=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/anoncvs.shar,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- www/anoncvs.shar 2009/04/19 21:01:54 1.21 +++ www/anoncvs.shar 2009/08/10 09:16:52 1.22 @@ -33,11 +33,12 @@ X appropriate place. X X2) Compile and install anoncvssh, the shell used for the anoncvs user. -X ( If you aren't using OpenBSD you'll probably need to compile a sup +X Install the cvsync client using 'pkg_add cvsync' command. +X ( If you aren't using OpenBSD you'll probably need to compile a cvsync X client as well. The easier path is to use OpenBSD ;). X X3) Add the anoncvs user to the password file, with no password, and -X anoncvssh as it's shell. Decide on a user that will run sup to maintain +X anoncvssh as it's shell. Decide on a user that will run cvsync to maintain X the archive (this is a different user, NOT the anoncvs user). X X4) Make a home directory for the anoncvs user. The anoncvs user's @@ -49,15 +50,13 @@ X use another platform you'll need to be familiar with what needs X to go in a chroot jail for your platform. X -X5) Get permission to use sup to obtain the cvs tree from a server. +X5) Get permission to use cvsync to obtain the cvs tree from a server. X -X6) Set up sup to retrieve the cvs tree from an appropriate place. -X (If you aren't using OpenBSD you will need to compile and install -X a sup client). +X6) Set up cvsync to retrieve the cvs tree from an appropriate place. X -X7) Run sup to retrieve the distribution from the server. +X7) Run cvsync to retrieve the distribution from the server. X -X8) Once you get the distribution in, set up a cron job to run sup +X8) Once you get the distribution in, set up a cron job to run cvsync X periodically to keep your server up to date. X X9) Enabling OpenCVS anoncvs. @@ -75,9 +74,9 @@ X Install the binary setuid-root in /open/anoncvssh. X X********************************************************************** -XSTEP 3) Create the anoncvs account and decide who will run "sup" +XSTEP 3) Create the anoncvs account and decide who will run "cvsync" X to maintain the archive. The anoncvs account should *NOT* be the one -X running sup to maintain the archive. +X running cvsync to maintain the archive. X Xcreate an account similar to: X @@ -87,9 +86,9 @@ Xuid and gid are unique for your system, if the ones above aren't, Xpick different values. X -XDecide who will run sup to maintain the archive. Call that user -X$SUPUSER. Oh, and in case it hasn't been previously mentioned, -X$SUPUSER should *NOT* be the anoncvs user :). +XDecide who will run cvsync to maintain the archive. Call that user +X$CVSYNCUSER. Oh, and in case it hasn't been previously mentioned, +X$CVSYNCUSER should *NOT* be the anoncvs user :). X XSet "PermitEmptyPasswords yes" option in /etc/ssh/sshd_config and Xrestart your sshd daemon. @@ -101,8 +100,7 @@ X Xmkdir /open/anoncvs Xmkdir /open/anoncvs/cvs -Xmkdir /open/anoncvs/sup -Xchown -R $SUPUSER /open/anoncvs/cvs /open/anoncvs/sup /open/anoncvs +Xchown -R $CVSYNCUSER /open/anoncvs/cvs /open/anoncvs X XStart filling the account up with nice stuff. You are building a chroot Xjail for anoncvs in /open/anoncvs. @@ -117,8 +115,6 @@ X Then set your CVSROOT environment variable to the following value: X anoncvs@anoncvs.openbsd.org:/cvs X -X chown root:wheel .hushlogin .profile .plan -X X mkdir bin dev tmp usr var etc X cp /bin/{cat,pwd,rm,sh} bin/ X @@ -155,17 +151,15 @@ XIf using shared libraries, use ldd to find out which shared libs you need: X # ldd /usr/bin/cvs X /usr/bin/cvs: -X Start End Type Ref Name -X 00000000 00000000 exe 1 /usr/bin/cvs -X 0015f000 20165000 rlib 1 /usr/lib/libz.so.2.0 -X 0016d000 20172000 rlib 1 /usr/lib/libgssapi.so.2.0 -X 0017f000 2018d000 rlib 1 /usr/lib/libkrb5.so.5.2 -X 00141000 20145000 rlib 1 /usr/lib/libasn1.so.3.1 -X 00089000 200ba000 rlib 1 /usr/lib/libcrypto.so.10.0 -X 00177000 2017c000 rlib 1 /usr/lib/libdes.so.8.0 -X 00169000 2016d000 rlib 1 /usr/lib/libcom_err.so.1.0 -X 00009000 20053000 rlib 1 /usr/lib/libc.so.30.0 -X 00002000 00002000 rtld 1 /usr/libexec/ld.so +X Start End Type Open Ref GrpRef Name +X 1c000000 3c01f000 exe 1 0 0 /usr/bin/cvs +X 0f802000 2f80a000 rlib 0 1 0 /usr/lib/libz.so.4.1 +X 020f3000 220f8000 rlib 0 1 0 /usr/lib/libgssapi.so.5.0 +X 0530c000 2531c000 rlib 0 1 0 /usr/lib/libkrb5.so.17.0 +X 03801000 23841000 rlib 0 1 0 /usr/lib/libcrypto.so.18.0 +X 0a8fb000 2a900000 rlib 0 1 0 /usr/lib/libdes.so.9.0 +X 094d2000 2950b000 rlib 0 1 0 /usr/lib/libc.so.51.0 +X 094ca000 094ca000 rtld 0 1 0 /usr/libexec/ld.so X X and then copy the required libraries to usr/lib/ X @@ -190,54 +184,60 @@ XSee the example layout below for full details. X X********************************************************************** -XSTEP 5): Get sup permission. +XSTEP 5): Get cvsync permission. Xsend mail to sup@openbsd.org -X1) to have sup permissions granted on an appropriate machine for you -X to sup from. We will need to know your host's real hostname and +X1) to have cvsync permissions granted on an appropriate machine for you +X to cvsync from. We will need to know your host's real hostname and X IP address. X2) to have an anoncvsN.COUNTRY.openbsd.org alias created. -X3) to have your site mentioned in the http://www.openbsd.org page. +X3) to have your site mentioned in the http://www.openbsd.org/anoncvs.html page. X X********************************************************************** -XSTEP 6): Configure sup. +XSTEP 6): Configure cvsync. X -XIf you're running OpenBSD, you already have a sup client in -X/usr/bin/sup. If not you may need to build it. On an IRIX or other -XSYSV machine, ensure that your kernel does not allow a user to chown -Xa file to another user (you may have heard of this particular brand -Xof evil referred to as "chown giveaway"). This will cause sup to -Xgive away the files to root before chmod'ing them readable. -Xmichaels@openbsd.org knows how to fix this. +XYou have to install cvsync package. X -XThe file /open/anoncvs/sup/ss contains a line that tells sup where -Xto get the cvs tree from. It will normally contain: +XThe file /etc/cvsync.conf contains the configuration of cvsync. It will +Xnormally contain: X -X cvs host=anoncvs.ca.openbsd.org hostbase=/usr/OpenBSD base=/open/anoncvs delete +Xconfig { +X base-prefix /open/anoncvs/ +X hostname anoncvs.ca.openbsd.org +X collection { +X name openbsd-cvsroot release rcs +X prefix cvs +X } +X collection { +X name openbsd-src release rcs +X prefix cvs +X } +X collection { +X name openbsd-ports release rcs +X prefix cvs +X } +X collection { +X name openbsd-www release rcs +X prefix cvs +X } +X collection { +X name openbsd-xenocara release rcs +X prefix cvs +X } +X} X -XThe file /open/anoncvs/sup/cvs/refuse tells sup what files it should not get. -XIt should contain the following lines: -X -X cvs/CVSROOT/history -X cvs/CVSROOT/readers -X cvs/CVSROOT/writers -X cvs/CVSROOT/passwd -X -XIf you ever fetch the file cvs/CVSROOT/history, delete it. It will -Xcause you problems. -X X********************************************************************** -XSTEP 7): Run sup to retrieve the tree for the first time. +XSTEP 7): Run cvsync to retrieve the tree for the first time. X -XLog in as or become the $SUPUSER, and run +XLog in as or become the $CVSYNCUSER, and run X -Xsup -v /open/anoncvs/sup/ss > /tmp/suplog &; tail -f /tmp/suplog +Xcvsync > /tmp/cvsynclog &; tail -f /tmp/cvsynclog X -XIf you have sup permission, and have specified the correct host and -Xhostbase in /open/anoncvs/sup/ss you should see a list of files start +XIf you have cvsync permission, and have specified the correct host and +Xprefix in /etc/cvsync.conf you should see a list of files start Xcoming in after a short while. Don't panic if nothing happens -Ximmediately. Watch for errors (sup can timeout or die). If you can't -Xaccess files contact the sup server maintainer. If you get a timeout -Xor if sup dies you can restart and it should continue where it left off. +Ximmediately. Watch for errors (cvsync can timeout or die). If you can't +Xaccess files contact the cvsync server maintainer. If you get a timeout +Xor if cvsync dies you can restart and it should continue where it left off. X XIt can take a good while (and a couple of restarts) to obtain the Xwhole tree for the first time. @@ -245,19 +245,13 @@ X********************************************************************** XSTEP 8): Set up cron to keep the tree up to date. X -XYou run sup periodically from the cron by setting up the crontab file -Xof the $SUPUSER. +XYou run cvsync periodically from the cron by setting up the crontab file +Xof the $CVSYNCUSER. X -XFor example: To run every three hours 'sup -v supfile', and thrice -Xweekly 'sup -vo supfile' .. because sup is not reliable .. +XFor example, to update every two hours: X -X0 0,3,6,9,12,15,18,21 * * 0,2,4,5 sup -v /open/anoncvs/sup/ss > /dev/null -X0 0,12,15,18,21 * * 1,3,6 sup -v /open/anoncvs/sup/ss > /dev/null -X0 3 * * 1,3,6 sup -vo /open/anoncvs/sup/ss > /dev/null +X15 */2 * * * /usr/local/bin/cvsync > /dev/null X -Xanoncvs5.usa.openbsd.org uses this particular set of entries. A `sup -X-o' is done every few days because sup is not very robust. -X X********************************************************************** XSTEP 9): Enabling OpenCVS anoncvs. X @@ -290,143 +284,96 @@ X********************************************************************** XEXAMPLE LAYOUT X -XExample layout for OpenBSD. In this example "deraadt" is the $SUPUSER. +XExample layout for OpenBSD. In this example "deraadt" is the $CVSYNCUSER. X -X[eap open 5 ]> cd /open -X[eap open 6 ]> ls -alF -Xtotal 46 -Xdrwxr-xr-x 7 root wheel 512 Feb 20 09:58 ./ -Xdrwxr-xr-x 17 root wheel 512 Jun 14 14:05 ../ -Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 anoncvs/ -X---s--x--x 1 root bin 16384 Nov 30 1995 anoncvssh* -Xlrwxr-xr-x 1 root wheel 11 Jan 3 21:52 cvs@ -> anoncvs/cvs -Xdrwxr-xr-x 5 root wheel 512 Feb 22 13:22 ftp/ -Xdrwxrwxrwt 2 anoncvs wheel 1024 Jan 1 13:18 lost+found/ -Xdrwxr-xr-x 4 root wheel 512 Nov 30 1995 src/ -Xdrwxrwxr-x 3 deraadt wheel 512 Dec 4 1995 sup/ -X[eap open 7 ]> cd anoncvs -X[eap anoncvs 8 ]> ls -alF -Xtotal 20 -Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 ./ -Xdrwxr-xr-x 7 root wheel 512 Feb 20 09:58 ../ -X-r--r--r-- 1 root wheel 0 Nov 30 1995 .hushlogin -X-r--r--r-- 1 root wheel 188 Nov 30 1995 .plan -X-r--r--r-- 1 root wheel 0 Nov 29 1995 .profile -Xdrwxrwxr-x 2 deraadt wheel 512 Nov 29 1995 bin/ -Xdrwxrwxr-x 6 deraadt cvs 512 Jun 16 20:28 cvs/ -Xdrwxr-xr-x 2 root wheel 512 Nov 30 1995 dev/ -Xdrwxr-xr-x 2 root wheel 512 Nov 29 1995 etc/ -Xdrwxrwxrwx 3 root wheel 512 Jun 22 07:42 tmp/ -Xdrwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 usr/ -Xdrwxr-xr-x 2 root wheel 512 Jan 3 21:55 var/ -X[eap anoncvs 8 ]> ls -alFR bin usr tmp etc dev -Xbin: -Xtotal 948 -Xdrwxrwxr-x 2 deraadt wheel 512 Nov 29 1995 ./ -Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../ -X--wx--x--x 1 deraadt wheel 40960 Jun 18 09:45 cat* -X--wx--x--x 1 deraadt wheel 40960 Jun 18 09:45 pwd* -X--wx--x--x 1 deraadt wheel 122880 Jun 18 09:45 rm* -X--wx--x--x 1 deraadt wheel 262144 Jun 18 09:45 sh* +X$ cd /open +X$ ls -alF +Xtotal 64 +Xdrwxr-xr-x 5 root wheel 512 Jun 18 22:29 ./ +Xdrwxr-xr-x 13 root wheel 512 Jun 4 05:14 ../ +Xdrwxr-xr-x 9 deraadt wheel 512 Jun 3 02:15 anoncvs/ +X---s--x--x 1 root wheel 14302 Jun 18 22:29 anoncvssh* +Xdrwxr-xr-x 4 root wheel 5120 Jun 10 14:34 ftp/ X +X$ cd anoncvs +X$ ls -alF +Xtotal 68 +Xdrwxr-xr-x 9 root wheel 512 Jun 3 02:15 ./ +Xdrwxr-xr-x 5 root wheel 512 Jun 10 14:32 ../ +X-rw-r--r-- 1 root wheel 0 Jun 3 01:50 .hushlogin +X-rw-r--r-- 1 root wheel 84 Jun 3 01:50 .plan +X-rw-r--r-- 1 root wheel 0 Jun 3 01:50 .profile +Xdrwxr-xr-x 2 root wheel 512 Jun 3 01:40 bin/ +Xdrwxr-xr-x 7 deraadt wheel 512 Jun 18 22:19 cvs/ +Xdrwxr-xr-x 2 root wheel 512 Jun 3 01:51 dev/ +Xdrwxr-xr-x 2 root wheel 512 Jun 3 01:53 etc/ +Xdrwxrwxrwx 10 root wheel 512 Jun 18 17:38 tmp/ +Xdrwxr-xr-x 5 root wheel 512 Jun 3 01:54 usr/ +Xdrwxr-xr-x 2 root wheel 512 Jun 3 01:54 var/ +X$ ls -alFR bin usr tmp etc dev +Xbin: +Xtotal 1984 +Xdrwxr-xr-x 2 root wheel 512 Jun 3 01:40 ./ +Xdrwxr-xr-x 9 root wheel 512 Jun 3 02:15 ../ +X-r-xr-xr-x 1 root wheel 132368 Jun 3 01:40 cat* +X-r-xr-xr-x 1 root wheel 124176 Jun 3 01:40 pwd* +X-r-xr-xr-x 1 root wheel 238864 Jun 3 01:40 rm* +X-r-xr-xr-x 1 root wheel 460048 Jun 3 01:40 sh* +X Xdev: -Xtotal 4 -Xdrwxr-xr-x 2 root wheel 512 Nov 30 1995 ./ -Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../ -Xcrw-rw-rw- 1 root wheel 2, 2 Nov 30 1995 null -X +Xtotal 8 +Xdrwxr-xr-x 2 root wheel 512 Jun 3 01:51 ./ +Xdrwxr-xr-x 9 root wheel 512 Jun 3 02:15 ../ +Xcrw-rw-rw- 1 root wheel 3, 2 Jun 3 01:51 null +Xcrw-rw-rw- 1 root wheel 3, 12 Jun 3 01:51 zero +X Xetc: -Xtotal 112 -Xdrwxr-xr-x 2 root wheel 512 Nov 29 1995 ./ -Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../ -X-rw-r--r-- 1 root wheel 252 Nov 29 1995 group -X-rw-r--r-- 1 root wheel 296 Nov 29 1995 hosts -X-rw-r--r-- 1 root wheel 540 Nov 29 1995 passwd -X-rw-r--r-- 1 root wheel 1094 Nov 29 1995 protocols -X-rw-r--r-- 1 root wheel 40960 Nov 29 1995 pwd.db -X-rw-r--r-- 1 root wheel 89 Nov 29 1995 resolv.conf -X-rw-r--r-- 1 root wheel 5529 Nov 29 1995 services -X-rw-r--r-- 1 root wheel 1361 Nov 29 1995 ttys +Xtotal 188 +Xdrwxr-xr-x 2 root wheel 512 Jun 3 01:53 ./ +Xdrwxr-xr-x 9 root wheel 512 Jun 3 02:15 ../ +X-r--r--r-- 1 root wheel 64 Jun 3 01:52 group* +X-r--r--r-- 1 root wheel 576 Jun 3 01:52 hosts* +X-r--r--r-- 1 root wheel 291 Jun 3 01:53 passwd* +X-r--r--r-- 1 root wheel 5625 Jun 3 01:52 protocols* +X-r--r--r-- 1 root wheel 40960 Jun 3 01:52 pwd.db* +X-r--r--r-- 1 root wheel 93 Jun 3 01:52 resolv.conf* +X-r--r--r-- 1 root wheel 9875 Jun 3 01:52 services* +X-r--r--r-- 1 root wheel 26428 Jun 3 01:52 ttys* X Xusr: -Xtotal 10 -Xdrwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ./ -Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../ -Xdrwxr-xr-x 2 deraadt wheel 512 Nov 30 1995 bin/ -Xdrwxr-xr-x 2 deraadt wheel 1024 Jun 18 09:50 lib/ -Xdrwxr-xr-x 2 deraadt wheel 512 Nov 29 1995 libexec/ +Xtotal 20 +Xdrwxr-xr-x 5 root wheel 512 Jun 3 01:54 ./ +Xdrwxr-xr-x 9 root wheel 512 Jun 3 02:15 ../ +Xdrwxr-xr-x 2 root wheel 512 Jun 3 01:57 bin/ +Xdrwxr-xr-x 2 root wheel 512 Jun 3 01:56 lib/ +Xdrwxr-xr-x 2 root wheel 512 Jun 3 01:55 libexec/ X Xusr/bin: -Xtotal 1968 -Xdrwxr-xr-x 2 deraadt wheel 512 Nov 30 1995 ./ -Xdrwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ../ -X--wx--x--x 1 deraadt wheel 317787 Jun 18 09:46 cvs* +Xtotal 3016 +Xdrwxr-xr-x 2 root wheel 512 Jun 3 01:57 ./ +Xdrwxr-xr-x 5 root wheel 512 Jun 3 01:54 ../ +X-r-xr-xr-x 1 root wheel 643728 Jun 3 01:54 cvs* +X-r-xr-xr-x 1 root wheel 841240 Jun 3 01:57 opencvs* X Xusr/lib: -Xtotal 5594 -Xdrwxr-xr-x 2 deraadt wheel 1024 Jun 18 09:50 ./ -Xdrwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ../ -X-rw-r--r-- 1 deraadt wheel 351730 Jun 18 09:50 libasn1.so.2.0 -X-rw-r--r-- 1 deraadt wheel 351730 Jun 18 09:50 libc.so.28.5 -X-rw-r--r-- 1 deraadt wheel 16608 Jun 18 09:50 libcrypto.so.6.0 -X-rw-r--r-- 1 deraadt wheel 44424 Jun 18 09:50 libdes.so.7.0 -X-rw-r--r-- 1 deraadt wheel 16665 Jun 18 09:50 libgssapi.so.1.0 -X-rw-r--r-- 1 deraadt wheel 86198 Jun 18 09:50 libkafs.so.10.0 -X-rw-r--r-- 1 deraadt wheel 42254 Jun 18 09:50 libkrb.so.10.0 -X-rw-r--r-- 1 deraadt wheel 66099 Jun 18 09:50 libkrb5.so.4.0 -X-rw-r--r-- 1 deraadt wheel 387976 Jun 18 09:50 libz.so.1.4 +Xtotal 42344 +Xdrwxr-xr-x 2 root wheel 512 Jun 3 01:56 ./ +Xdrwxr-xr-x 5 root wheel 512 Jun 3 01:54 ../ +X-r--r--r-- 1 root wheel 4605409 Jun 3 01:56 libc.so.50.1 +X-r--r--r-- 1 root wheel 9659802 Jun 3 01:56 libcrypto.so.18.0 +X-r--r--r-- 1 root wheel 190814 Jun 3 01:56 libdes.so.9.0 +X-r--r--r-- 1 root wheel 1593303 Jun 3 01:55 libgssapi.so.5.0 +X-r--r--r-- 1 root wheel 5337583 Jun 3 01:56 libkrb5.so.16.0 +X-r--r--r-- 1 root wheel 182556 Jun 3 01:55 libz.so.4.1 X Xusr/libexec: -Xtotal 100 -Xdrwxr-xr-x 2 deraadt wheel 512 Nov 29 1995 ./ -Xdrwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ../ -X-rwxr-xr-x 1 deraadt wheel 49152 Jun 18 09:47 ld.so* +Xtotal 120 +Xdrwxr-xr-x 2 root wheel 512 Jun 3 01:55 ./ +Xdrwxr-xr-x 5 root wheel 512 Jun 3 01:54 ../ +X-r-xr-xr-x 1 root wheel 55683 Jun 3 01:55 ld.so* +X$ ls cvs +XCVSROOT ports src www xenocara X -X[eap anoncvs 14 ]> ls cvs -XCVSROOT/ src/ sup/ www/ -X[eap anoncvs 15 ]> cd /open -X[eap anoncvs 16 ]> ls -alF sup -Xtotal 8 -Xdrwxrwxr-x 3 deraadt wheel 512 Dec 4 1995 ./ -Xdrwxr-xr-x 7 root wheel 512 Feb 20 09:58 ../ -Xdrwxr-xr-x 2 deraadt wheel 512 Jun 22 06:05 cvs/ -X-rw-rw-r-- 1 deraadt wheel 54 Dec 4 1995 ss -X -X -X*************************************************************** -XNOTES FOR OTHER PLATFORMS: -X -XIf you're not that familiar with your other platform (i.e. you haven't -Xbuilt a chroot jail for a server on it) you may be better off -Xfinding an OpenBSD machine to use and duplicating the example above. -X -X**SunOS 5) -XBob Beck has done this. E-mail for -Xhelp if you need it. -X -X**OSF 1) -XFrom Todd Fries to the adventurous. -XA note for those installing anoncvs on non-OpenBSD operating systems. -XYou are in for some fun. -X -XFor OSF1, on a DEC alpha, I had to do the following in addition to the -Xabove: -X -X- I do not know how to setup dynamic libraries on osf1 and as a result -X everything had to be compiled statically. -X- Therefore, everything but /bin/sh I had to recmpile in order to -X get the chroot setup. In order that there be no guesswork -X involved, the following packages' binaries must exist in the chroot -X environment: -X -X GNU -X cvs (from the OpenBSD source tree) -X -XSome notes on compiling. -X -X cvs fails to install if you don't have makeinfo ... just search for the -X string ' install-info$' with regex and remove it from the Makefile for the -X install and you'll be fine, or install 'texinfo', your choice. END-of-README echo x - anoncvssh.c sed 's/^X//' >anoncvssh.c << 'END-of-anoncvssh.c'