CVS and Subversion

Subversion

• http://subversion.tigris.org/

Tips

To convert a CVS repository:

• I'm using ssh and developers are members of the src group, CVS repository is in /home/cvs
• I create /home/svn with the following flags and ownerships, same as for /home/cvs

drwxr-sr-x cvs:src /home/svn

• To convert /home/cvs/linux-doc repository:

su -s /bin/bash cvs -c "cvs2svn -s /home/svn/linux-doc /home/cvs/linux-doc"

• All files and dirs for which user has write access, give it also to group

find /home/svn/linux-doc -perm -200 -exec chmod g+w {} \;

To checkout the project:

svn checkout svn+ssh://devel.yobi.be/home/svn/linux-doc/trunk linux-doc

Doc

• http://svnbook.red-bean.com/nightly/en

svk

• http://svk.elixus.org/

Doc

• http://svkbook.elixus.org/nightly/en/

CVS

Installing a CVS server

A more secure setup for a chroot-ed CVS server is explained here: http://olivier.sessink.nl/jailkit/howtos_cvs_only.html

apt-get install cvs
mkdir -p /home/server/chroot-cvs
cd /home/server/chroot-cvs
mkdir -p bin dev etc home lib libexec sbin tmp var
mkdir -p var/run var/chroot/sshd
ln -s . usr
chmod 555 home
chmod 1777 tmp
cp /bin/bash /bin/false /usr/bin/cvs /usr/bin/passwd bin
cp -d /bin/sh bin
cp /usr/sbin/sshd sbin
cp /etc/passwd /etc/shadow /etc/group etc
cp -rf /etc/ssh etc
cd /home/server/chroot-cvs/dev
/dev/MAKEDEV std pty random
cd /home/server/chroot-cvs
cp `ldd bin/* sbin/* | awk '{print $3}'` lib
cp -d /lib/ld* lib
cp -d /lib/libnss_compat* lib
cp -dr /lib/security lib
cp -r /etc/pam.d etc
cat << EOF > /home/server/chroot-cvs/etc/group
wheel:x:0:root
nogroup:x:65534:
cvs:x:500:phil
EOF
cat << EOF > /home/server/chroot-cvs/etc/passwd
root:x:0:0:root:/root:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/false
sshd:x:100:65534::/var/run/sshd:/bin/false
phil:x:1000:500:Philippe Teuwen:/home:/bin/sh
EOF
cat << EOF > /home/server/chroot-cvs/etc/shadow
root:*:12534:0:99999:7:::
nobody:*:12488:0:99999:7:::
sshd:!:12488:0:99999:7:::
phil:*:12534:0:99999:7:::
EOF
mkdir -p cvsroot
chown 1000:500 cvsroot
chmod 775 cvsroot
chmod g+s cvsroot
cvs -d/home/server/chroot-cvs/cvsroot init
# Initialisation of passwords:
chroot /home/server/chroot-cvs
passwd
passwd phil
exit
cd /home/server/chroot-cvs/etc/ssh
/usr/bin/ssh-keygen -t rsa1 -b 1024 -f ssh_host_key -N 
/usr/bin/ssh-keygen -t dsa -f ssh_host_dsa_key -N 
/usr/bin/ssh-keygen -t rsa -f ssh_host_rsa_key -N 
# Edit sshd_config -> Port 2233
# Launch ssh server:
chroot /home/server/chroot-cvs /sbin/sshd

cvs-makerepos
cvs init

Infos

• Building your company CVS-server
• How to install CVS on your e-smith server
• In chroot jail: http://www.pointless.nl/~peter/stuff/cvs-server.html

find . -type d -exec chmod g+s {} \; (ne pas oublier le backslash avant le ";")
find . -type d -exec chown cvs:cvs {} \;
find . -type d -exec chmod 775 {} \;
find . -type f -exec chown cvs:cvs {} \;
find . -type f -exec chmod 664 {} \;

With pserver

To add a user or update password:

cd CVSROOT
htpasswd passwd <user>

edit the file and append ":cvs" to the line (it's removed even when updating the passwd)

For anonymous access (with "anonymous" as password):
add the following line to CVSROOT/passwd file:

anonymous:23MLN3ne5kvBM:cvs

and add the following to the (maybe not yet present) CVSROOT/readers:

anonymous

edit CVSROOT/config and uncomment:

SystemAuth=no

to avoid regular accounts to be usable to log in so only the ones in CVSROOT/passwd will work

To access the cvs server:

export CVSROOT=:pserver:<user>@<host>:<path>

For anonymous read-only access:

export CVSROOT=:pserver:anonymous@<host>:<path>

then

cvs login

To allow only CVS with ssh

disable user's passwd (in /etc/shadow: user:!:...)
add to ~user/.ssh/authorized_keys:

command="/usr/bin/cvs server" ssh-rsa <PUBKEY...>

To create a CVS rep on the vserver

On the vserver: be sure the /home/cvs is drwxr-sr-x cvs:src

su -s /bin/bash cvs -c "cvs -d ~/<newrep> init"

On the client: go into the rep to be imported

cvs -d :ext:devel.yobi.be:/home/cvs/<newrep> import -m "First draft" <module_name> <author/vendor> <version>

Delete imported rep

cvs -d :ext:devel.yobi.be:/home/cvs/linux-doc co lpic

Old notes

Converted with HTML::WikiConverter::MediaWiki from my old phpwiki site

Edition des fichiers de CVSROOT

En général on peut procéder ainsi:

• cvs co CVSROOT
• create CVSROOT/<myfile>
• echo <myfile> >> CVSROOT/checkoutlist
• cd CVSROOT; cvs commit

Mais pour des raisons de sécurité il vaut mieux ne pas le faire pour les fichiers passwd et readers...

Interdiction de récupérer le module CVSROOT

La FAQ de CVS suggère d'ajouter "CVSROOT -a" dans CVSROOT/modules
Cependant ce n'est pas complètement sécurisé car il reste un moyen d'obtenir et de modifier ces fichiers ;-)

 cd /tmp
 mkdir CVS
 echo "D" > CVS/Entries
 echo "$CVSROOT" > CVS/Root
 echo "CVSROOT" > CVS/Repository
 cvs update

Et voilà :-)
Si vous ne voulez pas qu'on accède au module CVSROOT alors vous n'en n'avez peut-être tout simplement pas l'usage.
Effacez-le sur le serveur CVS!
rm CVSROOT/*,v