Re: CVS on SSH

[Geoff Beier]

On 9/7/04 7:22 AM, "Gaurav Vaish" <[EMAIL PROTECTED]> wrote:

>> 
>> Well, you need to get the server to allow your ssh logins.
> 
>   But doesn't is leads to 'shell access' to the user? I do not want to
> allow direct console access but only cvs access. Similar to what
> SourceForge has.
> 

I didn't see any follow-up to this hit the list; my apologies if this is
redundant. I'm not sure what sf.net does, but something like smrsh will do
what you want.

Look here for an example of how one group did it:

http://www.idealx.org/prj/idx-chrooted-ssh-cvs/dist/chrooted-ssh-cvs-server.
html

HTH,

Geoff




___
Info-cvs mailing list
[EMAIL PROTECTED]
http://lists.gnu.org/mailman/listinfo/info-cvs

Re: /#cvs.lock): No such file or directoryctory for

[Geoff Beier]

Hi Jim,


On 8/18/04 5:37 AM, "Jim Page - emailsystems.com" <[EMAIL PROTECTED]>
wrote:
> I think I have expressed myself badly. Our developers are working on both
> windows and linux -at the same time-. Either with 2 dev boxes, or using
> VMware to run the other OS, with a partition shared between the 2. What is
> being suggested here is using commit to propogate changes between a given
> developer's OS-specific sandboxes during development. I am talking here
> about 'ok that fix builds under windows, lets see if builds under linux'. In
> our case right now this class of commit would not be done, and I can't see
> how this won't lead to an increased risk of nonsense in the repository.
> Maybe I'm splitting hairs but even if the risk is small it just doesn't seem
> a good idea. I can't believe our situation is all that rare.
> 
Having done this myself before, I found that the best way to handle this was
to alter my behavior slightly. I'd edit from either platform, but if a
sandbox was checked out using a particular tool (e.g. TortoiseCVS on windows
or cvshome.org CVS on Linux) I'd only perform CVS operations using that
tool. Obviously, there's some overhead to remembering which tool you used,
but it beats troubleshooting the problems that arise when cvsnt clients and
cvshome.org clients operate on the same sandbox.


> Now I have written that I'm starting to think that I am complaining in the
> wrong place. It is probably WinCVS or another product that is writing these
> badly formatted files. linux cvs broke, and I posted a message concerning
> how to fix it, but it is not to blame if some other product it messing up
> its files! Hmm. My apologies for wasting everyone's time.

Yeah. It sounds like cvsnt's metadata is not compatible with standard CVS.
(WinCVS uses cvsnt.) Ask on one of the cvsnt-oriented lists. There may be a
way to make it compatible. I still think I'd try to use the same tool for
CVS operations all the time, though.

HTH,

Geoff




___
Info-cvs mailing list
[EMAIL PROTECTED]
http://lists.gnu.org/mailman/listinfo/info-cvs

Re: "mobile" CVS

[Geoff Beier]

On Jul 20, 2004, at 3:48 PM, Spiro Trikaliotis wrote:
Unfortunately, depending on whether I'm "inside" the network which 
contains
the repository, or "outside", I have to use different ssh settings. The
machine name, as well as the used port change. I cannot access the
repository server with the "inside" settings from outside, and vice
versa.

Currently, I help myself by utilizing a ~/.ssh/config file, which
contains two entries, namely, CVS-local and CVS-remote, with the 
correct
settings for each case. Depending of whether I'm "in" or "out", I 
rename
one of both to "CVS", and only use the ssh server name "CVS" when
working with CVS.

This works, but is annoying. I ask myself if there is another way to
perform this? I will ask this on an ssh mailing list, too, but there
might be some ideas here which do not depend on ssh, but are cvs
related.

I've handled this in the past by simply using a standard ssh client to 
connect to the appropriate server and port, and forwarding port 22 on 
localhost. So suppose that while on the internal network I connect to 
hosta, port 111 and while outside the firewall I connect to hostb, port 
222. All I do then is:

Internal:
ssh -L:22:hosta:111 -p 111 [EMAIL PROTECTED]
cvs -d:ext:[EMAIL PROTECTED]:/path/to/cvsroot co module
External:
ssh -L:22:hostb:222 -p 222 [EMAIL PROTECTED]
cvs -d:ext:[EMAIL PROTECTED]:/path/to/cvsroot co module
The details of the port forwarding vary, of course, depending on your 
network. For example, on some networks, you may always be forwarding to 
the "internal" port (so it'd be -L:22:hosta:111 in both cases with just 
the part from -p onward changing)...

Note that the cvs commands never change, just the ssh connection that I 
open on another console.

HTH,
Geoff


smime.p7s
Description: S/MIME cryptographic signature
___
Info-cvs mailing list
[EMAIL PROTECTED]
http://lists.gnu.org/mailman/listinfo/info-cvs

Re: $CVSROOT/CVSROOT scripts

[Geoff Beier]

On Jun 21, 2004, at 1:54 PM, <[EMAIL PROTECTED]> wrote:
Ok what's the proper way of putting scripts into this
directory that the cvs files can use. For example I want
to call a buglog.sh file from the loginfo file. Do I
- checkout the $CVSROOT/CVSROOT directory
- cvs add buglog.sh file
- modify loginfo to call the buglog.sh file
- cvs commit
So far, so good. Now you need to add it to the checkoutlist file:
https://www.cvshome.org/docs/manual/cvs-1.11.6/cvs_18.html#SEC176
HTH,
Geoff

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://lists.gnu.org/mailman/listinfo/info-cvs

Re: CVS access - IP restricted

[Geoff Beier]

can we anyhow restrict CVS access based on IP.
Say like want to deny certain IP's to being connected to the CVS server
(Linux sandbox).

This question doesn't really have anything to do with the message you 
included, AFAICT...

The best way to do this is to use features built in to your OS. For 
most Linux-based installations, that'd be either iptables or ipchains.

Some useful documents for iptables can be found here:
http://www.netfilter.org/
HTH,
Geoff

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://lists.gnu.org/mailman/listinfo/info-cvs

Re: Two directories for one project or module

[Geoff Beier]

On Jun 20, 2004, at 5:06 PM, Adrian Constantin wrote:
  Does anyone has an ideea as how can I have the
  public directory kept clean, that is without the CVS
  subdirectory ? Can I move the CVS subdirectroy out
  of the sandbox ? I would need something like
  'cvs release' but that would actually do a patch.
  Currently I use cvs diff and then patch so that I
  can have a clean directory on the web server. But
  like this I  have to remember the last tag that I
  patched in the public directory last time. I
  do not want to 'cvs release' and overwrite everytime
  since I do not make many changes between commits and
  the site is big.
I find it easier to just use a sandbox with CVS subdirectories present 
and add the following to my httpd.conf:


Order Deny,Allow
Deny from All

HTH,
Geoff

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://lists.gnu.org/mailman/listinfo/info-cvs

Re: Remote CVS access via SSH

[Geoff Beier]

On Jun 15, 2004, at 10:49 AM, Tom Copeland wrote:
On Tue, 2004-06-15 at 10:39, [EMAIL PROTECTED] wrote:
Thanks. This worked. However, instead of entering
the password 100,000 times (every CVS command), I
now have to enter the paraphrase 100,000 times (every
CVS command.) Again as you know this is combersome.
How can I manage this so I don't have to enter anything?
Use a blank passphrase.

Or better yet, man ssh-agent
That lets you enter your passphrase once and caches the key for 
subsequent uses. That makes *me* much less nervous than blank 
passphrases, especially if I'm using a laptop!

HTH,
Geoff

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://lists.gnu.org/mailman/listinfo/info-cvs

Re: Cannot check in file after branch...?

[Geoff Beier]

On May 19, 2004, at 9:31 PM, Flossie wrote:

I'm using TortoiseCVS and did not see what command it issued (nor do 
I want to learn various command-line args for controlling CVS 
actions) -
I understand that feeling ;=)
I haven't used TortoiseCVS - you might also try asking this question 
on a
mail list geared more towards Tortoise.
Haven't spotted such a NG yet :)
From http://www.tortoisecvs.org/support.shtml :
"You can subscribe to the TortoiseCVS mailing list at SourceForge. The 
traffic is small only about about 5 to 10 messages a day. We talk about 
bugs, help solve problems and plan new developments for TortoiseCVS. 
There's also a message archive on the web site."

The subscription information can be found here:
http://lists.sourceforge.net/lists/listinfo/tortoisecvs-users
HTH,
Geoff

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: RES: CVS Java Client

[Geoff Beier]

On May 11, 2004, at 1:55 PM, Patrick Adewunmi wrote:

Marcelo,

I am looking for java code. Thanks.


I'd look here:
http://www.gjt.org/servlets/JCVSlet/list/ice/com/ice/jcvsii
It's a GUI client that uses jcvs.

HTH,

Geoff



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Personal CVS repository?

[Geoff Beier]

Hi Jim,
On May 6, 2004, at 12:59 PM, Jim.Hyslop wrote:
Geoff Beier wrote:
This is very easy to do... it's one of the easiest ways to
use CVS and
is an excellent application of the tool. Here's a quick
synopsis.
However, it does not address the issue that Jill will be using the same
source file in two different repositories, with two different  
histories. You
haven't addressed how she should keep the two properly in sync.

Sorry. That's a long topic. That's why I included the link to more  
extensive documentation. To do what Jill describes, I:

1. Bring in upstream changes as described here:
http://cvsbook.red-bean.com/cvsbook.html#Tracking_Third- 
Party_Sources__Vendor_Branches_

(if needed... depends on the nature of the project and whether changes  
go in upstream:)
2. Keep a checked out copy of the external repository alongside my own  
repository for looking at intermediate revisions (between my merges),  
log messages, etc.

There may be scripts floating around address this in a more automated  
fashion, but I've never looked into it because the above is easy and  
has met my needs.

Regards,
Geoff

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Personal CVS repository?

[Geoff Beier]

Hi Jill,
It occurs to me, though, that maybe I could set up a "personal"
CVS repository off my home directory (although I'll readily admit
that I've never set up a CVS repository of *any* kind before); I
would use it for my "fine-grain" version control, while submitting
new, boss-approved stuff to the "real" off-site repository only
once a week...
This is very easy to do... it's one of the easiest ways to use CVS and 
is an excellent application of the tool. Here's a quick synopsis. For a 
detailed, friendly explanation, look here: 
http://cvsbook.red-bean.com/cvsbook.html

(This assumes you're using a command line client in a UNIX-like 
environment.)

If you want the repository to go in your home directory, start there. 
Assume your project is in a subdirectory called myproject:
1. mkdir mypersonalrepository
2. cvs -d $HOME/mypersonalrepository init
3. cd myproject
4. cvs -d $HOME/mypersonalrepository import -m "initial import of 
myproject from myvendor" myproject myvendor initial
5. cd ..
6. mv myproject myproject.original
7. cvs -d $HOME/mypersonalrepository co myproject

Check the contents of myproj and make sure all is well, then you can 
work with files inside just like it's any other repository. You can 
even access it remotely with no further configuration if you have ssh 
access to the machine with your repository... just set CVS_RSH=ssh and 
issue the command
cvs -d:ext:[EMAIL PROTECTED]:/path/to/mypersonalrepository co myproject

Look at the cvs book on red-bean.com and the manual on cvshome.org for 
a more verbose explanation of what's happening here and of some tagging 
operations that will help you manage your contributions.

HTH,
Geoff

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: need to force username of cvs 'action' when using shared SSHaccount

[Geoff Beier]

On May 4, 2004, at 3:46 PM, Tim Grotenhuis wrote:

b. through the SSH command="" you can limit users to one command based 
on
the key they are authenticating with.

Or any command they can convince the program specified in command= to 
execute. If you go down this path, be very careful with how you control 
access to CVSROOT :-)

Regards,

Geoff



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: RCS commit template

[Geoff Beier]

On Apr 19, 2004, at 7:06 PM, Fouts Christopher (6452) wrote:

I followed the intructions in these pages, along with reading the 
manual to
set up a commit template. However, I don't get my template when I do a
commit. I have the permissions set up correctly too. What gives?

http://www.einval.com/~steve/software/cvs-bugzilla/


Hmm... not much to go on with your question here. A wild guess:

Did you make your changes to a checked out copy of CVSROOT. e.g.
% cvs -d/path/to/repository co CVSROOT
% cd CVSROOT
... create rcstemplate ...
... add DEFAULT line to rcsinfo ...
... add rcstemplate + error message to CVSROOT/checkoutlist ...
% cvs add rcstemplate
% cvs ci -m "some comment"
and then see the message "cvs commit: Rebuilding administrative file 
database"?

Geoff



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: RES: CVS import

[Geoff Beier]

On Apr 15, 2004, at 1:34 PM, McNamee, John wrote:



Unfortunately, the whole world doesn't run Unix...

Unfortunately, OP did not identify his platform, so it seems reasonable 
to assume (since he's asking on this list) that he's either using UNIX 
or cygwin (which is the best way to run the cvshome.org version of CVS 
on windows). Both of those provide a find command that works as 
described. If you're not running in the cygwin environment on Windows, 
I'd suggest using cvsnt along with some other way to collect files and 
execute commands on them. Most of the time, I advise windows users who 
are not using cygwin to get TortoiseCVS for everyday CVS use:

http://tortoisecvs.sf.net/

It's very well documented, beautifully integrates explorer, cvsnt and 
ssh, and does contain the "add recursively" command you want.

Does *anyone* use the cvshome.org version of cvs on windows OUTSIDE of 
cygwin as a matter of general practice? (AIUI, both wincvs and 
tortoisecvs use cvsnt, and eclipse has its own cvs client, so if your 
cvs use is one of those products the answer is no.) If so, what 
environment do you use it in?

  C:\foo\bar>find . -exec cvs add {} \;
  'find' is not recognized as an internal or external command,
  operable program or batch file.
What version of Windows is this? The output I get from that command 
outside of the cygwin environment on a windows 2000 or xp box is:
FIND: Parameter format not correct

At any rate, what benefit does adding files recursively carry over 
using "cvs import" and ignoring the vendor branch if you don't want to 
use it?

Regards,

Geoff



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: CVS/Entries..

[Geoff Beier]

I is a clean get / co task.
I am getting  it on a Windows 2000 system.
Its not on a NFS or so.
Also, this happens randomly on different systems - not everytime.
The permissions are intact, the network login is the local 
administartor -
to be more sure that this should not be the reason.

It sounds like antivirus software could be causing this. If you 
uninstall your virus scanner, can you make it happen? Also, are you 
using wincvs as your client? If so, you might try asking on one of the 
cvsnt lists, as that's the client they use.

HTH,

Geoff



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: cvs.spec(.in) is causing an error building rpms

[Geoff Beier]

Hi Mark,

Does this patch work for you?

That does the job as well. Thanks.

Geoff


smime.p7s
Description: S/MIME Cryptographic Signature
___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: cvs.spec(.in) is causing an error building rpms

[Geoff Beier]

Hi Tim,

Thanks for the quick response!

I normally use quoted-reply, but your multi-part message made that hard.

Sorry about that. I normally don't post multi-part messages to the list, 
but seem to have fat fingers in my mailer today.

- You can fix the spec by just adding

	|| true

to the end of `rm .../dir' line.  You may want to pass that change back to
the spec file maintainer.
I'm unsure of the best place to send the patch. I get the impression 
that it's not the email address in the changelog :-)

If there's a better place to send it, please let me know.

Thanks,

Geoff

patch inline to prevent another multipart message:

--- cvs-1.11.14/cvs.spec.in 2004-02-17 14:04:50.0 -0500
+++ cvs-1.11.14.local/cvs.spec.in   2004-03-30 17:50:05.0 -0500
@@ -89,7 +89,7 @@
 # forcefully compress the info pages so that install-info will work 
properly
 # in the %%post
 gzip $RPM_BUILD_ROOT/%{_infodir}/cvs* || true
-rm $RPM_BUILD_ROOT/%{_infodir}/dir
+rm $RPM_BUILD_ROOT/%{_infodir}/dir || true

 %clean
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT




___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

cvs.spec(.in) is causing an error building rpms

[Geoff Beier]

Hi All,

Has anyone else built 1.11.14 rpms using the spec file distributed with
the source tarball?
In 1.11.14, line 89 was added to cvs.spec.in:
 rm $RPM_BUILD_ROOT/%{_infodir}/dir
with the following comment in the changelog:
* Tue Feb 17 2004 Derek Price <[EMAIL PROTECTED]>
- Remove info DIR file to avoid RPM warning us about installing
files we don't
- package.
On my build box (Redhat 9) rpmbuild fails with the following error:
--- snip ---
+ rm /tmp/cvs-root//usr/share/info/dir
rm: cannot lstat `/tmp/cvs-root//usr/share/info/dir': No such file or
directory
error: Bad exit status from /tmp/rpm-tmp.28010 (%install)
RPM build errors:
Bad exit status from /tmp/rpm-tmp.28010 (%install)
--- snip ---
If I remove the line in question the build completes successfully,
without the warning the changelog claims to be addressing.
Have I misconfigured something, or is there a bug in the .spec?

Thanks,

Geoff






smime.p7s
Description: S/MIME Cryptographic Signature
___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Read-only CVS over http

[Geoff Beier]

Ed Avis wrote:

If a CVS repository is available via http (for example
) can CVS connect to it for read-only
checkouts?
cvsgrab can, if you can install viewcvs:
http://cvsgrab.sourceforge.net/
hth,

Geoff

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Finding out which tags exist

[Geoff Beier]

Derek Robert Price wrote:
If you have a binary GNU info installed but your local CVS manual isn't
installed correctly, and you have a copy of the CVS source handy, you
can access the info manual like so:
info --directory=cvs-1.11.14/src --file=cvs.info

With my build you have to do:
info --directory=cvs-1.11.14/doc --file=cvs.info
___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Finding out which tags exist

[Geoff Beier]

Larry Jones wrote:
The info page still says that I need a repository and a working
directory for the log command.


You do.  (What "info page"?  Do you mean the man page?)

Isn't the GNU texinfo-formatted documentation in the doc directory 
generally referred to as the "info page"? It's what's displayed on my 
system when I type "info cvs".

I would presume he was citing this:

--
File: cvs.info,  Node: log,  Next: rdiff,  Prev: import,  Up: CVS commands
log--Print out log information for files

   * Synopsis: log [options] [files...]

   * Requires: repository, working directory.

   * Changes: nothing.
--
Regards,

Geoff

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: changes between tags

[Geoff Beier]

Florian Pachaly wrote:
is there any easy way to get all changes made in a whole module between two
tags?
Is there any way that
cvs rdiff -rTag1 -rTag2 module
doesn't do what you want?
http://www.cvshome.org/docs/manual/cvs-1.11.13/cvs_16.html#SEC145

HTH,

Geoff

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: WinCVS and single-digit day of month

[Geoff Beier]

[EMAIL PROTECTED] wrote:
I am using WinCVS on Win2000 with working directory on Samba (mounted as 
drive Z:) and CVS server on Unix (SunOS).

[SNIP]
Any ideas of how to solve this problem without modifying CVS or WinCVS?

Don't use a working directory on a network drive. Especially not a drive 
that is served by a different version of the OS (or a different OS) than 
the client. This is typical of the sort of problem you will encounter if 
you do. Apart from that, you may want to ask on a cvsnt list (IIRC 
WinCVS uses cvsnt, not cvs) or a wincvs list.

cvsnt:
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
WinCVS:
http://groups.yahoo.com/subscribe/cvsgui
HTH,

Geoff

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: [OFT] scripting removal of $Id:

[Geoff Beier]

Euan Guttridge wrote:
Has anybody come across a shell script to parse a large number of text
files, removing the CVS keyword replacement lines (all containing $Id:)?
It's not a shell script, but is the -kk option to checkout or export 
good enough for you? It doesn't remove the whole line (a bad idea 
anyway, since sometimes other information may be on the line :-)) but 
removes any potentially sensitive information.

For example, if you issue the command

cvs export -Dnow -kk module

all keywords in module will be changed to just the keyword value:

$Revision: 1.1$ becomes $Revision$ and so on.

HTH,

Geoff

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: how to support symlinks?

[Geoff Beier]

Robert P. J. Day wrote:
meta-cvs is not a possible solution, since we need web-page access to the
repository as well, and as i read it, meta-cvs doesn't handle that.  and
it's not like i'm going to adopt an entirely new tool just for something
as trivial as symlinks.
symlinks.  that's all i want.  really.

Googling for GNU symlinks and clicking "I'm feeling lucky" takes me to 
the following page:
http://packages.debian.org/unstable/utils/symlinks

At the bottom of that page is a working link to the source code as well 
as to several flavors of binary. Is that what you're looking for?

A bit more google-fu also turned up the following, which might be useful 
in your situation:
http://bre.klaki.net/programs/cvs-symlinks/

HTH,

Geoff

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Cannot connect to remote CVS server

[Geoff Beier]

John Nichel wrote:

CVSROOT is set to /webserver/vhosts with these lines in /etc/profile...

 >CVSROOT=/webserver/vhosts
 >export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC CVSROOT
Echoing out CVSROOT return this...

 >[EMAIL PROTECTED] CVSROOT]# echo $CVSROOT
 >/webserver/vhosts
The xinetd entry for the cvs server is as such...

 >service cvspserver
 >{
 >port = 2401
 >socket_type = stream
 >protocol = tcp
 >user = root
 >wait = no
 >disable = no
 >type = UNLISTED
 >server = /usr/local/bin/cvs
 >server_args = -f --allow-root /webserver/vhosts pserver
 >}
I have added my login as a user, which created a 'passwd' file under 
CVSROOT, and contains this...

 >jnichel:VK8EEGWUHyegg:

All is working fine when I use cvs locally, but when I try to connect 
remotely, I get this

 >cvs -d :pserver:[EMAIL PROTECTED]:/CVSROOT login
 >/CVSROOT: no such repository
 >cvs login: authorization failed: server devbox.local rejected access 
to /CVSROOT for user jnichel

Why are you specifying /CVSROOT as your CVSROOT remotely when you've 
specified /webserver/vhosts locally and in your pserver config? Try it 
with /webserver/vhosts.

HTH,

Geoff

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: what's to stop a developer from nuking the repository?

[Geoff Beier]

Andy Jones wrote:

Tirsdag den 20. januar 2004 09:33 skrev Greg A. Woods:

[ On Monday, January 19, 2004 at 15:43:35 (-0800), Mark wrote: ]


Subject: Re: what's to stop a developer from nuking the repository?

have unix command line users use :pserver:
That's really Really REALLY _B_A_D_ advice

There is absolutely _NO_ accountabilty or any other form of security in
pserver.  DO NOT _EVER_ USE PSERVER FOR NON-ANONYMOUS ACCESS


Please forgive me if I am mistaken, and in any case I certainly don't want 
> to start a flame war, but am I right in thinking that Greg's opinion 
does not
> reflect the majority view?

I refuse to make any claims vis-a-vis a majority view, but I would say 
that his statement reflects a common opinion among folks who are 
concerned with security. pserver is unsuitable for anything other than 
anonymous, read-only access. Really. If you are using it for anything 
else, you are trusting your users to "just be nice", in effect.

Regards,

Geoff

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Stable CVS Version 1.11.11 Released! (security update)

[Geoff Beier]

On Fri, Dec 19, 2003 at 10:48:47AM -0500, Tom Copeland wrote:
> Just wondering if you've had a chance to put together the source RPMs
> yet...

While you're waiting, it's easy to make your own from the source
tarball, since the tarball includes an RPM specification.

1. If you've never constructed an RPM before, you should first 
create a file called .rpmmacros, which contains a directive 
setting your topdir to a directory your non-privileged account 
can write to:

echo "%_topdir $HOME/rpmbuild" >$HOME/.rpmmacros

2. Create the directory structure needed for RPMS:
(assuming you're in your home directory and used the _topdir above)

mkdir -p rpmbuild/BUILD  rpmbuild/RPMS  rpmbuild/SOURCES rpmbuild/SPECS  rpmbuild/SRPMS

3. Extract the source tarball in your home directory (or at least extract
cvs.spec)

4. Copy the (compressed) source tarball into rpmbuild/SOURCES

5. issue the rpmbuild command:
rpmbuild -ba cvs-1.11.11/cvs.spec

This will place an SRPM in $HOME/rpmbuild/SRPMS and 3 ready-to-install
RPMs in $HOME/rpmbuild/RPMS/your-architecture.

HTH,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Loophole in cvs_acls script allows restricted files to be committed

[Geoff Beier]

My apologies for such a long message... it's a bit of a complex issue.
Delete now if you're not interested :-)

On Thu, Dec 18, 2003 at 10:09:40AM -0800, Peter Connolly wrote:
> There appears to be a loophole in the cvs_acls script that allows 
> someone to bypass an 'unavail' on a specific file and commit changes to 
> that file.
> 
> It seems that all one needs to do is update another file in that same
> directory. Then a commit of that unrestricted file will include the
> restricted file, which commits successfully.
> 
> The avail file would look something like this:
> 
> unavail||CVSROOT/avail
> avail|cvsadmin|CVSROOT/avail
> 
> So that only 'cvsadmin' should be able to update the 'avail' file.
> 
You've really got a loophole in your config file. cvs_acls is behaving
as documented, although I would not consider this desirable behavior.
The cvs_acls script states that:

# PROGRAM LOGIC:
#
#   CVS passes to @ARGV an absolute directory pathname (the
#   repository
#   appended to your $CVSROOT variable), followed by a list of
#   filenames
#   within that directory.
#
#   We walk through the avail file looking for a line that matches
#   the
#   username, repository and branch.
#

Note that, although this is not emphasized here, for an "unavail" to
apply, we must have a perfect match. Further in the comments, the author
explains just what constitutes a repository match:

#   A repository match is either:
#   - One element of the third column matches $ARGV[0], or
#   some
# parent directory of $ARGV[0].
#   - Otherwise *all* file arguments ($ARGV[1..$#ARGV]) must
#   be
# in the file list in one avail line.
#   - In other words, using directory names in the third column
#   of
# the avail file allows committing of any file (or group of
# files in a single commit) in the tree below that
# directory.
#   - If individual file names are used in the third column of
# the avail file, then files must be committed individually
# or
# all files specified in a single commit must all appear in
# third column of a single avail line.

This is slightly ambiguous. If you read the script, though, "avail line"
means "a line in the avail file beginning with 'avail' or 'unavail'.
Note, though, that this means lines which specify individual files (as
opposed to directories) will require an exact match of all parameters in
order to apply to multiple file commits.

The configuration file you detail:
unavail||CVSROOT/avail
avail|cvsadmin|CVSROOT/avail
<[EMAIL PROTECTED] ssh]$ vi CVSROOT/avail
>[EMAIL PROTECTED] ssh]$ cvs ci -m"" CVSROOT/avail
>cvs commit: Examining CVSROOT
>[EMAIL PROTECTED]'s password:
> Access denied: Insufficient permission for this dir/file
> (wimp|CVSROOT|)
>cvs commit: Pre-commit check failed
>cvs [commit aborted]: correct above errors first!
Your commit was CVSROOT/avail, which exactly matched line 1 and not line
2, therefore the commit was disallowed.

>[EMAIL PROTECTED] ssh]$ vi CVSROOT/loginfo
>[EMAIL PROTECTED] ssh]$ cvs ci -m"" CVSROOT/loginfo
>cvs commit: Examining CVSROOT
>[EMAIL PROTECTED]'s password:
>Checking in CVSROOT/avail;
>/usr/cvsroot/CVSROOT/avail,v  <--  avail
>new revision: 1.7; previous revision: 1.6
>done
>Checking in CVSROOT/loginfo;
>/usr/cvsroot/CVSROOT/loginfo,v  <--  loginfo
>new revision: 1.139; previous revision: 1.138
>done
>cvs commit: Rebuilding administrative file database
>
Now, your commit uncovers what I'd consider a bug in cvs; the commit
*should* only include CVSROOT/loginfo, but there appears to be an error
in the option handling such that if you supply the argument -m"" to
commit, it behaves as though you'd typed
cvs ci -m"" .

At any rate, you'd have uncovered the loophole in your configuration if
you had typed cvs ci -m"" ., so looking at that, you can see that your
commit is:
CVSROOT/avail
CVSROOT/loginfo
Line 1 of your config does not match, and line 2 does not either. Since
your default policy is to allow the commit, cvs_acls returns 0 and your
commit is allowed. 

There are two possible solutions to your problem:
1. Change the behavior of cvs_acls to treat "avail" lines and "unavail"
lines differently; you'd want "unavail" lines to treat *any* file as a
repository match but "avail" lines to retain their current behavior.
Note that this does not address any of the other limitations of the
script, but is otherwise a sensible change. I *think* this would do it,
but don't have many rules to test against myself... use this completely
at your own risk; I have barely tested it at all, and there may well be
a logic bomb in it as big as the one it fixes:
--- cvs_aclsThu Dec 18 14:53:44 2003
+++ cvs_acls_patched Thu Dec 18 17:26:35 2003
@@ -162,7 +162,11 @@
   

Re: cvs checkout

[Geoff Beier]

On Dec 15, 2003, at 8:15 AM, Florian Pachaly wrote:

On my new machine, a 3 GBit P4 I get very often errors on checkouts:

cvs [update aborted]: cannot rename file _new_generate.bat to 
generate.bat:
Bad address

I try to checkout existing modules from existing repositorys, and I'm
correctly logged in.
All permissions are set correctly. I tried checking out with the same 
user
from different
machines with different OSs and everything worked fine except on my own
system.

This is just a shot in the dark since you do not say what OS your own 
system runs or what version of CVS you're using, but I imagine it is 
some sort of Windows system with antivirus software running on it. Does 
the error go away if you disable your antivirus software? This error 
can occur when AV software is attempting to scan the files as cvs (I've 
only seen it with cvsnt-derived clients, but that may only be 
happenstance) writes them to the filesystem.

HTH,

Geoff



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Installing the new version

[Geoff Beier]

On Thu, Dec 11, 2003 at 01:16:08PM +, Andy Jones wrote:
> At 12:59 pm 11/12/03, Cristian Adam wrote:
> >> rpm -i cvs-1.11.10-cvshome.org.1.src.rpm
> >   ^
> >You installed the source rpm, is that what you wanted?
> 
> Well, that was the only RPM there was ::grin::
> 
> As I said, there was no apparent effect.  No source files appeared in 
> /usr/local/src or anywhere else.  And certainly no compiling took place.
> 
Depending on whether you were root when you executed that command, it 
went to your %_topdir, or /usr/src/redhat/SOURCES. But installing a
source RPM only installs sources; it doesn't compile them.

It sounds like you need to read an rpm tutorial prior to performing any
other commands as root :-) I seem to recall "Maximum RPM" is good, but
someone on a redhat-oriented list may have a more current
recommendation.

Here are the quick steps to safely and properly install from a source
RPM (assuming that all are performed from your non-root user home directory):

1. echo %_topdir $HOME/rpmbuild >~/.rpmmacros
# this makes source go into a directory you control, so that you don't
# compile as root, which is a bad idea and fails for some packages. Only
# take this step if your .rpmmacros file doesn't yet exist... if it
# already exists, edit the one that's there.

2. mkdir -p rpmbuild/BUILD  rpmbuild/RPMS  rpmbuild/SOURCES rpmbuild/SPECS  
rpmbuild/SRPMS

3. rpm -i cvs-1.11.10-cvshome.org.1.src.rpm
# this should unpack the source into rpmbuild/SOURCES and the spec into
# rpmbuild/SPECS

4. rpmbuild -ba rpmbuild/SPECS/cvs-1.11.10.spec
# this will compile cvs for you and make a regular RPM

5. sudo rpm -Uvh rpmbuild/RPMS/i386/cvs-1.11.10*.rpm
# this will install the 3 RPMs that are built by step 4.
# if you do not have sudo installed and configured, use "su" to become
# root first.

Good luck... hope this helps.

Geoff



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Installing the new version

[Geoff Beier]

On Thu, Dec 11, 2003 at 04:00:37PM +0200, Cristian Adam wrote:
> > As I said, there was no apparent effect.  No source files appeared in 
> > /usr/local/src or anywhere else.  And certainly no compiling took place.
> 
> I'm building a rpm right now (for SuSE 9.0), here is what you need to do:
> 
> 1. rpm - i  cvs-1.11.10-cvshome.org.1.src.rpm
> 2. goto /usr/src/packages/SPECS
> 3. rpmbuild -ba cvs-1.11.10.spec
> 4.goto /usr/src/packages/RPMS/i586
> 5. rpm -Uvh  cvs-1.11.10-cvshome.org.1.i586.rpm
> 
You have to build as root for this to work, and that is a very bad idea.
(You could inadvertently render your system unusable, and some packages
fail to build if you're root!) Use your %_topdir macro to allow yourself
to build as a normal user, and only install the built product (step 5
there) as root.

Regards,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Installing the new version

[Geoff Beier]

On Thu, Dec 11, 2003 at 02:18:12PM +, Andy Jones wrote:
> 
> But I still don't know if there was anything wrong with the RPM I tried to 
> install...
> 
If the md5sum matches the value on the cvshome.org webpage, there is
nothing wrong with the RPM. I used that one myself. Here's how to check:

$ md5sum cvs-1.11.10-cvshome.org.1.src.rpm
77bb6bfb99880a5b0021d9058b34ee7a  cvs-1.11.10-cvshome.org.1.src.rpm

Regards,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: best windows client?

[Geoff Beier]

On Tue, Dec 09, 2003 at 09:56:31AM -0500, Phil Labonte wrote:
> I have CVS setup on a Linux server. I have several Windows clients that 
> are using WinCVS... 
> 
> I have done some searching and nothing else really comes up for Windows
> 
> Is that the best client to use?
> 
> Specifically what I am looking for would be a client that would let a 
> user pick individual files from the repository and then be able to check 
> out those files...?
> 
> Is there anything like that available for CVS?
> 

The eclipse IDE lets users select individual files. You really have to
stay on top of updates, though, because it implements the CVS protocol
internally in order to accomplish this, and minor updates have been known to
break it.

My favorite win32 client (and the only one I actively support for our
users) is TortoiseCVS. http://tortoisecvs.sourceforge.net/

It's based on cvsnt and integrates nicely with the shell. It handles all
the normal developer tasks quite nicely. For administrative tasks, you
may still want the command line tools.

Regards,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: CVS working directories on FAT

[Geoff Beier]

On Mon, Dec 08, 2003 at 02:46:02PM -0500, Braden McDaniel wrote:
> I was hoping to be able to share CVS working directories between boots 
> to Linux and Windows by putting them on a FAT partition. However, I'm 
> running into the problem that case is not preserved for file names not 
> longer than 8 characters. For instance, a file "README" in the 
> repository becomes "readme" in the working directory, and cvs then 
> becomes confused.
> 
> Does anyone know of a way of coping with this? (Aside from simply 
> avoiding having problem files in the repository.)

Do not share working directories between boots to Linux and Windows. The
two platforms do not handle text the same way, or (as you have seen)
filesystems. You will have problems if you try to do this, and there is
very little benefit.

Good luck,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Format for the 'loginfo' file for log_accum.pl & commit_prep?

[Geoff Beier]

On Fri, Dec 05, 2003 at 01:47:08PM -0800, Peter Connolly wrote:
> I can't find any reference to the loginfo file format or to a sample of
> that file in the contrib directories.  I need to know because when I use
> our company's old format (circa 1.11.1p) for the loginfo file, the new
> log_accum.pl script complains that there are too many input parameters: 
>
common syntax:
http://www.cvshome.org/docs/manual/cvs-1.11.10/cvs_18.html#SEC166
loginfo-specific:
http://www.cvshome.org/docs/manual/cvs-1.11.10/cvs_18.html#SEC171

hth,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Auth using PAM

[Geoff Beier]

On Tue, Dec 02, 2003 at 08:58:36AM -0600, Cary Coulter wrote:
> I have tried ssh.  It does work, will auth throuch pam_smb_auth using NT
> passwords, not Unix ones.
> 
> However,  I do experience a significant delay when invoking CVS for ssh
> authorization (shows on the WSAD dialog box).  The delay isn't too bad for
> normal repository operations, (synchronizing, updating, commiting), but
> becomes excessive when looking at multiple file diffs through the internal
> diff browser.
[explanation snipped]
> Is there just something wrong with the ssh setup?  Personally, I have always
> experienced a slower login with ssh versus telnet.
> 

It may be that sshd is doing name lookups for clients. Assuming that you
are not using any sort of hostname-based authentication, you should be
able to disable these lookups... consult your sshd documentation to see
how. (On mine, you set VerifyReverseMapping to No in the sshd_config
file and start the daemon with the -u0 option.)

HTH,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Help! 30 second delay on every command going thru pserver!?

[Geoff Beier]

On Fri, 14 Nov 2003 17:20:56 +0100, Andreas Rehn wrote

> CVS Command:
> 
> D:\Work\Development\mecp\mwaf>cvs -t log build.xml
> 
> -> main loop with CVSROOT=:pserver:[EMAIL PROTECTED]:/home/cvs/repository
> 
>  -> Connecting to brink(217.212.21.5):2401

Is this the point where the delay occurs? If so, most likely you've got a
machine without a proper reverse DNS entry and an inetd/xinetd configured to
do name lookups on clients. Either fix your DNS or reconfigure your inetd not
to do the lookups. See the documentation for your Linux distribution for
details on how to dot this.

HTH,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Checkout with \r's

[Geoff Beier]

On Tue, 11 Nov 2003 20:40:59 -0800, Jim wrote
> How can I check out a file on Linux with \r's ?
> 
> As part of a build process I use a SHA1 of the source as part of the
> versioning information.  The same code on both windows and linux should
> generate the same SHA1.
> 
You need to normalize your text prior to calculating the SHA1; simply don't
include the line-endings when you calculate the hash. (If you look at the
standards documentation, you'll note that text is frequently encoded in some
well-defined format for most cryptographic standards; "text file" does not
constitute such a format.) Failing that, your only options are to check the
files in as binary, to only check the SHA1 on one platform, or calculate the
reference hashes twice (once on windows, once on Linux) and consider a match
with either to be correct. It's a fact of life that different platforms use
different line endings, and client tools expect this.

You could of course also use the cygwin client on Windows and configure it to
use text files with UNIX line endings. This was the default at one time.

Regards,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: CVS Merge Issue

[Geoff Beier]

On Tue, 11 Nov 2003 16:40:13 -0500, Patwardhan, Rajesh wrote
> Hello All,
> 
> A file was added on a branch, and now I am unable to add it on the 
> trunk or on any other branch.
> 

Just merge it like you would any other changes you made on the branch:
http://www.cvshome.org/docs/manual/cvs-1.11.6/cvs_5.html#SEC60

Regards,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: cvs user statistics

[Geoff Beier]

On Mon, 10 Nov 2003 22:13:29 +0100, Wim Bertels wrote
> This is a multi-part message in MIME format.
Please don't send MIME or HTML email to the mailing list. It's not nice!

> is there a good way to obtain (/report) user statistics, (these user 
> are cvs users), like for example: alfred worked for 56% on project1, 
> joe worked for 14% on project1, mark worked for 45% on project2, ..
> 
> what are the options?

I'm not sure that CVS really tracks the statistics you're looking for. StatCVS
provides some similar statistics based on the information available to CVS,
though:
http://statcvs.sourceforge.net/

The cvshistory.pl script from IIT provides some slightly different statistics
that may also be useful to you.
http://omega.cs.iit.edu/viewcvs/www-scripts/

CVSPlot may also be interesting:
http://cvsplot.sourceforge.net/

HTH,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Broken pipe with loginfo in a chroot jail

[Geoff Beier]

On Fri, 7 Nov 2003 15:50:32 +0100, Maarten de Boer wrote
> > Notice that the "invoking the shell" part is not optional. Therefore, to use
> > popen() in a chroot jail (which is required for loginfo) you require a shell.
> 
> Ah. That would explain a lot... Which shell would that be? /bin/sh?
> Having a shell in the chroot jail is of course far from ideal.. Is 
> there some way aroudn this? Could I use some shell that allows nothing?
> 
It's /bin/sh. It would normally be a good idea for this to be
Bourne-compatible, but I really doubt that matters in your situation. If I had
to make loginfo work in a jail, I'd break my task into two pieces:

1. Get it working using the ash shell... its tiny, mostly bourne- and
POSIX-compliant, and can easily be statically linked.
2. Once that is working reliably, attempt to customize smrsh, rcsh or a
similar restricted shell for my setup.

HTH,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

RE: Broken pipe with loginfo in a chroot jail

[Geoff Beier]

On Fri, 7 Nov 2003 09:28:57 -0500 , Jim.Hyslop wrote
> OK, here's an even sillier question - what is a "chroot jail"?
> 

It's a means of restricting the operations of an application (on UNIX-like
systems) to a particular area of a disk. Here's a pretty good explanation:

http://www.linux-mag.com/2002-12/chroot_01.html

Regards,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Broken pipe with loginfo in a chroot jail

[Geoff Beier]

On Fri, 7 Nov 2003 10:05:10 +0100, Maarten de Boer wrote
> > Sorry if this is a silly question, but have you put a shell in your jail?
> > http://tiefighter.et.tudelft.nl/~arthur/cvsd/faq.html#cvsscripts
> 
> No, I haven't, but why would I? What I execute from loginfo is a standalone
> application, it should not need a shell at all.
> 

Sorry... I thought the link made it clear enough. When you run cvs with the -t
flag, you see a line like the following when loginfo is processed:
-> run_popen( yourLogProgram )

If you look at the cvs sources, you can see on line 396 of run.c that, as its
name would imply, run_popen() uses the popen() call to invoke your "standalone
application":

return (popen (cmd, mode));

Even though yourLogProgram is "standalone", a quick trip to popen(3) reveals:
DESCRIPTION
 The popen() function ``opens'' a process by creating a pipe, forking, and
 invoking the shell.  Since a pipe is by definition unidirectional, the
 type argument may specify only reading or writing, not both; the result-
 ing stream is correspondingly read-only or write-only.

Notice that the "invoking the shell" part is not optional. Therefore, to use
popen() in a chroot jail (which is required for loginfo) you require a shell.


HTH,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Broken pipe with loginfo in a chroot jail

[Geoff Beier]

On Fri, 7 Nov 2003 00:13:48 + (UTC), Maarten De Boer wrote
> > Most likely, the problem is that some command your script uses doesn't
> > exist in your chroot jail -- perhaps even the script's interpreter.  I'd
> 
> It's not a script, it's a small executable - written in c.
> 

Sorry if this is a silly question, but have you put a shell in your jail?

http://tiefighter.et.tudelft.nl/~arthur/cvsd/faq.html#cvsscripts

HTH,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: All files reported as modified

[Geoff Beier]

On Wed, 15 Oct 2003 13:13:09 -0400, Daniel Bron wrote
> I'm using the WinCVS client (from http://www.wincvs.org), and the problem
> I'm having is that all files I get from CVS are always reported as modified.
> When I do a query-update no changes are reported.  This occurs even 
> if I completely delete my local copy of all files and get a fresh 
> copy from CVS. Has anyone seen this before?  Does anyone have a solution?
> 

I have seen this before when people were using a sandbox on a network drive.
The solution was to use a sandbox on a local drive instead.

You might find more help on the wincvs list:
http://groups.yahoo.com/subscribe/cvsgui

HTH,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: remote cvs access - recommendations

[Geoff Beier]

On Tue, 7 Oct 2003 08:29:33 -0700, [EMAIL PROTECTED] wrote
> hi all,
> 
> i've read about remote cvs access, and there are a LOT of options: 
> ssh, rsh, kerberos, pserver, and more.
> 
> my needs are simple.  i'm writing a latex book with just one other
> person.  the repository is sitting on a debian gnu/linux machine 
> that i have root access to.
> 
> can someone suggest an access method suitable for my needs?
> 
> i don't need anything fancy, scalable or even efficient, since 
> there's just one other co-author and we're dealing mainly in text 
> with a few image files.  it just needs to be secure, easy to set up 
> and easy to use.
> 
ssh is the most secure, easiest to setup and easiest to use IMO. If you can
login to the box using ssh and can perform cvs operations from that shell,
you're really done.

Just try it:
1. Make sure the CVS_RSH environment variable on the client is set to "ssh".
2. cvs -d:ext:[EMAIL PROTECTED]:/path/to/repository checkout modulename

> any suggestions would be greatly appreciated!
> 
> 
> 
> on a related issue, i setup a pserver and was horrified to discover that
> when i issued a "cvs login", it was ignoring $CVSROOT/CVSROOT/passwd 
> and instead was authenticating using /etc/shadow.  i inadvertantly 
> sent a plaintext password over the internet!
> 
> after changing the password and disabling pserver via inetd, i 
> started to read the cvs FAQ and saw this section:
> 
>How do I set up a CVS server for access via SSH?
> 
> the url was:
> 
>http://ccvs.cvshome.org/fom//cache/10.html
> 
> it said to look at the "remote repositories" sectionof cederqvist.
> following the link, i can't find any section called "remote
> repositories" in the table of contents.  was this section renamed?
> 
No. It's right here:
http://www.cvshome.org/docs/manual/cvs-1.11.7/cvs_2.html#SEC26

HTH,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: FW: Mac CVS Error.

[Geoff Beier]

> Hi Guys,
> 
> Can somebody suggest me solution to this problem or the forum where 
> I can put this query ...
> 
> Thanx in anticipation .

Try the cvsgui mailing list:

http://groups.yahoo.com/subscribe/cvsgui

or look at docs here:
http://www.wincvs.org/

HTH,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Developing a secure CVS repository

[Geoff Beier]

> We have a client/server environment using ssh.  Our Operation Team is
> recommending that we move to a "network-secure CVS server based on 
> SSH and chroot".
> 
> I have seen many questions and discussions on this forum regarding 
> pserver, but I have never seen anything on chroot.
> 
> Does anyone have any experience using this environment and are there 
> any problem associated with it?
> 
> Is there any recommendations?
I have no experience with this environment, but I went to google and pasted
the phrase you have in quotes above then hit "I'm feeling lucky" and was taken
here:

http://www.idealx.org/prj/idx-chrooted-ssh-cvs/dist/chrooted-ssh-cvs-server.html

Is that what your Operation Team is suggesting? The paper details several
problems and the required workarounds/procedures.

I *can* confirm that I wouldn't really like to run my *info scripts in a
chroot()'d environment. I would further add that the source code is the
high-value part of my CVS repository, and I am obligated to allow the proper
users to access that. There would be no payoff to going to the trouble of
restricting their shell accounts and chroot()ing CVS on our repository, as
they will still have permissions to modify the important files on the system.
Filesystem permissions are the best available option for us. YMMV.


> This message may contain confidential information, and is intended 
> only for the use of the individual(s) to whom it is addressed.

In that case, it is a very bad idea to send it to a public mailing list. This
list is archived/published in many places, and would therefore not be a good
place to send anything that may contain confidential information.

HTH,

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: waiting for user's lock when there does not appear to be any

[Geoff Beier]

Please ignore me today. Immediately after sending this message, I found a
directory called CVS-locks just above my CVSROOT. The lock was there and has
been removed.

Sorry for the noise.

Geoff

-- Original Message ---
From: "Geoff Beier" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: Wed, 20 Aug 2003 11:23:35 0
Subject: waiting for user's lock when there does not appear to be any

Hi All,

Please forgive me if this seems like an FAQ; the answers I turned up in the
manual and in the list archives haven't worked, and I'm completely stumped here.

Whenever I attempt to access a particular directory in our repository, I get
the following message:

cvs checkout: [11:13:24] waiting for smith's lock in
/var/cvsrepository/marvin/src/com/caradas/cthh/util

I've checked, and smith does not have any cvs processes running on this
server. After that, I went into the repository itself to look for things like
'#cvs.rfl' '#cvs.wfl' or '#cvs.lock' and did not find anything similar in the
directory in question, its parent, or any of its children.

Does anyone have any idea what else could be causing this message and how I
can make it stop?

Thanks,

Geoff
--- End of Original Message ---



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

waiting for user's lock when there does not appear to be any

[Geoff Beier]

Hi All,

Please forgive me if this seems like an FAQ; the answers I turned up in the
manual and in the list archives haven't worked, and I'm completely stumped here.

Whenever I attempt to access a particular directory in our repository, I get
the following message:

cvs checkout: [11:13:24] waiting for smith's lock in
/var/cvsrepository/marvin/src/com/caradas/cthh/util

I've checked, and smith does not have any cvs processes running on this
server. After that, I went into the repository itself to look for things like
'#cvs.rfl' '#cvs.wfl' or '#cvs.lock' and did not find anything similar in the
directory in question, its parent, or any of its children.

Does anyone have any idea what else could be causing this message and how I
can make it stop?

Thanks,

Geoff

 


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: info about redhat & Question about exporting CVSROOT

[Geoff Beier]

Hi Thom,

Just curious Geoff, why is it a bad idea to build as the superuser?  Is it
something specific to the CVS build, or just generally a good policy?
It's nothing specific to the CVS build; it's just not a good idea to 
build *anything* as the superuser. (A good general rule is to perform 
any given task with the lowest privilege level that will allow you to 
complete it successfully.) I see three concerns with building as the 
superuser:

1. Security. For example, if a user on your system knows that you run 
autoconf scripts as root, there are vectors for privilege escalation. 
More generally, you've made several tools that normally are not treated 
as such security-critical.

2. Availability. If you want to see something that normally fails with a 
warning message bring down your whole system, try it as root ;-) Typos 
that are normally merely irritating can cause days of work.

3. Successful compilation. Many configure scripts will fail (for 
assorted reasons) when executed by the superuser. I spent a couple of 
hours helping a friend chase down a configuration problem only to find 
out he was root. It worked fine when run from his account. I don't think 
CVS is one of these, though.

Regards,

Geoff



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: info about redhat

[Geoff Beier]

Mark D. Baushke wrote:
You may build your own from sources:

Fetch a copy of the .src.rpm file from the downloads page:
  http://ccvs.cvshome.org/servlets/ProjectDownloadList
and then rebuild it with the following commands:

  sudo rpm --rebuild cvs-1.11.6-cvshome.org.1.src.rpm
  sudo rpm -Fvh /usr/src/redhat/RPMS/i386/cvs-1.11.6-cvshome.org.1.i386.rpm
 

I don't want to pick nits, but you *really* shouldn't build as the 
superuser. Also, current versions of rpm have moved the building to 
rpmbuild; --rebuild doesn't work by default as a switch to rpm on Redhat 
8 or 9. To build as a normal user, simply decide where you want to build 
your RPMs. I chose a directory called "rpmbuild" in my home directory. 
(The following steps assume you're currently in your home directory.)

1. Create the working directory structure:
mkdir -p rpmbuild/BUILD rpmbuild/SOURCES rpmbuild/SPECS rpmbuild/SRPMS 
rpmbuild/RPMS rpmbuild/RPMS/i386

2. Configure RPM:
echo "%_topdir $HOME/rpmbuild" >> $HOME/.rpmmacros
3. Execute rpmbuild as a normal user:
rpmbuild --rebuild cvs-1.11.6-cvshome.org.1.src.rpm
4. Install the rpm as the super user:
sudo rpm -Fvh rpmbuild/RPMS/i386/cvs-1.11.6-cvshome.org.1.i386.rpm
Regards,

Geoff



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: WinCvs and proxies

[Geoff Beier]

Kyle Adams wrote:
Not sure if this is the right list for a WinCvs focused question, but I
didn't see any obvious links for lists off of wincvs.org, or the
accompanying sourceforge site.  Feel free to point out the correct
avenue of inquiry, if a better one exists.
This is not the best list for your question. According to wincvs.org, 
the list you want is found here:

http://www.egroups.com/subscribe/cvsgui

(It's the first bullet point under the "CVSGui support" heading on their 
front page.)

Good luck.

Regards,
Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Where is WinCVS?

[Geoff Beier]

Pat Young wrote:

Does anyone know where the WinCVS Web site is?  I try
to go to wincvs.org and end up at a domain
registration site.


http://cvsgui.sourceforge.net/



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Trying to locate an error

[Geoff Beier]

Tomas Sanchez Romani wrote:

So far I got two suggestions:

1) CVSROOT=:ext:[EMAIL PROTECTED]:/cvsroot/gforge

trying this (credit to Tom Copeland) a cmd-window opens executing cvs.exe and keeps me waiting, and waiting, and waiting... seems that nothing happens.

2) cvs -z3 -d:ext:[EMAIL PROTECTED]:/webcvs co -d c:/apache/htdocs/cage-web/ cvs

trying this (credit to Alex Pop) results in: 

cvs checkout: warning: unrecognized response `Unable to open connection:
' from cvs server
cvs [checkout aborted]: end of file from server (consult above messages if any)

So, it seems that I'm stuck!

If nothing gets working soon, I'm considering to uninstall the environment (cvs and ssh) and restart, If I do that, what do you recommend (I'm on a W2K-box - which will _not_ change!).


It sounds like you're failing to make an ssh connection... can you ssh 
to your account?

If you're new to cvs and plan to run Windows 2000, I always recommend 
TortoiseCVS (http://www.tortoisecvs.org/)... It's very easy to setup and 
use.

HTH

Geoff



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: How to Connect WinCVS 1.3b10 to New CVS 1.11.5 pserver?

[Geoff Beier]

[Thu, 23 Jan 2003 16:22:18 -0800] Thus spake Peter 
Connolly <[EMAIL PROTECTED]>:

We're testing out the new version of CVS 1.11.5 on a new 
pserver 
(Solaris 5.8) using port 2402.  All of our cross-platform 
access 
(i.e., Solaris, Linux & Win2K) to this new port and 
version 
check out okay **except** for WinCVS.  We're using WinCVS 
1.3b10. 

You may have better luck, then, on the WinCVS list:
http://groups.yahoo.com/subscribe/cvsgui
 
My best guess, though, as to your problems, is that wincvs 
ships with cvsnt (http://www.cvsnt.org/) and not the more 
standard cygwin cvs. Cvsnt supports a few extra options; 
WinCVS may make use of those. Also, in a default install 
of cvsnt DOS line-endings will be used for metadata. In a 
default install of cygwin cvs UNIX line-endings will be 
used for the metadata. IIRC you cannot use both clients on 
one sandbox. (This means that if you were using the 
default cvsnt before I would expect cygwin's defaults to 
cause errors when used with your existing sandboxes.)

HTH

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Panic error code -39?

[Geoff Beier]

[Wed, 22 Jan 2003 18:51:32 +0530] Thus spake Prem Prakash 
Pathak <[EMAIL PROTECTED]>:

We have CVSServer version:1.11.1p1(client-server) setup 
under Linux, and are
accessing CVSServer Repository from both "MacOS" 9/X & 
"WIndows" over the
network.
1. MacCVS Client 10.2
2. WinCVS Client 1.2
Accessing thru Win client is fine. Today we got strange 
behaviour while
accessing thru Mac Client.

It's giving following ERROR:
	cvs [checkout aborted]: Internal error: cvs_hqx.cpp, 
635: Panic
Error (-39)
Sometimes it's giving:
	cvs [checkout aborted]: Internal error: cvs_hqx.cpp, 
635: Unknown
Error (-39)

I gone thru some mannuals, they have specified that there 
is a directory
named "cvs" but it does not contain the administrative 
files,due to this it
will produce panic error.  Can somebody help me out to 
know more abt this
problem alongwith possible solutions.
 

I'm not familiar with your cvs client implementation but I 
can tell you that error code -39 is a system-wide, 
mac-specific error. Its explanation is something like 
"unexpected end of file", but in practice I've found that 
it means that whatever file is being read at that point is 
hopelessly corrupted.

HTH

Geoff


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: connection using pserver

[Geoff Beier]

Kenneth Porter wrote:

--On Friday, January 17, 2003 4:46 PM -0500 Larry Jones
<[EMAIL PROTECTED]> wrote:



We started down this path but couldn't get it working on Windows with
cygwin ssh. (Server is a Red Hat box, though.) Is there a cookbook
somewhere that explains how to make that scenario work?

For other tunneling (eg. X) I've been using the latest PuTTY, which seems
to work pretty well. Has anyone set up a Windows CVS client using PuTTY?



First, remember that you're not really tunneling with CVS the same way 
you're tunneling with X. The PuTTY suite provides plink, which has no 
interface or terminal integration and integrates very nicely with CVS. 
It can use PuTTY sessions and shares the cache of host keys in the 
registry, uses pageant, etc. Most of our Windows users use TortoiseCVS 
(http://www.tortoisecvs.org/), which integrates a customized version of 
plink.

HTH

Geoff



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Security options :-(

[Geoff Beier]

Zieg, Mark wrote:


I haven't done this myself in awhile, but you can configure a "genuine login
account" -- cvsphil, in this case -- who can connect via ssh, but through no
other method.  That is, cvsphil can't login from the console, from telnet,
rlogin, etc.  I think this is mainly done by setting his login shell to
"/sbin/nologin" or the equivalent.

Then, you can configure the user's ssh login so that the ONLY command they
can run via ssh is "cvs".  By default, ssh will open a login shell, but that
won't work for cvsphil, since he won't have a login shell configured.  Nor
will you allow phil to type "ssh cvsphil@myhost rm
/usr/local/cvsroot/CVSROOT/history", because ssh will be configured to
require the command to be "cvs" (rather than "rm" in this example), and will
strip out metacharacters like "&&" and ";".  And you'll also ftpchroot
cvsphil so he can't FTP into the repository server, either.  (cvsphil's a
tenacious and sneaky bastard, after all.)


You'll also need to configure cvsphil such that he can only log on with 
a particular keypair. Otherwise, what stops phil from using the su 
command to sidestep this elaborate configuration?

Regards,
Geoff



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: security question

[Geoff Beier]

PS - are there any windows and linux clients that particularly shine 
with SSH?


TortoiseCVS on Windows (http://www.tortoisecvs.org/) works very well 
with ssh. They distribute a customized version of plink from the PuTTy 
suite.

HTH

Geoff



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs