Annotation of www/anoncvs.html, Revision 1.228
1.180 jufi 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 deraadt 2: <html>
3: <head>
1.93 deraadt 4: <title>OpenBSD AnonCVS</title>
1.135 naddy 5: <link rev="made" href="mailto:www@openbsd.org">
1.93 deraadt 6: <meta name="resource-type" content="document">
1.180 jufi 7: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
1.93 deraadt 8: <meta name="description" content="How to get OpenBSD updates via Internet using Anonymous CVS">
9: <meta name="keywords" content="openbsd,anoncvs,updates">
10: <meta name="distribution" content="global">
1.200 nick 11: <meta name="copyright" content="This document copyright 1996-2004 by OpenBSD.">
1.1 deraadt 12: </head>
13:
1.226 nick 14: <body bgcolor="#ffffff" text="#000000">
1.1 deraadt 15:
1.171 jsyn 16: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.93 deraadt 17: <p>
1.135 naddy 18: <h2><font color="#e00000">Anonymous CVS</font></h2>
1.14 downsj 19:
1.135 naddy 20: <hr>
21:
22: <h3>Table Of Contents</h3>
23:
24: <ul>
1.100 ericj 25: <li><a href="#anoncvs">What is Anonymous CVS?</a>
26: <li><a href="#CVS">What is CVS?</a>
1.135 naddy 27: <li><a href="#starting">Getting Started Using Anonymous CVS</a>
28: <li><a href="#using">Using CVS to Get and Update your Source Tree</a>
29: <li><a href="#CVSROOT">Available Anonymous CVS Servers</a>
30: <li><a href="#CRYPTO">Getting crypto sources through cvs(1)</a>
31: <li><a href="#EXAMPLE">Example usages for cvs(1)</a>
1.104 ericj 32: <li><a href="#WHICH">Use rsh(1) or ssh(1)?</a>
1.135 naddy 33: <li><a href="#SUP">Mirroring the CVS repository via sup(1)</a>
34: <li><a href="#MIRROR">Setting up an anoncvs mirror</a>
1.100 ericj 35: </ul>
1.135 naddy 36:
1.100 ericj 37: <hr>
38:
1.135 naddy 39: <h3><a name="anoncvs"><font color="#0000e0">What is Anonymous CVS?</font></a></h3>
1.99 ericj 40:
1.15 grr 41: <p>
42: Anonymous CVS is a method of keeping your local copy of the OpenBSD source
43: tree up to date with respect to changes made to current OpenBSD sources.
1.109 jason 44: In addition to following the bleeding edge of development, it is
45: also possible to track the patches for errata of a release.
1.99 ericj 46:
1.14 downsj 47: <p>
1.15 grr 48: The major advantage of Anonymous CVS over other source code update
49: techniques is that it works directly against a central source code
50: repository or mirror. This means that you have the full set of CVS
51: commands available to control merging and updating your changes with
1.154 jsyn 52: other source changes and for performing diffs, change histories
1.15 grr 53: and other queries against the central repository.
1.99 ericj 54:
1.36 deraadt 55: <p>
1.135 naddy 56: The OpenBSD Project currently has five main source repositories:
1.99 ericj 57:
58: <ul>
1.226 nick 59: <li><b>src</b> - Houses all source code for the OpenBSD Operating System.
60: <li><b>ports</b> - Houses the <a href="./ports.html">OpenBSD Ports</a>.
61: <li><b>www</b> - Houses all OpenBSD web pages. (Including this one).
1.135 naddy 62: <li><b>X11</b> - Houses OpenBSD's adaptation of the
1.226 nick 63: <a href="http://www.XFree86.org/">XFree86-3</a> software project.
64: This is here just for historical purposes, most users will have no
65: reason to use this tree, it is no longer being used.
66: <li><b>XF4</b> - Houses OpenBSD's active X source tree.
1.99 ericj 67: </ul>
68:
1.100 ericj 69: <p>
70: To summarize, the real strength of using Anonymous CVS is that it is
71: a "tolerant" source code control system - it <strong>respects</strong>
72: changes that you have made to your local sources and makes <strong>
73: "best efforts"</strong> to update your entire source tree, rather than
74: leaving you a list of arcane problems that have to be resolved before
75: continuing.
76:
1.135 naddy 77: <h3><a name="CVS"><font color="#0000e0">What is CVS?</font></a></h3>
1.99 ericj 78:
1.36 deraadt 79: <p>
1.226 nick 80: <a href="http://www.cvshome.org/">CVS</a> is the source code control
81: system used to <a href="why-cvs.html">manage the OpenBSD source
82: tree.</a>
1.16 deraadt 83: It implements a central repository for all officially released source code
1.15 grr 84: and changes, while permitting developers to maintain local copies of the
1.226 nick 85: source code with their working changes.
86:
87: There are two levels of source tree access:
88: <ul>
89: <li><b>Read-write access for developers:</b>
90: Developers who need to commit changes to the source tree must have an
91: account on the OpenBSD machines.
92: Getting this access will be a natural result of working on the sources
93: with other OpenBSD developers.
94: If someone does some good work and shows they can work with the team,
95: they will get an account.
96:
97: <li><b>Read-only access for everyone:</b>
98: Anyone can access the read-only CVS repositories.
99: These copies of the read-write CVS repository are mirrored often.
100: </ul>
1.99 ericj 101:
1.15 grr 102: <p>
1.22 niklas 103: The major strength of CVS is that it has the ability to perform intelligent
1.15 grr 104: merges of changes to the central repository with changes that you make to
105: your local copy. This means that if you make a change to a module and
106: perform an update, your changes are not "blown away", rather CVS makes
107: best efforts to merge the changes made to the central sources with changes
108: you've made to your local copy.
1.99 ericj 109:
1.15 grr 110: <p>
111: In the event that the changes can't be completely merged, CVS provides a
1.226 nick 112: "soft fallback", providing you with annotated changes to your
1.39 todd 113: local copy, preserving an unmodified copy of your version and continuing
1.15 grr 114: to update any other source modules you requested.
1.99 ericj 115:
1.155 jsyn 116: <h3><a name="starting"><font color="#0000e0">Getting Started Using Anonymous
117: CVS</font></a></h3>
1.100 ericj 118:
1.224 nick 119: While you can download the entire source tree from an AnonCVS server,
120: you can often save a lot of time and bandwidth by "preloading" your
121: source tree with the source files from either the OpenBSD CD or from an
122: FTP server.
123: This is particularly true if you are running
124: <a href="stable.html"><i>-stable</i></a>, as relatively few files change
125: between the <i>-release</i> and <i>-stable</i>.
1.100 ericj 126:
1.22 niklas 127: <p>
1.224 nick 128: To extract the source tree from the CD to <i>/usr/src</i> (assuming the CD is
1.155 jsyn 129: mounted on /mnt):
1.22 niklas 130: <pre>
1.224 nick 131: # <b>cd /usr/src; tar xzf /mnt/src.tar.gz</b>
1.227 nick 132: # <b>cd /usr; tar xzf /mnt/XF4.tar.gz</b>
1.226 nick 133: # <b>tar xzf /mnt/ports.tar.gz</b>
1.22 niklas 134: </pre>
1.224 nick 135:
136: The source files for download from the FTP servers are separated into two
137: files to minimize the time required to download for those wishing to work
138: with only one part of the tree. The two files are <tt>sys.tar.gz</tt>,
139: which contains the files used to create the kernel, and <tt>src.tar.gz</tt>
1.225 nick 140: which contains all the other "userland" utilities.
1.224 nick 141: In general, however, you will usually want both of them installed.
142: Assuming the downloaded files, <tt>src.tar.gz</tt> and
143: <tt>sys.tar.gz</tt> are in <tt>/usr</tt>:
144:
1.22 niklas 145: <pre>
1.224 nick 146: # <b>cd /usr/src</b>
147: # <b>tar xzf ../sys.tar.gz</b>
1.225 nick 148: # <b>tar xzf ../src.tar.gz</b>
1.226 nick 149: # <b>cd /usr</b>
150: # <b>tar xzf XF4.tar.gz</b>
151: # <b>tar xzf ports.tar.gz</b>
1.22 niklas 152: </pre>
1.100 ericj 153:
154: <p>
1.226 nick 155: Not all people will wish to unpack all the file sets, but as the system
156: must be kept in sync, you will generally need to set up all trees.
157:
158: <p>
1.224 nick 159: You can also just use cvs(1) to "<b>checkout</b>" the source repository
160: for you. This is discussed in the <a href="#using">next section</a>.
1.100 ericj 161:
162: <p>
1.226 nick 163: After this, <tt>/usr/src</tt> will be a nice checkout area where all
1.155 jsyn 164: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1&format=html">
1.224 nick 165: cvs(1)</a> commands will work properly.
1.100 ericj 166:
1.155 jsyn 167: <h3><a name="using"><font color="#0000e0">Using CVS to get and update your
168: source tree</font></a></h3>
1.100 ericj 169:
170: <p>
1.226 nick 171: CVS was designed to be a simple way to retrieve and update your sources.
172: You must first decide whether you want to track <i>-current</i> or a
173: <a href="stable.html">patch branch</a>.
1.112 kjell 174: The current tree has all of the up to the minute changes,
1.109 jason 175: whereas a patch branch contains a formal release plus the patches
1.226 nick 176: from the <a href="errata.html">errata</a> and lesser issues already applied.
177: For more information on these "flavors" of OpenBSD, see
178: <a href="faq/faq5.html#Flavors">here</a>.
1.109 jason 179:
1.169 miod 180: <p>Once you have decided which tree to follow, you must choose which Anonymous
1.109 jason 181: CVS server you are going to use. A list of these servers is
1.226 nick 182: <a href="#CVSROOT">below</a>.
1.100 ericj 183:
184: <p>
1.155 jsyn 185: Once you have chosen which <a href="#CVSROOT">Anonymous CVS Server</a> you will
1.226 nick 186: use, you can start using cvs. For those of you
1.155 jsyn 187: who have CDs you can start with the CVS checkout that is on the CD by using
188: the method <a href="#starting">above</a> to get the sources onto your system.
189: If you don't have a CD handy, use the method below to checkout the sources.
190: This method puts the OpenBSD source tree into <i>/usr/src</i>.
1.100 ericj 191:
1.135 naddy 192: <pre>
193: # <b>cd /usr; cvs checkout -P src</b>
194: </pre>
1.99 ericj 195:
1.1 deraadt 196: <p>
1.109 jason 197: The above will checkout the <i>current</i> source tree. Many of you will
1.169 miod 198: only want the patch branch sources. To checkout a patch branch, you must
1.109 jason 199: specify a tag along with your command. Example:
1.1 deraadt 200:
1.135 naddy 201: <pre>
1.223 jsg 202: # <b>cd /usr; cvs checkout -P -rOPENBSD_3_6 src</b>
1.135 naddy 203: </pre>
1.1 deraadt 204: <p>
1.223 jsg 205: Or OPENBSD_3_5 for 3.5, etc.
1.100 ericj 206:
1.223 jsg 207: <p> The OPENBSD_3_6 tag contains the release sources and
1.109 jason 208: errata already applied.
1.100 ericj 209:
1.155 jsyn 210: <h3><a name="CVSROOT"><font color="#0000e0">Available Anonymous CVS Servers
211: </font></a></h3>
1.1 deraadt 212:
213: <p>
1.159 jcs 214: <em>Please see the note about <a href="#WHICH">ssh vs. rsh</a> below!</em>
1.12 grr 215: <p>
1.1 deraadt 216: <ul>
1.196 nick 217: <li><strong>CVSROOT=anoncvs@anoncvs1.usa.openbsd.org:/cvs</strong><br>
1.209 david 218: Host also known as <strong>anoncvs@anoncvs.usa.openbsd.org</strong>,
219: <strong>anoncvs@anoncvs4.usa.openbsd.org</strong>.<br>
1.210 naddy 220: Located in Redwood City, California, western USA.<br>
221: Maintained by <a href="mailto:millert@openbsd.org">Todd Miller</a>.<br>
222: Protocols: rsh, ssh, ssh port 2022, pserver.<br>
223: Updated every 2 hours.<br>
1.214 millert 224: SSH fingerprints:<br>
225: (RSA1) 1024 64:de:26:16:c2:ff:1b:c7:24:ed:a4:4a:d7:2f:69:3e<br>
226: (RSA) 1024 49:67:9a:46:62:8a:3f:4e:b3:63:ca:d6:41:29:2a:2f<br>
227: (DSA) 1024 a7:75:49:77:f3:47:d1:3c:5e:65:84:84:3b:03:f1:33<br>
1.196 nick 228: <p>
1.209 david 229: <li><strong>CVSROOT=anoncvs@anoncvs2.usa.openbsd.org:/cvs</strong><br>
230: Host also known as <strong>repository.citi.umich.edu</strong>.<br>
1.210 naddy 231: Located at the University of Michigan, central USA.<br>
232: Maintained by <a href="mailto:rees@umich.edu">Jim Rees</a>.<br>
233: Protocols: ssh, ssh port 2022.<br>
234: Updated every 12 hours.<br>
1.209 david 235: <p>
236: <li><strong>CVSROOT=anoncvs@anoncvs3.usa.openbsd.org:/cvs</strong><br>
1.222 millert 237: Located at the National Center for Atmospheric Research, Boulder, western USA.<br>
1.210 naddy 238: Maintained by <a href="mailto:millert@openbsd.org">Todd Miller</a>.<br>
239: Protocols: rsh, ssh, ssh port 2022, pserver.<br>
240: Updated every 2 hours.<br>
1.214 millert 241: SSH fingerprints:<br>
1.222 millert 242: (RSA1) 1024 34:95:19:c2:b3:e7:61:7b:39:e8:ab:86:37:cd:c4:49<br>
243: (RSA) 1024 42:56:39:98:65:05:e7:2a:98:2b:ee:cc:e5:a3:53:ed<br>
244: (DSA) 1024 e3:e7:83:ef:f6:78:dc:d3:ca:a5:cf:64:c6:b7:4f:43<br>
1.1 deraadt 245: <p>
1.24 deraadt 246: <li><strong>CVSROOT=anoncvs@anoncvs1.ca.openbsd.org:/cvs</strong><br>
1.40 beck 247: Host also known as <strong>anoncvs.ca.openbsd.org</strong>,
1.74 beck 248: <strong>openbsd.sunsite.ualberta.ca</strong><br>
1.210 naddy 249: Located in Edmonton, Alberta, Canada.<br>
250: Maintained by <a href="mailto:beck@ualberta.ca">Bob Beck</a>.<br>
251: Protocols: ssh, rsh, ssh port 2022, pserver<br>
252: Updated every 2 hours.<br>
1.24 deraadt 253: <p>
1.1 deraadt 254: <li><strong>CVSROOT=anoncvs@anoncvs.no.openbsd.org:/cvs</strong><br>
1.64 deraadt 255: Host also known as <strong>cvs.inet.no</strong>.<br>
1.210 naddy 256: Located in Norway.<br>
257: Maintained by <a href="mailto:cvsadmin@inet.no">Michael Shuldman</a>.<br>
258: Protocols: rsh, ssh, ssh port 2022.<br>
259: Updated every 4 hours.<br>
1.1 deraadt 260: <p>
1.208 millert 261: <li><strong>CVSROOT=anoncvs@anoncvs.at.openbsd.org:/cvs</strong><br>
262: Host also known as <strong>togetic.kd85.com</strong>.<br>
1.210 naddy 263: Located in Austria.<br>
264: Maintained by <a href="mailto:wim@kd85.com">Wim Vandeputte</a>.<br>
265: Protocols: ssh, ssh port 2022.<br>
266: Updated every 3 hours.<br>
1.69 deraadt 267: <p>
1.142 naddy 268: <li><strong>CVSROOT=anoncvs@anoncvs.nl.openbsd.org:/cvs</strong><br>
269: Host also known as <strong>anoncvs.calyx.nl</strong>.<br>
1.210 naddy 270: Located in Amsterdam, The Netherlands.<br>
271: Maintained by <a href="mailto:nick@calyx.net">Nick Merrill</a> and
1.142 naddy 272: <a href="mailto:alex@calyx.nl">Alexander Grendel</a>.<br>
1.210 naddy 273: Protocols: ssh.<br>
274: Updated every 3 hours.<br>
1.118 beck 275: <p>
1.69 deraadt 276: <li><strong>CVSROOT=anoncvs@anoncvs.jp.openbsd.org:/cvs</strong><br>
277: Host also known as <strong>kankoromochi.econ.nagasaki-u.ac.jp</strong>.<br>
1.210 naddy 278: Located at Nagasaki Univ. Faculty of Economics, Japan.<br>
279: Maintained by <a href="mailto:sigh@net.nagasaki-u.ac.jp">SUZUKI Hitoshi</a>.<br>
280: Protocols: ssh, pserver.<br>
281: Updated every 3 hours.<br>
1.121 deraadt 282: <p>
1.161 naddy 283: <li><strong>CVSROOT=anoncvs@anoncvs.de.openbsd.org:/cvs</strong><br>
284: Host also known as <strong>grappa.unix-ag.uni-kl.de</strong>.<br>
1.210 naddy 285: Located at the University of Kaiserslautern, Germany.<br>
286: Maintained by <a href="mailto:naddy@openbsd.org">Christian Weisgerber</a>.<br>
287: Protocols: ssh, ssh port 2022, pserver<br>
288: Updated every 6 hours.<br>
1.211 naddy 289: SSH fingerprints:<br>
290: (RSA) 1024 cf:a9:ee:a4:60:5d:66:00:50:5b:fd:d3:72:04:14:a3<br>
291: (DSA) 1024 78:d4:19:da:df:6f:c0:14:7f:4a:55:2a:e9:82:5f:e4<br>
1.220 nick 292: <!-- <p>
1.128 beck 293: <li><strong>CVSROOT=anoncvs@anoncvs.pl.openbsd.org:/cvs</strong><br>
294: Host also known as <strong>anoncvs1.pl.openbsd.org</strong>,
1.210 naddy 295: <strong>incredible.bmtmc.gda.pl</strong>.<br>
296: Located at BMT Maritime Consultants, Gdansk, Poland.<br>
297: Maintained by <a href="mailto:detergent@incredible.bmtmc.gda.pl">
1.198 david 298: Adam Naguszewski</a>.<br>
1.210 naddy 299: Protocols: ssh, pserver<br>
1.220 nick 300: Updated every 3 hours.<br> -->
1.122 beck 301: <p>
1.123 beck 302: <li><strong>CVSROOT=anoncvs@rt.fm:/cvs</strong><br>
1.210 naddy 303: Located in Lake in the Hills, Illinois, USA.<br>
304: Maintained by <a href="mailto:jcs@rt.fm">
1.198 david 305: Joshua Stein</a>.<br>
1.210 naddy 306: Protocols: ssh<br>
307: Updated every 3 hours.<br>
1.215 david 308: SSH fingerprints:<br>
1.212 jcs 309: (RSA) 1024 54:74:ca:17:d0:07:c3:53:b7:7e:1d:9b:10:bf:04:37<br>
310: (DSA) 1024 46:78:40:52:7a:18:f9:0e:68:61:b0:27:29:f9:d9:c4<br>
1.123 beck 311: <p>
1.149 miod 312: <li><strong>CVSROOT=anoncvs@cvs.openbsd.cz:/cvs</strong><br>
1.210 naddy 313: Located in Prague, Czech Republic.<br>
314: Maintained by <a href="mailto:vlada@openbsd.cz">Vladimir Kotal</a>.<br>
315: Protocols: ssh, pserver.<br>
316: Updated every 4 hours.<br>
1.220 nick 317: <!-- <p>
1.153 mickey 318: <li><strong>CVSROOT=anoncvs@anoncvs.openbsd.org.ua:/cvs</strong><br>
1.210 naddy 319: Located in Kiev, Ukraine.<br>
320: Maintained by <a href="mailto:hunter@dg.net.ua">Sergey Smitienko</a>.<br>
321: Protocols: ssh<br>
1.220 nick 322: Updated every 6 hours.<br> -->
323: <!-- <p>
1.165 miod 324: <li><strong>CVSROOT=openbsd@openbsd.bug.it:/cvs</strong><br>
1.210 naddy 325: Located in Modena, Italy.<br>
326: Maintained by <a href="mailto:jwk@bug.it">Giacomo Cariello</a>.<br>
327: Protocols: ssh, password "openbsd"<br>
1.220 nick 328: Updated every 6 hours.<br> -->
1.176 miod 329: <p>
330: <li><strong>CVSROOT=anoncvs@anoncvs.openbsd.lt:/cvs</strong><br>
1.217 naddy 331: Located at TVK, Cable TV and Internet Services, Lithuania.<br>
332: Maintained by <a href="mailto:helpas@ebox.lt">Donatas Budvytis</a>.<br>
333: Protocols: ssh<br>
334: Updated every 3 hours from cvsup.no.openbsd.org.<br>
1.183 jufi 335: <p>
1.199 nick 336: <li><strong>CVSROOT=anoncvs@anoncvs2.de.openbsd.org:/cvs</strong><br>
337: Host also known as <strong>openbsd.informatik.uni-erlangen.de</strong>.<br>
1.210 naddy 338: Located at the University of Erlangen-Nuremberg, Germany.<br>
1.219 naddy 339: Maintained by <a href="mailto:grunk@pestilenz.org">Alexander von Gernler</a>.<br>
1.210 naddy 340: Protocols: ssh, ssh port 2022, pserver<br>
341: Updated every 2 hours.<br>
1.211 naddy 342: SSH fingerprints:<br>
343: (RSA) 1024 fc:94:b0:c1:e5:b0:98:7c:58:43:99:76:97:ee:9f:b7<br>
344: (DSA) 1024 a9:00:3f:ba:50:81:16:d1:e9:b8:4f:3c:b2:10:e2:6c<br>
1.194 nick 345: <p>
1.185 jufi 346: <li><strong>CVSROOT=anoncvs@mirror.osn.de:/cvs</strong><br>
1.210 naddy 347: Located in Nürnberg, Germany.<br>
348: Maintained by <a href="mailto:aw@osn.de">Armin Wolfermann</a>.<br>
349: Protocols: ssh<br>
350: Updated every 4 hours.<br>
1.213 naddy 351: SSH fingerprints:<br>
352: (RSA) 1024 f2:73:d2:f6:e3:01:ef:ca:3b:e7:6c:80:b6:bd:bb:84<br>
353: (DSA) 1024 fb:33:05:62:96:20:cf:88:7e:10:cb:8d:91:72:57:32<br>
1.186 beck 354: <p>
355: <li><strong>CVSROOT=anoncvs@openbsd.chem.uw.edu.pl:/cvs</strong><br>
1.210 naddy 356: Located in Warsaw, Poland.<br>
357: Maintained by <a href="mailto:admin@chem.uw.edu.pl">Piotr Klein</a>.<br>
358: Protocols: ssh<br>
359: Updated every 3 hours.<br>
1.203 saad 360: <p>
1.202 beck 361: <li><strong>CVSROOT=anoncvs@anoncvs.student.pw.edu.pl:/cvs</strong><br>
1.210 naddy 362: Located at the Warsaw University of Technology, Poland.<br>
363: Maintained by <a href="mailto:dmarcink@elka.pw.edu.pl">Darek Marcinkeiwicz</a>.<br>
364: Protocols: ssh<br>
365: Updated every 3 hours.<br>
1.228 ! nick 366: <p>
1.221 beck 367: <li><strong>CVSROOT=anoncvs@anoncvs.se.openbsd.org:/cvs</strong><br>
368: Located at Stacken computer club, KTH, Sweden.<br>
369: Maintained by <a href="mailto:hin@openbsd.org">Hans Insulander</a>.<br>
370: Protocols: ssh<br>
371: Updated every 3 hours.<br>
1.73 deraadt 372: </ul>
1.84 beck 373:
374:
1.73 deraadt 375: <p>
1.135 naddy 376: <em>Note:</em> If your server is listed on here with inaccurate or
1.104 ericj 377: unknown information, please contact
1.135 naddy 378: <a href="mailto:beck@openbsd.org"><tt>beck@openbsd.org</tt></a>
1.104 ericj 379:
1.80 beck 380: <p>
1.104 ericj 381: You may want to use
1.135 naddy 382: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute&sektion=8&format=html">traceroute(8)</a>
1.104 ericj 383: to find out which server is nearest you.
1.11 michaels 384: Problems with a server should be reported to the <b>maintainer</b> of the
385: server in question.
1.104 ericj 386:
1.155 jsyn 387: <h3><a name="CRYPTO"><font color="#0000e0">Getting crypto sources through
388: cvs(1)</font></a></h3>
1.104 ericj 389:
1.1 deraadt 390: <p>
391: <strong>IMPORTANT NOTE:</strong>
392: There are a few issues relating to cryptographic software that everyone
393: should be aware of:
394: <ul>
395: <li>The OpenBSD sources are from Canada.
1.9 deraadt 396: As
1.182 nick 397: <a href="http://www.efc.ca/pages/doc/crypto-export.html">
1.9 deraadt 398: researched by a Canadian individual</a>
399: and as
1.135 naddy 400: <a href="http://axion.physics.ubc.ca/ECL.html">
1.9 deraadt 401: described in the Export Control list of Canada</a>
1.156 ian 402: it is legal to export crypto software from Canada to the world.
1.1 deraadt 403: <p>
404: <li>However, if you are outside the USA or Canada, you should not
405: fetch the cryptographic sections of the OpenBSD sources from an
406: anoncvs server located in the USA. The files in question are...
407: <ul>
408: <li>src/kerberosIV/*
1.167 miod 409: <li>src/kerberosV/*
1.57 art 410: <li>src/lib/libdes/*
1.1 deraadt 411: <li>src/lib/libc/crypt/crypt.c
412: <li>src/lib/libc/crypt/morecrypt.c
1.167 miod 413: <li>src/sys/crypto
1.36 deraadt 414: <li>src/sys/netinet
1.67 art 415: <li>src/usr.sbin/afs/src/rxkad/*
1.167 miod 416: <li>XF4/xc-mit/lib/Xdmcp/Wraphelp.c
417: <li>XF4/xc-old/lib/Xdmcp/Wraphelp.c
418: <li>XF4/xc/lib/Xdmcp/Wraphelp.c
1.1 deraadt 419: </ul>
420: Because of the USA ITAR munitions list,
421: crypto software may only be exported to Canada from the USA.
422: </ul>
423:
1.155 jsyn 424: <h3><a name="EXAMPLE"><font color="#0000e0">Example usages for cvs(1)</font>
425: </a></h3>
1.104 ericj 426:
1.198 david 427: <p>
1.168 pvalchev 428: NOTICE: If you want to update a branch (such as a patch branch)
1.169 miod 429: to <i>current</i>, you would add the <code>-A</code>
1.163 chris 430: flag to cvs, but this flag is of little use otherwise. Some older
431: versions of the OpenBSD documentation recommended use of this flag
432: in many examples. We no longer recommend this flag unless absolutely necessary.
433:
1.1 deraadt 434: <p>
1.135 naddy 435: A sample use of an anoncvs server would be:
436: <pre>
1.104 ericj 437: % <strong>setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs</strong>
438: % <strong>cd /tmp</strong>
439: % <strong>cvs get src/sys/arch/sparc</strong>
1.12 grr 440: [copies the files from the repository to your machine]
1.104 ericj 441: % <strong>cvs log src/sys/arch/sparc/sparc/locore.s</strong>
1.135 naddy 442: [shows the commit log for the chosen file]
1.104 ericj 443: % <strong>cvs diff -bc -r1.1 -r1.5 src/sys/arch/sparc/sparc/locore.s</strong>
1.12 grr 444: [shows the changes between revisions 1.1 and rev 1.5]
1.135 naddy 445: </pre>
1.1 deraadt 446:
447: <p>
1.155 jsyn 448: <a name="pserver">In order to use a cvs ``pserver'' (a direct TCP connection
449: instead of using ssh or rsh) you must login once:</a>
1.104 ericj 450:
1.135 naddy 451: <pre>
1.104 ericj 452: % <strong>setenv CVSROOT :pserver:anoncvs@anoncvs.ca.openbsd.org:/cvs</strong>
453: % <strong>cvs login</strong>
1.59 beck 454: (Logging in to anoncvs@anoncvs1.ca.openbsd.org)
1.104 ericj 455: CVS password: <strong>anoncvs</strong>
1.135 naddy 456: [This writes a line to ~/.cvspass (filename over-ridden by CVS_PASSFILE).]
1.18 todd 457: [An example line from my ~/.cvspass after typing 'blah' for the above ]
458: [password is: ]
459: [:pserver:anoncvs@anoncvs5.usa.openbsd.org:/cvs Au'yc ]
1.135 naddy 460: [After logging in ONCE every other use of the above CVSROOT will work. ]
1.104 ericj 461: % <strong>cvs get ksrc-i386 ksrc-common</strong>
1.135 naddy 462: [Allows you to retrieve ONLY that necessary to rebuild an i386 kernel. ]
463: </pre>
1.18 todd 464:
465: <p>
1.39 todd 466: Here is how someone using anoncvs regularly would update his
1.1 deraadt 467: source tree:
1.60 millert 468: <ul><li>First, start out by `get'-ing an initial tree:
1.27 todd 469:
1.109 jason 470: <p> (If you are following <i>current</i>):
1.135 naddy 471: <pre>
472: # <strong>setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs</strong>
473: # <strong>cd /usr</strong>
1.163 chris 474: # <strong>cvs -q get -P src</strong>
1.135 naddy 475: </pre>
1.109 jason 476:
1.223 jsg 477: <p> (If you are following the patch branch for 3.6):
1.135 naddy 478: <pre>
479: # <strong>setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs</strong>
480: # <strong>cd /usr</strong>
1.223 jsg 481: # <strong>cvs -q get -rOPENBSD_3_6 -P src</strong>
1.135 naddy 482: </pre>
1.37 todd 483:
1.27 todd 484: <li> Anytime afterwards, to `update' this tree:
1.109 jason 485: <p> (If you are following <i>current</i>):
1.135 naddy 486: <pre>
487: # <strong>cd /usr/src</strong>
1.163 chris 488: # <strong>cvs -q up -Pd</strong>
1.135 naddy 489: </pre>
1.27 todd 490:
1.223 jsg 491: <p> (If you are following the patch branch for 3.6):
1.135 naddy 492: <pre>
493: # <strong>cd /usr/src</strong>
1.223 jsg 494: # <strong>cvs -q up -rOPENBSD_3_6 -Pd</strong>
1.135 naddy 495: </pre>
1.109 jason 496:
1.154 jsyn 497: Every time you ran this it would synchronize your /usr/src tree. It would
1.1 deraadt 498: not destroy any of your local changes, rather it would attempt to merge
1.226 nick 499: changes in.
1.72 millert 500:
501: <p>
1.163 chris 502: <li> NOTE:
503: If you are updating a source tree that you initially fetched
1.72 millert 504: from a different server, or from a CD, you <strong>must</strong>
1.163 chris 505: add the <em>-d $CVSROOT</em> options to cvs.
1.135 naddy 506: <pre>
507: # <strong>cd /usr/src</strong>
508: # <strong>cvs -d $CVSROOT -q up -Pd</strong>
509: </pre>
1.27 todd 510: </ul>
511:
1.37 todd 512: <p>
1.135 naddy 513: To <a name="ports">use</a> <a href="ports.html">ports</a>, it is similar to src:
1.37 todd 514: <ul><li>
1.157 heko 515: <p> (If you are following <i>current</i>):
1.37 todd 516: <pre>
1.135 naddy 517: # <strong>setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs</strong>
518: # <strong>cd /usr</strong>
1.163 chris 519: # <strong>cvs -q get -P ports</strong>
1.38 deraadt 520: </pre>
1.223 jsg 521: <p> (If you are following the patch branch for 3.6):
1.157 heko 522: <pre>
523: # <strong>setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs</strong>
524: # <strong>cd /usr</strong>
1.223 jsg 525: # <strong>cvs -q get -rOPENBSD_3_6 -P ports</strong>
1.157 heko 526: </pre>
1.37 todd 527: <li> Anytime afterwards, to `update' this tree:
1.157 heko 528: <p> (If you are following <i>current</i>):
1.37 todd 529: <pre>
1.218 nick 530: # <strong>cd /usr/ports</strong>
531: # <strong>cvs -q up -Pd</strong>
1.157 heko 532: </pre>
1.223 jsg 533: <p> (If you are following the patch branch for 3.6):
1.157 heko 534: <pre>
1.218 nick 535: # <strong>cd /usr/ports</strong>
1.223 jsg 536: # <strong>cvs -q up -rOPENBSD_3_6 -Pd</strong>
1.157 heko 537: </pre>
1.127 jufi 538: </ul>
1.37 todd 539:
1.104 ericj 540: In the above example, <i>-q</i> is optional, only intended to minimize
1.27 todd 541: cvs's output. For those who like to see screenfulls of output, it
542: can be omitted.
1.1 deraadt 543:
544: <p>
1.104 ericj 545: or to make a diff of a locally patched module (here <i>cd.c</i>) to include with
1.12 grr 546: a bug report:
1.135 naddy 547: <pre>
548: # <strong>cd /usr</strong>
549: # <strong>cvs diff -u src/sys/scsi/cd.c > /tmp/patch</strong>
550: </pre>
1.12 grr 551:
552: <p>
1.155 jsyn 553: The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1&format=html">
554: cvs(1) man page</a>
1.104 ericj 555: (included with the CVS sources) has much more
1.1 deraadt 556: information about how CVS can be used.
557:
1.105 ericj 558: <p>
1.12 grr 559: <strong>Warning:</strong>
560: When using cvs you should take care that your current directory is either
1.109 jason 561: the root of the tree you are referencing or in a separate place such as /tmp.
1.12 grr 562: Some commands such as "get" can create an arbitrary sub-tree in the current
563: directory, and a subsequent update will recursively flesh out this sub-tree.
564:
565: <p>
1.1 deraadt 566: The anoncvs service gives fledgling developers a chance to learn CVS
567: operation and get thoroughly involved in the development process
568: before getting "commit" access -- as a result of showing useful
569: skills and high quality results they will naturally later be given
570: developer access. As well, people providing patches can create
571: their "diff"s relative to the CVS tree, which will ease integration.
572:
1.104 ericj 573:
1.135 naddy 574: <h3><a name="WHICH"><font color="#0000e0">Use rsh(1) or ssh(1)?</font></a></h3>
1.104 ericj 575:
1.226 nick 576: CVS supports three access methods between the CVS server and the CVS
577: client:
578:
579: <ul>
580: <li><b>ssh:</b> Secure Shell can be used to access the anonymous CVS servers.
581: This is the <i>recommended</i> way of doing so, as it is encrypted.
582:
583: <li><b>rsh:</b> Remote Shell can be used on some of the servers for users
584: who don't have access to <a href="http://www.openssh.com/">ssh</a>.
585:
586: <li><b>pserver:</b> pserver is primarily useful for users who are behind
587: firewalls that block the other two connections.
588: </ul>
589:
590: <p>
591: <b>NOTE:</b> For users wishing to use rsh, you must first set the
592: <tt>CVS_RSH</tt> environment variable to point to the rsh(1) program:
593:
594: <ul>
595: <li>For Korn/Bourne shells:
596: <pre>
597: $ <b>export CVS_RSH=/usr/bin/rsh</b>
598: </pre>
599: <li>For csh/tcsh:
600: <pre>
601: % <b>setenv CVS_RSH /usr/bin/rsh</b>
602: </pre>
603: </ul>
604:
1.1 deraadt 605: <p>
1.226 nick 606: By default, OpenBSD's CVS client uses ssh ("secure shell":
1.159 jcs 607: <a href="http://www.openssh.com/">OpenSSH</a>) to talk to the CVS server.
608:
609: <p>
610: Many of the CVS sites no longer support rsh for security reasons. Local
611: problems like firewalls or imperfect protocol emulators such as slirp may
612: also hinder rsh usage. However, if rsh is desired, one must set the
613: <var>CVS_RSH</var> environment variable to point to rsh
614: (typically <strong>/usr/bin/rsh</strong>).
615:
616: <p>
617: If local policy prevents outgoing connections to ssh's default port of 22,
618: port 2022 may be used in its place. Note, however, that not all anoncvs
619: servers accept ssh connections on this port. Furthermore, most anoncvs servers
620: no longer accept the <strong>none</strong> cipher, as it is disabled in
1.169 miod 621: recent versions of ssh for security reasons. Also, do not be tempted
1.159 jcs 622: to turn on compression: CVS already compresses.
623:
624: <p>
625: One could specify something like the following in the
626: <strong>$HOME/.ssh/config</strong> configuration file to avoid the pitfalls
627: and restrictions mentioned above:
1.1 deraadt 628: <pre>
1.59 beck 629: Host anoncvs.ca.openbsd.org
1.159 jcs 630: Compression no
1.1 deraadt 631: Port 2022
632: </pre>
633:
634: <p>
635: CVS is a little noisy starting up; to quiet it a bit you may want to
636: do this:
1.105 ericj 637:
1.135 naddy 638: <pre>
639: <strong>% setenv CVS_CLIENT_PORT -1</strong>
640: </pre>
1.1 deraadt 641:
642: <p>
1.155 jsyn 643: <h3><a name="SUP"><font color="#0000e0">Mirroring the CVS repository via
644: sup(1)</font></a></h3>
1.107 millert 645:
646: <p>
647: Users wishing to mirror the OpenBSD CVS tree itself may now do so
1.214 millert 648: from <em>anoncvs.usa.openbsd.org</em> or <em>anoncvs3.usa.openbsd.org</em>
1.143 millert 649: (these are different machines). Note that this is the cvs tree,
650: <b>not</b> a checked out source tree. It is only useful if you
651: want to be able to do fast cvs operations (diff, annotate, etc) or
652: if you have multiple source trees and you only want to transfer new
653: data once (you can then checkout a tree from your local cvs mirror).
1.107 millert 654: <p>
655: A sample supfile would be:
656: <pre>
657: cvs host=anoncvs.usa.openbsd.org hostbase=/ base=/home delete
658: </pre>
659: <p>
660: which would mirror the cvs tree into /home/cvs with the sup data
1.133 millert 661: files ending up in /home/sup. The full OpenBSD cvs tree is currently
1.226 nick 662: about 2.5GB in size, and will, of course continue to grow.
1.65 matthieu 663:
1.155 jsyn 664: <h3><a name="MIRROR"><font color="#0000e0">Setting up an anoncvs mirror
665: </font></a></h3>
1.105 ericj 666:
1.107 millert 667: <p>
1.200 nick 668: If you wish to setup a new anoncvs mirror site and make it available to
669: the general public, please contact the anoncvs
1.135 naddy 670: <a href="mailto:sup@openbsd.org">maintainer</a>.
1.197 brad 671: Anoncvs mirrors require about 2.2GB of disk, and use up to 32MB of swap
1.1 deraadt 672: per anoncvs user (assuming the user does a large operation; while smaller
673: operations use fewer resources, anoncvs still makes much more of an
674: impact than ftp or sup). Such anoncvs machines should have excellent
675: network connectivity for the area they are expected to serve. A
1.135 naddy 676: <a href="anoncvs.shar">document</a>
1.1 deraadt 677: which describes the setup of anoncvs servers is available.
678:
1.135 naddy 679: <h3><font color="#0000e0">Final notes</font></h3>
1.60 millert 680: After upgrading your source tree, you should read the comments
1.198 david 681: at the top of <kbd>/usr/src/Makefile</kbd> before attempting
1.60 millert 682: a build. Also, you should build a new kernel <strong>before</strong>
1.198 david 683: doing a <kbd>make build</kbd> if possible. In some cases it may be
684: necessary to rebuild and install the <kbd>config</kbd> utility before
685: you can build the kernel. If <kbd>config GENERIC</kbd> fails this
1.60 millert 686: is probably the case.
687: <p>
688: It is important to note that upgrading from a release to the current tree
689: by rebuilding the sources can be rather difficult due to dependencies
690: that are often not obvious. Therefore, it is suggested that you first
1.154 jsyn 691: install the latest snapshot before attempting a tree build from source.
1.1 deraadt 692:
693: <hr>
1.155 jsyn 694: <a href="index.html"><img height="24" width="24" src="back.gif" border="0"
695: alt="OpenBSD"></a>
1.135 naddy 696: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
1.228 ! nick 697: <br><small>$OpenBSD: anoncvs.html,v 1.227 2004/12/06 16:07:22 nick Exp $
1.155 jsyn 698: </small>
1.1 deraadt 699:
700: </body>
701: </html>