1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
---|
3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
---|
4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
5 | %general-entities;
|
---|
6 |
|
---|
7 | ]>
|
---|
8 |
|
---|
9 | <sect1 id="cvsserver" xreflabel="Running a CVS Server">
|
---|
10 | <?dbhtml filename="cvsserver.html"?>
|
---|
11 |
|
---|
12 |
|
---|
13 | <title>Running a CVS Server</title>
|
---|
14 |
|
---|
15 | <sect2 role="package">
|
---|
16 | <title>Running a CVS Server</title>
|
---|
17 |
|
---|
18 | <para>This section will describe how to set up, administer and secure
|
---|
19 | a CVS server.</para>
|
---|
20 |
|
---|
21 | <bridgehead renderas="sect3">CVS Server Dependencies</bridgehead>
|
---|
22 |
|
---|
23 | <bridgehead renderas="sect4">Required</bridgehead>
|
---|
24 | <para><xref linkend="cvs"/> and
|
---|
25 | <xref linkend="openssh"/></para>
|
---|
26 |
|
---|
27 | </sect2>
|
---|
28 |
|
---|
29 | <sect2 role="configuration">
|
---|
30 | <title>Setting up a CVS Server.</title>
|
---|
31 |
|
---|
32 | <para>A CVS server will be set up using OpenSSH as the remote access
|
---|
33 | method. Other access methods, including :pserver: and :server: will
|
---|
34 | not be used for write access to the CVS repository. The :pserver:
|
---|
35 | method sends clear text passwords over the network and the :server:
|
---|
36 | method is not supported in all CVS ports. Instructions for anonymous,
|
---|
37 | read only CVS access using :pserver: can be found at the end of this
|
---|
38 | section.</para>
|
---|
39 |
|
---|
40 | <para>Configuration of the CVS server consists of four
|
---|
41 | steps:</para>
|
---|
42 |
|
---|
43 | <sect3>
|
---|
44 | <title>1. Create a Repository.</title>
|
---|
45 |
|
---|
46 | <para>Create a new CVS repository with the following
|
---|
47 | commands:</para>
|
---|
48 |
|
---|
49 | <screen role="root"><userinput>mkdir /srv/cvsroot &&
|
---|
50 | chmod 1777 /srv/cvsroot &&
|
---|
51 | export CVSROOT=/srv/cvsroot &&
|
---|
52 | cvs init</userinput></screen>
|
---|
53 |
|
---|
54 | </sect3>
|
---|
55 |
|
---|
56 | <sect3>
|
---|
57 | <title>2. Import Source Code Into the Repository.</title>
|
---|
58 |
|
---|
59 | <para>Import a source module into the repository with the following
|
---|
60 | commands, issued from a user account on the same machine as the
|
---|
61 | CVS repository:</para>
|
---|
62 |
|
---|
63 | <screen><userinput>cd <replaceable><sourcedir></replaceable> &&
|
---|
64 | cvs import -m "<replaceable><repository test></replaceable>" <replaceable><cvstest></replaceable> <replaceable><vendortag></replaceable> <replaceable><releasetag></replaceable></userinput></screen>
|
---|
65 |
|
---|
66 | </sect3>
|
---|
67 |
|
---|
68 | <sect3>
|
---|
69 | <title>3. Verify Local Repository Access.</title>
|
---|
70 |
|
---|
71 | <para>Test access to the CVS repository from the same user
|
---|
72 | account with the following command:</para>
|
---|
73 |
|
---|
74 | <screen><userinput>cvs co cvstest</userinput></screen>
|
---|
75 |
|
---|
76 | </sect3>
|
---|
77 |
|
---|
78 | <sect3>
|
---|
79 | <title>4. Verify Remote Repository Access.</title>
|
---|
80 |
|
---|
81 | <para>Test access to the CVS repository from a remote machine using
|
---|
82 | a user account that has <command>ssh</command> access to the CVS
|
---|
83 | server with the following commands:</para>
|
---|
84 |
|
---|
85 | <note>
|
---|
86 | <para>Replace <replaceable><servername></replaceable> with the
|
---|
87 | IP address or host name of the CVS repository machine. You will
|
---|
88 | be prompted for the user's shell account password before CVS
|
---|
89 | checkout can continue.</para>
|
---|
90 | </note>
|
---|
91 |
|
---|
92 | <screen><userinput>export CVS_RSH=/usr/bin/ssh &&
|
---|
93 | cvs -d:ext:<replaceable><servername></replaceable>:/srv/cvsroot co cvstest</userinput></screen>
|
---|
94 |
|
---|
95 | </sect3>
|
---|
96 |
|
---|
97 | </sect2>
|
---|
98 |
|
---|
99 | <sect2 id='cvsserver-config' role="configuration">
|
---|
100 | <title>Configuring CVS for Anonymous Read Only Access.</title>
|
---|
101 |
|
---|
102 | <para>CVS can be set up to allow anonymous read only access using the
|
---|
103 | :pserver: method by logging on as <systemitem class="username">root</systemitem>
|
---|
104 | and executing the following commands:</para>
|
---|
105 |
|
---|
106 | <screen role="root"><userinput>(grep anonymous /etc/passwd || useradd anonymous -s /bin/false -u 98) &&
|
---|
107 | echo anonymous: > /srv/cvsroot/CVSROOT/passwd &&
|
---|
108 | echo anonymous > /srv/cvsroot/CVSROOT/readers</userinput></screen>
|
---|
109 |
|
---|
110 | <!-- <para>If you use <command>inetd</command>, the following command
|
---|
111 | will add the <application>CVS</application> entry to
|
---|
112 | <filename>/etc/inetd.conf</filename>:</para>
|
---|
113 |
|
---|
114 | <screen role="root"><userinput>echo "2401 stream tcp nowait root /usr/bin/cvs cvs -f \
|
---|
115 | - -allow-root=/srv/cvsroot pserver" >> /etc/inetd.conf</userinput></screen>
|
---|
116 |
|
---|
117 | <indexterm zone="cvsserver cvsserver-config">
|
---|
118 | <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary>
|
---|
119 | </indexterm>
|
---|
120 |
|
---|
121 | <para>Issue a <command>killall -HUP inetd</command> to reread the changed
|
---|
122 | <filename>inetd.conf</filename> file.</para>
|
---|
123 | -->
|
---|
124 | <!--
|
---|
125 | <para>If you use <command>xinetd</command>, the following command will create
|
---|
126 | the CVS file as <filename>/etc/xinetd.d/cvspserver</filename>:</para>
|
---|
127 |
|
---|
128 | <screen role="root"><userinput>cat >> /etc/xinetd.d/cvspserver << "EOF"
|
---|
129 | <literal># Begin /etc/xinetd.d/cvspserver
|
---|
130 |
|
---|
131 | service cvspserver
|
---|
132 | {
|
---|
133 | port = 2401
|
---|
134 | socket_type = stream
|
---|
135 | protocol = tcp
|
---|
136 | wait = no
|
---|
137 | user = root
|
---|
138 | passenv = PATH
|
---|
139 | server = /usr/bin/cvs
|
---|
140 | server_args = -f - -allow-root=/srv/cvsroot pserver
|
---|
141 | }
|
---|
142 |
|
---|
143 | # End /etc/xinetd.d/cvspserver</literal>
|
---|
144 | EOF</userinput></screen>
|
---|
145 |
|
---|
146 | <indexterm zone="cvsserver cvsserver-config">
|
---|
147 | <primary sortas="e-etc-xinetd.d-cvspserver">/etc/xinetd.d/cvspserver</primary>
|
---|
148 | </indexterm>
|
---|
149 |
|
---|
150 | <para>Issue a <command>/etc/rc.d/init.d/xinetd reload</command> to reread
|
---|
151 | the changed <filename>xinetd.conf</filename> file.</para>
|
---|
152 | -->
|
---|
153 | <para>Testing anonymous access to the new repository requires an account
|
---|
154 | on another machine that can reach the CVS server via network. No account
|
---|
155 | on the CVS repository is needed. To test anonymous access to the CVS
|
---|
156 | repository, log in to another machine as an unprivileged user and execute
|
---|
157 | the following command:</para>
|
---|
158 |
|
---|
159 | <screen><userinput>cvs -d:pserver:anonymous@<replaceable><servername></replaceable>:/srv/cvsroot co cvstest</userinput></screen>
|
---|
160 |
|
---|
161 | <note>
|
---|
162 | <para>Replace <replaceable><servername></replaceable> with the
|
---|
163 | IP address or hostname of the CVS server.</para>
|
---|
164 | </note>
|
---|
165 |
|
---|
166 | </sect2>
|
---|
167 |
|
---|
168 | <sect2 role="commands">
|
---|
169 | <title>Command Explanations</title>
|
---|
170 |
|
---|
171 | <para><command>mkdir /srv/cvsroot</command>: Create the CVS
|
---|
172 | repository directory.</para>
|
---|
173 |
|
---|
174 | <para><command>chmod 1777 /srv/cvsroot</command>: Set sticky bit
|
---|
175 | permissions for <envar>CVSROOT</envar>.</para>
|
---|
176 |
|
---|
177 | <para><command>export CVSROOT=/srv/cvsroot</command>: Specify new
|
---|
178 | <envar>CVSROOT</envar> for all <command>cvs</command> commands.</para>
|
---|
179 |
|
---|
180 | <para><command>cvs init</command>: Initialize the new CVS
|
---|
181 | repository.</para>
|
---|
182 |
|
---|
183 | <para><command>cvs import -m "repository test" cvstest vendortag
|
---|
184 | releasetag</command>: All source code modules must be imported into the
|
---|
185 | CVS repository before use, with the <command>cvs import</command> command.
|
---|
186 | The <option>-m</option> flags specifies an initial descriptive entry for
|
---|
187 | the new module. The <option>cvstest</option> parameter is the name used
|
---|
188 | for the module in all subsequent <command>cvs</command> commands. The
|
---|
189 | <option>vendortag</option> and <option>releasetag</option> parameters are
|
---|
190 | used to further identify each CVS module and are mandatory whether used
|
---|
191 | or not.</para>
|
---|
192 |
|
---|
193 | <para><command>(grep anonymous /etc/passwd || useradd anonymous -s
|
---|
194 | /bin/false -u 98)</command>: Check for an existing <systemitem
|
---|
195 | class="username">anonymous</systemitem> user and create one if not
|
---|
196 | found.</para>
|
---|
197 |
|
---|
198 | <para><command>echo anonymous: > /srv/cvsroot/CVSROOT/passwd</command>:
|
---|
199 | Add the <systemitem class="username">anonymous</systemitem> user to the
|
---|
200 | CVS passwd file, which is unused for anything else in this
|
---|
201 | configuration.</para>
|
---|
202 |
|
---|
203 | <para><command>echo anonymous > /srv/cvsroot/CVSROOT/readers</command>:
|
---|
204 | Add the <systemitem class="username">anonymous</systemitem> user to the
|
---|
205 | CVS readers file, a list of users who have read only access to the
|
---|
206 | repository.</para>
|
---|
207 |
|
---|
208 | </sect2>
|
---|
209 |
|
---|
210 | <sect2 role="content">
|
---|
211 | <title>Contents</title>
|
---|
212 |
|
---|
213 | <segmentedlist>
|
---|
214 | <segtitle>Installed Programs</segtitle>
|
---|
215 | <segtitle>Installed Libraries</segtitle>
|
---|
216 | <segtitle>Installed Directories</segtitle>
|
---|
217 |
|
---|
218 | <seglistitem>
|
---|
219 | <seg>None</seg>
|
---|
220 | <seg>None</seg>
|
---|
221 | <seg>/srv/cvsroot</seg>
|
---|
222 | </seglistitem>
|
---|
223 | </segmentedlist>
|
---|
224 |
|
---|
225 | </sect2>
|
---|
226 |
|
---|
227 | </sect1>
|
---|