CVS and Subversion
Subversion
Tips
To convert a CVS repository
I'm using ssh and developers are members of the src group, CVS repository is in /home/cvs
I create /home/svn with the following flags and ownerships, same as for /home/cvs
drwxr-sr-x cvs:src /home/svn
To convert /home/cvs/linux-doc repository:
su -s /bin/bash cvs -c "cvs2svn -s /home/svn/linux-doc /home/cvs/linux-doc"
- All files and dirs for which user has write access, give it also to group
find /home/svn/linux-doc -perm /u+w -exec chmod g+w {} \;
- To checkout the project:
svn checkout svn+ssh://devel.yobi.be/home/svn/linux-doc/trunk linux-doc
To create a new project from scratch:
svnadmin create MyProject
- All files and dirs for which user has write access, give it also to group
find /home/svn/MyProject -perm /u+w -exec chmod g+w {} \;
- To import the initial set of files:
Organize your local project as /branches /tags and /trunk/<myfiles...> svn import LocalMyProject svn+ssh://devel.yobi.be/home/svn/MyProject (maybe alternative: svn mkdir branches;svn mkdir tags;svn mkdir trunk;svn import LocalMyProject svn+ssh://devel.yobi.be/home/svn/MyProject/trunk)
- To checkout the project:
svn checkout svn+ssh://devel.yobi.be/home/svn/MyProject/trunk MyProject
Doc
svk
Doc
CVS
Installing a CVS server
A more secure setup for a chroot-ed CVS server is explained here: http://olivier.sessink.nl/jailkit/howtos_cvs_only.html
apt-get install cvs
mkdir -p /home/server/chroot-cvs
cd /home/server/chroot-cvs
mkdir -p bin dev etc home lib libexec sbin tmp var
mkdir -p var/run var/chroot/sshd
ln -s . usr
chmod 555 home
chmod 1777 tmp
cp /bin/bash /bin/false /usr/bin/cvs /usr/bin/passwd bin
cp -d /bin/sh bin
cp /usr/sbin/sshd sbin
cp /etc/passwd /etc/shadow /etc/group etc
cp -rf /etc/ssh etc
cd /home/server/chroot-cvs/dev
/dev/MAKEDEV std pty random
cd /home/server/chroot-cvs
cp `ldd bin/* sbin/* | awk '{print $3}'` lib
cp -d /lib/ld* lib
cp -d /lib/libnss_compat* lib
cp -dr /lib/security lib
cp -r /etc/pam.d etc
cat << EOF > /home/server/chroot-cvs/etc/group
wheel:x:0:root
nogroup:x:65534:
cvs:x:500:phil
EOF
cat << EOF > /home/server/chroot-cvs/etc/passwd
root:x:0:0:root:/root:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/false
sshd:x:100:65534::/var/run/sshd:/bin/false
phil:x:1000:500:Philippe Teuwen:/home:/bin/sh
EOF
cat << EOF > /home/server/chroot-cvs/etc/shadow
root:*:12534:0:99999:7:::
nobody:*:12488:0:99999:7:::
sshd:!:12488:0:99999:7:::
phil:*:12534:0:99999:7:::
EOF
mkdir -p cvsroot
chown 1000:500 cvsroot
chmod 775 cvsroot
chmod g+s cvsroot
cvs -d/home/server/chroot-cvs/cvsroot init
# Initialisation of passwords:
chroot /home/server/chroot-cvs
passwd
passwd phil
exit
cd /home/server/chroot-cvs/etc/ssh
/usr/bin/ssh-keygen -t rsa1 -b 1024 -f ssh_host_key -N
/usr/bin/ssh-keygen -t dsa -f ssh_host_dsa_key -N
/usr/bin/ssh-keygen -t rsa -f ssh_host_rsa_key -N
# Edit sshd_config -> Port 2233
# Launch ssh server:
chroot /home/server/chroot-cvs /sbin/sshd
cvs-makerepos cvs init
Infos
- Building your company CVS-server
- How to install CVS on your e-smith server
- In chroot jail: http://www.pointless.nl/~peter/stuff/cvs-server.html
find . -type d -exec chmod g+s {} \; (ne pas oublier le backslash avant le ";")
find . -type d -exec chown cvs:cvs {} \;
find . -type d -exec chmod 775 {} \;
find . -type f -exec chown cvs:cvs {} \;
find . -type f -exec chmod 664 {} \;
With pserver
To add a user or update password:
cd CVSROOT htpasswd passwd <user>
edit the file and append ":cvs" to the line (it's removed even when updating the passwd)
For anonymous access (with "anonymous" as password):
add the following line to CVSROOT/passwd file:
anonymous:23MLN3ne5kvBM:cvs
and add the following to the (maybe not yet present) CVSROOT/readers:
anonymous
edit CVSROOT/config and uncomment:
SystemAuth=no
to avoid regular accounts to be usable to log in so only the ones in CVSROOT/passwd will work
To access the cvs server:
export CVSROOT=:pserver:<user>@<host>:<path>
For anonymous read-only access:
export CVSROOT=:pserver:anonymous@<host>:<path>
then
cvs login
To allow only CVS with ssh
disable user's passwd (in /etc/shadow: user:!:...)
add to ~user/.ssh/authorized_keys:
command="/usr/bin/cvs server" ssh-rsa <PUBKEY...>
To create a CVS rep on the vserver
On the vserver: be sure the /home/cvs is drwxr-sr-x cvs:src
su -s /bin/bash cvs -c "cvs -d ~/<newrep> init"
On the client: go into the rep to be imported
cvs -d :ext:devel.yobi.be:/home/cvs/<newrep> import -m "First draft" <module_name> <author/vendor> <version>
Delete imported rep
cvs -d :ext:devel.yobi.be:/home/cvs/linux-doc co lpic
Old notes
Converted with HTML::WikiConverter::MediaWiki from my old phpwiki site
Edition des fichiers de CVSROOT
En général on peut procéder ainsi:
- cvs co CVSROOT
- create CVSROOT/<myfile>
- echo <myfile> >> CVSROOT/checkoutlist
- cd CVSROOT; cvs commit
Mais pour des raisons de sécurité il vaut mieux ne pas le faire pour les fichiers passwd et readers...
Interdiction de récupérer le module CVSROOT
La FAQ de CVS suggère d'ajouter "CVSROOT -a" dans CVSROOT/modules
Cependant ce n'est pas complètement sécurisé car il reste un moyen d'obtenir et de modifier ces fichiers ;-)
cd /tmp mkdir CVS echo "D" > CVS/Entries echo "$CVSROOT" > CVS/Root echo "CVSROOT" > CVS/Repository cvs update
Et voilà :-)
Si vous ne voulez pas qu'on accède au module CVSROOT alors vous n'en n'avez peut-être tout simplement pas l'usage.
Effacez-le sur le serveur CVS!
rm CVSROOT/*,v