CVS and Subversion

Subversion

• http://subversion.tigris.org/

Tips

To convert a CVS repository:

• I'm using ssh and developers are members of the src group, CVS repository is in /home/cvs
• I create /home/svn with the following flags and ownerships, same as for /home/cvs

drwxr-sr-x cvs:src /home/svn

• To convert /home/cvs/linux-doc repository:

su -s /bin/bash cvs -c "cvs2svn -s /home/svn/linux-doc /home/cvs/linux-doc"

• All files and dirs for which user has write access, give it also to group

find /home/svn/linux-doc -perm -200 -exec chmod g+w {} \;

To checkout the project:

svn checkout svn+ssh://devel.yobi.be/home/svn/linux-doc/trunk linux-doc

Doc

• http://svnbook.red-bean.com/nightly/en

svk

• http://svk.elixus.org/

Doc

• http://svkbook.elixus.org/nightly/en/

CVS

Installing a CVS server

A more secure setup for a chroot-ed CVS server is explained here: http://olivier.sessink.nl/jailkit/howtos_cvs_only.html

apt-get install cvs
mkdir -p /home/server/chroot-cvs
cd /home/server/chroot-cvs
mkdir -p bin dev etc home lib libexec sbin tmp var
mkdir -p var/run var/chroot/sshd
ln -s . usr
chmod 555 home
chmod 1777 tmp
cp /bin/bash /bin/false /usr/bin/cvs /usr/bin/passwd bin
cp -d /bin/sh bin
cp /usr/sbin/sshd sbin
cp /etc/passwd /etc/shadow /etc/group etc
cp -rf /etc/ssh etc
cd /home/server/chroot-cvs/dev
/dev/MAKEDEV std pty random
cd /home/server/chroot-cvs
cp `ldd bin/* sbin/* | awk '{print $3}'` lib
cp -d /lib/ld* lib
cp -d /lib/libnss_compat* lib
cp -dr /lib/security lib
cp -r /etc/pam.d etc
cat << EOF > /home/server/chroot-cvs/etc/group
wheel:x:0:root
nogroup:x:65534:
cvs:x:500:phil
EOF
cat << EOF > /home/server/chroot-cvs/etc/passwd
root:x:0:0:root:/root:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/false
sshd:x:100:65534::/var/run/sshd:/bin/false
phil:x:1000:500:Philippe Teuwen:/home:/bin/sh
EOF
cat << EOF > /home/server/chroot-cvs/etc/shadow
root:*:12534:0:99999:7:::
nobody:*:12488:0:99999:7:::
sshd:!:12488:0:99999:7:::
phil:*:12534:0:99999:7:::
EOF
mkdir -p cvsroot
chown 1000:500 cvsroot
chmod 775 cvsroot
chmod g+s cvsroot
cvs -d/home/server/chroot-cvs/cvsroot init
# Initialisation of passwords:
chroot /home/server/chroot-cvs
passwd
passwd phil
exit
cd /home/server/chroot-cvs/etc/ssh
/usr/bin/ssh-keygen -t rsa1 -b 1024 -f ssh_host_key -N 
/usr/bin/ssh-keygen -t dsa -f ssh_host_dsa_key -N 
/usr/bin/ssh-keygen -t rsa -f ssh_host_rsa_key -N 
# Edit sshd_config -> Port 2233
# Launch ssh server:
chroot /home/server/chroot-cvs /sbin/sshd

cvs-makerepos
cvs init

Infos

• Building your company CVS-server
• How to install CVS on your e-smith server
• In chroot jail: http://www.pointless.nl/~peter/stuff/cvs-server.html

find . -type d -exec chmod g+s {} \; (ne pas oublier le backslash avant le ";")
find . -type d -exec chown cvs:cvs {} \;
find . -type d -exec chmod 775 {} \;
find . -type f -exec chown cvs:cvs {} \;
find . -type f -exec chmod 664 {} \;

With pserver

To add a user or update password:

cd CVSROOT
htpasswd passwd <user>

edit the file and append ":cvs" to the line (it's removed even when updating the passwd)

For anonymous access (with "anonymous" as password):
add the following line to CVSROOT/passwd file:

anonymous:23MLN3ne5kvBM:cvs

and add the following to the (maybe not yet present) CVSROOT/readers:

anonymous

edit CVSROOT/config and uncomment:

SystemAuth=no

to avoid regular accounts to be usable to log in so only the ones in CVSROOT/passwd will work

To access the cvs server:

export CVSROOT=:pserver:<user>@<host>:<path>

For anonymous read-only access:

export CVSROOT=:pserver:anonymous@<host>:<path>

then

cvs login

To allow only CVS with ssh

disable user's passwd (in /etc/shadow: user:!:...)
add to ~user/.ssh/authorized_keys:

command="/usr/bin/cvs server" ssh-rsa <PUBKEY...>

To create a CVS rep on the vserver

On the vserver: be sure the /home/cvs is drwxr-sr-x cvs:src

su -s /bin/bash cvs -c "cvs -d ~/<newrep> init"

On the client: go into the rep to be imported

cvs -d :ext:devel.yobi.be:/home/cvs/<newrep> import -m "First draft" <module_name> <author/vendor> <version>

Delete imported rep

cvs -d :ext:devel.yobi.be:/home/cvs/linux-doc co lpic

Old notes

Converted with HTML::WikiConverter::MediaWiki from my old phpwiki site

Edition des fichiers de CVSROOT:

En général on peut procéder ainsi:

• cvs co CVSROOT
• create CVSROOT/<myfile>
• echo <myfile> >> CVSROOT/checkoutlist
• cd CVSROOT; cvs commit

Mais pour des raisons de sécurité il vaut mieux ne pas le faire pour les fichiers passwd et readers...

Interdiction de récupérer le module CVSROOT:

La FAQ de CVS suggère d'ajouter "CVSROOT -a" dans CVSROOT/modules
Cependant ce n'est pas complètement sécurisé car il reste un moyen d'obtenir et de modifier ces fichiers ;-)

 cd /tmp
 mkdir CVS
 echo "D" > CVS/Entries
 echo "$CVSROOT" > CVS/Root
 echo "CVSROOT" > CVS/Repository
 cvs update

Et voilà :-)
Si vous ne voulez pas qu'on accède au module CVSROOT alors vous n'en n'avez peut-être tout simplement pas l'usage.
Effacez-le sur le serveur CVS!
rm CVSROOT/*,v