Trac on Mac OS X 10.5 Leopard Server

The following instructions were developed based on the notes at ​http://sonzea.com/articles/subversion-trac.html

In order to get Trac with SVN running on Leopard, I followed the following steps:

1. Create a user account (subversion) for file storage and enable sudo.
   • Use the Workgroup Manager application and create the user "Subversion" (with short name "subversion")
   • Log in as an Administrator and edit the sudo file (using sudo visudo)
2. Set up a simple test SVN repository.

    % cd /Users/subversion; svnadmin create test-repo
   

3. Test that the SVN repository works

    % cd /tmp
    % svn co file:///Users/subversion/test-repo
    % cd test-repo
    % svn mkdir tags branches trunk
    % svn ci -m "Initial structure"
   

4. With that simple repository, time to set up apache to get HTTP access to this (via DAV). Later, this will facilitate moving the HTTP-based authentication against the Mac OS X server directory. To do this, create a file httpd-subversion.conf in /private/etc/apache2/extra with the following contents:

    DavLockDB var/DavLock
    LoadModule dav_svn_module     libexec/apache2/mod_dav_svn.so
    LoadModule authz_svn_module   libexec/apache2/mod_authz_svn.so
   
    <Location /test-repo>
       DAV svn
       SVNPath /Users/subversion/test-repo
    </Location>
   

Note 1: If you change the name or location of your repository be aware to change also the tag name. For example if now the location's name is "repository" instead of "test-repo" the xml tags should look like this:

 <Location /repository>
 ...
 </Location>

Note 2: Alternatively you can remove the 2nd and 3rd lines and enable those two modules through the Server Admin application.

1. Add in a line into the httpd.conf file right after the SSL lines that reads:

      #
      # Subversion 
      Include /private/etc/apache2/extra/httpd-subversion.conf
      # End of Subversion
      #
   

2. Restart apache and verify access to http://localhost/test-repo

    sudo apachectl graceful-stop
    sudo apachectl start
   

3. Using Server Admin, enable SSL and restart Apache. This creates the required SSL files. Make sure also that mod_dav and mod_dav_fs are enabled.
4. Enable access via both port 80 and 443 by changing /etc/apache2/sites/virtual_host_global.conf to end with:

      Listen *:80
      Listen *:443
   

5. Ensure that there are both 0000_any_80_.conf and 0000_any_443_.conf` files. If either are *.conf.default, rename them, and then restart apache

    % mv 0000_any_80_.conf.default 0000_any_80_.conf
    % mv 0000_any_443_.conf.default 0000_any_443_.conf
    % sudo apachectl graceful-stop
    % sudo apachectl start
   

6. Check SSL operation, by going to https://localhost/ and http://localhost/
7. Change the SVN repository to require SSL, by adding the following lines in the httpd-subversion.conf

    SSLRequireSSL
   

8. Now, make subversion require a valid user, validated against the Open Directory accounts using apple_auth_module (mod_auth_apple.so). Change extra/httpd-subversion.conf to the following, restart apache and test again.

   DavLockDB var/DavLock
   
   LoadModule auth_basic_module libexec/apache2/mod_auth_basic.so
   
   LoadModule dav_module           libexec/apache2/mod_dav.so
   LoadModule dav_fs_module        libexec/apache2/mod_dav_fs.so
   LoadModule dav_svn_module       libexec/apache2/mod_dav_svn.so
   LoadModule authz_svn_module     libexec/apache2/mod_authz_svn.so
   LoadModule apple_auth_module    libexec/apache2/mod_auth_apple.so
   <Location /test-repo>
       DAV svn
       SVNPath /Users/subversion/test-repo
       AuthType Basic
       AuthName "SVN Repository"
       AuthUserFile /dev/null
       AuthBasicAuthoritative Off
       Require valid-user
       SSLRequireSSL
   </Location>
   

   Note: Again, the modules can be alternatively enabled through Server Admin. Also, sometimes auth_basic_module won't be enabled by default which will make apache startup to fail.
9. To install TRAC, download trac 0.11b1 from ​http://trac.edgewall.org, unpack, and install:

    % gunzip Trac-0.11b1.tar.gz
    % tar xf Trac-0.11b1.tar
    % cd Trac-0.11b1
    % sudo python ./setup.py install
   

10. Create a trac environment

     % trac-admin /Users/subversion/trac initenv
     % sudo chown -R www /Users/subversion/trac
    

11. Test this trac environment is running, by using the tracd first. Since the directory is now owned by www, the sudo is required. Use Safari to check this by opening ​http://localhost:8000

     % sudo tracd --port 8000 /Users/subversion/trac
    

12. To set up TRAC to run under Apache (so we can get a single authentication system in place), we need to create httpd-fastcgi.conf under /private/etc/apache2/extra with the following content:

    LoadModule fastcgi_module libexec/apache2/mod_fastcgi.so
    
    # Enable FastCGI for .fcgi files
    <IfModule fastcgi_module>
        AddHandler fastcgi-script .fcgi
        FastCgiIpcDir /var/run/fastcgi
    </IfModule>
    

13. Configure apache to react to /trac references using fastcgi with the following content in httpd-trac.conf (also in /private/etc/apache2/extra

    #
    ScriptAlias /trac /Users/subversion/Trac-0.11b1/cgi-bin/trac.fcgi
    FastCgiConfig -initial-env TRAC_ENV=/Users/subversion/trac
    
    <Location "/trac">
        SetEnv TRAC_ENV "/Users/subversion/trac"
        SSLRequireSSL
    </Location>
    
    <Directory "/Users/subversion/Trac-0.11b1/cgi-bin">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    </Directory>
    

14. Modify httpd.conf to include these files, adding the following lines just below the line for subversion (as added above)

    ##
    ## TRAC
    ##
    Include /private/etc/apache2/extra/httpd-fastcgi.conf
    Include /private/etc/apache2/extra/httpd-trac.conf
    ##
    ## End of TRAC changes
    ###
    

15. Test this by restarting apache and accessing http://localhost/trac
16. Modify TRAC to require an authenticated user. Change the content in httpd-trac.conf (in /private/etc/apache2/extra) to that shown below and restart apache:

    #
    ScriptAlias /trac /Users/subversion/Trac-0.11b1/cgi-bin/trac.fcgi
    FastCgiConfig -initial-env TRAC_ENV=/Users/subversion/trac
    
    <Location "/trac">
        SetEnv TRAC_ENV "/Users/subversion/trac"
        AuthType Basic
        AuthName "SVN Repository"
        AuthuserFile /dev/null
        AuthBasicAuthoritative Off
        Require valid-user
        SSLRequireSSL
    </Location>
    
    <Directory "/Users/subversion/Trac-0.11b1/cgi-bin">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    </Directory>
    

17. To enable the WebAdmin page to all authenticated users, use the following commands:

     % sudo trac-admin /Users/subversion/trac
        > permission add authenticated TRAC_ADMIN
        > quit
    

Notes

I had some trouble with the permissions on the /private/var/run/fastcgi directory. OSX seemed to keep repairing the permissions on this folder after I has changed them so apache could write to it. I solved it by pointing it to /tmp/fastcgi instead. see ​http://www.astro.northwestern.edu/AstCCwiki/index.php?title=OS_X_Server_Administration#Install_the_necessary_components for details.

10.5.3 under Apache troubleshooting:

After a clean install of 10.5.3, I was having trouble getting Trac to run under Apache. The standalone server worked fine, but trying to run it under Apache would yield a 500 error.

The problem turned out to be that Python couldn't extract to the default Python egg cache (because the default folder didn't exist). This fixed it:

   > mkdir /Library/WebServer/.python-eggs
   > chown -R _www:_www /Library/WebServer/.python-eggs

Alternatively you could change the PYTHON_EGG_CACHE environment variable to a different directory.