Difference between revisions of "CVS and Subversion"

From YobiWiki
Jump to navigation Jump to search
m
m
Line 18: Line 18:
 
===Doc===
 
===Doc===
 
* http://svkbook.elixus.org/nightly/en/
 
* http://svkbook.elixus.org/nightly/en/
  +
==CVS==
  +
===Installing a CVS server===
  +
  +
A more secure setup for a chroot-ed CVS server is explained here: http://olivier.sessink.nl/jailkit/howtos_cvs_only.html
  +
  +
apt-get install cvs
  +
mkdir -p /home/server/chroot-cvs
  +
cd /home/server/chroot-cvs
  +
mkdir -p bin dev etc home lib libexec sbin tmp var
  +
mkdir -p var/run var/chroot/sshd
  +
ln -s . usr
  +
chmod 555 home
  +
chmod 1777 tmp
  +
cp /bin/bash /bin/false /usr/bin/cvs /usr/bin/passwd bin
  +
cp -d /bin/sh bin
  +
cp /usr/sbin/sshd sbin
  +
cp /etc/passwd /etc/shadow /etc/group etc
  +
cp -rf /etc/ssh etc
  +
cd /home/server/chroot-cvs/dev
  +
/dev/MAKEDEV std pty random
  +
cd /home/server/chroot-cvs
  +
cp `ldd bin/* sbin/* | awk '{print $3}'` lib
  +
cp -d /lib/ld* lib
  +
cp -d /lib/libnss_compat* lib
  +
cp -dr /lib/security lib
  +
cp -r /etc/pam.d etc
  +
cat << EOF > /home/server/chroot-cvs/etc/group
  +
wheel:x:0:root
  +
nogroup:x:65534:
  +
cvs:x:500:phil
  +
EOF
  +
cat << EOF > /home/server/chroot-cvs/etc/passwd
  +
root:x:0:0:root:/root:/bin/sh
  +
nobody:x:65534:65534:nobody:/nonexistent:/bin/false
  +
sshd:x:100:65534::/var/run/sshd:/bin/false
  +
phil:x:1000:500:Philippe Teuwen:/home:/bin/sh
  +
EOF
  +
cat << EOF > /home/server/chroot-cvs/etc/shadow
  +
root:*:12534:0:99999:7:::
  +
nobody:*:12488:0:99999:7:::
  +
sshd:!:12488:0:99999:7:::
  +
phil:*:12534:0:99999:7:::
  +
EOF
  +
mkdir -p cvsroot
  +
chown 1000:500 cvsroot
  +
chmod 775 cvsroot
  +
chmod g+s cvsroot
  +
cvs -d/home/server/chroot-cvs/cvsroot init
  +
# Initialisation of passwords:
  +
chroot /home/server/chroot-cvs
  +
passwd
  +
passwd phil
  +
exit
  +
cd /home/server/chroot-cvs/etc/ssh
  +
/usr/bin/ssh-keygen -t rsa1 -b 1024 -f ssh_host_key -N ''
  +
/usr/bin/ssh-keygen -t dsa -f ssh_host_dsa_key -N ''
  +
/usr/bin/ssh-keygen -t rsa -f ssh_host_rsa_key -N ''
  +
# Edit sshd_config -> Port 2233
  +
# Launch ssh server:
  +
chroot /home/server/chroot-cvs /sbin/sshd
  +
  +
cvs-makerepos
  +
cvs init
  +
  +
===Infos===
  +
*[http://www.freax.be/wiki/index.php/Building%20your%20company%20CVS-server Building your company CVS-server]
  +
*[http://www.e-smith.org/docs/howto/cvsinstall-howto.html How to install CVS on your e-smith server]
  +
*In chroot jail: http://www.pointless.nl/~peter/stuff/cvs-server.html
  +
  +
find . -type d -exec chmod g+s {} \; (ne pas oublier le backslash avant le ";")
  +
find . -type d -exec chown cvs:cvs {} \;
  +
find . -type d -exec chmod 775 {} \;
  +
find . -type f -exec chown cvs:cvs {} \;
  +
find . -type f -exec chmod 664 {} \;
  +
  +
===With pserver===
  +
  +
To add a user or update password:
  +
cd CVSROOT
  +
htpasswd passwd <user>
  +
edit the file and append ":cvs" to the line (it's removed even when updating the passwd)
  +
  +
For anonymous access (with "anonymous" as password):
  +
<br>add the following line to CVSROOT/passwd file:
  +
anonymous:23MLN3ne5kvBM:cvs
  +
and add the following to the (maybe not yet present) CVSROOT/readers:
  +
anonymous
  +
edit CVSROOT/config and uncomment:
  +
SystemAuth=no
  +
to avoid regular accounts to be usable to log in so only the ones in CVSROOT/passwd will work
  +
  +
To access the cvs server:
  +
export CVSROOT=:pserver:<user>@<host>:<path>
  +
For anonymous read-only access:
  +
export CVSROOT=:pserver:anonymous@<host>:<path>
  +
then
  +
cvs login
  +
  +
===To allow only CVS with ssh===
  +
  +
disable user's passwd (in /etc/shadow: user:!:...)
  +
<br>add to ~user/.ssh/authorized_keys:
  +
command="/usr/bin/cvs server" ssh-rsa <PUBKEY...>
  +
===To create a CVS rep on the vserver===
  +
On the vserver: be sure the /home/cvs is drwxr-sr-x cvs:src
  +
su -s /bin/bash cvs -c "cvs -d ~/<newrep> init"
  +
On the client: go into the rep to be imported
  +
cvs -d :ext:devel.yobi.be:/home/cvs/<newrep> import -m "First draft" <module_name> <author/vendor> <version>
  +
Delete imported rep
  +
cvs -d :ext:devel.yobi.be:/home/cvs/linux-doc co lpic

Revision as of 20:45, 17 November 2006

Subversion

Tips

To convert a CVS repository:

  • I'm using ssh and developers are members of the src group, CVS repository is in /home/cvs
  • I create /home/svn with the following flags and ownerships, same as for /home/cvs
drwxr-sr-x cvs:src /home/svn
  • To convert /home/cvs/linux-doc repository:
su -s /bin/bash cvs -c "cvs2svn -s /home/svn/linux-doc /home/cvs/linux-doc"
  • All files and dirs for which user has write access, give it also to group
find /home/svn/linux-doc -perm -200 -exec chmod g+w {} \;

To checkout the project:

svn checkout svn+ssh://devel.yobi.be/home/svn/linux-doc/trunk linux-doc

Doc

svk

Doc

CVS

Installing a CVS server

A more secure setup for a chroot-ed CVS server is explained here: http://olivier.sessink.nl/jailkit/howtos_cvs_only.html

apt-get install cvs
mkdir -p /home/server/chroot-cvs
cd /home/server/chroot-cvs
mkdir -p bin dev etc home lib libexec sbin tmp var
mkdir -p var/run var/chroot/sshd
ln -s . usr
chmod 555 home
chmod 1777 tmp
cp /bin/bash /bin/false /usr/bin/cvs /usr/bin/passwd bin
cp -d /bin/sh bin
cp /usr/sbin/sshd sbin
cp /etc/passwd /etc/shadow /etc/group etc
cp -rf /etc/ssh etc
cd /home/server/chroot-cvs/dev
/dev/MAKEDEV std pty random
cd /home/server/chroot-cvs
cp `ldd bin/* sbin/* | awk '{print $3}'` lib
cp -d /lib/ld* lib
cp -d /lib/libnss_compat* lib
cp -dr /lib/security lib
cp -r /etc/pam.d etc
cat << EOF > /home/server/chroot-cvs/etc/group
wheel:x:0:root
nogroup:x:65534:
cvs:x:500:phil
EOF
cat << EOF > /home/server/chroot-cvs/etc/passwd
root:x:0:0:root:/root:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/false
sshd:x:100:65534::/var/run/sshd:/bin/false
phil:x:1000:500:Philippe Teuwen:/home:/bin/sh
EOF
cat << EOF > /home/server/chroot-cvs/etc/shadow
root:*:12534:0:99999:7:::
nobody:*:12488:0:99999:7:::
sshd:!:12488:0:99999:7:::
phil:*:12534:0:99999:7:::
EOF
mkdir -p cvsroot
chown 1000:500 cvsroot
chmod 775 cvsroot
chmod g+s cvsroot
cvs -d/home/server/chroot-cvs/cvsroot init
# Initialisation of passwords:
chroot /home/server/chroot-cvs
passwd
passwd phil
exit
cd /home/server/chroot-cvs/etc/ssh
/usr/bin/ssh-keygen -t rsa1 -b 1024 -f ssh_host_key -N 
/usr/bin/ssh-keygen -t dsa -f ssh_host_dsa_key -N 
/usr/bin/ssh-keygen -t rsa -f ssh_host_rsa_key -N 
# Edit sshd_config -> Port 2233
# Launch ssh server:
chroot /home/server/chroot-cvs /sbin/sshd
cvs-makerepos
cvs init

Infos

find . -type d -exec chmod g+s {} \; (ne pas oublier le backslash avant le ";")
find . -type d -exec chown cvs:cvs {} \;
find . -type d -exec chmod 775 {} \;
find . -type f -exec chown cvs:cvs {} \;
find . -type f -exec chmod 664 {} \;

With pserver

To add a user or update password:

cd CVSROOT
htpasswd passwd <user>

edit the file and append ":cvs" to the line (it's removed even when updating the passwd)

For anonymous access (with "anonymous" as password):
add the following line to CVSROOT/passwd file:

anonymous:23MLN3ne5kvBM:cvs

and add the following to the (maybe not yet present) CVSROOT/readers:

anonymous

edit CVSROOT/config and uncomment:

SystemAuth=no

to avoid regular accounts to be usable to log in so only the ones in CVSROOT/passwd will work

To access the cvs server:

export CVSROOT=:pserver:<user>@<host>:<path>

For anonymous read-only access:

export CVSROOT=:pserver:anonymous@<host>:<path>

then

cvs login

To allow only CVS with ssh

disable user's passwd (in /etc/shadow: user:!:...)
add to ~user/.ssh/authorized_keys:

command="/usr/bin/cvs server" ssh-rsa <PUBKEY...>

To create a CVS rep on the vserver

On the vserver: be sure the /home/cvs is drwxr-sr-x cvs:src

su -s /bin/bash cvs -c "cvs -d ~/<newrep> init"

On the client: go into the rep to be imported

cvs -d :ext:devel.yobi.be:/home/cvs/<newrep> import -m "First draft" <module_name> <author/vendor> <version>

Delete imported rep

cvs -d :ext:devel.yobi.be:/home/cvs/linux-doc co lpic