OpenBSD AnonCVS

Anonymous CVS Access:

Anonymous CVS is a method of keeping your local copy of the OpenBSD source tree up to date with respect to changes made to current OpenBSD sources.

The major advantage of Anonymous CVS over other source code update techniques is that it works directly against a central source code repository or mirror. This means that you have the full set of CVS commands available to control merging and updating your changes with other source changes and for performing diff's, change histories and other queries against the central repository.

You can use anoncvs to access our three main source repositories: src, ports, and www.

CVS:

CVS is the source code control system used to manage the OpenBSD source tree. It implements a central repository for all officially released source code and changes, while permitting developers to maintain local copies of the source code with their working changes. Developers with "write access" can commit changes directly to the OpenBSD source tree, while "Anonymous CVS" users have "read access" and can keep their local copies of the source up to date and issue queries against the central depository.

The major strength of CVS is that it has the ability to perform intelligent merges of changes to the central repository with changes that you make to your local copy. This means that if you make a change to a module and perform an update, your changes are not "blown away", rather CVS makes best efforts to merge the changes made to the central sources with changes you've made to your local copy.

In the event that the changes can't be completely merged, CVS provides a "soft fallback", in terms of providing you with annotated changes to your local copy, preserving an unmodified copy of your version and continuing to update any other source modules you requested.

People who own an OpenBSD CD may have seen the CVS/ dirs on it. Actually there is a reason, the CD has a checkout of the OpenBSD src/ module usable to continue updating from. Using this tree will results in a much faster initial CVS update than a fresh checkout of the full OpenBSD source tree. There are two ways of using the CD:

copy the tree off it, (assuming the CD is mounted on /mnt):

	# cd /mnt; cp -Rp CVS Makefile bin distrib etc games gnu \
	> include kerberosIV lib libexec lkm regress sbin share \
	> sys usr.bin usr.sbin /usr/src

use a union mount with the CD below a writable directory.
```
	# mount -t union -o -b /mnt /usr/src
```

After this, /usr/src will be a nice checkout area where all cvs(1) commands will work OK.

CVS COMMAND SUMMARY

cvs [cvs args] [cvs command] [cvs command args]

below is a listing of commonly used cvs commands.

add: Add a new file or directory to the repository.
get: Make a working directory of source files for editing.
commit: Apply changes to the source repository (write access)
diff: Show differences between local files and the source repository.
history: Show reports on cvs commands against the source repository.
log: Display CVS log information.
rdiff: Prepare a collection of diffs reflecting changes between release.
status: Show current status of files in the repository and local copies.
update: Bring your working directory up to date with the repository.

To summarize, the real strength of using Anonymous CVS is that it is a "tolerant" source code control system - it respects changes that you have made to your local sources and makes "best efforts" to update your entire source tree, rather than leaving you a list of arcane problems that have to be resolved before continuing.

Using Anonymous CVS:

The latest version of CVS is available at Cyclic. Versions earlier than 1.6 are not recommended, and may not work. If you already have OpenBSD installed, CVS is included.

There are two levels of source tree access:

Read-write access for developers:: Developers who need to commit changes to the source tree must have an account on the OpenBSD machines. Getting this access will be a natural result of working on the sources with other OpenBSD developers. If someone does some good work and shows they can work with the team, they will get an account.

Read-only access for everyone:

Anyone can access the read-only CVS repositories. These copies of the read-write CVS repository are mirrored often. To use one, set your CVSROOT environment variable to one of the following values:

Please see the note about using ssh vs. rsh below!

CVSROOT=anoncvs@anoncvs.usa.openbsd.org:/cvs
Host also known as anoncvs.openbsd.org, anoncvs@anoncvs1.usa.openbsd.org, anoncvs@anoncvs4.usa.openbsd.org and anoncvs2.isc.org.
located in California, western USA.
maintained by Todd Miller.
protocols: ssh only.
updated every 4 hours.
Currently DOWN!
CVSROOT=anoncvs@anoncvs3.usa.openbsd.org:/cvs
Host also known as openbsd.cs.colorado.edu.
located at the University of Colorado, Boulder, western USA.
maintained by Todd Miller.
protocols: ssh, ssh port 2022.
updated every 6 hours.
CVSROOT=anoncvs@anoncvs6.usa.openbsd.org:/cvs
Host also known as openbsd.citi.umich.edu.
located at the University of Michigan, central USA.
maintained by Jim Rees.
protocols: ssh, ssh port 2022.
updated every 12 hours.
CVSROOT=anoncvs@anoncvs1.ca.openbsd.org:/cvs
Host also known as anoncvs.ca.openbsd.org, panopticon.ucs.ualberta.ca
located in Edmonton, Alberta, Canada.
maintained by Bob Beck
protocols: ssh, rsh, ssh port 2022, pserver
updated every 2 hours.
CVSROOT=anoncvs@anoncvs.uk.openbsd.org:/cvs
Host also known as dumpty.wonderland.org.
located in London, UK.
maintained by Peter Galbavy.
protocols: rsh.
updated every 12 hours.
CVSROOT=anoncvs@anoncvs.tw.openbsd.org:/cvs
Host also known as OpenBSD.csie.NCTU.edu.tw.
located in Taipei, Taiwan.
maintained by Liang-Kai Chu.
protocols: rsh, ssh, ssh port 2022.
updated every 12 hours.
CVSROOT=anoncvs@anoncvs.no.openbsd.org:/cvs
Host also known as cvs.inet.no.
located in Norway.
maintained by Michael Shuldman.
protocols: rsh, ssh, ssh port 2022.
updated every 4 hours.
CVSROOT=anoncvs@anoncvs.se.openbsd.org:/cvs
Host also known as anoncvs.stacken.kth.se.
located in Sweden.
maintained by Magnus Holmberg.
protocols: rsh, ssh, ssh port 2022.
updated every 3 hours.
CVSROOT=anoncvs@anoncvs.be.openbsd.org:/cvs
Host also known as badlands.rug.ac.be.
located in Belgium.
maintained by Wim Vandeputte.
protocols: ssh, ssh port 2022.
updated every 3 hours.
CVSROOT=anoncvs@anoncvs.jp.openbsd.org:/cvs
Host also known as kankoromochi.econ.nagasaki-u.ac.jp.
located at Nagasaki Univ. Faculty of Economics, JAPAN.
maintained by SUZUKI Hitoshi.
protocols: ssh.
updated every 12 hours.

You may want to use `traceroute' to find out which server is nearest you. Problems with a server should be reported to the maintainer of the server in question.

IMPORTANT NOTE: There are a few issues relating to cryptographic software that everyone should be aware of:

The OpenBSD sources are from Canada. As researched by a Canadian individual and as described in the Export Control list of Canada is legal to export crypto software from Canada to the world.
However, if you are outside the USA or Canada, you should not fetch the cryptographic sections of the OpenBSD sources from an anoncvs server located in the USA. The files in question are...
- src/kerberosIV/*
- src/lib/libdes/*
- src/lib/libc/crypt/crypt.c
- src/lib/libc/crypt/morecrypt.c
- src/sys/netinet
- src/usr.sbin/afs/src/rxkad/*
- X11/xc/lib/Xdmcp/Wraphelp.c
Because of the USA ITAR munitions list, crypto software may only be exported to Canada from the USA.
The OpenBSD project is looking for more anoncvs servers -- read on to find out how you can help.

A sample use of an anoncvs CVS server would be:

% setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs
% cd /tmp
% cvs get src/sys/arch/sparc
    [copies the files from the repository to your machine]
% cvs log src/sys/arch/sparc/sparc/locore.s
    [shows the commit log for the chosen file ]
% cvs diff -bc -r1.1 -r1.5 src/sys/arch/sparc/sparc/locore.s
    [shows the changes between revisions 1.1 and rev 1.5]

In order to use a cvs ``pserver'' (a direct tcp connection instead of using ssh or rsh) you must login once:

    [ *NOTE* You must be using cvs version 1.8 or higher to do this          ]
% setenv CVSROOT :pserver:anoncvs@anoncvs.ca.openbsd.org:/cvs
% cvs login
(Logging in to anoncvs@anoncvs1.ca.openbsd.org)
CVS password: 
    [this writes a line to ~/.cvspass (filename over-ridden by CVS_PASSFILE).]
    [An example line from my ~/.cvspass after typing 'blah' for the above    ]
    [password is:                                                            ]
    [:pserver:anoncvs@anoncvs5.usa.openbsd.org:/cvs Au'yc                    ]
    [...after logging in ONCE every other use of the above CVSROOT will work ]
% cvs -z9 get ksrc-i386 ksrc-common
    [allows you to retrieve ONLY that necessary to rebuild an i386 kernel    ]
    [ -z9 allows gzip -9 compression, GOOD medicine for slow links           ]

Here is how someone using anoncvs regularly would update his source tree:

First, start out by `get'-ing an initial tree:

# setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs
# cd /usr
# cvs -q get -PA src

Anytime afterwards, to `update' this tree:
```
# cd /usr/src
# cvs -q up -PAd
```
Everytime you ran this it would synchronize your /usr/src tree. It would not destroy any of your local changes, rather it would attempt to merge changes in. If you use obj directories (not obj symbolic links) you may wish to append "-I obj" to the cvs command line, this will keep cvs from spitting out a warning about all the obj directories it is going to encounter which are not in the repository.

To use ports, it is similar to src:

# setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs
# cd /usr
# cvs -q get -PA ports

Anytime afterwards, to `update' this tree:
```
# cd /usr
# cvs -q up -PAd ports
```

In the above example, '-q' is optional, only intended to minimize cvs's output. For those who like to see screenfulls of output, it can be omitted.

or to make a diff of a locally patched module (here cd.c) to include with a bug report:

# cd /usr
# cvs diff -u src/sys/scsi/cd.c > /tmp/patch

The CVS man page (included with the CVS sources) has much more information about how CVS can be used.

Warning: When using cvs you should take care that your current directory is either the root of the tree you're referencing or in a separate place such as /tmp. Some commands such as "get" can create an arbitrary sub-tree in the current directory, and a subsequent update will recursively flesh out this sub-tree.

The anoncvs service gives fledgling developers a chance to learn CVS operation and get thoroughly involved in the development process before getting "commit" access -- as a result of showing useful skills and high quality results they will naturally later be given developer access. As well, people providing patches can create their "diff"s relative to the CVS tree, which will ease integration.

Anoncvs: rsh vs. ssh
By default, the CVS client uses rsh to talk to the CVS server. Many of the CVS sites no longer support rsh for security reasons or a local problem like a firewall or imperfect protocol emulator such as slirp may prevent you from using rsh. The alternative is a to use a "secure shell" connection using ssh. This is a commercial product offered by SSH Communications Security Ltd, however they make a free unix version available that can be easily installed under OpenBSD. Make sure you read the LICENSING doc! If you have installed the OpenBSD ports tree you can download, compile, and install the free UNIX version just by changing directory into the directory /usr/ports/security/ssh and typing make install. If you installed "ports" from the OpenBSD 2.4 CD-ROM, you get ssh version 1.2.26 and should eventually "cvs update ports" and rebuild it as above after you get ssh and anoncvs working, to get the latest version. Alternately, you can manually download the latest 1.2.* Unix version from ftp://ftp.funet.fi/pub/unix/security/login/ssh/ or http://www.datafellows.com/f-secure/fnetsys.htm, compile, and install it yourself.

The OpenBSD anoncvs repositries support the SSH1 protocol, not the SSH2 protocol due to the use of a "strict non-commercial use licensing policy".

One ssh is installed, one sets the environment variable CVS_RSH to point to ssh (typically /usr/local/bin/ssh). If your local site prevents you from connecting out to port 22 (which ssh defaults to using) use port 2022.

Do not be tempted to turn on compression since CVS already compresses. Use something like the following in your $HOME/.ssh/config file. Note that not all anoncvs servers allow ssh connections on port 2022. Also note that most anoncvs servers no longer accept the none cipher as it is disabled in recent versions of ssh for security reasons.

	Host anoncvs.ca.openbsd.org
	    Port 2022

CVS is a little noisy starting up; to quiet it a bit you may want to do this:

setenv CVS_CLIENT_PORT -1

If you wish to change from one CVS server to another (say your normal one is down, or for any other reason), the environment variable which will let you do this is

setenv CVS_IGNORE_REMOTE_ROOT

X11 Source tree
Anoncvs mirrors also carry the OpenBSD X11 source tree. You can adapt the recipe above to update your X11 source tree from the second CD. Either copy or use a union mount to get the X11 sources in /usr/X11:

copy the tree off it (assuming the 2nd CD is mounted on /mnt):
```
	# cd /mnt; cp -Rp X11 /usr
```
use a union mount with the CD below a writable directory.
```
	# mount -t union -o -b /mnt/X11 /usr/X11
```

After this, /usr/X11 will be ready to be used by cvs. You can for example update it to -current source (assuming you've already set the CVSROOT environment variable):

        # cd /usr/X11
        # cvs -q update -PAd

Setting up a new anoncvs mirror
If you wish to be a new anoncvs mirror site, please contact the anoncvs maintainer. Anoncvs mirrors require about 500MB of disk, and use up to 4MB of swap per anoncvs user (assuming the user does a large operation; while smaller operations use fewer resources, anoncvs still makes much more of an impact than ftp or sup). Such anoncvs machines should have excellent network connectivity for the area they are expected to serve. A document which describes the setup of anoncvs servers is available.

Final notes:

After upgrading your source tree, you should read the comments at the top of /usr/src/Makefile before attemping a build. Also, you should build a new kernel before doing a make build if possible. In some cases it make be necessary to rebuild and install the config utility before you can build the kernel. If config GENERIC fails this is probably the case.

It is important to note that upgrading from a release to the current tree by rebuilding the sources can be rather difficult due to dependencies that are often not obvious. Therefore, it is suggested that you first install the latest snapshot before attemping a tree build from source.

www@openbsd.org
$OpenBSD: anoncvs.html,v 1.70 1998/12/01 01:34:27 deraadt Exp $