CVS and Subversion

From YobiWiki
Jump to navigation Jump to search

Subversion

Tips

To convert a CVS repository:

  • I'm using ssh and developers are members of the src group, CVS repository is in /home/cvs
  • I create /home/svn with the following flags and ownerships, same as for /home/cvs
drwxr-sr-x cvs:src /home/svn
  • To convert /home/cvs/linux-doc repository:
su -s /bin/bash cvs -c "cvs2svn -s /home/svn/linux-doc /home/cvs/linux-doc"
  • All files and dirs for which user has write access, give it also to group
find /home/svn/linux-doc -perm -200 -exec chmod g+w {} \;

To checkout the project:

svn checkout svn+ssh://devel.yobi.be/home/svn/linux-doc/trunk linux-doc

Doc

svk

Doc

CVS

Installing a CVS server

A more secure setup for a chroot-ed CVS server is explained here: http://olivier.sessink.nl/jailkit/howtos_cvs_only.html

apt-get install cvs
mkdir -p /home/server/chroot-cvs
cd /home/server/chroot-cvs
mkdir -p bin dev etc home lib libexec sbin tmp var
mkdir -p var/run var/chroot/sshd
ln -s . usr
chmod 555 home
chmod 1777 tmp
cp /bin/bash /bin/false /usr/bin/cvs /usr/bin/passwd bin
cp -d /bin/sh bin
cp /usr/sbin/sshd sbin
cp /etc/passwd /etc/shadow /etc/group etc
cp -rf /etc/ssh etc
cd /home/server/chroot-cvs/dev
/dev/MAKEDEV std pty random
cd /home/server/chroot-cvs
cp `ldd bin/* sbin/* | awk '{print $3}'` lib
cp -d /lib/ld* lib
cp -d /lib/libnss_compat* lib
cp -dr /lib/security lib
cp -r /etc/pam.d etc
cat << EOF > /home/server/chroot-cvs/etc/group
wheel:x:0:root
nogroup:x:65534:
cvs:x:500:phil
EOF
cat << EOF > /home/server/chroot-cvs/etc/passwd
root:x:0:0:root:/root:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/false
sshd:x:100:65534::/var/run/sshd:/bin/false
phil:x:1000:500:Philippe Teuwen:/home:/bin/sh
EOF
cat << EOF > /home/server/chroot-cvs/etc/shadow
root:*:12534:0:99999:7:::
nobody:*:12488:0:99999:7:::
sshd:!:12488:0:99999:7:::
phil:*:12534:0:99999:7:::
EOF
mkdir -p cvsroot
chown 1000:500 cvsroot
chmod 775 cvsroot
chmod g+s cvsroot
cvs -d/home/server/chroot-cvs/cvsroot init
# Initialisation of passwords:
chroot /home/server/chroot-cvs
passwd
passwd phil
exit
cd /home/server/chroot-cvs/etc/ssh
/usr/bin/ssh-keygen -t rsa1 -b 1024 -f ssh_host_key -N 
/usr/bin/ssh-keygen -t dsa -f ssh_host_dsa_key -N 
/usr/bin/ssh-keygen -t rsa -f ssh_host_rsa_key -N 
# Edit sshd_config -> Port 2233
# Launch ssh server:
chroot /home/server/chroot-cvs /sbin/sshd
cvs-makerepos
cvs init

Infos

find . -type d -exec chmod g+s {} \; (ne pas oublier le backslash avant le ";")
find . -type d -exec chown cvs:cvs {} \;
find . -type d -exec chmod 775 {} \;
find . -type f -exec chown cvs:cvs {} \;
find . -type f -exec chmod 664 {} \;

With pserver

To add a user or update password:

cd CVSROOT
htpasswd passwd <user>

edit the file and append ":cvs" to the line (it's removed even when updating the passwd)

For anonymous access (with "anonymous" as password):
add the following line to CVSROOT/passwd file:

anonymous:23MLN3ne5kvBM:cvs

and add the following to the (maybe not yet present) CVSROOT/readers:

anonymous

edit CVSROOT/config and uncomment:

SystemAuth=no

to avoid regular accounts to be usable to log in so only the ones in CVSROOT/passwd will work

To access the cvs server:

export CVSROOT=:pserver:<user>@<host>:<path>

For anonymous read-only access:

export CVSROOT=:pserver:anonymous@<host>:<path>

then

cvs login

To allow only CVS with ssh

disable user's passwd (in /etc/shadow: user:!:...)
add to ~user/.ssh/authorized_keys:

command="/usr/bin/cvs server" ssh-rsa <PUBKEY...>

To create a CVS rep on the vserver

On the vserver: be sure the /home/cvs is drwxr-sr-x cvs:src

su -s /bin/bash cvs -c "cvs -d ~/<newrep> init"

On the client: go into the rep to be imported

cvs -d :ext:devel.yobi.be:/home/cvs/<newrep> import -m "First draft" <module_name> <author/vendor> <version>

Delete imported rep

cvs -d :ext:devel.yobi.be:/home/cvs/linux-doc co lpic