Annotation of www/anoncvs.html, Revision 1.227
1.180 jufi 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 deraadt 2: <html>
3: <head>
1.93 deraadt 4: <title>OpenBSD AnonCVS</title>
1.135 naddy 5: <link rev="made" href="mailto:www@openbsd.org">
1.93 deraadt 6: <meta name="resource-type" content="document">
1.180 jufi 7: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
1.93 deraadt 8: <meta name="description" content="How to get OpenBSD updates via Internet using Anonymous CVS">
9: <meta name="keywords" content="openbsd,anoncvs,updates">
10: <meta name="distribution" content="global">
1.200 nick 11: <meta name="copyright" content="This document copyright 1996-2004 by OpenBSD.">
1.1 deraadt 12: </head>
13:
1.226 nick 14: <body bgcolor="#ffffff" text="#000000">
1.1 deraadt 15:
1.171 jsyn 16: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.93 deraadt 17: <p>
1.135 naddy 18: <h2><font color="#e00000">Anonymous CVS</font></h2>
1.14 downsj 19:
1.135 naddy 20: <hr>
21:
22: <h3>Table Of Contents</h3>
23:
24: <ul>
1.100 ericj 25: <li><a href="#anoncvs">What is Anonymous CVS?</a>
26: <li><a href="#CVS">What is CVS?</a>
1.135 naddy 27: <li><a href="#starting">Getting Started Using Anonymous CVS</a>
28: <li><a href="#using">Using CVS to Get and Update your Source Tree</a>
29: <li><a href="#CVSROOT">Available Anonymous CVS Servers</a>
30: <li><a href="#CRYPTO">Getting crypto sources through cvs(1)</a>
31: <li><a href="#EXAMPLE">Example usages for cvs(1)</a>
1.104 ericj 32: <li><a href="#WHICH">Use rsh(1) or ssh(1)?</a>
1.135 naddy 33: <li><a href="#SUP">Mirroring the CVS repository via sup(1)</a>
34: <li><a href="#MIRROR">Setting up an anoncvs mirror</a>
1.100 ericj 35: </ul>
1.135 naddy 36:
1.100 ericj 37: <hr>
38:
1.135 naddy 39: <h3><a name="anoncvs"><font color="#0000e0">What is Anonymous CVS?</font></a></h3>
1.99 ericj 40:
1.15 grr 41: <p>
42: Anonymous CVS is a method of keeping your local copy of the OpenBSD source
43: tree up to date with respect to changes made to current OpenBSD sources.
1.109 jason 44: In addition to following the bleeding edge of development, it is
45: also possible to track the patches for errata of a release.
1.99 ericj 46:
1.14 downsj 47: <p>
1.15 grr 48: The major advantage of Anonymous CVS over other source code update
49: techniques is that it works directly against a central source code
50: repository or mirror. This means that you have the full set of CVS
51: commands available to control merging and updating your changes with
1.154 jsyn 52: other source changes and for performing diffs, change histories
1.15 grr 53: and other queries against the central repository.
1.99 ericj 54:
1.36 deraadt 55: <p>
1.135 naddy 56: The OpenBSD Project currently has five main source repositories:
1.99 ericj 57:
58: <ul>
1.226 nick 59: <li><b>src</b> - Houses all source code for the OpenBSD Operating System.
60: <li><b>ports</b> - Houses the <a href="./ports.html">OpenBSD Ports</a>.
61: <li><b>www</b> - Houses all OpenBSD web pages. (Including this one).
1.135 naddy 62: <li><b>X11</b> - Houses OpenBSD's adaptation of the
1.226 nick 63: <a href="http://www.XFree86.org/">XFree86-3</a> software project.
64: This is here just for historical purposes, most users will have no
65: reason to use this tree, it is no longer being used.
66: <li><b>XF4</b> - Houses OpenBSD's active X source tree.
1.99 ericj 67: </ul>
68:
1.100 ericj 69: <p>
70: To summarize, the real strength of using Anonymous CVS is that it is
71: a "tolerant" source code control system - it <strong>respects</strong>
72: changes that you have made to your local sources and makes <strong>
73: "best efforts"</strong> to update your entire source tree, rather than
74: leaving you a list of arcane problems that have to be resolved before
75: continuing.
76:
1.135 naddy 77: <h3><a name="CVS"><font color="#0000e0">What is CVS?</font></a></h3>
1.99 ericj 78:
1.36 deraadt 79: <p>
1.226 nick 80: <a href="http://www.cvshome.org/">CVS</a> is the source code control
81: system used to <a href="why-cvs.html">manage the OpenBSD source
82: tree.</a>
1.16 deraadt 83: It implements a central repository for all officially released source code
1.15 grr 84: and changes, while permitting developers to maintain local copies of the
1.226 nick 85: source code with their working changes.
86:
87: There are two levels of source tree access:
88: <ul>
89: <li><b>Read-write access for developers:</b>
90: Developers who need to commit changes to the source tree must have an
91: account on the OpenBSD machines.
92: Getting this access will be a natural result of working on the sources
93: with other OpenBSD developers.
94: If someone does some good work and shows they can work with the team,
95: they will get an account.
96:
97: <li><b>Read-only access for everyone:</b>
98: Anyone can access the read-only CVS repositories.
99: These copies of the read-write CVS repository are mirrored often.
100: </ul>
1.99 ericj 101:
1.15 grr 102: <p>
1.22 niklas 103: The major strength of CVS is that it has the ability to perform intelligent
1.15 grr 104: merges of changes to the central repository with changes that you make to
105: your local copy. This means that if you make a change to a module and
106: perform an update, your changes are not "blown away", rather CVS makes
107: best efforts to merge the changes made to the central sources with changes
108: you've made to your local copy.
1.99 ericj 109:
1.15 grr 110: <p>
111: In the event that the changes can't be completely merged, CVS provides a
1.226 nick 112: "soft fallback", providing you with annotated changes to your
1.39 todd 113: local copy, preserving an unmodified copy of your version and continuing
1.15 grr 114: to update any other source modules you requested.
1.99 ericj 115:
1.155 jsyn 116: <h3><a name="starting"><font color="#0000e0">Getting Started Using Anonymous
117: CVS</font></a></h3>
1.100 ericj 118:
1.224 nick 119: While you can download the entire source tree from an AnonCVS server,
120: you can often save a lot of time and bandwidth by "preloading" your
121: source tree with the source files from either the OpenBSD CD or from an
122: FTP server.
123: This is particularly true if you are running
124: <a href="stable.html"><i>-stable</i></a>, as relatively few files change
125: between the <i>-release</i> and <i>-stable</i>.
1.100 ericj 126:
1.22 niklas 127: <p>
1.224 nick 128: To extract the source tree from the CD to <i>/usr/src</i> (assuming the CD is
1.155 jsyn 129: mounted on /mnt):
1.22 niklas 130: <pre>
1.224 nick 131: # <b>cd /usr/src; tar xzf /mnt/src.tar.gz</b>
1.227 ! nick 132: # <b>cd /usr; tar xzf /mnt/XF4.tar.gz</b>
1.226 nick 133: # <b>tar xzf /mnt/ports.tar.gz</b>
1.22 niklas 134: </pre>
1.224 nick 135:
136: The source files for download from the FTP servers are separated into two
137: files to minimize the time required to download for those wishing to work
138: with only one part of the tree. The two files are <tt>sys.tar.gz</tt>,
139: which contains the files used to create the kernel, and <tt>src.tar.gz</tt>
1.225 nick 140: which contains all the other "userland" utilities.
1.224 nick 141: In general, however, you will usually want both of them installed.
142: Assuming the downloaded files, <tt>src.tar.gz</tt> and
143: <tt>sys.tar.gz</tt> are in <tt>/usr</tt>:
144:
1.22 niklas 145: <pre>
1.224 nick 146: # <b>cd /usr/src</b>
147: # <b>tar xzf ../sys.tar.gz</b>
1.225 nick 148: # <b>tar xzf ../src.tar.gz</b>
1.226 nick 149: # <b>cd /usr</b>
150: # <b>tar xzf XF4.tar.gz</b>
151: # <b>tar xzf ports.tar.gz</b>
1.22 niklas 152: </pre>
1.100 ericj 153:
154: <p>
1.226 nick 155: Not all people will wish to unpack all the file sets, but as the system
156: must be kept in sync, you will generally need to set up all trees.
157:
158: <p>
1.224 nick 159: You can also just use cvs(1) to "<b>checkout</b>" the source repository
160: for you. This is discussed in the <a href="#using">next section</a>.
1.100 ericj 161:
162: <p>
1.226 nick 163: After this, <tt>/usr/src</tt> will be a nice checkout area where all
1.155 jsyn 164: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1&format=html">
1.224 nick 165: cvs(1)</a> commands will work properly.
1.100 ericj 166:
1.155 jsyn 167: <h3><a name="using"><font color="#0000e0">Using CVS to get and update your
168: source tree</font></a></h3>
1.100 ericj 169:
170: <p>
1.226 nick 171: CVS was designed to be a simple way to retrieve and update your sources.
172: You must first decide whether you want to track <i>-current</i> or a
173: <a href="stable.html">patch branch</a>.
1.112 kjell 174: The current tree has all of the up to the minute changes,
1.109 jason 175: whereas a patch branch contains a formal release plus the patches
1.226 nick 176: from the <a href="errata.html">errata</a> and lesser issues already applied.
177: For more information on these "flavors" of OpenBSD, see
178: <a href="faq/faq5.html#Flavors">here</a>.
1.109 jason 179:
1.169 miod 180: <p>Once you have decided which tree to follow, you must choose which Anonymous
1.109 jason 181: CVS server you are going to use. A list of these servers is
1.226 nick 182: <a href="#CVSROOT">below</a>.
1.100 ericj 183:
184: <p>
1.155 jsyn 185: Once you have chosen which <a href="#CVSROOT">Anonymous CVS Server</a> you will
1.226 nick 186: use, you can start using cvs. For those of you
1.155 jsyn 187: who have CDs you can start with the CVS checkout that is on the CD by using
188: the method <a href="#starting">above</a> to get the sources onto your system.
189: If you don't have a CD handy, use the method below to checkout the sources.
190: This method puts the OpenBSD source tree into <i>/usr/src</i>.
1.100 ericj 191:
1.135 naddy 192: <pre>
193: # <b>cd /usr; cvs checkout -P src</b>
194: </pre>
1.99 ericj 195:
1.1 deraadt 196: <p>
1.109 jason 197: The above will checkout the <i>current</i> source tree. Many of you will
1.169 miod 198: only want the patch branch sources. To checkout a patch branch, you must
1.109 jason 199: specify a tag along with your command. Example:
1.1 deraadt 200:
1.135 naddy 201: <pre>
1.223 jsg 202: # <b>cd /usr; cvs checkout -P -rOPENBSD_3_6 src</b>
1.135 naddy 203: </pre>
1.1 deraadt 204: <p>
1.223 jsg 205: Or OPENBSD_3_5 for 3.5, etc.
1.100 ericj 206:
1.223 jsg 207: <p> The OPENBSD_3_6 tag contains the release sources and
1.109 jason 208: errata already applied.
1.100 ericj 209:
1.155 jsyn 210: <h3><a name="CVSROOT"><font color="#0000e0">Available Anonymous CVS Servers
211: </font></a></h3>
1.1 deraadt 212:
213: <p>
1.159 jcs 214: <em>Please see the note about <a href="#WHICH">ssh vs. rsh</a> below!</em>
1.12 grr 215: <p>
1.1 deraadt 216: <ul>
1.196 nick 217: <li><strong>CVSROOT=anoncvs@anoncvs1.usa.openbsd.org:/cvs</strong><br>
1.209 david 218: Host also known as <strong>anoncvs@anoncvs.usa.openbsd.org</strong>,
219: <strong>anoncvs@anoncvs4.usa.openbsd.org</strong>.<br>
1.210 naddy 220: Located in Redwood City, California, western USA.<br>
221: Maintained by <a href="mailto:millert@openbsd.org">Todd Miller</a>.<br>
222: Protocols: rsh, ssh, ssh port 2022, pserver.<br>
223: Updated every 2 hours.<br>
1.214 millert 224: SSH fingerprints:<br>
225: (RSA1) 1024 64:de:26:16:c2:ff:1b:c7:24:ed:a4:4a:d7:2f:69:3e<br>
226: (RSA) 1024 49:67:9a:46:62:8a:3f:4e:b3:63:ca:d6:41:29:2a:2f<br>
227: (DSA) 1024 a7:75:49:77:f3:47:d1:3c:5e:65:84:84:3b:03:f1:33<br>
1.196 nick 228: <p>
1.209 david 229: <li><strong>CVSROOT=anoncvs@anoncvs2.usa.openbsd.org:/cvs</strong><br>
230: Host also known as <strong>repository.citi.umich.edu</strong>.<br>
1.210 naddy 231: Located at the University of Michigan, central USA.<br>
232: Maintained by <a href="mailto:rees@umich.edu">Jim Rees</a>.<br>
233: Protocols: ssh, ssh port 2022.<br>
234: Updated every 12 hours.<br>
1.209 david 235: <p>
236: <li><strong>CVSROOT=anoncvs@anoncvs3.usa.openbsd.org:/cvs</strong><br>
1.222 millert 237: Located at the National Center for Atmospheric Research, Boulder, western USA.<br>
1.210 naddy 238: Maintained by <a href="mailto:millert@openbsd.org">Todd Miller</a>.<br>
239: Protocols: rsh, ssh, ssh port 2022, pserver.<br>
240: Updated every 2 hours.<br>
1.214 millert 241: SSH fingerprints:<br>
1.222 millert 242: (RSA1) 1024 34:95:19:c2:b3:e7:61:7b:39:e8:ab:86:37:cd:c4:49<br>
243: (RSA) 1024 42:56:39:98:65:05:e7:2a:98:2b:ee:cc:e5:a3:53:ed<br>
244: (DSA) 1024 e3:e7:83:ef:f6:78:dc:d3:ca:a5:cf:64:c6:b7:4f:43<br>
1.1 deraadt 245: <p>
1.24 deraadt 246: <li><strong>CVSROOT=anoncvs@anoncvs1.ca.openbsd.org:/cvs</strong><br>
1.40 beck 247: Host also known as <strong>anoncvs.ca.openbsd.org</strong>,
1.74 beck 248: <strong>openbsd.sunsite.ualberta.ca</strong><br>
1.210 naddy 249: Located in Edmonton, Alberta, Canada.<br>
250: Maintained by <a href="mailto:beck@ualberta.ca">Bob Beck</a>.<br>
251: Protocols: ssh, rsh, ssh port 2022, pserver<br>
252: Updated every 2 hours.<br>
1.24 deraadt 253: <p>
1.1 deraadt 254: <li><strong>CVSROOT=anoncvs@anoncvs.no.openbsd.org:/cvs</strong><br>
1.64 deraadt 255: Host also known as <strong>cvs.inet.no</strong>.<br>
1.210 naddy 256: Located in Norway.<br>
257: Maintained by <a href="mailto:cvsadmin@inet.no">Michael Shuldman</a>.<br>
258: Protocols: rsh, ssh, ssh port 2022.<br>
259: Updated every 4 hours.<br>
1.1 deraadt 260: <p>
1.208 millert 261: <li><strong>CVSROOT=anoncvs@anoncvs.at.openbsd.org:/cvs</strong><br>
262: Host also known as <strong>togetic.kd85.com</strong>.<br>
1.210 naddy 263: Located in Austria.<br>
264: Maintained by <a href="mailto:wim@kd85.com">Wim Vandeputte</a>.<br>
265: Protocols: ssh, ssh port 2022.<br>
266: Updated every 3 hours.<br>
1.69 deraadt 267: <p>
1.142 naddy 268: <li><strong>CVSROOT=anoncvs@anoncvs.nl.openbsd.org:/cvs</strong><br>
269: Host also known as <strong>anoncvs.calyx.nl</strong>.<br>
1.210 naddy 270: Located in Amsterdam, The Netherlands.<br>
271: Maintained by <a href="mailto:nick@calyx.net">Nick Merrill</a> and
1.142 naddy 272: <a href="mailto:alex@calyx.nl">Alexander Grendel</a>.<br>
1.210 naddy 273: Protocols: ssh.<br>
274: Updated every 3 hours.<br>
1.118 beck 275: <p>
1.69 deraadt 276: <li><strong>CVSROOT=anoncvs@anoncvs.jp.openbsd.org:/cvs</strong><br>
277: Host also known as <strong>kankoromochi.econ.nagasaki-u.ac.jp</strong>.<br>
1.210 naddy 278: Located at Nagasaki Univ. Faculty of Economics, Japan.<br>
279: Maintained by <a href="mailto:sigh@net.nagasaki-u.ac.jp">SUZUKI Hitoshi</a>.<br>
280: Protocols: ssh, pserver.<br>
281: Updated every 3 hours.<br>
1.121 deraadt 282: <p>
1.161 naddy 283: <li><strong>CVSROOT=anoncvs@anoncvs.de.openbsd.org:/cvs</strong><br>
284: Host also known as <strong>grappa.unix-ag.uni-kl.de</strong>.<br>
1.210 naddy 285: Located at the University of Kaiserslautern, Germany.<br>
286: Maintained by <a href="mailto:naddy@openbsd.org">Christian Weisgerber</a>.<br>
287: Protocols: ssh, ssh port 2022, pserver<br>
288: Updated every 6 hours.<br>
1.211 naddy 289: SSH fingerprints:<br>
290: (RSA) 1024 cf:a9:ee:a4:60:5d:66:00:50:5b:fd:d3:72:04:14:a3<br>
291: (DSA) 1024 78:d4:19:da:df:6f:c0:14:7f:4a:55:2a:e9:82:5f:e4<br>
1.220 nick 292: <!-- <p>
1.128 beck 293: <li><strong>CVSROOT=anoncvs@anoncvs.pl.openbsd.org:/cvs</strong><br>
294: Host also known as <strong>anoncvs1.pl.openbsd.org</strong>,
1.210 naddy 295: <strong>incredible.bmtmc.gda.pl</strong>.<br>
296: Located at BMT Maritime Consultants, Gdansk, Poland.<br>
297: Maintained by <a href="mailto:detergent@incredible.bmtmc.gda.pl">
1.198 david 298: Adam Naguszewski</a>.<br>
1.210 naddy 299: Protocols: ssh, pserver<br>
1.220 nick 300: Updated every 3 hours.<br> -->
1.122 beck 301: <p>
1.123 beck 302: <li><strong>CVSROOT=anoncvs@rt.fm:/cvs</strong><br>
1.210 naddy 303: Located in Lake in the Hills, Illinois, USA.<br>
304: Maintained by <a href="mailto:jcs@rt.fm">
1.198 david 305: Joshua Stein</a>.<br>
1.210 naddy 306: Protocols: ssh<br>
307: Updated every 3 hours.<br>
1.215 david 308: SSH fingerprints:<br>
1.212 jcs 309: (RSA) 1024 54:74:ca:17:d0:07:c3:53:b7:7e:1d:9b:10:bf:04:37<br>
310: (DSA) 1024 46:78:40:52:7a:18:f9:0e:68:61:b0:27:29:f9:d9:c4<br>
1.123 beck 311: <p>
1.149 miod 312: <li><strong>CVSROOT=anoncvs@cvs.openbsd.cz:/cvs</strong><br>
1.210 naddy 313: Located in Prague, Czech Republic.<br>
314: Maintained by <a href="mailto:vlada@openbsd.cz">Vladimir Kotal</a>.<br>
315: Protocols: ssh, pserver.<br>
316: Updated every 4 hours.<br>
1.220 nick 317: <!-- <p>
1.153 mickey 318: <li><strong>CVSROOT=anoncvs@anoncvs.openbsd.org.ua:/cvs</strong><br>
1.210 naddy 319: Located in Kiev, Ukraine.<br>
320: Maintained by <a href="mailto:hunter@dg.net.ua">Sergey Smitienko</a>.<br>
321: Protocols: ssh<br>
1.220 nick 322: Updated every 6 hours.<br> -->
323: <!-- <p>
1.165 miod 324: <li><strong>CVSROOT=openbsd@openbsd.bug.it:/cvs</strong><br>
1.210 naddy 325: Located in Modena, Italy.<br>
326: Maintained by <a href="mailto:jwk@bug.it">Giacomo Cariello</a>.<br>
327: Protocols: ssh, password "openbsd"<br>
1.220 nick 328: Updated every 6 hours.<br> -->
1.176 miod 329: <p>
330: <li><strong>CVSROOT=anoncvs@anoncvs.openbsd.lt:/cvs</strong><br>
1.217 naddy 331: Located at TVK, Cable TV and Internet Services, Lithuania.<br>
332: Maintained by <a href="mailto:helpas@ebox.lt">Donatas Budvytis</a>.<br>
333: Protocols: ssh<br>
334: Updated every 3 hours from cvsup.no.openbsd.org.<br>
1.183 jufi 335: <p>
1.199 nick 336: <li><strong>CVSROOT=anoncvs@anoncvs2.de.openbsd.org:/cvs</strong><br>
337: Host also known as <strong>openbsd.informatik.uni-erlangen.de</strong>.<br>
1.210 naddy 338: Located at the University of Erlangen-Nuremberg, Germany.<br>
1.219 naddy 339: Maintained by <a href="mailto:grunk@pestilenz.org">Alexander von Gernler</a>.<br>
1.210 naddy 340: Protocols: ssh, ssh port 2022, pserver<br>
341: Updated every 2 hours.<br>
1.211 naddy 342: SSH fingerprints:<br>
343: (RSA) 1024 fc:94:b0:c1:e5:b0:98:7c:58:43:99:76:97:ee:9f:b7<br>
344: (DSA) 1024 a9:00:3f:ba:50:81:16:d1:e9:b8:4f:3c:b2:10:e2:6c<br>
1.194 nick 345: <p>
1.185 jufi 346: <li><strong>CVSROOT=anoncvs@mirror.osn.de:/cvs</strong><br>
1.210 naddy 347: Located in Nürnberg, Germany.<br>
348: Maintained by <a href="mailto:aw@osn.de">Armin Wolfermann</a>.<br>
349: Protocols: ssh<br>
350: Updated every 4 hours.<br>
1.213 naddy 351: SSH fingerprints:<br>
352: (RSA) 1024 f2:73:d2:f6:e3:01:ef:ca:3b:e7:6c:80:b6:bd:bb:84<br>
353: (DSA) 1024 fb:33:05:62:96:20:cf:88:7e:10:cb:8d:91:72:57:32<br>
1.186 beck 354: <p>
355: <li><strong>CVSROOT=anoncvs@openbsd.chem.uw.edu.pl:/cvs</strong><br>
1.210 naddy 356: Located in Warsaw, Poland.<br>
357: Maintained by <a href="mailto:admin@chem.uw.edu.pl">Piotr Klein</a>.<br>
358: Protocols: ssh<br>
359: Updated every 3 hours.<br>
1.203 saad 360: <p>
1.202 beck 361: <li><strong>CVSROOT=anoncvs@anoncvs.student.pw.edu.pl:/cvs</strong><br>
1.210 naddy 362: Located at the Warsaw University of Technology, Poland.<br>
363: Maintained by <a href="mailto:dmarcink@elka.pw.edu.pl">Darek Marcinkeiwicz</a>.<br>
364: Protocols: ssh<br>
365: Updated every 3 hours.<br>
1.221 beck 366: <li><strong>CVSROOT=anoncvs@anoncvs.se.openbsd.org:/cvs</strong><br>
367: Located at Stacken computer club, KTH, Sweden.<br>
368: Maintained by <a href="mailto:hin@openbsd.org">Hans Insulander</a>.<br>
369: Protocols: ssh<br>
370: Updated every 3 hours.<br>
1.73 deraadt 371: </ul>
1.84 beck 372:
373:
1.73 deraadt 374: <p>
1.135 naddy 375: <em>Note:</em> If your server is listed on here with inaccurate or
1.104 ericj 376: unknown information, please contact
1.135 naddy 377: <a href="mailto:beck@openbsd.org"><tt>beck@openbsd.org</tt></a>
1.104 ericj 378:
1.80 beck 379: <p>
1.104 ericj 380: You may want to use
1.135 naddy 381: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute&sektion=8&format=html">traceroute(8)</a>
1.104 ericj 382: to find out which server is nearest you.
1.11 michaels 383: Problems with a server should be reported to the <b>maintainer</b> of the
384: server in question.
1.104 ericj 385:
1.155 jsyn 386: <h3><a name="CRYPTO"><font color="#0000e0">Getting crypto sources through
387: cvs(1)</font></a></h3>
1.104 ericj 388:
1.1 deraadt 389: <p>
390: <strong>IMPORTANT NOTE:</strong>
391: There are a few issues relating to cryptographic software that everyone
392: should be aware of:
393: <ul>
394: <li>The OpenBSD sources are from Canada.
1.9 deraadt 395: As
1.182 nick 396: <a href="http://www.efc.ca/pages/doc/crypto-export.html">
1.9 deraadt 397: researched by a Canadian individual</a>
398: and as
1.135 naddy 399: <a href="http://axion.physics.ubc.ca/ECL.html">
1.9 deraadt 400: described in the Export Control list of Canada</a>
1.156 ian 401: it is legal to export crypto software from Canada to the world.
1.1 deraadt 402: <p>
403: <li>However, if you are outside the USA or Canada, you should not
404: fetch the cryptographic sections of the OpenBSD sources from an
405: anoncvs server located in the USA. The files in question are...
406: <ul>
407: <li>src/kerberosIV/*
1.167 miod 408: <li>src/kerberosV/*
1.57 art 409: <li>src/lib/libdes/*
1.1 deraadt 410: <li>src/lib/libc/crypt/crypt.c
411: <li>src/lib/libc/crypt/morecrypt.c
1.167 miod 412: <li>src/sys/crypto
1.36 deraadt 413: <li>src/sys/netinet
1.67 art 414: <li>src/usr.sbin/afs/src/rxkad/*
1.167 miod 415: <li>XF4/xc-mit/lib/Xdmcp/Wraphelp.c
416: <li>XF4/xc-old/lib/Xdmcp/Wraphelp.c
417: <li>XF4/xc/lib/Xdmcp/Wraphelp.c
1.1 deraadt 418: </ul>
419: Because of the USA ITAR munitions list,
420: crypto software may only be exported to Canada from the USA.
421: </ul>
422:
1.155 jsyn 423: <h3><a name="EXAMPLE"><font color="#0000e0">Example usages for cvs(1)</font>
424: </a></h3>
1.104 ericj 425:
1.198 david 426: <p>
1.168 pvalchev 427: NOTICE: If you want to update a branch (such as a patch branch)
1.169 miod 428: to <i>current</i>, you would add the <code>-A</code>
1.163 chris 429: flag to cvs, but this flag is of little use otherwise. Some older
430: versions of the OpenBSD documentation recommended use of this flag
431: in many examples. We no longer recommend this flag unless absolutely necessary.
432:
1.1 deraadt 433: <p>
1.135 naddy 434: A sample use of an anoncvs server would be:
435: <pre>
1.104 ericj 436: % <strong>setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs</strong>
437: % <strong>cd /tmp</strong>
438: % <strong>cvs get src/sys/arch/sparc</strong>
1.12 grr 439: [copies the files from the repository to your machine]
1.104 ericj 440: % <strong>cvs log src/sys/arch/sparc/sparc/locore.s</strong>
1.135 naddy 441: [shows the commit log for the chosen file]
1.104 ericj 442: % <strong>cvs diff -bc -r1.1 -r1.5 src/sys/arch/sparc/sparc/locore.s</strong>
1.12 grr 443: [shows the changes between revisions 1.1 and rev 1.5]
1.135 naddy 444: </pre>
1.1 deraadt 445:
446: <p>
1.155 jsyn 447: <a name="pserver">In order to use a cvs ``pserver'' (a direct TCP connection
448: instead of using ssh or rsh) you must login once:</a>
1.104 ericj 449:
1.135 naddy 450: <pre>
1.104 ericj 451: % <strong>setenv CVSROOT :pserver:anoncvs@anoncvs.ca.openbsd.org:/cvs</strong>
452: % <strong>cvs login</strong>
1.59 beck 453: (Logging in to anoncvs@anoncvs1.ca.openbsd.org)
1.104 ericj 454: CVS password: <strong>anoncvs</strong>
1.135 naddy 455: [This writes a line to ~/.cvspass (filename over-ridden by CVS_PASSFILE).]
1.18 todd 456: [An example line from my ~/.cvspass after typing 'blah' for the above ]
457: [password is: ]
458: [:pserver:anoncvs@anoncvs5.usa.openbsd.org:/cvs Au'yc ]
1.135 naddy 459: [After logging in ONCE every other use of the above CVSROOT will work. ]
1.104 ericj 460: % <strong>cvs get ksrc-i386 ksrc-common</strong>
1.135 naddy 461: [Allows you to retrieve ONLY that necessary to rebuild an i386 kernel. ]
462: </pre>
1.18 todd 463:
464: <p>
1.39 todd 465: Here is how someone using anoncvs regularly would update his
1.1 deraadt 466: source tree:
1.60 millert 467: <ul><li>First, start out by `get'-ing an initial tree:
1.27 todd 468:
1.109 jason 469: <p> (If you are following <i>current</i>):
1.135 naddy 470: <pre>
471: # <strong>setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs</strong>
472: # <strong>cd /usr</strong>
1.163 chris 473: # <strong>cvs -q get -P src</strong>
1.135 naddy 474: </pre>
1.109 jason 475:
1.223 jsg 476: <p> (If you are following the patch branch for 3.6):
1.135 naddy 477: <pre>
478: # <strong>setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs</strong>
479: # <strong>cd /usr</strong>
1.223 jsg 480: # <strong>cvs -q get -rOPENBSD_3_6 -P src</strong>
1.135 naddy 481: </pre>
1.37 todd 482:
1.27 todd 483: <li> Anytime afterwards, to `update' this tree:
1.109 jason 484: <p> (If you are following <i>current</i>):
1.135 naddy 485: <pre>
486: # <strong>cd /usr/src</strong>
1.163 chris 487: # <strong>cvs -q up -Pd</strong>
1.135 naddy 488: </pre>
1.27 todd 489:
1.223 jsg 490: <p> (If you are following the patch branch for 3.6):
1.135 naddy 491: <pre>
492: # <strong>cd /usr/src</strong>
1.223 jsg 493: # <strong>cvs -q up -rOPENBSD_3_6 -Pd</strong>
1.135 naddy 494: </pre>
1.109 jason 495:
1.154 jsyn 496: Every time you ran this it would synchronize your /usr/src tree. It would
1.1 deraadt 497: not destroy any of your local changes, rather it would attempt to merge
1.226 nick 498: changes in.
1.72 millert 499:
500: <p>
1.163 chris 501: <li> NOTE:
502: If you are updating a source tree that you initially fetched
1.72 millert 503: from a different server, or from a CD, you <strong>must</strong>
1.163 chris 504: add the <em>-d $CVSROOT</em> options to cvs.
1.135 naddy 505: <pre>
506: # <strong>cd /usr/src</strong>
507: # <strong>cvs -d $CVSROOT -q up -Pd</strong>
508: </pre>
1.27 todd 509: </ul>
510:
1.37 todd 511: <p>
1.135 naddy 512: To <a name="ports">use</a> <a href="ports.html">ports</a>, it is similar to src:
1.37 todd 513: <ul><li>
1.157 heko 514: <p> (If you are following <i>current</i>):
1.37 todd 515: <pre>
1.135 naddy 516: # <strong>setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs</strong>
517: # <strong>cd /usr</strong>
1.163 chris 518: # <strong>cvs -q get -P ports</strong>
1.38 deraadt 519: </pre>
1.223 jsg 520: <p> (If you are following the patch branch for 3.6):
1.157 heko 521: <pre>
522: # <strong>setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs</strong>
523: # <strong>cd /usr</strong>
1.223 jsg 524: # <strong>cvs -q get -rOPENBSD_3_6 -P ports</strong>
1.157 heko 525: </pre>
1.37 todd 526: <li> Anytime afterwards, to `update' this tree:
1.157 heko 527: <p> (If you are following <i>current</i>):
1.37 todd 528: <pre>
1.218 nick 529: # <strong>cd /usr/ports</strong>
530: # <strong>cvs -q up -Pd</strong>
1.157 heko 531: </pre>
1.223 jsg 532: <p> (If you are following the patch branch for 3.6):
1.157 heko 533: <pre>
1.218 nick 534: # <strong>cd /usr/ports</strong>
1.223 jsg 535: # <strong>cvs -q up -rOPENBSD_3_6 -Pd</strong>
1.157 heko 536: </pre>
1.127 jufi 537: </ul>
1.37 todd 538:
1.104 ericj 539: In the above example, <i>-q</i> is optional, only intended to minimize
1.27 todd 540: cvs's output. For those who like to see screenfulls of output, it
541: can be omitted.
1.1 deraadt 542:
543: <p>
1.104 ericj 544: or to make a diff of a locally patched module (here <i>cd.c</i>) to include with
1.12 grr 545: a bug report:
1.135 naddy 546: <pre>
547: # <strong>cd /usr</strong>
548: # <strong>cvs diff -u src/sys/scsi/cd.c > /tmp/patch</strong>
549: </pre>
1.12 grr 550:
551: <p>
1.155 jsyn 552: The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1&format=html">
553: cvs(1) man page</a>
1.104 ericj 554: (included with the CVS sources) has much more
1.1 deraadt 555: information about how CVS can be used.
556:
1.105 ericj 557: <p>
1.12 grr 558: <strong>Warning:</strong>
559: When using cvs you should take care that your current directory is either
1.109 jason 560: the root of the tree you are referencing or in a separate place such as /tmp.
1.12 grr 561: Some commands such as "get" can create an arbitrary sub-tree in the current
562: directory, and a subsequent update will recursively flesh out this sub-tree.
563:
564: <p>
1.1 deraadt 565: The anoncvs service gives fledgling developers a chance to learn CVS
566: operation and get thoroughly involved in the development process
567: before getting "commit" access -- as a result of showing useful
568: skills and high quality results they will naturally later be given
569: developer access. As well, people providing patches can create
570: their "diff"s relative to the CVS tree, which will ease integration.
571:
1.104 ericj 572:
1.135 naddy 573: <h3><a name="WHICH"><font color="#0000e0">Use rsh(1) or ssh(1)?</font></a></h3>
1.104 ericj 574:
1.226 nick 575: CVS supports three access methods between the CVS server and the CVS
576: client:
577:
578: <ul>
579: <li><b>ssh:</b> Secure Shell can be used to access the anonymous CVS servers.
580: This is the <i>recommended</i> way of doing so, as it is encrypted.
581:
582: <li><b>rsh:</b> Remote Shell can be used on some of the servers for users
583: who don't have access to <a href="http://www.openssh.com/">ssh</a>.
584:
585: <li><b>pserver:</b> pserver is primarily useful for users who are behind
586: firewalls that block the other two connections.
587: </ul>
588:
589: <p>
590: <b>NOTE:</b> For users wishing to use rsh, you must first set the
591: <tt>CVS_RSH</tt> environment variable to point to the rsh(1) program:
592:
593: <ul>
594: <li>For Korn/Bourne shells:
595: <pre>
596: $ <b>export CVS_RSH=/usr/bin/rsh</b>
597: </pre>
598: <li>For csh/tcsh:
599: <pre>
600: % <b>setenv CVS_RSH /usr/bin/rsh</b>
601: </pre>
602: </ul>
603:
1.1 deraadt 604: <p>
1.226 nick 605: By default, OpenBSD's CVS client uses ssh ("secure shell":
1.159 jcs 606: <a href="http://www.openssh.com/">OpenSSH</a>) to talk to the CVS server.
607:
608: <p>
609: Many of the CVS sites no longer support rsh for security reasons. Local
610: problems like firewalls or imperfect protocol emulators such as slirp may
611: also hinder rsh usage. However, if rsh is desired, one must set the
612: <var>CVS_RSH</var> environment variable to point to rsh
613: (typically <strong>/usr/bin/rsh</strong>).
614:
615: <p>
616: If local policy prevents outgoing connections to ssh's default port of 22,
617: port 2022 may be used in its place. Note, however, that not all anoncvs
618: servers accept ssh connections on this port. Furthermore, most anoncvs servers
619: no longer accept the <strong>none</strong> cipher, as it is disabled in
1.169 miod 620: recent versions of ssh for security reasons. Also, do not be tempted
1.159 jcs 621: to turn on compression: CVS already compresses.
622:
623: <p>
624: One could specify something like the following in the
625: <strong>$HOME/.ssh/config</strong> configuration file to avoid the pitfalls
626: and restrictions mentioned above:
1.1 deraadt 627: <pre>
1.59 beck 628: Host anoncvs.ca.openbsd.org
1.159 jcs 629: Compression no
1.1 deraadt 630: Port 2022
631: </pre>
632:
633: <p>
634: CVS is a little noisy starting up; to quiet it a bit you may want to
635: do this:
1.105 ericj 636:
1.135 naddy 637: <pre>
638: <strong>% setenv CVS_CLIENT_PORT -1</strong>
639: </pre>
1.1 deraadt 640:
641: <p>
1.155 jsyn 642: <h3><a name="SUP"><font color="#0000e0">Mirroring the CVS repository via
643: sup(1)</font></a></h3>
1.107 millert 644:
645: <p>
646: Users wishing to mirror the OpenBSD CVS tree itself may now do so
1.214 millert 647: from <em>anoncvs.usa.openbsd.org</em> or <em>anoncvs3.usa.openbsd.org</em>
1.143 millert 648: (these are different machines). Note that this is the cvs tree,
649: <b>not</b> a checked out source tree. It is only useful if you
650: want to be able to do fast cvs operations (diff, annotate, etc) or
651: if you have multiple source trees and you only want to transfer new
652: data once (you can then checkout a tree from your local cvs mirror).
1.107 millert 653: <p>
654: A sample supfile would be:
655: <pre>
656: cvs host=anoncvs.usa.openbsd.org hostbase=/ base=/home delete
657: </pre>
658: <p>
659: which would mirror the cvs tree into /home/cvs with the sup data
1.133 millert 660: files ending up in /home/sup. The full OpenBSD cvs tree is currently
1.226 nick 661: about 2.5GB in size, and will, of course continue to grow.
1.65 matthieu 662:
1.155 jsyn 663: <h3><a name="MIRROR"><font color="#0000e0">Setting up an anoncvs mirror
664: </font></a></h3>
1.105 ericj 665:
1.107 millert 666: <p>
1.200 nick 667: If you wish to setup a new anoncvs mirror site and make it available to
668: the general public, please contact the anoncvs
1.135 naddy 669: <a href="mailto:sup@openbsd.org">maintainer</a>.
1.197 brad 670: Anoncvs mirrors require about 2.2GB of disk, and use up to 32MB of swap
1.1 deraadt 671: per anoncvs user (assuming the user does a large operation; while smaller
672: operations use fewer resources, anoncvs still makes much more of an
673: impact than ftp or sup). Such anoncvs machines should have excellent
674: network connectivity for the area they are expected to serve. A
1.135 naddy 675: <a href="anoncvs.shar">document</a>
1.1 deraadt 676: which describes the setup of anoncvs servers is available.
677:
1.135 naddy 678: <h3><font color="#0000e0">Final notes</font></h3>
1.60 millert 679: After upgrading your source tree, you should read the comments
1.198 david 680: at the top of <kbd>/usr/src/Makefile</kbd> before attempting
1.60 millert 681: a build. Also, you should build a new kernel <strong>before</strong>
1.198 david 682: doing a <kbd>make build</kbd> if possible. In some cases it may be
683: necessary to rebuild and install the <kbd>config</kbd> utility before
684: you can build the kernel. If <kbd>config GENERIC</kbd> fails this
1.60 millert 685: is probably the case.
686: <p>
687: It is important to note that upgrading from a release to the current tree
688: by rebuilding the sources can be rather difficult due to dependencies
689: that are often not obvious. Therefore, it is suggested that you first
1.154 jsyn 690: install the latest snapshot before attempting a tree build from source.
1.1 deraadt 691:
692: <hr>
1.155 jsyn 693: <a href="index.html"><img height="24" width="24" src="back.gif" border="0"
694: alt="OpenBSD"></a>
1.135 naddy 695: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
1.227 ! nick 696: <br><small>$OpenBSD: anoncvs.html,v 1.226 2004/12/03 03:24:17 nick Exp $
1.155 jsyn 697: </small>
1.1 deraadt 698:
699: </body>
700: </html>