barns.blog

I spent a little time yesterday looking for information on how to set up a CVS pserver in Hardy. Whilst I did find some useful information, ultimately I had to set it up with the exclusive help of the CVS manual. In Debian distros there is a package called cvs and another called cvsd. Now having never used CVS before, I assumed that one was a client and the other a server. How very, very wrong!

By reading the manual, it was clear that CVS can run in server mode – also known as pserver, but it is a single binary. After spending some time browsing the Internet, I understood that cvsd is simply a chroot wrapper to cvs which attempts to overcome the security flaws in CVS.

This is the process I took to installing a working pserver:

$ sudo apt-get install cvs cvsd

This eventually prompts you to choose which repositories you want to configure cvsd for. This wasn’t really helpful as dpkg configuration explained that this was far from all the config required to set up a repository. Because of this, I didn’t change the defaults at this stage.

By default, cvsd is configured to store its repositories in /var/lib/cvsd/ which is a default I stuck with. You can change this in the cvsd config file (more later) but then you have to rebuild the cvsd root as it stores a full, yet minimal, environment in that folder for use as a chroot. The default method of creating a repository is to:

$ sudo mkdir /var/lib/cvsd/reponame

$ sudo chown cvsd:cvsd /var/lib/cvsd/reponame

$ sudo -u cvsd cvs -d /var/lib/cvsd/reponame init

This will setup a functioning CVSROOT in /var/lib/cvsd/reponame/ but the pserver is not yet configured to make use of it. You could have configured cvsd to permit access to the repository when dpkg prompted you on install, but if you didn’t or need to add more at a later stage, you can edit the cvsd config file at /etc/cvsd/cvsd.conf and add the following to it:

Repos /reponame

This is relative to the RootJail path (default is /var/lib/cvsd, as I said before). The RootJail property can also be edited in this config file. You can have as many Repos lines as needed for your sever.

This is all that is required to get a basic pserver going, but for security considerations, I would suggest you at least password protect any write access to it. This can be done by following the classical methods for configuring a pserver, but cvsd also provides a utility to perform this.

$ sudo -u cvsd cvsd-passwd +username

This command will prompt you for a password. Similarly, you can use -username to remove a username. If a username already exists, this utility will change the password of the existing user.

For easy backup purposes, I decided to install all my repositories in a single folder inside the /var/lib/cvsd/ folder, soas to easily differentiate them from the chroot environment which is setup.

If you decided to move the RootJail, or if you upgrade cvs, you need to rebuild the cvsd root. This is done by performing the following command:

$ sudo cvsd-buildroot /path/to/root

This has to be performed every time cvs is updated as it copies the cvs binary into the fake root.

Remember that to give your pserver access to the outside world, you will need to permit TCP port 2401 to be accessible – unless you change it in the config. Be warned of the security implications of doing so.

There may be a better method doing this, but it works for me .