source: archive/cvsserver.xml@ acb648f

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
  <!ENTITY % general-entities SYSTEM "../../general.ent">
  %general-entities;

]>

<sect1 id="cvsserver" xreflabel="Running a CVS Server">
  <?dbhtml filename="cvsserver.html"?>

  <sect1info>
    <date>$Date$</date>
  </sect1info>

  <title>Running a CVS Server</title>

  <sect2 role="package">
    <title>Running a CVS Server</title>

    <para>This section will describe how to set up, administer and secure
    a CVS server.</para>

    <bridgehead renderas="sect3">CVS Server Dependencies</bridgehead>

    <bridgehead renderas="sect4">Required</bridgehead>
    <para><xref linkend="cvs"/> and
    <xref linkend="openssh"/></para>

  </sect2>

  <sect2 role="configuration">
    <title>Setting up a CVS Server.</title>

    <para>A CVS server will be set up using OpenSSH as the remote access
    method. Other access methods, including :pserver: and :server: will
    not be used for write access to the CVS repository. The :pserver:
    method sends clear text passwords over the network and the :server:
    method is not supported in all CVS ports. Instructions for anonymous,
    read only CVS access using :pserver: can be found at the end of this
    section.</para>

    <para>Configuration of the CVS server consists of four
    steps:</para>

    <sect3>
      <title>1. Create a Repository.</title>

      <para>Create a new CVS repository with the following
      commands:</para>

<screen role="root"><userinput>mkdir          /srv/cvsroot &amp;&amp;
chmod 1777     /srv/cvsroot &amp;&amp;
export CVSROOT=/srv/cvsroot &amp;&amp;
cvs init</userinput></screen>

    </sect3>

    <sect3>
      <title>2. Import Source Code Into the Repository.</title>

      <para>Import a source module into the repository with the following
      commands, issued from a user account on the same machine as the
      CVS repository:</para>

<screen><userinput>cd <replaceable>&lt;sourcedir&gt;</replaceable> &amp;&amp;
cvs import -m "<replaceable>&lt;repository test&gt;</replaceable>" <replaceable>&lt;cvstest&gt;</replaceable> <replaceable>&lt;vendortag&gt;</replaceable> <replaceable>&lt;releasetag&gt;</replaceable></userinput></screen>

    </sect3>

    <sect3>
      <title>3. Verify Local Repository Access.</title>

      <para>Test access to the CVS repository from the same user
      account with the following command:</para>

<screen><userinput>cvs co cvstest</userinput></screen>

    </sect3>

    <sect3>
      <title>4. Verify Remote Repository Access.</title>

      <para>Test access to the CVS repository from a remote machine using
      a user account that has <command>ssh</command> access to the CVS
      server with the following commands:</para>

      <note>
        <para>Replace <replaceable>&lt;servername&gt;</replaceable> with the
        IP address or host name of the CVS repository machine. You will
        be prompted for the user's shell account password before CVS
        checkout can continue.</para>
      </note>

<screen><userinput>export CVS_RSH=/usr/bin/ssh &amp;&amp;
cvs -d:ext:<replaceable>&lt;servername&gt;</replaceable>:/srv/cvsroot co cvstest</userinput></screen>

    </sect3>

  </sect2>

  <sect2 id='cvsserver-config' role="configuration">
    <title>Configuring CVS for Anonymous Read Only Access.</title>

    <para>CVS can be set up to allow anonymous read only access using the
    :pserver: method by logging on as <systemitem class="username">root</systemitem>
    and executing the following commands:</para>

<screen role="root"><userinput>(grep anonymous /etc/passwd || useradd anonymous -s /bin/false -u 98) &amp;&amp;
echo anonymous: &gt; /srv/cvsroot/CVSROOT/passwd &amp;&amp;
echo anonymous &gt; /srv/cvsroot/CVSROOT/readers</userinput></screen>

<!--    <para>If you use <command>inetd</command>, the following command
    will add the <application>CVS</application> entry to
    <filename>/etc/inetd.conf</filename>:</para>

<screen role="root"><userinput>echo "2401  stream  tcp  nowait  root  /usr/bin/cvs cvs -f \
    - -allow-root=/srv/cvsroot pserver" &gt;&gt; /etc/inetd.conf</userinput></screen>

    <indexterm zone="cvsserver cvsserver-config">
      <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary>
    </indexterm>

    <para>Issue a <command>killall -HUP inetd</command> to reread the changed
    <filename>inetd.conf</filename> file.</para>
-->
<!--
    <para>If you use <command>xinetd</command>, the following command will create
    the CVS file as <filename>/etc/xinetd.d/cvspserver</filename>:</para>

<screen role="root"><userinput>cat &gt;&gt; /etc/xinetd.d/cvspserver &lt;&lt; "EOF"
<literal># Begin /etc/xinetd.d/cvspserver

     service cvspserver
     {
          port        = 2401
          socket_type = stream
          protocol    = tcp
          wait        = no
          user        = root
          passenv     = PATH
          server      = /usr/bin/cvs
          server_args = -f - -allow-root=/srv/cvsroot pserver
     }

# End /etc/xinetd.d/cvspserver</literal>
EOF</userinput></screen>

    <indexterm zone="cvsserver cvsserver-config">
      <primary sortas="e-etc-xinetd.d-cvspserver">/etc/xinetd.d/cvspserver</primary>
    </indexterm>

    <para>Issue a <command>/etc/rc.d/init.d/xinetd reload</command> to reread
    the changed <filename>xinetd.conf</filename> file.</para>
-->
    <para>Testing anonymous access to the new repository requires an account
    on another machine that can reach the CVS server via network. No account
    on the CVS repository is needed. To test anonymous access to the CVS
    repository, log in to another machine as an unprivileged user and execute
    the following command:</para>

<screen><userinput>cvs -d:pserver:anonymous@<replaceable>&lt;servername&gt;</replaceable>:/srv/cvsroot co cvstest</userinput></screen>

    <note>
      <para>Replace <replaceable>&lt;servername&gt;</replaceable> with the
      IP address or hostname of the CVS server.</para>
    </note>

  </sect2>

  <sect2 role="commands">
    <title>Command Explanations</title>

    <para><command>mkdir /srv/cvsroot</command>: Create the CVS
    repository directory.</para>

    <para><command>chmod 1777 /srv/cvsroot</command>: Set sticky bit
    permissions for <envar>CVSROOT</envar>.</para>

    <para><command>export CVSROOT=/srv/cvsroot</command>: Specify new
    <envar>CVSROOT</envar> for all <command>cvs</command> commands.</para>

    <para><command>cvs init</command>: Initialize the new CVS
    repository.</para>

    <para><command>cvs import -m "repository test" cvstest vendortag
    releasetag</command>: All source code modules must be imported into the
    CVS repository before use, with the <command>cvs import</command> command.
    The <option>-m</option> flags specifies an initial descriptive entry for
    the new module. The <option>cvstest</option> parameter is the name used
    for the module in all subsequent <command>cvs</command> commands. The
    <option>vendortag</option> and <option>releasetag</option> parameters are
    used to further identify each CVS module and are mandatory whether used
    or not.</para>

    <para><command>(grep anonymous /etc/passwd || useradd anonymous -s
    /bin/false -u 98)</command>: Check for an existing <systemitem
    class="username">anonymous</systemitem> user and create one if not
    found.</para>

    <para><command>echo anonymous: &gt; /srv/cvsroot/CVSROOT/passwd</command>:
    Add the <systemitem class="username">anonymous</systemitem> user to the
    CVS passwd file, which is unused for anything else in this
    configuration.</para>

    <para><command>echo anonymous &gt; /srv/cvsroot/CVSROOT/readers</command>:
    Add the <systemitem class="username">anonymous</systemitem> user to the
    CVS readers file, a list of users who have read only access to the
    repository.</para>

  </sect2>

  <sect2 role="content">
    <title>Contents</title>

    <segmentedlist>
      <segtitle>Installed Programs</segtitle>
      <segtitle>Installed Libraries</segtitle>
      <segtitle>Installed Directories</segtitle>

      <seglistitem>
        <seg>None</seg>
        <seg>None</seg>
        <seg>/srv/cvsroot</seg>
      </seglistitem>
    </segmentedlist>

  </sect2>

</sect1>