aboutsummaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
Diffstat (limited to 'README')
-rw-r--r--README386
1 files changed, 154 insertions, 232 deletions
diff --git a/README b/README
index 74c51d9..ddeb41c 100644
--- a/README
+++ b/README
@@ -7,11 +7,12 @@
appropriate place.
2) Compile and install anoncvssh, the shell used for the anoncvs user.
- ( If you aren't using OpenBSD you'll probably need to compile a sup
+ Install the cvsync client using 'pkg_add cvsync' command.
+ ( If you aren't using OpenBSD you'll probably need to compile a cvsync
client as well. The easier path is to use OpenBSD ;).
3) Add the anoncvs user to the password file, with no password, and
- anoncvssh as it's shell. Decide on a user that will run sup to maintain
+ anoncvssh as it's shell. Decide on a user that will run cvsync to maintain
the archive (this is a different user, NOT the anoncvs user).
4) Make a home directory for the anoncvs user. The anoncvs user's
@@ -23,19 +24,15 @@
use another platform you'll need to be familiar with what needs
to go in a chroot jail for your platform.
-5) Get permission to use sup to obtain the cvs tree from a server.
+5) Get permission to use cvsync to obtain the cvs tree from a server.
-6) Set up sup to retrieve the cvs tree from an appropriate place.
- (If you aren't using OpenBSD you will need to compile and install
- a sup client).
+6) Set up cvsync to retrieve the cvs tree from an appropriate place.
-7) Run sup to retrieve the distribution from the server.
+7) Run cvsync to retrieve the distribution from the server.
-8) Once you get the distribution in, set up a cron job to run sup
+8) Once you get the distribution in, set up a cron job to run cvsync
periodically to keep your server up to date.
-9) Enabling OpenCVS anoncvs.
-
**********************************************************************
STEP 1) find enough disk space.
You need roughly 2GB.
@@ -49,9 +46,9 @@ STEP 2) compile the anoncvssh binary.
Install the binary setuid-root in /open/anoncvssh.
**********************************************************************
-STEP 3) Create the anoncvs account and decide who will run "sup"
+STEP 3) Create the anoncvs account and decide who will run "cvsync"
to maintain the archive. The anoncvs account should *NOT* be the one
- running sup to maintain the archive.
+ running cvsync to maintain the archive.
create an account similar to:
@@ -61,12 +58,18 @@ Yes, that is right - the account has no password. Be sure that the
uid and gid are unique for your system, if the ones above aren't,
pick different values.
-Decide who will run sup to maintain the archive. Call that user
-$SUPUSER. Oh, and in case it hasn't been previously mentioned,
-$SUPUSER should *NOT* be the anoncvs user :).
+Decide who will run cvsync to maintain the archive. Call that user
+$CVSYNCUSER. Oh, and in case it hasn't been previously mentioned,
+$CVSYNCUSER should *NOT* be the anoncvs user :).
+
+Add the following to the end of your /etc/ssh/sshd_config and restart
+your sshd daemon:
-Set "PermitEmptyPasswords yes" option in /etc/ssh/sshd_config and
-restart your sshd daemon.
+Match User anoncvs
+ PermitEmptyPasswords yes
+ AllowTcpForwarding no
+ AllowAgentForwarding no
+ X11Forwarding no
**********************************************************************
STEP 4) Build the anoncvs user's home directory chroot jail. This
@@ -75,8 +78,7 @@ STEP 4) Build the anoncvs user's home directory chroot jail. This
mkdir /open/anoncvs
mkdir /open/anoncvs/cvs
-mkdir /open/anoncvs/sup
-chown -R $SUPUSER /open/anoncvs/cvs /open/anoncvs/sup /open/anoncvs
+chown -R $CVSYNCUSER /open/anoncvs/cvs /open/anoncvs
Start filling the account up with nice stuff. You are building a chroot
jail for anoncvs in /open/anoncvs.
@@ -91,8 +93,6 @@ Put a message like the following in .plan:
Then set your CVSROOT environment variable to the following value:
anoncvs@anoncvs.openbsd.org:/cvs
- chown root:wheel .hushlogin .profile .plan
-
mkdir bin dev tmp usr var etc
cp /bin/{cat,pwd,rm,sh} bin/
@@ -129,17 +129,15 @@ If your system has ld.so in /usr/libexec,
If using shared libraries, use ldd to find out which shared libs you need:
# ldd /usr/bin/cvs
/usr/bin/cvs:
- Start End Type Ref Name
- 00000000 00000000 exe 1 /usr/bin/cvs
- 0015f000 20165000 rlib 1 /usr/lib/libz.so.2.0
- 0016d000 20172000 rlib 1 /usr/lib/libgssapi.so.2.0
- 0017f000 2018d000 rlib 1 /usr/lib/libkrb5.so.5.2
- 00141000 20145000 rlib 1 /usr/lib/libasn1.so.3.1
- 00089000 200ba000 rlib 1 /usr/lib/libcrypto.so.10.0
- 00177000 2017c000 rlib 1 /usr/lib/libdes.so.8.0
- 00169000 2016d000 rlib 1 /usr/lib/libcom_err.so.1.0
- 00009000 20053000 rlib 1 /usr/lib/libc.so.30.0
- 00002000 00002000 rtld 1 /usr/libexec/ld.so
+ Start End Type Open Ref GrpRef Name
+ 1c000000 3c01f000 exe 1 0 0 /usr/bin/cvs
+ 0f802000 2f80a000 rlib 0 1 0 /usr/lib/libz.so.4.1
+ 020f3000 220f8000 rlib 0 1 0 /usr/lib/libgssapi.so.5.0
+ 0530c000 2531c000 rlib 0 1 0 /usr/lib/libkrb5.so.17.0
+ 03801000 23841000 rlib 0 1 0 /usr/lib/libcrypto.so.18.0
+ 0a8fb000 2a900000 rlib 0 1 0 /usr/lib/libdes.so.9.0
+ 094d2000 2950b000 rlib 0 1 0 /usr/lib/libc.so.51.0
+ 094ca000 094ca000 rtld 0 1 0 /usr/libexec/ld.so
and then copy the required libraries to usr/lib/
@@ -164,54 +162,60 @@ For :pserver: support (optional)
See the example layout below for full details.
**********************************************************************
-STEP 5): Get sup permission.
+STEP 5): Get cvsync permission.
send mail to sup@openbsd.org
-1) to have sup permissions granted on an appropriate machine for you
- to sup from. We will need to know your host's real hostname and
+1) to have cvsync permissions granted on an appropriate machine for you
+ to cvsync from. We will need to know your host's real hostname and
IP address.
2) to have an anoncvsN.COUNTRY.openbsd.org alias created.
-3) to have your site mentioned in the http://www.openbsd.org page.
+3) to have your site mentioned in the http://www.openbsd.org/anoncvs.html page.
**********************************************************************
-STEP 6): Configure sup.
-
-If you're running OpenBSD, you already have a sup client in
-/usr/bin/sup. If not you may need to build it. On an IRIX or other
-SYSV machine, ensure that your kernel does not allow a user to chown
-a file to another user (you may have heard of this particular brand
-of evil referred to as "chown giveaway"). This will cause sup to
-give away the files to root before chmod'ing them readable.
-michaels@openbsd.org knows how to fix this.
-
-The file /open/anoncvs/sup/ss contains a line that tells sup where
-to get the cvs tree from. It will normally contain:
-
- cvs host=anoncvs.ca.openbsd.org hostbase=/usr/OpenBSD base=/open/anoncvs delete
-
-The file /open/anoncvs/sup/cvs/refuse tells sup what files it should not get.
-It should contain the following lines:
-
- cvs/CVSROOT/history
- cvs/CVSROOT/readers
- cvs/CVSROOT/writers
- cvs/CVSROOT/passwd
-
-If you ever fetch the file cvs/CVSROOT/history, delete it. It will
-cause you problems.
+STEP 6): Configure cvsync.
+
+You have to install cvsync package.
+
+The file /etc/cvsync.conf contains the configuration of cvsync. It will
+normally contain:
+
+config {
+ base-prefix /open/anoncvs/
+ hostname anoncvs.ca.openbsd.org
+ collection {
+ name openbsd-cvsroot release rcs
+ prefix cvs
+ }
+ collection {
+ name openbsd-src release rcs
+ prefix cvs
+ }
+ collection {
+ name openbsd-ports release rcs
+ prefix cvs
+ }
+ collection {
+ name openbsd-www release rcs
+ prefix cvs
+ }
+ collection {
+ name openbsd-xenocara release rcs
+ prefix cvs
+ }
+}
**********************************************************************
-STEP 7): Run sup to retrieve the tree for the first time.
+STEP 7): Run cvsync to retrieve the tree for the first time.
-Log in as or become the $SUPUSER, and run
+Log in as or become the $CVSYNCUSER, and run
-sup -v /open/anoncvs/sup/ss > /tmp/suplog &; tail -f /tmp/suplog
+cvsync > /tmp/cvsynclog &; tail -f /tmp/cvsynclog
-If you have sup permission, and have specified the correct host and
-hostbase in /open/anoncvs/sup/ss you should see a list of files start
+If you have cvsync permission, and have specified the correct host and
+prefix in /etc/cvsync.conf you should see a list of files start
coming in after a short while. Don't panic if nothing happens
-immediately. Watch for errors (sup can timeout or die). If you can't
-access files contact the sup server maintainer. If you get a timeout
-or if sup dies you can restart and it should continue where it left off.
+immediately. Watch for errors (cvsync can timeout or die). If you can't
+access files contact the cvsync server maintainer. If you get a timeout
+or if cvsync dies you can restart and it should continue where it left off.
It can take a good while (and a couple of restarts) to obtain the
whole tree for the first time.
@@ -219,185 +223,103 @@ whole tree for the first time.
**********************************************************************
STEP 8): Set up cron to keep the tree up to date.
-You run sup periodically from the cron by setting up the crontab file
-of the $SUPUSER.
-
-For example: To run every three hours 'sup -v supfile', and thrice
-weekly 'sup -vo supfile' .. because sup is not reliable ..
+You run cvsync periodically from the cron by setting up the crontab file
+of the $CVSYNCUSER.
-0 0,3,6,9,12,15,18,21 * * 0,2,4,5 sup -v /open/anoncvs/sup/ss > /dev/null
-0 0,12,15,18,21 * * 1,3,6 sup -v /open/anoncvs/sup/ss > /dev/null
-0 3 * * 1,3,6 sup -vo /open/anoncvs/sup/ss > /dev/null
+For example, to update every two hours:
-anoncvs5.usa.openbsd.org uses this particular set of entries. A `sup
--o' is done every few days because sup is not very robust.
+15 */2 * * * /usr/local/bin/cvsync > /dev/null
**********************************************************************
-STEP 9): Enabling OpenCVS anoncvs.
-
-The next step is to enable OpenCVS, which will run on your system next
-to the normal GNU cvs server. This will become the default in the
-future.
-
-First off, create a new user account "opencvs" like you did for your
-normal anoncvs user:
-
-opencvs::32766:32766::0:0:Anonymous OpenCVS User:/open/anoncvs:/open/anoncvssh
-
-Be sure that the uid and gid are unique for your system, if the ones
-above aren't, pick different values.
-
-#define OPENCVS_USER "opencvs"
-
-Recompile anoncvssh.c and install the binary setuid-root in /open/anoncvssh.
-
-Compile and install a current /usr/bin/opencvs.
-
-Copy /usr/bin/opencvs to /open/anoncvs/usr/bin/opencvs
-
-You can now use OpenCVS anoncvs by using the correct CVSROOT:
- opencvs@anoncvs.openbsd.org:/cvs
-
-If you encounter bugs, send them to joris@openbsd.org
-
-**********************************************************************
EXAMPLE LAYOUT
-Example layout for OpenBSD. In this example "deraadt" is the $SUPUSER.
-
-[eap open 5 ]> cd /open
-[eap open 6 ]> ls -alF
-total 46
-drwxr-xr-x 7 root wheel 512 Feb 20 09:58 ./
-drwxr-xr-x 17 root wheel 512 Jun 14 14:05 ../
-drwxr-xr-x 9 root wheel 512 Jan 3 21:55 anoncvs/
----s--x--x 1 root bin 16384 Nov 30 1995 anoncvssh*
-lrwxr-xr-x 1 root wheel 11 Jan 3 21:52 cvs@ -> anoncvs/cvs
-drwxr-xr-x 5 root wheel 512 Feb 22 13:22 ftp/
-drwxrwxrwt 2 anoncvs wheel 1024 Jan 1 13:18 lost+found/
-drwxr-xr-x 4 root wheel 512 Nov 30 1995 src/
-drwxrwxr-x 3 deraadt wheel 512 Dec 4 1995 sup/
-[eap open 7 ]> cd anoncvs
-[eap anoncvs 8 ]> ls -alF
-total 20
-drwxr-xr-x 9 root wheel 512 Jan 3 21:55 ./
-drwxr-xr-x 7 root wheel 512 Feb 20 09:58 ../
--r--r--r-- 1 root wheel 0 Nov 30 1995 .hushlogin
--r--r--r-- 1 root wheel 188 Nov 30 1995 .plan
--r--r--r-- 1 root wheel 0 Nov 29 1995 .profile
-drwxrwxr-x 2 deraadt wheel 512 Nov 29 1995 bin/
-drwxrwxr-x 6 deraadt cvs 512 Jun 16 20:28 cvs/
-drwxr-xr-x 2 root wheel 512 Nov 30 1995 dev/
-drwxr-xr-x 2 root wheel 512 Nov 29 1995 etc/
-drwxrwxrwx 3 root wheel 512 Jun 22 07:42 tmp/
-drwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 usr/
-drwxr-xr-x 2 root wheel 512 Jan 3 21:55 var/
-[eap anoncvs 8 ]> ls -alFR bin usr tmp etc dev
+Example layout for OpenBSD. In this example "deraadt" is the $CVSYNCUSER.
+
+$ cd /open
+$ ls -alF
+total 64
+drwxr-xr-x 5 root wheel 512 Jun 18 22:29 ./
+drwxr-xr-x 13 root wheel 512 Jun 4 05:14 ../
+drwxr-xr-x 9 deraadt wheel 512 Jun 3 02:15 anoncvs/
+---s--x--x 1 root wheel 14302 Jun 18 22:29 anoncvssh*
+drwxr-xr-x 4 root wheel 5120 Jun 10 14:34 ftp/
+
+$ cd anoncvs
+$ ls -alF
+total 68
+drwxr-xr-x 9 root wheel 512 Jun 3 02:15 ./
+drwxr-xr-x 5 root wheel 512 Jun 10 14:32 ../
+-rw-r--r-- 1 root wheel 0 Jun 3 01:50 .hushlogin
+-rw-r--r-- 1 root wheel 84 Jun 3 01:50 .plan
+-rw-r--r-- 1 root wheel 0 Jun 3 01:50 .profile
+drwxr-xr-x 2 root wheel 512 Jun 3 01:40 bin/
+drwxr-xr-x 7 deraadt wheel 512 Jun 18 22:19 cvs/
+drwxr-xr-x 2 root wheel 512 Jun 3 01:51 dev/
+drwxr-xr-x 2 root wheel 512 Jun 3 01:53 etc/
+drwxrwxrwx 10 root wheel 512 Jun 18 17:38 tmp/
+drwxr-xr-x 5 root wheel 512 Jun 3 01:54 usr/
+drwxr-xr-x 2 root wheel 512 Jun 3 01:54 var/
+$ ls -alFR bin usr tmp etc dev
bin:
-total 948
-drwxrwxr-x 2 deraadt wheel 512 Nov 29 1995 ./
-drwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../
---wx--x--x 1 deraadt wheel 40960 Jun 18 09:45 cat*
---wx--x--x 1 deraadt wheel 40960 Jun 18 09:45 pwd*
---wx--x--x 1 deraadt wheel 122880 Jun 18 09:45 rm*
---wx--x--x 1 deraadt wheel 262144 Jun 18 09:45 sh*
-
+total 1984
+drwxr-xr-x 2 root wheel 512 Jun 3 01:40 ./
+drwxr-xr-x 9 root wheel 512 Jun 3 02:15 ../
+-r-xr-xr-x 1 root wheel 132368 Jun 3 01:40 cat*
+-r-xr-xr-x 1 root wheel 124176 Jun 3 01:40 pwd*
+-r-xr-xr-x 1 root wheel 238864 Jun 3 01:40 rm*
+-r-xr-xr-x 1 root wheel 460048 Jun 3 01:40 sh*
+
dev:
-total 4
-drwxr-xr-x 2 root wheel 512 Nov 30 1995 ./
-drwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../
-crw-rw-rw- 1 root wheel 2, 2 Nov 30 1995 null
-
+total 8
+drwxr-xr-x 2 root wheel 512 Jun 3 01:51 ./
+drwxr-xr-x 9 root wheel 512 Jun 3 02:15 ../
+crw-rw-rw- 1 root wheel 3, 2 Jun 3 01:51 null
+crw-rw-rw- 1 root wheel 3, 12 Jun 3 01:51 zero
+
etc:
-total 112
-drwxr-xr-x 2 root wheel 512 Nov 29 1995 ./
-drwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../
--rw-r--r-- 1 root wheel 252 Nov 29 1995 group
--rw-r--r-- 1 root wheel 296 Nov 29 1995 hosts
--rw-r--r-- 1 root wheel 540 Nov 29 1995 passwd
--rw-r--r-- 1 root wheel 1094 Nov 29 1995 protocols
--rw-r--r-- 1 root wheel 40960 Nov 29 1995 pwd.db
--rw-r--r-- 1 root wheel 89 Nov 29 1995 resolv.conf
--rw-r--r-- 1 root wheel 5529 Nov 29 1995 services
--rw-r--r-- 1 root wheel 1361 Nov 29 1995 ttys
+total 188
+drwxr-xr-x 2 root wheel 512 Jun 3 01:53 ./
+drwxr-xr-x 9 root wheel 512 Jun 3 02:15 ../
+-r--r--r-- 1 root wheel 64 Jun 3 01:52 group*
+-r--r--r-- 1 root wheel 576 Jun 3 01:52 hosts*
+-r--r--r-- 1 root wheel 291 Jun 3 01:53 passwd*
+-r--r--r-- 1 root wheel 5625 Jun 3 01:52 protocols*
+-r--r--r-- 1 root wheel 40960 Jun 3 01:52 pwd.db*
+-r--r--r-- 1 root wheel 93 Jun 3 01:52 resolv.conf*
+-r--r--r-- 1 root wheel 9875 Jun 3 01:52 services*
+-r--r--r-- 1 root wheel 26428 Jun 3 01:52 ttys*
usr:
-total 10
-drwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ./
-drwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../
-drwxr-xr-x 2 deraadt wheel 512 Nov 30 1995 bin/
-drwxr-xr-x 2 deraadt wheel 1024 Jun 18 09:50 lib/
-drwxr-xr-x 2 deraadt wheel 512 Nov 29 1995 libexec/
+total 20
+drwxr-xr-x 5 root wheel 512 Jun 3 01:54 ./
+drwxr-xr-x 9 root wheel 512 Jun 3 02:15 ../
+drwxr-xr-x 2 root wheel 512 Jun 3 01:57 bin/
+drwxr-xr-x 2 root wheel 512 Jun 3 01:56 lib/
+drwxr-xr-x 2 root wheel 512 Jun 3 01:55 libexec/
usr/bin:
-total 1968
-drwxr-xr-x 2 deraadt wheel 512 Nov 30 1995 ./
-drwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ../
---wx--x--x 1 deraadt wheel 317787 Jun 18 09:46 cvs*
+total 3016
+drwxr-xr-x 2 root wheel 512 Jun 3 01:57 ./
+drwxr-xr-x 5 root wheel 512 Jun 3 01:54 ../
+-r-xr-xr-x 1 root wheel 643728 Jun 3 01:54 cvs*
usr/lib:
-total 5594
-drwxr-xr-x 2 deraadt wheel 1024 Jun 18 09:50 ./
-drwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ../
--rw-r--r-- 1 deraadt wheel 351730 Jun 18 09:50 libasn1.so.2.0
--rw-r--r-- 1 deraadt wheel 351730 Jun 18 09:50 libc.so.28.5
--rw-r--r-- 1 deraadt wheel 16608 Jun 18 09:50 libcrypto.so.6.0
--rw-r--r-- 1 deraadt wheel 44424 Jun 18 09:50 libdes.so.7.0
--rw-r--r-- 1 deraadt wheel 16665 Jun 18 09:50 libgssapi.so.1.0
--rw-r--r-- 1 deraadt wheel 86198 Jun 18 09:50 libkafs.so.10.0
--rw-r--r-- 1 deraadt wheel 42254 Jun 18 09:50 libkrb.so.10.0
--rw-r--r-- 1 deraadt wheel 66099 Jun 18 09:50 libkrb5.so.4.0
--rw-r--r-- 1 deraadt wheel 387976 Jun 18 09:50 libz.so.1.4
+total 42344
+drwxr-xr-x 2 root wheel 512 Jun 3 01:56 ./
+drwxr-xr-x 5 root wheel 512 Jun 3 01:54 ../
+-r--r--r-- 1 root wheel 4605409 Jun 3 01:56 libc.so.50.1
+-r--r--r-- 1 root wheel 9659802 Jun 3 01:56 libcrypto.so.18.0
+-r--r--r-- 1 root wheel 190814 Jun 3 01:56 libdes.so.9.0
+-r--r--r-- 1 root wheel 1593303 Jun 3 01:55 libgssapi.so.5.0
+-r--r--r-- 1 root wheel 5337583 Jun 3 01:56 libkrb5.so.16.0
+-r--r--r-- 1 root wheel 182556 Jun 3 01:55 libz.so.4.1
usr/libexec:
-total 100
-drwxr-xr-x 2 deraadt wheel 512 Nov 29 1995 ./
-drwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ../
--rwxr-xr-x 1 deraadt wheel 49152 Jun 18 09:47 ld.so*
-
-[eap anoncvs 14 ]> ls cvs
-CVSROOT/ src/ sup/ www/
-[eap anoncvs 15 ]> cd /open
-[eap anoncvs 16 ]> ls -alF sup
-total 8
-drwxrwxr-x 3 deraadt wheel 512 Dec 4 1995 ./
-drwxr-xr-x 7 root wheel 512 Feb 20 09:58 ../
-drwxr-xr-x 2 deraadt wheel 512 Jun 22 06:05 cvs/
--rw-rw-r-- 1 deraadt wheel 54 Dec 4 1995 ss
-
-
-***************************************************************
-NOTES FOR OTHER PLATFORMS:
-
-If you're not that familiar with your other platform (i.e. you haven't
-built a chroot jail for a server on it) you may be better off
-finding an OpenBSD machine to use and duplicating the example above.
-
-**SunOS 5)
-Bob Beck <Bob.Beck@ualberta.ca> has done this. E-mail for
-help if you need it.
-
-**OSF 1)
-From Todd Fries <toddf@acm.org> to the adventurous.
-A note for those installing anoncvs on non-OpenBSD operating systems.
-You are in for some fun.
-
-For OSF1, on a DEC alpha, I had to do the following in addition to the
-above:
-
-- I do not know how to setup dynamic libraries on osf1 and as a result
- everything had to be compiled statically.
-- Therefore, everything but /bin/sh I had to recmpile in order to
- get the chroot setup. In order that there be no guesswork
- involved, the following packages' binaries must exist in the chroot
- environment:
-
- GNU
- cvs (from the OpenBSD source tree)
-
-Some notes on compiling.
+total 120
+drwxr-xr-x 2 root wheel 512 Jun 3 01:55 ./
+drwxr-xr-x 5 root wheel 512 Jun 3 01:54 ../
+-r-xr-xr-x 1 root wheel 55683 Jun 3 01:55 ld.so*
+$ ls cvs
+CVSROOT ports src www xenocara
- cvs fails to install if you don't have makeinfo ... just search for the
- string ' install-info$' with regex and remove it from the Makefile for the
- install and you'll be fine, or install 'texinfo', your choice.