HOW-TO Install and Configure a CVS Repository Server

By Marty Phelan martyp@wainet.com

April 29, 2000


Assumptions:

Needed:

Repository Installation:

  1. Login as root on repository machine

  2. Create a user (& group) called: cvs

  3. Create repository:

    cvs -d /usr/local/cvsroot init

    (Repeat this process if you want to create multiple repositories e.g., /usr/local/cvsroot2, /usr/local/cvspublic etc). Each repository can have different sets of authorized users.

  4. Change owner and group of repository and all files to cvs:

    chown -R cvs.cvs /usr/local/cvsroot
  5. Create tcp service by editing /etc/services - add line (NOTE: May already be present):

    cvspserver 2401/tcp #CVS PServer
  6. Create inetd entry for service by editing /etc/inetd.conf - add following lines:

    #
    # CVS PServer
    #
    cvspserver stream tcp nowait cvs /usr/bin/cvs cvs --allow-root=/usr/local/cvsroot pserver

    NOTE: The above line "cvspserver stream ..." must appear on a single line. If you created multiple repositories in step 3, add an additional --allow-root=[repository path] argument for each repository.

  7. Restart inetd. NOTE: Because you will be restarting inetd from root's session, it will inherit the environment, most notably HOME=/root. This causes the following error when you try to check anything out of the repository:

    cvs server: cannot open /root/.cvsignore: Permission denied
    cvs [server aborted]: can't chdir(/root): Permission denied

    To remedy this, use one of two methods.
    1) The first method is to restart the server (the problem does not occur when inetd is started during system startup.
    2) The second method is a manual restart while logged in as root. For this to work you need to restart inetd without the HOME pointing to root's home directory. Start a terminal session and enter the following:

    unset HOME
    /etc/rc.d/init.d/inet restart
  8. Now login as the user cvs. We will now setup the password file for cvs users.

  9. You will need a utility to create encrypted passwords. You can use the below perl script for that purpose:

    #!/usr/bin/perl
    
    srand (time());
    my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 : 97))";
    my $salt = sprintf ("%c%c", eval $randletter, eval $randletter);
    my $plaintext = shift;
    my $crypttext = crypt ($plaintext, $salt);
    
    print "${crypttext}\n";
  10. Create a text file in /usr/local/cvsroot/CVSROOT called passwd and enter the users as shown below (format is: userid:encrypted-password:cvs ):

    username1:x$5itFdsw123:cvs
    username2:3fgRH4p3443:cvs

    NOTE: Use the crypt.pl utilty from above to generate the encrypted passwords for the above entries. The passwords for the users should NOT be the same as their unix password (if they have a unix account). The cvs users you enter above do NOT need a unix account.

  11. Set restrictive permissions on the file:

    chmod 400 /usr/local/cvsroot/CVSROOT/passwd
  12. (optional) Repeat step 10 and 11 for each additional repository you created in step 3.

Repository Testing

  1. Set the default repository in the environment (will save entering it on every cvs command):

    export CVSROOT=:pserver:username1@your_server_name:/usr/local/cvsroot

    (substitute real values for username1, your_server_name and repository path if needed)

  2. Test the basic login:

    cvs login

    Enter the username1's password. There should not be any error messages.

  3. Create a tiny test project:

    cd
    mkdir testproj
    echo "//Main Class">testproj/Main.java
  4. Import the project to the repository.

    cd testproj
    cvs import -m "My initial project message" testproj mycompany start
  5. Check to make sure the project was created in the repository. You should see the file Main.java in /usr/local/cvsroot/testproj

  6. Remove the test project from the repository:

    rm --R /usr/local/cvsroot/testproj

Running Repository under CVSD

CVSD allows running a repository which has been chroot'ed. This provides an extra level of security. Under this scheme, you will be running the invocation of CVS as root, so this extra bit of security will help. The following are the steps for setting this feature up:

  1. Download CVSD. You can find it at rpmfind or the latest version at CVSD for Linux home page.
  2. Make sure you have already installed CVS. These directions were done using CVS version 1.10.6-2.
  3. If you download the source, follow the instructions to install in the README. If you downloaded the RPM version, follow these instructions.
  4. Install the RPM package. It will install the software and create a user and group called cvsowner. You should see the below messages:
    Creating group cvsadmin...
    Creating user cvsowner...
    no existing cvspserver line in /etc/inetd.conf, adding...
    cvsd                        ##################################################
    Setting up /home/cvsowner/cvsd-root...
    Now edit/modify/whatever the /home/cvsowner/cvsd-root/etc/passwd file.
    Default user/passwds are cvs/cvs (for ro anon), user/pass. Change these!