SettingUpCVS

This is the story of how I got CVS up and running. I recommend you familiarize yourself with the CVS documentation (do info cvs and check the sections called Overview and Repository). It'd take me forever to try and explain everything, so a good knowledge of how CVS works is assumed.

Characteristics
- Anonymous read-only access and controlled read-write access for the projects' developers
- The server is tailored for remote-only access using the pserver method. Local access is allowed, but discouraged because most of the safeguards are lost. If you want to set up remote access using ssh instead of pserver, check out http://www.kitenet.net/programs/sshcvs/
- Each project in the cvs repository has its own user and group. This way we can have many people with write access to a specific project without having to create a user account for each one of them. So for example, if you have a project called voodoo-doll, and 5 programmers working on it called dida, dide, didi, dido y didu, you just need to create a user/group system called voodoo and then in the cvs config associate did[a-u]? with voodoo (see twiki topic AddCVSProject for details on this).

Setting up
(this is all done as root)
- Create a directory for your repository. You can actually have as many as you want, each one with its one configuration. Then, init the repository using the cvs command:
$ cvs init -d < path to your repository >
In our case, we have a unique repository for all the HPCf projects and is located in /usr/local/cvsroot (which I'll call from now on $CVSROOT).
If everything goes well, you should have a CVSROOT subdirectory, with a bunch of files used by cvs to administer your repository. This directory is owned by root so that it's impossible (i think) for somebody accessing the cvs repository to read our configuration.
- Create a system user/group for the anonymous cvs user. In our case both are called cvs. This is the user under which cvs will run when an anonymous user logs into the server. Make sure it doesn't have a login shell (you can use /bin/false). In our case, I also took it out of /etc/shadow.
- The server's configuration is set up in the $CVSROOT/CVSROOT/config. You can either edit it directly or check it out, edit it and check it in (cvs' docs recommend this). It's well documented so I'm just going to mention the changes I made and why:
SystemAuth?=no
This way the cvs server has its own password file, so you don't have to create a system user for every person with access to the cvs repositories.
LockDir?=/var/lock/cvs
This is necessary to be able to have anonymous cvs read-only access. CVS needs to store information (locks really) about a project every time it gets checked out. It normally does this in the project's directory. The problem is, this implies write access to that directory, which means anyone can change the project's files, check them in and cvs will never complain. To avoid this, you just tell cvs to store the locks in another dir, where you give both your programmers and the anonymous user write access.
So, choose a location for your locks (in our case /var/lock/cvs), create that directory, and make sure it's owned by root:cvs. Finally, make it setgid (chmod 2775), so all its subdirs will have group cvs and be group writable.
- Add the anonymous user to the cvs password file: Edit $CVSROOT/CVSROOT/passwd (don't check it out) and add a line:
cvs:[< password for anonymous user >]?
cvs is the name of your anonymous user. If you want, it can have a password which must be encrypted using the standard crypt() function (so you can copy it from /etc/passwd).
- Finally, you need to allow access to your repository through the network. The easiest way to do this is using inetd or in our case xinetd. Just go to /etc/xinetd.d and create a file cvspserver with:
service cvspserver
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/bin/cvs
server_args = -f --allow-root=/usr/local/cvsroot pserver
port = 2401
}
Now restart xinetd:
$/etc/init.d/xinetd restart
and voila!, you should be now ready to start adding projects to your cvs repository. Jump to twiki's topic AddCVSProject for how to do that. By the way, your anonymous users will use a CVSROOT env. variable that looks like:
:psever:your_anonymous_username@your.cvs.server.hostname:path/to/your/$CVSROOT
which in our case translates to:
:pserver:cvs@worldview.hpcf.upr.edu:/usr/local/cvsroot

-- Main.RicardoBaratto? - 20 Aug 2001