptitude install htmldoc

Using easy_install to Install more Trac Plugins

Because these are installed, you will be able to turn these on easily as Trac administrator.

sudo easy_install http://svn.edgewall.org/repos/genshi/trunk/
sudo easy_install http://trac-hacks.org/svn/accountmanagerplugin/trunk
sudo easy_install http://trac-hacks.org/svn/customfieldadminplugin/0.11
sudo easy_install http://trac-hacks.org/svn/eclipsetracplugin/tracrpcext/0.10
sudo easy_install http://trac-hacks.org/svn/iniadminplugin/0.11
sudo easy_install http://trac-hacks.org/svn/masterticketsplugin/0.11
sudo easy_install http://trac-hacks.org/svn/pagetopdfplugin/0.10/
sudo easy_install http://trac-hacks.org/svn/progressmetermacro/0.11
sudo easy_install http://trac-hacks.org/svn/ticketdeleteplugin/0.11
sudo easy_install http://trac-hacks.org/svn/tracwysiwygplugin/0.11
sudo easy_install http://wikinotification.ufsoft.org/svn/trunk

Ubuntu: Open Terminal from Nautilus

This will allow you to open a Terminal instance in context in Nautilus.

sudo aptitude install nautilus-open-terminal

You will need to restart Gnome for it to take effect. Note that all you user programs will be terminated...so save data first. Then either use , or:

sudo /etc/init.d/gdm restart

And Bob's your uncle. Now you can right-click and open a Terminal.

Basic Password Protection for Apache Webpage

This is the bare bones basics to protect a web page or series of pages on an Apache web server.

.htaccess file

AuthName "SectionName" AuthType Basic AuthUserFile /full/path/to/.htpasswd Require valid-user

Replace SectionName with the name of what you are protecting (in and below the directory that you are putting the .htaccess file in. Example: My Web Site

Replace /full/path/to/.htpassword with the actual full path to the .htpassword file you created.

.htpassword file

username:encryptedPassword

Replace encryptedPassword with your choice of password encrypted with the htpasswd program that came with Apache. Use man htpassword for instructions.

You can then access the page with the normal address...in which case it will ask for the username and password, or you can use this:

http://username:password@website.com/page

Using Public/Private Key Pairs with SSH

This is one of those subjects that is a little difficult to convey clearly. It is a logical process and not difficult...but it is precise in the sense that certain files must be correct, be in the right places and have correct permissions. I've organized these instructions in three parts, key generation; local (client) side setup; remote(server) side setup.

For more information about public/private keys, see the Wikipedia article.

1. Generating a Public/Private key Pair

The private key will be named whatever you specified and the public key will have that name appended with ".pub". These keys will be located in the ~.ssh directory. For example, using the default name for a dsa key pair, the files will be "id_dsa" and "id_dsa.pub". Always keep the private key private. The public key is not secret and can be put in unsecure locations.

You need to generate the correct type of key for the remote system you are dealing with. In this article, we are using a dsa type key as an example. If the remote system requires an rsa key pair, generate an rsa pair instead.

To generate dsa key pair:

ssh-keygen -t dsa

The program will ask a series of prompted questions. For our purposes, it is Ok to just keep pressing the enter key for the defaults. The generated keys will be stored in your ~/.ssh directory. See the generated keys with:

ls -l ~/.ssh

2. Setup on the Local Side

Ensure Correct Permissions

chmod 700 ~/.ssh
chmod 600 ~/.ssh/*


If directory or filename permissions are not correct, ssh will fail to use the keys.

Create a config File

For each remote system, create a multi-line entry in the ~.ssh/config text file. You can create this file using your favorite editor, vi for example. File contents (one group per server, one group shown):

Host friendly_server_name_here
HostName ip_number_here
IdentityFile ~/.ssh/id_dsa
PasswordAuthentication no
Port 22
User your_username_on_remote_here


Of course, replace the three bolded items with your information for your accounts.

Give the config file the correct permissions:

chmod 600 ~/.ssh/config

3. Setup on the Remote Side

Copy the public key file you generated from your local machine to the remote machine's .ssh directory:

scp ~/.ssh/id_dsa.pub username@servername:~/.ssh

Log in the remote machine for the next operations:

ssh username@servername

Append the contents of your public key file to ~/.ssh/the authorized_keys file:

cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

Actually, the ~/.ssh/id_dsa.pub file does not need to be there, just appended to the ~/.ssh/authorized_keys file. It was just convenient to do it this way. Ensure Correct Permissions

chmod 700 ~/.ssh chmod 600 ~/.ssh/*

Done!

Now you can login to the remote system with:

ssh username@servername

...and not need to enter a password!

Padding a Numeric in Bash

I needed to pad a day of the month value to 2 places in a bash script.

This is made easy by the GNU program printf, which is part of standard distributions of Linux. In the following script snippet, the current day of the month is passed from the command invocation (or, if not specified, defaulted to the current day). It is then zero-padded with printf.

TODAY=$(date +%d) if [[ "$1" != "" ]]; then TODAY=$1 fi TODAY=$(printf "%02d" $TODAY) # Zero pad day.