CVS and Subversion
Subversion
Tips
To convert a CVS repository:
- I'm using ssh and developers are members of the src group, CVS repository is in /home/cvs
- I create /home/svn with the following flags and ownerships, same as for /home/cvs
drwxr-sr-x cvs:src /home/svn
- To convert /home/cvs/linux-doc repository:
su -s /bin/bash cvs -c "cvs2svn -s /home/svn/linux-doc /home/cvs/linux-doc"
- All files and dirs for which user has write access, give it also to group
find /home/svn/linux-doc -perm -200 -exec chmod g+w {} \;
To checkout the project:
svn checkout svn+ssh://devel.yobi.be/home/svn/linux-doc/trunk linux-doc
Doc
svk
Doc
CVS
Installing a CVS server
A more secure setup for a chroot-ed CVS server is explained here: http://olivier.sessink.nl/jailkit/howtos_cvs_only.html
apt-get install cvs
mkdir -p /home/server/chroot-cvs
cd /home/server/chroot-cvs
mkdir -p bin dev etc home lib libexec sbin tmp var
mkdir -p var/run var/chroot/sshd
ln -s . usr
chmod 555 home
chmod 1777 tmp
cp /bin/bash /bin/false /usr/bin/cvs /usr/bin/passwd bin
cp -d /bin/sh bin
cp /usr/sbin/sshd sbin
cp /etc/passwd /etc/shadow /etc/group etc
cp -rf /etc/ssh etc
cd /home/server/chroot-cvs/dev
/dev/MAKEDEV std pty random
cd /home/server/chroot-cvs
cp `ldd bin/* sbin/* | awk '{print $3}'` lib
cp -d /lib/ld* lib
cp -d /lib/libnss_compat* lib
cp -dr /lib/security lib
cp -r /etc/pam.d etc
cat << EOF > /home/server/chroot-cvs/etc/group
wheel:x:0:root
nogroup:x:65534:
cvs:x:500:phil
EOF
cat << EOF > /home/server/chroot-cvs/etc/passwd
root:x:0:0:root:/root:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/false
sshd:x:100:65534::/var/run/sshd:/bin/false
phil:x:1000:500:Philippe Teuwen:/home:/bin/sh
EOF
cat << EOF > /home/server/chroot-cvs/etc/shadow
root:*:12534:0:99999:7:::
nobody:*:12488:0:99999:7:::
sshd:!:12488:0:99999:7:::
phil:*:12534:0:99999:7:::
EOF
mkdir -p cvsroot
chown 1000:500 cvsroot
chmod 775 cvsroot
chmod g+s cvsroot
cvs -d/home/server/chroot-cvs/cvsroot init
# Initialisation of passwords:
chroot /home/server/chroot-cvs
passwd
passwd phil
exit
cd /home/server/chroot-cvs/etc/ssh
/usr/bin/ssh-keygen -t rsa1 -b 1024 -f ssh_host_key -N
/usr/bin/ssh-keygen -t dsa -f ssh_host_dsa_key -N
/usr/bin/ssh-keygen -t rsa -f ssh_host_rsa_key -N
# Edit sshd_config -> Port 2233
# Launch ssh server:
chroot /home/server/chroot-cvs /sbin/sshd
cvs-makerepos cvs init
Infos
- Building your company CVS-server
- How to install CVS on your e-smith server
- In chroot jail: http://www.pointless.nl/~peter/stuff/cvs-server.html
find . -type d -exec chmod g+s {} \; (ne pas oublier le backslash avant le ";")
find . -type d -exec chown cvs:cvs {} \;
find . -type d -exec chmod 775 {} \;
find . -type f -exec chown cvs:cvs {} \;
find . -type f -exec chmod 664 {} \;
With pserver
To add a user or update password:
cd CVSROOT htpasswd passwd <user>
edit the file and append ":cvs" to the line (it's removed even when updating the passwd)
For anonymous access (with "anonymous" as password):
add the following line to CVSROOT/passwd file:
anonymous:23MLN3ne5kvBM:cvs
and add the following to the (maybe not yet present) CVSROOT/readers:
anonymous
edit CVSROOT/config and uncomment:
SystemAuth=no
to avoid regular accounts to be usable to log in so only the ones in CVSROOT/passwd will work
To access the cvs server:
export CVSROOT=:pserver:<user>@<host>:<path>
For anonymous read-only access:
export CVSROOT=:pserver:anonymous@<host>:<path>
then
cvs login
To allow only CVS with ssh
disable user's passwd (in /etc/shadow: user:!:...)
add to ~user/.ssh/authorized_keys:
command="/usr/bin/cvs server" ssh-rsa <PUBKEY...>
To create a CVS rep on the vserver
On the vserver: be sure the /home/cvs is drwxr-sr-x cvs:src
su -s /bin/bash cvs -c "cvs -d ~/<newrep> init"
On the client: go into the rep to be imported
cvs -d :ext:devel.yobi.be:/home/cvs/<newrep> import -m "First draft" <module_name> <author/vendor> <version>
Delete imported rep
cvs -d :ext:devel.yobi.be:/home/cvs/linux-doc co lpic