1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
---|
3 | "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
|
---|
4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
5 | %general-entities;
|
---|
6 |
|
---|
7 | ]>
|
---|
8 |
|
---|
9 | <sect1 id="cvsserver" xreflabel="Running a CVS Server">
|
---|
10 | <sect1info>
|
---|
11 | <othername>$LastChangedBy$</othername>
|
---|
12 | <date>$Date$</date>
|
---|
13 | </sect1info>
|
---|
14 |
|
---|
15 | <?dbhtml filename="cvsserver.html"?>
|
---|
16 | <title>Running a CVS server</title>
|
---|
17 |
|
---|
18 | <sect2>
|
---|
19 | <title>Running a <acronym>CVS</acronym> server</title>
|
---|
20 |
|
---|
21 | <para>This section will describe how to set up, administer and secure
|
---|
22 | a <acronym>CVS</acronym> server.</para>
|
---|
23 |
|
---|
24 | <sect3>
|
---|
25 | <title><application>CVS server</application> dependencies</title>
|
---|
26 |
|
---|
27 | <sect4>
|
---|
28 | <title>Required</title>
|
---|
29 | <para><xref linkend="cvs"/> and <xref linkend="openssh"/></para></sect4>
|
---|
30 | </sect3>
|
---|
31 |
|
---|
32 | </sect2>
|
---|
33 |
|
---|
34 | <sect2>
|
---|
35 | <title>Setting up a <acronym>CVS</acronym> server.</title>
|
---|
36 |
|
---|
37 | <para>A <acronym>CVS</acronym> server will be set up using OpenSSH
|
---|
38 | as the remote access method. Other access methods, including :pserver: and
|
---|
39 | :server: will not be used for write access to the <acronym>CVS</acronym>
|
---|
40 | repository. The :pserver: method sends clear text passwords over the network
|
---|
41 | and the :server: method is not supported in all <acronym>CVS</acronym> ports.
|
---|
42 | Instructions for anonymous, read only <acronym>CVS</acronym> access using
|
---|
43 | :pserver: can be found at the end of this section.</para>
|
---|
44 |
|
---|
45 | <para>Configuration of the <acronym>CVS</acronym> server consists of four
|
---|
46 | steps:</para>
|
---|
47 |
|
---|
48 | <sect3><title>1. Create a repository.</title>
|
---|
49 | <para>Create a new <acronym>CVS</acronym> repository with the following
|
---|
50 | commands:</para>
|
---|
51 | <screen><userinput><command>mkdir /srv/cvsroot &&
|
---|
52 | chmod 1777 /srv/cvsroot &&
|
---|
53 | export CVSROOT=/srv/cvsroot &&
|
---|
54 | cvs init</command></userinput></screen></sect3>
|
---|
55 |
|
---|
56 | <sect3><title>2. Import source code into the repository.</title>
|
---|
57 | <para>Import a source module into the repository with the following
|
---|
58 | commands, issued from a user account on the same machine as the
|
---|
59 | <acronym>CVS</acronym> repository:</para>
|
---|
60 |
|
---|
61 | <screen><userinput><command>cd <replaceable>[sourcedir]</replaceable> &&
|
---|
62 | cvs import -m "<replaceable>[repository test]</replaceable>" <replaceable>[cvstest]</replaceable> <replaceable>[vendortag]</replaceable> <replaceable>[releasetag]</replaceable></command></userinput></screen></sect3>
|
---|
63 |
|
---|
64 | <sect3><title>3. Verify local repository access.</title>
|
---|
65 | <para>Test access to the <acronym>CVS</acronym> repository from the same user
|
---|
66 | account with the following command:</para>
|
---|
67 |
|
---|
68 | <screen><userinput><command>cvs co cvstest</command></userinput></screen></sect3>
|
---|
69 |
|
---|
70 | <sect3><title>4. Verify remote repository access.</title>
|
---|
71 | <para>Test access to the <acronym>CVS</acronym> repository from a remote
|
---|
72 | machine using a user account that has <command>ssh</command> access to the
|
---|
73 | <acronym>CVS</acronym> server with the following commands:</para>
|
---|
74 | <note><para>Replace <replaceable>[servername]</replaceable> with the
|
---|
75 | <acronym>IP</acronym> address or host name of the <acronym>CVS</acronym>
|
---|
76 | repository machine. You will be prompted for the user's shell account password
|
---|
77 | before <acronym>CVS</acronym> checkout can continue.</para></note>
|
---|
78 |
|
---|
79 |
|
---|
80 | <screen><userinput><command>export CVS_RSH=/usr/bin/ssh &&
|
---|
81 | cvs -d:ext:<replaceable>[servername]</replaceable>:/srv/cvsroot co cvstest</command></userinput></screen></sect3>
|
---|
82 | </sect2>
|
---|
83 |
|
---|
84 | <sect2 id='cvsserver-config'>
|
---|
85 | <title>Configuring <acronym>CVS</acronym> for anonymous read only access.</title>
|
---|
86 |
|
---|
87 | <para><acronym>CVS</acronym> can be set up to allow anonymous read only access
|
---|
88 | using the :pserver: method by logging on as root and executing the following
|
---|
89 | commands:</para>
|
---|
90 |
|
---|
91 | <screen><userinput><command>(grep anonymous /etc/passwd || useradd anonymous -s /bin/false) &&
|
---|
92 | echo anonymous: > /srv/cvsroot/CVSROOT/passwd &&
|
---|
93 | echo anonymous > /srv/cvsroot/CVSROOT/readers</command></userinput></screen>
|
---|
94 |
|
---|
95 | <para>If you use <command>inetd</command>, the following command will add the
|
---|
96 | <application><acronym>CVS</acronym></application> entry to <filename>/etc/inetd.conf</filename>:</para>
|
---|
97 |
|
---|
98 | <screen><userinput><command>echo "2401 stream tcp nowait root /usr/bin/cvs cvs -f \
|
---|
99 | --allow-root=/srv/cvsroot pserver" >> /etc/inetd.conf</command></userinput></screen>
|
---|
100 |
|
---|
101 | <indexterm zone="cvsserver cvsserver-config">
|
---|
102 | <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary>
|
---|
103 | </indexterm>
|
---|
104 |
|
---|
105 | <para>Issue a <command>killall -HUP inetd</command> to reread the changed
|
---|
106 | <filename>inetd.conf</filename> file.</para>
|
---|
107 |
|
---|
108 | <para>If you use <command>xinetd</command>, the following command will create the
|
---|
109 | <acronym>CVS</acronym> file as <filename>/etc/xinetd.d/cvspserver</filename>:</para>
|
---|
110 |
|
---|
111 | <screen><userinput><command>cat >> /etc/xinetd.d/cvspserver << "EOF"</command>
|
---|
112 | # Begin /etc/xinetd.d/cvspserver
|
---|
113 |
|
---|
114 | service cvspserver
|
---|
115 | {
|
---|
116 | port = 2401
|
---|
117 | socket_type = stream
|
---|
118 | protocol = tcp
|
---|
119 | wait = no
|
---|
120 | user = root
|
---|
121 | passenv = PATH
|
---|
122 | server = /usr/bin/cvs
|
---|
123 | server_args = -f --allow-root=/srv/cvsroot pserver
|
---|
124 | }
|
---|
125 |
|
---|
126 | # End /etc/xinetd.d/cvspserver
|
---|
127 | <command>EOF</command></userinput></screen>
|
---|
128 |
|
---|
129 | <indexterm zone="cvsserver cvsserver-config">
|
---|
130 | <primary sortas="e-etc-xinetd.d-cvspserver">/etc/xinetd.d/cvspserver</primary>
|
---|
131 | </indexterm>
|
---|
132 |
|
---|
133 | <para>Issue a <command>/etc/rc.d/init.d/xinetd reload</command> to reread the changed
|
---|
134 | <filename>xinetd.conf</filename> file.</para>
|
---|
135 |
|
---|
136 | <para>Testing anonymous access to the new repository requires an account
|
---|
137 | on another machine that can reach the <acronym>CVS</acronym> server via
|
---|
138 | network. No account on the <acronym>CVS</acronym> repository is needed. To
|
---|
139 | test anonymous access to the <acronym>CVS</acronym> repository, log in to
|
---|
140 | another machine as an unprivileged user and execute the following command:
|
---|
141 | </para>
|
---|
142 |
|
---|
143 | <screen><userinput><command>cvs -d:pserver:anonymous@<replaceable>[servername]</replaceable>:/srv/cvsroot co cvstest</command></userinput></screen>
|
---|
144 |
|
---|
145 | <note><para>Replace <replaceable>[servername]</replaceable> with the
|
---|
146 | <acronym>IP</acronym> address or hostname of the
|
---|
147 | <acronym>CVS</acronym> server.</para></note>
|
---|
148 |
|
---|
149 | </sect2>
|
---|
150 |
|
---|
151 | <sect2>
|
---|
152 | <title>Command explanations</title>
|
---|
153 |
|
---|
154 | <para><command>mkdir /srv/cvsroot</command>: Create the <acronym>CVS</acronym>
|
---|
155 | repository directory.</para>
|
---|
156 |
|
---|
157 | <para><command>chmod 1777 /srv/cvsroot</command>: Set sticky bit permissions for
|
---|
158 | <envar>CVSROOT</envar>.</para>
|
---|
159 |
|
---|
160 | <para><command>export CVSROOT=/srv/cvsroot</command>: Specify new <envar>CVSROOT
|
---|
161 | </envar> for all <command>cvs</command> commands.</para>
|
---|
162 |
|
---|
163 | <para><command>cvs init</command>: Initialize the new <acronym>CVS</acronym>
|
---|
164 | repository.</para>
|
---|
165 |
|
---|
166 | <para><command>cvs import -m "repository test" cvstest vendortag
|
---|
167 | releasetag</command>: All source code modules must be imported
|
---|
168 | into the <acronym>CVS</acronym> repository before use, with the
|
---|
169 | <command>cvs import</command> command. The <userinput>-m</userinput>
|
---|
170 | flags specifies an initial descriptive entry for the new module.
|
---|
171 | The "cvstest" parameter is the name used for the module in all
|
---|
172 | subsequent <command>cvs</command> commands. The "vendortag" and "releasetag"
|
---|
173 | parameters are used to further identify each <acronym>CVS</acronym> module and
|
---|
174 | are mandatory whether used or not.</para>
|
---|
175 |
|
---|
176 | <para><command>(grep anonymous /etc/passwd || useradd anonymous -s
|
---|
177 | /bin/false)</command>: Check for an existing anonymous user and
|
---|
178 | create one if not found.</para>
|
---|
179 |
|
---|
180 | <para><command>echo anonymous: > /srv/cvsroot/CVSROOT/passwd
|
---|
181 | </command>: Add the anonymous user to the <acronym>CVS</acronym> passwd file,
|
---|
182 | which is unused for anything else in this configuration.</para>
|
---|
183 |
|
---|
184 | <para><command>echo anonymous > /srv/cvsroot/CVSROOT/readers</command>: Add the
|
---|
185 | anonymous user to the <acronym>CVS</acronym> readers file, a list of
|
---|
186 | users who have read only access to the repository.</para>
|
---|
187 |
|
---|
188 | </sect2>
|
---|
189 |
|
---|
190 | <sect2>
|
---|
191 | <title>Contents</title>
|
---|
192 |
|
---|
193 | <segmentedlist>
|
---|
194 | <segtitle>Installed Programs</segtitle>
|
---|
195 | <segtitle>Installed Libraries</segtitle>
|
---|
196 | <segtitle>Installed Directories</segtitle>
|
---|
197 |
|
---|
198 | <seglistitem>
|
---|
199 | <seg>None</seg>
|
---|
200 | <seg>None</seg>
|
---|
201 | <seg>/srv/cvsroot</seg>
|
---|
202 | </seglistitem>
|
---|
203 | </segmentedlist>
|
---|
204 | </sect2>
|
---|
205 |
|
---|
206 | </sect1>
|
---|