Difference between revisions of "CVS and Subversion"

From YobiWiki
Jump to navigation Jump to search
m (Reverted edits by Etegohy (Talk) to last revision by PhilippeTeuwen)
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Subversion==
 
==Subversion==
  +
* http://subversion.tigris.org/
 
===Tips===
 
===Tips===
To convert a CVS repository:
+
====To convert a CVS repository====
* I'm using ssh and developers are members of the src group, CVS repository is in /home/cvs
+
I'm using ssh and developers are members of the src group, CVS repository is in /home/cvs
* I create /home/svn with the following flags and ownerships, same as for /home/cvs
+
<br>I create /home/svn with the following flags and ownerships, same as for /home/cvs
 
drwxr-sr-x cvs:src /home/svn
 
drwxr-sr-x cvs:src /home/svn
* To convert /home/cvs/linux-doc repository:
+
To convert /home/cvs/linux-doc repository:
 
su -s /bin/bash cvs -c "cvs2svn -s /home/svn/linux-doc /home/cvs/linux-doc"
 
su -s /bin/bash cvs -c "cvs2svn -s /home/svn/linux-doc /home/cvs/linux-doc"
 
* All files and dirs for which user has write access, give it also to group
 
* All files and dirs for which user has write access, give it also to group
find /home/svn/linux-doc -perm -200 -exec chmod g+w {} \;
+
find /home/svn/linux-doc -perm /u+w -exec chmod g+w {} \;
To checkout the project:
+
* To checkout the project:
 
svn checkout svn+ssh://devel.yobi.be/home/svn/linux-doc/trunk linux-doc
 
svn checkout svn+ssh://devel.yobi.be/home/svn/linux-doc/trunk linux-doc
  +
To create a new project from scratch:
  +
svnadmin create MyProject
  +
* All files and dirs for which user has write access, give it also to group
  +
find /home/svn/MyProject -perm /u+w -exec chmod g+w {} \;
  +
* To import the initial set of files:
  +
Organize your local project as /branches /tags and /trunk/<myfiles...>
  +
svn import LocalMyProject svn+ssh://devel.yobi.be/home/svn/MyProject
  +
(maybe alternative: svn mkdir branches;svn mkdir tags;svn mkdir trunk;svn import LocalMyProject svn+ssh://devel.yobi.be/home/svn/MyProject/trunk)
  +
* To checkout the project:
  +
svn checkout svn+ssh://devel.yobi.be/home/svn/MyProject/trunk MyProject
  +
  +
===Doc===
  +
* http://svnbook.red-bean.com/nightly/en
  +
==svk==
  +
* http://svk.elixus.org/
  +
===Doc===
  +
* http://svkbook.elixus.org/nightly/en/
  +
==CVS==
  +
===Installing a CVS server===
  +
  +
A more secure setup for a chroot-ed CVS server is explained here: http://olivier.sessink.nl/jailkit/howtos_cvs_only.html
  +
  +
apt-get install cvs
  +
mkdir -p /home/server/chroot-cvs
  +
cd /home/server/chroot-cvs
  +
mkdir -p bin dev etc home lib libexec sbin tmp var
  +
mkdir -p var/run var/chroot/sshd
  +
ln -s . usr
  +
chmod 555 home
  +
chmod 1777 tmp
  +
cp /bin/bash /bin/false /usr/bin/cvs /usr/bin/passwd bin
  +
cp -d /bin/sh bin
  +
cp /usr/sbin/sshd sbin
  +
cp /etc/passwd /etc/shadow /etc/group etc
  +
cp -rf /etc/ssh etc
  +
cd /home/server/chroot-cvs/dev
  +
/dev/MAKEDEV std pty random
  +
cd /home/server/chroot-cvs
  +
cp `ldd bin/* sbin/* | awk '{print $3}'` lib
  +
cp -d /lib/ld* lib
  +
cp -d /lib/libnss_compat* lib
  +
cp -dr /lib/security lib
  +
cp -r /etc/pam.d etc
  +
cat << EOF > /home/server/chroot-cvs/etc/group
  +
wheel:x:0:root
  +
nogroup:x:65534:
  +
cvs:x:500:phil
  +
EOF
  +
cat << EOF > /home/server/chroot-cvs/etc/passwd
  +
root:x:0:0:root:/root:/bin/sh
  +
nobody:x:65534:65534:nobody:/nonexistent:/bin/false
  +
sshd:x:100:65534::/var/run/sshd:/bin/false
  +
phil:x:1000:500:Philippe Teuwen:/home:/bin/sh
  +
EOF
  +
cat << EOF > /home/server/chroot-cvs/etc/shadow
  +
root:*:12534:0:99999:7:::
  +
nobody:*:12488:0:99999:7:::
  +
sshd:!:12488:0:99999:7:::
  +
phil:*:12534:0:99999:7:::
  +
EOF
  +
mkdir -p cvsroot
  +
chown 1000:500 cvsroot
  +
chmod 775 cvsroot
  +
chmod g+s cvsroot
  +
cvs -d/home/server/chroot-cvs/cvsroot init
  +
# Initialisation of passwords:
  +
chroot /home/server/chroot-cvs
  +
passwd
  +
passwd phil
  +
exit
  +
cd /home/server/chroot-cvs/etc/ssh
  +
/usr/bin/ssh-keygen -t rsa1 -b 1024 -f ssh_host_key -N ''
  +
/usr/bin/ssh-keygen -t dsa -f ssh_host_dsa_key -N ''
  +
/usr/bin/ssh-keygen -t rsa -f ssh_host_rsa_key -N ''
  +
# Edit sshd_config -> Port 2233
  +
# Launch ssh server:
  +
chroot /home/server/chroot-cvs /sbin/sshd
  +
  +
cvs-makerepos
  +
cvs init
  +
  +
===Infos===
  +
*[http://www.freax.be/wiki/index.php/Building%20your%20company%20CVS-server Building your company CVS-server]
  +
*[http://www.e-smith.org/docs/howto/cvsinstall-howto.html How to install CVS on your e-smith server]
  +
*In chroot jail: http://www.pointless.nl/~peter/stuff/cvs-server.html
  +
  +
find . -type d -exec chmod g+s {} \; (ne pas oublier le backslash avant le ";")
  +
find . -type d -exec chown cvs:cvs {} \;
  +
find . -type d -exec chmod 775 {} \;
  +
find . -type f -exec chown cvs:cvs {} \;
  +
find . -type f -exec chmod 664 {} \;
  +
  +
===With pserver===
  +
  +
To add a user or update password:
  +
cd CVSROOT
  +
htpasswd passwd <user>
  +
edit the file and append ":cvs" to the line (it's removed even when updating the passwd)
  +
  +
For anonymous access (with "anonymous" as password):
  +
<br>add the following line to CVSROOT/passwd file:
  +
anonymous:23MLN3ne5kvBM:cvs
  +
and add the following to the (maybe not yet present) CVSROOT/readers:
  +
anonymous
  +
edit CVSROOT/config and uncomment:
  +
SystemAuth=no
  +
to avoid regular accounts to be usable to log in so only the ones in CVSROOT/passwd will work
  +
  +
To access the cvs server:
  +
export CVSROOT=:pserver:<user>@<host>:<path>
  +
For anonymous read-only access:
  +
export CVSROOT=:pserver:anonymous@<host>:<path>
  +
then
  +
cvs login
  +
  +
===To allow only CVS with ssh===
  +
  +
disable user's passwd (in /etc/shadow: user:!:...)
  +
<br>add to ~user/.ssh/authorized_keys:
  +
command="/usr/bin/cvs server" ssh-rsa <PUBKEY...>
  +
===To create a CVS rep on the vserver===
  +
On the vserver: be sure the /home/cvs is drwxr-sr-x cvs:src
  +
su -s /bin/bash cvs -c "cvs -d ~/<newrep> init"
  +
On the client: go into the rep to be imported
  +
cvs -d :ext:devel.yobi.be:/home/cvs/<newrep> import -m "First draft" <module_name> <author/vendor> <version>
  +
Delete imported rep
  +
cvs -d :ext:devel.yobi.be:/home/cvs/linux-doc co lpic
  +
===Old notes===
  +
''Converted with [[MediaWiki#HTML-WikiConverter|HTML::WikiConverter::MediaWiki]] from my old phpwiki site''
  +
==== Edition des fichiers de CVSROOT ====
  +
  +
En général on peut procéder ainsi:
  +
  +
* cvs co CVSROOT
  +
* create CVSROOT/''&lt;myfile&gt;''
  +
* echo ''&lt;myfile&gt;'' &gt;&gt; CVSROOT/checkoutlist
  +
* cd CVSROOT; cvs commit
  +
  +
Mais pour des raisons de sécurité il vaut mieux ne pas le faire pour les fichiers passwd et readers...
  +
  +
==== Interdiction de récupérer le module CVSROOT ====
  +
  +
La FAQ de CVS suggère d'ajouter "CVSROOT -a" dans CVSROOT/modules<br />Cependant ce n'est pas complètement sécurisé car il reste un moyen d'obtenir et de modifier ces fichiers ;-)
  +
  +
cd /tmp
  +
mkdir CVS
  +
echo "D" &gt; CVS/Entries
  +
echo "$CVSROOT" &gt; CVS/Root
  +
echo "CVSROOT" &gt; CVS/Repository
  +
cvs update
  +
  +
Et voilà :-) <br />Si vous ne voulez pas qu'on accède au module CVSROOT alors vous n'en n'avez peut-être tout simplement pas l'usage. <br />Effacez-le sur le serveur CVS! <br /> rm CVSROOT/*,v

Latest revision as of 21:33, 24 November 2010

Subversion

Tips

To convert a CVS repository

I'm using ssh and developers are members of the src group, CVS repository is in /home/cvs
I create /home/svn with the following flags and ownerships, same as for /home/cvs

drwxr-sr-x cvs:src /home/svn

To convert /home/cvs/linux-doc repository:

su -s /bin/bash cvs -c "cvs2svn -s /home/svn/linux-doc /home/cvs/linux-doc"
  • All files and dirs for which user has write access, give it also to group
find /home/svn/linux-doc -perm /u+w -exec chmod g+w {} \;
  • To checkout the project:
svn checkout svn+ssh://devel.yobi.be/home/svn/linux-doc/trunk linux-doc

To create a new project from scratch:

svnadmin create MyProject
  • All files and dirs for which user has write access, give it also to group
find /home/svn/MyProject -perm /u+w -exec chmod g+w {} \;
  • To import the initial set of files:
Organize your local project as /branches /tags and /trunk/<myfiles...>
svn import LocalMyProject svn+ssh://devel.yobi.be/home/svn/MyProject
(maybe alternative: svn mkdir branches;svn mkdir tags;svn mkdir trunk;svn import LocalMyProject svn+ssh://devel.yobi.be/home/svn/MyProject/trunk)
  • To checkout the project:
svn checkout svn+ssh://devel.yobi.be/home/svn/MyProject/trunk MyProject

Doc

svk

Doc

CVS

Installing a CVS server

A more secure setup for a chroot-ed CVS server is explained here: http://olivier.sessink.nl/jailkit/howtos_cvs_only.html

apt-get install cvs
mkdir -p /home/server/chroot-cvs
cd /home/server/chroot-cvs
mkdir -p bin dev etc home lib libexec sbin tmp var
mkdir -p var/run var/chroot/sshd
ln -s . usr
chmod 555 home
chmod 1777 tmp
cp /bin/bash /bin/false /usr/bin/cvs /usr/bin/passwd bin
cp -d /bin/sh bin
cp /usr/sbin/sshd sbin
cp /etc/passwd /etc/shadow /etc/group etc
cp -rf /etc/ssh etc
cd /home/server/chroot-cvs/dev
/dev/MAKEDEV std pty random
cd /home/server/chroot-cvs
cp `ldd bin/* sbin/* | awk '{print $3}'` lib
cp -d /lib/ld* lib
cp -d /lib/libnss_compat* lib
cp -dr /lib/security lib
cp -r /etc/pam.d etc
cat << EOF > /home/server/chroot-cvs/etc/group
wheel:x:0:root
nogroup:x:65534:
cvs:x:500:phil
EOF
cat << EOF > /home/server/chroot-cvs/etc/passwd
root:x:0:0:root:/root:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/false
sshd:x:100:65534::/var/run/sshd:/bin/false
phil:x:1000:500:Philippe Teuwen:/home:/bin/sh
EOF
cat << EOF > /home/server/chroot-cvs/etc/shadow
root:*:12534:0:99999:7:::
nobody:*:12488:0:99999:7:::
sshd:!:12488:0:99999:7:::
phil:*:12534:0:99999:7:::
EOF
mkdir -p cvsroot
chown 1000:500 cvsroot
chmod 775 cvsroot
chmod g+s cvsroot
cvs -d/home/server/chroot-cvs/cvsroot init
# Initialisation of passwords:
chroot /home/server/chroot-cvs
passwd
passwd phil
exit
cd /home/server/chroot-cvs/etc/ssh
/usr/bin/ssh-keygen -t rsa1 -b 1024 -f ssh_host_key -N 
/usr/bin/ssh-keygen -t dsa -f ssh_host_dsa_key -N 
/usr/bin/ssh-keygen -t rsa -f ssh_host_rsa_key -N 
# Edit sshd_config -> Port 2233
# Launch ssh server:
chroot /home/server/chroot-cvs /sbin/sshd
cvs-makerepos
cvs init

Infos

find . -type d -exec chmod g+s {} \; (ne pas oublier le backslash avant le ";")
find . -type d -exec chown cvs:cvs {} \;
find . -type d -exec chmod 775 {} \;
find . -type f -exec chown cvs:cvs {} \;
find . -type f -exec chmod 664 {} \;

With pserver

To add a user or update password:

cd CVSROOT
htpasswd passwd <user>

edit the file and append ":cvs" to the line (it's removed even when updating the passwd)

For anonymous access (with "anonymous" as password):
add the following line to CVSROOT/passwd file:

anonymous:23MLN3ne5kvBM:cvs

and add the following to the (maybe not yet present) CVSROOT/readers:

anonymous

edit CVSROOT/config and uncomment:

SystemAuth=no

to avoid regular accounts to be usable to log in so only the ones in CVSROOT/passwd will work

To access the cvs server:

export CVSROOT=:pserver:<user>@<host>:<path>

For anonymous read-only access:

export CVSROOT=:pserver:anonymous@<host>:<path>

then

cvs login

To allow only CVS with ssh

disable user's passwd (in /etc/shadow: user:!:...)
add to ~user/.ssh/authorized_keys:

command="/usr/bin/cvs server" ssh-rsa <PUBKEY...>

To create a CVS rep on the vserver

On the vserver: be sure the /home/cvs is drwxr-sr-x cvs:src

su -s /bin/bash cvs -c "cvs -d ~/<newrep> init"

On the client: go into the rep to be imported

cvs -d :ext:devel.yobi.be:/home/cvs/<newrep> import -m "First draft" <module_name> <author/vendor> <version>

Delete imported rep

cvs -d :ext:devel.yobi.be:/home/cvs/linux-doc co lpic

Old notes

Converted with HTML::WikiConverter::MediaWiki from my old phpwiki site

Edition des fichiers de CVSROOT

En général on peut procéder ainsi:

  • cvs co CVSROOT
  • create CVSROOT/<myfile>
  • echo <myfile> >> CVSROOT/checkoutlist
  • cd CVSROOT; cvs commit

Mais pour des raisons de sécurité il vaut mieux ne pas le faire pour les fichiers passwd et readers...

Interdiction de récupérer le module CVSROOT

La FAQ de CVS suggère d'ajouter "CVSROOT -a" dans CVSROOT/modules
Cependant ce n'est pas complètement sécurisé car il reste un moyen d'obtenir et de modifier ces fichiers ;-)

 cd /tmp
 mkdir CVS
 echo "D" > CVS/Entries
 echo "$CVSROOT" > CVS/Root
 echo "CVSROOT" > CVS/Repository
 cvs update

Et voilà :-)
Si vous ne voulez pas qu'on accède au module CVSROOT alors vous n'en n'avez peut-être tout simplement pas l'usage.
Effacez-le sur le serveur CVS!
rm CVSROOT/*,v