Author: bdubbs Date: 2011-11-15 21:12:05 -0700 (Tue, 15 Nov 2011) New Revision: 8969
Added: trunk/BOOK/general/prog/cvsserver.xml trunk/BOOK/general/prog/svnserver.xml Removed: trunk/BOOK/server/other/cvsserver.xml trunk/BOOK/server/other/svnserver.xml Modified: trunk/BOOK/general.ent trunk/BOOK/general/prog/nasm.xml trunk/BOOK/general/prog/prog.xml trunk/BOOK/introduction/welcome/changelog.xml trunk/BOOK/server/other/other.xml Log: Update to nasm-2.09.10. Move the sections about running cvs and svn servers adjacent to the cvs and svn build instructions. Copied: trunk/BOOK/general/prog/cvsserver.xml (from rev 8929, trunk/BOOK/server/other/cvsserver.xml) =================================================================== --- trunk/BOOK/general/prog/cvsserver.xml (rev 0) +++ trunk/BOOK/general/prog/cvsserver.xml 2011-11-16 04:12:05 UTC (rev 8969) @@ -0,0 +1,230 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ + <!ENTITY % general-entities SYSTEM "../../general.ent"> + %general-entities; + +]> + +<sect1 id="cvsserver" xreflabel="Running a CVS Server"> + <?dbhtml filename="cvsserver.html"?> + + <sect1info> + <othername>$LastChangedBy$</othername> + <date>$Date$</date> + </sect1info> + + <title>Running a CVS Server</title> + + <sect2 role="package"> + <title>Running a CVS Server</title> + + <para>This section will describe how to set up, administer and secure + a CVS server.</para> + + <bridgehead renderas="sect3">CVS Server Dependencies</bridgehead> + + <bridgehead renderas="sect4">Required</bridgehead> + <para><xref linkend="cvs"/> and + <xref linkend="openssh"/></para> + + </sect2> + + <sect2 role="configuration"> + <title>Setting up a CVS Server.</title> + + <para>A CVS server will be set up using OpenSSH as the remote access + method. Other access methods, including :pserver: and :server: will + not be used for write access to the CVS repository. The :pserver: + method sends clear text passwords over the network and the :server: + method is not supported in all CVS ports. Instructions for anonymous, + read only CVS access using :pserver: can be found at the end of this + section.</para> + + <para>Configuration of the CVS server consists of four + steps:</para> + + <sect3> + <title>1. Create a Repository.</title> + + <para>Create a new CVS repository with the following + commands:</para> + +<screen role="root"><userinput>mkdir /srv/cvsroot && +chmod 1777 /srv/cvsroot && +export CVSROOT=/srv/cvsroot && +cvs init</userinput></screen> + + </sect3> + + <sect3> + <title>2. Import Source Code Into the Repository.</title> + + <para>Import a source module into the repository with the following + commands, issued from a user account on the same machine as the + CVS repository:</para> + +<screen><userinput>cd <replaceable><sourcedir></replaceable> && +cvs import -m "<replaceable><repository test></replaceable>" <replaceable><cvstest></replaceable> <replaceable><vendortag></replaceable> <replaceable><releasetag></replaceable></userinput></screen> + + </sect3> + + <sect3> + <title>3. Verify Local Repository Access.</title> + + <para>Test access to the CVS repository from the same user + account with the following command:</para> + +<screen><userinput>cvs co cvstest</userinput></screen> + + </sect3> + + <sect3> + <title>4. Verify Remote Repository Access.</title> + + <para>Test access to the CVS repository from a remote machine using + a user account that has <command>ssh</command> access to the CVS + server with the following commands:</para> + + <note> + <para>Replace <replaceable><servername></replaceable> with the + IP address or host name of the CVS repository machine. You will + be prompted for the user's shell account password before CVS + checkout can continue.</para> + </note> + +<screen><userinput>export CVS_RSH=/usr/bin/ssh && +cvs -d:ext:<replaceable><servername></replaceable>:/srv/cvsroot co cvstest</userinput></screen> + + </sect3> + + </sect2> + + <sect2 id='cvsserver-config' role="configuration"> + <title>Configuring CVS for Anonymous Read Only Access.</title> + + <para>CVS can be set up to allow anonymous read only access using the + :pserver: method by logging on as <systemitem class="username">root</systemitem> + and executing the following commands:</para> + +<screen role="root"><userinput>(grep anonymous /etc/passwd || useradd anonymous -s /bin/false -u 98) && +echo anonymous: > /srv/cvsroot/CVSROOT/passwd && +echo anonymous > /srv/cvsroot/CVSROOT/readers</userinput></screen> + + <para>If you use <command>inetd</command>, the following command + will add the <application>CVS</application> entry to + <filename>/etc/inetd.conf</filename>:</para> + +<screen role="root"><userinput>echo "2401 stream tcp nowait root /usr/bin/cvs cvs -f \ + --allow-root=/srv/cvsroot pserver" >> /etc/inetd.conf</userinput></screen> + + <indexterm zone="cvsserver cvsserver-config"> + <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary> + </indexterm> + + <para>Issue a <command>killall -HUP inetd</command> to reread the changed + <filename>inetd.conf</filename> file.</para> + + <para>If you use <command>xinetd</command>, the following command will create + the CVS file as <filename>/etc/xinetd.d/cvspserver</filename>:</para> + +<screen role="root"><userinput>cat >> /etc/xinetd.d/cvspserver << "EOF" +<literal># Begin /etc/xinetd.d/cvspserver + + service cvspserver + { + port = 2401 + socket_type = stream + protocol = tcp + wait = no + user = root + passenv = PATH + server = /usr/bin/cvs + server_args = -f --allow-root=/srv/cvsroot pserver + } + +# End /etc/xinetd.d/cvspserver</literal> +EOF</userinput></screen> + + <indexterm zone="cvsserver cvsserver-config"> + <primary sortas="e-etc-xinetd.d-cvspserver">/etc/xinetd.d/cvspserver</primary> + </indexterm> + + <para>Issue a <command>/etc/rc.d/init.d/xinetd reload</command> to reread + the changed <filename>xinetd.conf</filename> file.</para> + + <para>Testing anonymous access to the new repository requires an account + on another machine that can reach the CVS server via network. No account + on the CVS repository is needed. To test anonymous access to the CVS + repository, log in to another machine as an unprivileged user and execute + the following command:</para> + +<screen><userinput>cvs -d:pserver:anonymous@<replaceable><servername></replaceable>:/srv/cvsroot co cvstest</userinput></screen> + + <note> + <para>Replace <replaceable><servername></replaceable> with the + IP address or hostname of the CVS server.</para> + </note> + + </sect2> + + <sect2 role="commands"> + <title>Command Explanations</title> + + <para><command>mkdir /srv/cvsroot</command>: Create the CVS + repository directory.</para> + + <para><command>chmod 1777 /srv/cvsroot</command>: Set sticky bit + permissions for <envar>CVSROOT</envar>.</para> + + <para><command>export CVSROOT=/srv/cvsroot</command>: Specify new + <envar>CVSROOT</envar> for all <command>cvs</command> commands.</para> + + <para><command>cvs init</command>: Initialize the new CVS + repository.</para> + + <para><command>cvs import -m "repository test" cvstest vendortag + releasetag</command>: All source code modules must be imported into the + CVS repository before use, with the <command>cvs import</command> command. + The <option>-m</option> flags specifies an initial descriptive entry for + the new module. The <option>cvstest</option> parameter is the name used + for the module in all subsequent <command>cvs</command> commands. The + <option>vendortag</option> and <option>releasetag</option> parameters are + used to further identify each CVS module and are mandatory whether used + or not.</para> + + <para><command>(grep anonymous /etc/passwd || useradd anonymous -s + /bin/false -u 98)</command>: Check for an existing <systemitem + class="username">anonymous</systemitem> user and create one if not + found.</para> + + <para><command>echo anonymous: > /srv/cvsroot/CVSROOT/passwd</command>: + Add the <systemitem class="username">anonymous</systemitem> user to the + CVS passwd file, which is unused for anything else in this + configuration.</para> + + <para><command>echo anonymous > /srv/cvsroot/CVSROOT/readers</command>: + Add the <systemitem class="username">anonymous</systemitem> user to the + CVS readers file, a list of users who have read only access to the + repository.</para> + + </sect2> + + <sect2 role="content"> + <title>Contents</title> + + <segmentedlist> + <segtitle>Installed Programs</segtitle> + <segtitle>Installed Libraries</segtitle> + <segtitle>Installed Directories</segtitle> + + <seglistitem> + <seg>None</seg> + <seg>None</seg> + <seg>/srv/cvsroot</seg> + </seglistitem> + </segmentedlist> + + </sect2> + +</sect1> Modified: trunk/BOOK/general/prog/nasm.xml =================================================================== --- trunk/BOOK/general/prog/nasm.xml 2011-11-16 02:41:22 UTC (rev 8968) +++ trunk/BOOK/general/prog/nasm.xml 2011-11-16 04:12:05 UTC (rev 8969) @@ -6,10 +6,10 @@ <!ENTITY NASM-download-http "http://www.nasm.us/pub/nasm/releasebuilds/&NASM-version;/nasm-&NASM-version;.tar.bz2";> <!ENTITY NASM-download-ftp " "> - <!ENTITY NASM-md5sum "c11f083a501adae843d0bc3e7c106c73"> - <!ENTITY NASM-size "801 KB"> - <!ENTITY NASM-buildsize "25 MB (includes building and installing all docs)"> - <!ENTITY NASM-time "0.4 SBU"> + <!ENTITY NASM-md5sum "15c79dcb5838870a0fac15feb5fade66"> + <!ENTITY NASM-size "792 KB"> + <!ENTITY NASM-buildsize "17 MB" > + <!ENTITY NASM-time "0.1 SBU"> ]> <sect1 id="NASM" xreflabel="NASM-&NASM-version;"> @@ -33,7 +33,7 @@ is an 80x86 assembler designed for portability and modularity. It includes a disassembler as well.</para> - &lfs67_built; + &lfs70_checked; <bridgehead renderas="sect3">Package Information</bridgehead> <itemizedlist spacing="compact"> @@ -56,21 +56,23 @@ <para>Estimated build time: &NASM-time;</para> </listitem> </itemizedlist> -<!-- + <bridgehead renderas="sect3">Additional Downloads</bridgehead> <itemizedlist spacing="compact"> <listitem> - <para>Required patch to fix a buffer overrun vulnerability: <ulink - url="&patch-root;/nasm-&NASM-version;-security_fix-1.patch"/></para> + <para>Optional documentation: <ulink + url="http://www.nasm.us/pub/nasm/releasebuilds/&NASM-version;/nasm-&NASM-version;-xdoc.tar.bz2"/></para> </listitem> </itemizedlist> ---> + + <!-- <bridgehead renderas="sect3">NASM Dependencies</bridgehead> <bridgehead renderas="sect4">Optional (for Building Documentation)</bridgehead> <para role="optional"><xref linkend="tetex"/> or <xref linkend="texlive"/>, and - <!-- <xref linkend="espgs"/> or --><xref linkend="gs"/></para> + <xref linkend="espgs"/> or <xref linkend="gs"/></para> + --> <para condition="html" role="usernotes">User Notes: <ulink url="&blfs-wiki;/nasm"/></para> @@ -80,16 +82,24 @@ <sect2 role="installation"> <title>Installation of NASM</title> + <para>If you downloaded the optional documentation, put it into the + source tree:</para> + +<screen><userinput>pushd .. && +tar -xf nasm-&NASM-version;-xdoc.tar.bz2 && +popd</userinput></screen> + <para>Install <application>NASM</application> by running the following commands:</para> <screen><userinput>./configure --prefix=/usr && -make && -make -C rdoff/doc && +make</userinput></screen> + +<!-- make -C rdoff/doc && make -C rdoff/doc html && -makeinfo --html --no-split -o rdoff/doc/rdoff.html \ +makeinfo - -html - -no-split -o rdoff/doc/rdoff.html \ rdoff/doc/rdoff.texi && -makeinfo --plaintext -o rdoff/doc/rdoff.txt \ +makeinfo - -plaintext -o rdoff/doc/rdoff.txt \ rdoff/doc/rdoff.texi</userinput></screen> <para>To build the base <application>NASM</application> @@ -105,12 +115,26 @@ <screen><userinput>sed -i -e "s/dvips \$</& -o rdoff.ps/" rdoff/doc/Makefile && make -C rdoff/doc pdf && make -C rdoff/doc ps</userinput></screen> - +--> <para>This package does not come with a test suite.</para> <para>Now, as the <systemitem class="username">root</systemitem> user:</para> -<screen role="root"><userinput>make install install_rdf && +<screen role="root"><userinput>make install</userinput></screen> + + <para>If you downloaded the optional documentation, install it with the + following instructions as the <systemitem + class="username">root</systemitem> user:</para> + +<screen role="root"><userinput>install -m755 -d /usr/share/doc/nasm-&NASM-version;/html && +cp -v doc/html/*.html /usr/share/doc/nasm-&NASM-version;/html && +cp -v doc/*.{txt,ps,pdf} /usr/share/doc/nasm-&NASM-version; && +cp -v doc/info/* /usr/share/info && +pushd /usr/share/info && +install-info nasm.info dir && +popd</userinput></screen> + +<!-- install_rdf && install -v -m755 -d /usr/share/doc/nasm-&NASM-version;/html && install -v -m644 rdoff/doc/rdoff/* \ /usr/share/doc/nasm-&NASM-version;/html && @@ -143,7 +167,7 @@ <screen role="root"><userinput>install -v -m644 rdoff/doc/rdoff.p{df,s} \ /usr/share/doc/nasm-&NASM-version;</userinput></screen> - +--> </sect2> <sect2 role="content"> Modified: trunk/BOOK/general/prog/prog.xml =================================================================== --- trunk/BOOK/general/prog/prog.xml 2011-11-16 02:41:22 UTC (rev 8968) +++ trunk/BOOK/general/prog/prog.xml 2011-11-16 04:12:05 UTC (rev 8969) @@ -25,6 +25,7 @@ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="check.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="cmake.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="cvs.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="cvsserver.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="dejagnu.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="doxygen.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="expect.xml"/> @@ -46,6 +47,7 @@ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="python-modules.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="ruby.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="subversion.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="svnserver.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="slang.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="tcl.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="tk.xml"/> Copied: trunk/BOOK/general/prog/svnserver.xml (from rev 8929, trunk/BOOK/server/other/svnserver.xml) =================================================================== --- trunk/BOOK/general/prog/svnserver.xml (rev 0) +++ trunk/BOOK/general/prog/svnserver.xml 2011-11-16 04:12:05 UTC (rev 8969) @@ -0,0 +1,291 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ + <!ENTITY % general-entities SYSTEM "../../general.ent"> + %general-entities; +]> + +<sect1 id="svnserver" xreflabel="Running a Subversion Server"> + <?dbhtml filename="svnserver.html"?> + + <sect1info> + <othername>$LastChangedBy$</othername> + <date>$Date$</date> + </sect1info> + + <title>Running a Subversion Server</title> + + <sect2 role="package"> + <title>Running a Subversion Server</title> + + <para>This section will describe how to set up, administer and secure + a <application>Subversion</application> server.</para> + + <!-- <note> + <para>The default build instructions for + <application>Subversion</application> disabled the + <application>Berkeley DB</application> repository back-end due to the + errors encountered in the test suite while building the + <xref linkend="subversion"/> package. This should not present a + functionality issue as the FSFS repository back-end is now the default, + and recommended by the <application>Subversion</application> development + team.</para> + + <para>If you have existing repositories based on a + <application>Berkeley DB</application> back-end and you followed the + BLFS instructions for building <application>Subversion</application>, + you'll need to dump the databases, create new repositories using the + FSFS back-end, then then reload the data into the new repositories. + Instructions for performing these operations can be found at <ulink + url="http://svnbook.red-bean.com/en/1.1/ch05s03.html#svn-ch-5-sect-3.5"/>. + </para> + </note> --> + + <bridgehead renderas="sect3">Subversion Server Dependencies</bridgehead> + + <bridgehead renderas="sect4">Required</bridgehead> + <para><xref linkend="subversion"/> and + <xref linkend="openssh"/></para> + + </sect2> + + <sect2 role="configuration"> + <title>Setting up a Subversion Server.</title> + + <para>The following instructions will install a + <application>Subversion</application> server, which will be set up + to use <application>OpenSSH</application> as the secure remote access + method, with <command>svnserve</command> available for anonymous + access.</para> + + <para>Configuration of the <application>Subversion</application> server + consists of the following steps:</para> + + <sect3> + <title>1. Setup Users, Groups, and Permissions</title> + + <para>You'll need to be user + <systemitem class='username'>root</systemitem> for the initial portion of + configuration. Create the <systemitem class="username">svn</systemitem> + user and group with the following commands:</para> + +<screen role="root"><userinput>groupadd -g 56 svn && +useradd -c "SVN Owner" -d /home/svn -m -g svn -s /bin/false -u 56 svn</userinput></screen> + + <para>If you plan to have multiple repositories, you should have a + group dedicated to each repository for ease of administration. Create + the <systemitem class="groupname">svntest</systemitem> group for the test + repository and add the <systemitem class="username">svn</systemitem> + user to that group with the following commands:</para> + +<screen role="root"><userinput>groupadd -g 57 svntest && +usermod -G svntest -a svn</userinput></screen> + + <para>Additionally you should set <command>umask 002</command> while + working with a repository so that all new files will be writable by + owner and group. This is made mandatory by creating a wrapper script for + <command>svn</command> and <command>svnserve</command>:</para> + +<screen role="root"><userinput>mv /usr/bin/svn /usr/bin/svn.orig && +mv /usr/bin/svnserve /usr/bin/svnserve.orig && +cat >> /usr/bin/svn << "EOF" +<literal>#!/bin/sh +umask 002 +/usr/bin/svn.orig "$@"</literal> +EOF +cat >> /usr/bin/svnserve << "EOF" +<literal>#!/bin/sh +umask 002 +/usr/bin/svnserve.orig "$@"</literal> +EOF +chmod 0755 /usr/bin/svn{,serve}</userinput></screen> + + <note> + <para>If you use <application>Apache</application> for working with + the repository over HTTP, even for anonymous access, you should wrap + <command>/usr/sbin/httpd</command> in a similar script.</para> + </note> + + </sect3> + + <sect3> + <title>2. Create a Subversion repository.</title> + + <para>With subversion-1.1.0 and greater, a new type of repository + data-store is available, FSFS. There is a tradeoff for speed with + the new backend, however, the repository can now be placed on a + network mount, and any corruption does not require an admin to + recover the repository. For more information and comparison between + FSFS and BDB, see <ulink + url="http://svnbook.red-bean.com/svnbook-1.1/ch05.html#svn-ch-5-sect-1.2.A"/>. + </para> + + <para>Create a new <application>Subversion</application> repository with + the following commands:</para> + +<screen role="root"><userinput>install -v -m 0755 -d /srv && +install -v -m 0755 -o svn -g svn -d /srv/svn/repositories && +svnadmin create --fs-type fsfs /srv/svn/repositories/svntest</userinput></screen> + + <para>Now that the repository is created, it should be populated with + with something useful. You'll need to have a predefined directory + layout set up exactly as you want your repository to look. For + example, here is a sample BLFS layout setup with a root of + <filename>svntest/</filename>. You'll need to setup a directory + tree similar to the following:</para> + +<screen><literal> svntest/ # The name of the repository + trunk/ # Contains the existing source tree + BOOK/ + bootscripts/ + edguide/ + patches/ + scripts/ + branches/ # Needed for additional branches + tags/ # Needed for tagging release points</literal></screen> + + <para>Once you've created your directory layout as shown above, you + are ready to do the initial import:</para> + +<screen role="root"><userinput>svn import -m "Initial import." \ + <replaceable></path/to/source/tree></replaceable> \ + file:///srv/svn/repositories/svntest</userinput></screen> + + <para>Now change owner and group information on the + repository, and add an unprivileged user to the + <systemitem class="groupname">svn</systemitem> and + <systemitem class="groupname">svntest</systemitem> groups:</para> + +<screen role="root"><userinput>chown -R svn:svntest /srv/svn/repositories/svntest && +chmod -R g+w /srv/svn/repositories/svntest && +chmod g+s /srv/svn/repositories/svntest/db && +usermod -G svn,svntest -a <replaceable><username></replaceable></userinput></screen> + + <para><systemitem class="groupname">svntest</systemitem> is the group + assigned to the svntest repository. As mentioned earlier, this eases + administration of multiple repositories when using + <application>OpenSSH</application> for authentication. Going forward, + you'll need to add your unprivileged user, and any additional users that + you wish to have write access to the repository, to the + <systemitem class="groupname">svn</systemitem> and + <systemitem class="groupname">svntest</systemitem> groups.</para> + + <para>In addition, you'll notice that the new repository's + <filename>db</filename> directory is set-groupID. If the reasoning is + not immediately obvious, when using any external authentication method + (such as <command>ssh</command>), the sticky bit is set so that all + new files will be owned by the user, but group of + <systemitem class="groupname">svntest</systemitem>. Anyone in the + <systemitem class="groupname">svntest</systemitem> group can create + files, but still give the entire group write access to those + files. This avoids locking out other users from the repository.</para> + + <para>Now, return to an unprivileged user account, and take a + look at the new repository using <command>svnlook</command>:</para> + +<screen><userinput>svnlook tree /srv/svn/repositories/svntest/</userinput></screen> + + <note> + <para>You may need to log out and back in again to refresh your group + memberships. '<command>su <replaceable><username></replaceable></command>' + should work as well.</para> + </note> + + </sect3> + + <sect3> + <title>3. Configure the Server</title> + + <para>As mentioned previously, these instructions will configure the + server to use only <command>ssh</command> for write access to the + repository and to provide anonymous access using + <command>svnserve</command>. There are several other ways to provide + access to the repository. These additional configurations are best + explained at <ulink url="http://svnbook.red-bean.com/"/>.</para> + + <para>Access configuration needs to be done for each repository. + Create the <filename>svnserve.conf</filename> file for the svntest + repository using the following commands:</para> + +<screen role="root"><userinput>cp /srv/svn/repositories/svntest/conf/svnserve.conf \ + /srv/svn/repositories/svntest/conf/svnserve.conf.default && +cat > /srv/svn/repositories/svntest/conf/svnserve.conf << "EOF" +<literal>[general] +anon-access = read +auth-access = write</literal> +EOF</userinput></screen> + + <para>There is not a lot to the configuration file at all. You'll + notice that only the general section is required. Take a look at the + <filename>svnserve.conf.default</filename> file for information on using + <command>svnserve</command>'s built-in authentication method.</para> + + </sect3> + + <sect3 id="svnserver-init"> + <title>4. Starting the Server</title> + + <para>There are a couple of ways to start <command>svnserve</command>. + The most common way is to start it as an <command>inetd</command> or + <command>xinetd</command> process. Alternately, you can use a + bootscript to start the service at startup.</para> + + <note> + <para>If you do not wish to provide anonymous access to your svn + repositories or use <command>svnserve</command>'s built-in + authentication, you do not need to run + <command>svnserve</command>.</para> + </note> + + <para>If you use <command>inetd</command>, add a line to + <filename>/etc/inetd.conf</filename> using the following + commands:</para> + + <indexterm zone="svnserver svnserver-init"> + <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary> + </indexterm> + +<screen role="root"><userinput>cat >> /etc/inetd.conf << "EOF" +<literal>svn stream tcp nowait svn /usr/bin/svnserve svnserve -i</literal> +EOF</userinput></screen> + + <para>If you use <command>xinetd</command>, the following command will + create the <application>Subversion</application> server file as + <filename>/etc/xinetd.d/svn</filename>:</para> + + <indexterm zone="svnserver svnserver-init "> + <primary sortas="e-etc-xinetd.d-svn">/etc/xinetd.d/svn</primary> + </indexterm> + +<screen role="root"><userinput>cat >> /etc/xinetd.d/svn << "EOF" +<literal># Begin /etc/xinetd.d/svn + +service svn +{ + port = 3690 + socket_type = stream + protocol = tcp + wait = no + user = svn + server = /usr/bin/svnserve + server_args = -i -r /srv/svn/repositories +} + +# End /etc/xinetd.d/svn</literal> +EOF</userinput></screen> + + <para>Finally, if you wish to simply start the server at + startup, install the svn bootscript included in the + <xref linkend="bootscripts"/> package.</para> + + <indexterm zone="svnserver svnserver-init"> + <primary sortas="f-svn">svn</primary> + </indexterm> + +<screen role="root"><userinput>make install-svn</userinput></screen> + + </sect3> + + </sect2> + +</sect1> Modified: trunk/BOOK/general.ent =================================================================== --- trunk/BOOK/general.ent 2011-11-16 02:41:22 UTC (rev 8968) +++ trunk/BOOK/general.ent 2011-11-16 04:12:05 UTC (rev 8969) @@ -331,7 +331,7 @@ <!ENTITY jdk-version "6 Update 18"> <!ENTITY junit-version "4.8.1"> <!ENTITY librep-version "0.17"> -<!ENTITY NASM-version "2.09.04"> +<!ENTITY NASM-version "2.09.10"> <!ENTITY pdl-version "2.4.2"> <!ENTITY php-version "5.3.8"> <!ENTITY python2-version "2.7.2"> Modified: trunk/BOOK/introduction/welcome/changelog.xml =================================================================== --- trunk/BOOK/introduction/welcome/changelog.xml 2011-11-16 02:41:22 UTC (rev 8968) +++ trunk/BOOK/introduction/welcome/changelog.xml 2011-11-16 04:12:05 UTC (rev 8969) @@ -45,6 +45,13 @@ <para>November 15th, 2011</para> <itemizedlist> <listitem> + <para>[bdubbs] - Move the sections about running cvs and svn + servers adjacent to the cvs and svn build instructions.</para> + </listitem> + <listitem> + <para>[bdubbs] - Update to nasm-2.09.10.</para> + </listitem> + <listitem> <para>[bdubbs] - Update to shadow-4.1.4.3.</para> </listitem> <listitem> Deleted: trunk/BOOK/server/other/cvsserver.xml =================================================================== --- trunk/BOOK/server/other/cvsserver.xml 2011-11-16 02:41:22 UTC (rev 8968) +++ trunk/BOOK/server/other/cvsserver.xml 2011-11-16 04:12:05 UTC (rev 8969) @@ -1,230 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" - "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ - <!ENTITY % general-entities SYSTEM "../../general.ent"> - %general-entities; - -]> - -<sect1 id="cvsserver" xreflabel="Running a CVS Server"> - <?dbhtml filename="cvsserver.html"?> - - <sect1info> - <othername>$LastChangedBy$</othername> - <date>$Date$</date> - </sect1info> - - <title>Running a CVS Server</title> - - <sect2 role="package"> - <title>Running a CVS Server</title> - - <para>This section will describe how to set up, administer and secure - a CVS server.</para> - - <bridgehead renderas="sect3">CVS Server Dependencies</bridgehead> - - <bridgehead renderas="sect4">Required</bridgehead> - <para><xref linkend="cvs"/> and - <xref linkend="openssh"/></para> - - </sect2> - - <sect2 role="configuration"> - <title>Setting up a CVS Server.</title> - - <para>A CVS server will be set up using OpenSSH as the remote access - method. Other access methods, including :pserver: and :server: will - not be used for write access to the CVS repository. The :pserver: - method sends clear text passwords over the network and the :server: - method is not supported in all CVS ports. Instructions for anonymous, - read only CVS access using :pserver: can be found at the end of this - section.</para> - - <para>Configuration of the CVS server consists of four - steps:</para> - - <sect3> - <title>1. Create a Repository.</title> - - <para>Create a new CVS repository with the following - commands:</para> - -<screen role="root"><userinput>mkdir /srv/cvsroot && -chmod 1777 /srv/cvsroot && -export CVSROOT=/srv/cvsroot && -cvs init</userinput></screen> - - </sect3> - - <sect3> - <title>2. Import Source Code Into the Repository.</title> - - <para>Import a source module into the repository with the following - commands, issued from a user account on the same machine as the - CVS repository:</para> - -<screen><userinput>cd <replaceable><sourcedir></replaceable> && -cvs import -m "<replaceable><repository test></replaceable>" <replaceable><cvstest></replaceable> <replaceable><vendortag></replaceable> <replaceable><releasetag></replaceable></userinput></screen> - - </sect3> - - <sect3> - <title>3. Verify Local Repository Access.</title> - - <para>Test access to the CVS repository from the same user - account with the following command:</para> - -<screen><userinput>cvs co cvstest</userinput></screen> - - </sect3> - - <sect3> - <title>4. Verify Remote Repository Access.</title> - - <para>Test access to the CVS repository from a remote machine using - a user account that has <command>ssh</command> access to the CVS - server with the following commands:</para> - - <note> - <para>Replace <replaceable><servername></replaceable> with the - IP address or host name of the CVS repository machine. You will - be prompted for the user's shell account password before CVS - checkout can continue.</para> - </note> - -<screen><userinput>export CVS_RSH=/usr/bin/ssh && -cvs -d:ext:<replaceable><servername></replaceable>:/srv/cvsroot co cvstest</userinput></screen> - - </sect3> - - </sect2> - - <sect2 id='cvsserver-config' role="configuration"> - <title>Configuring CVS for Anonymous Read Only Access.</title> - - <para>CVS can be set up to allow anonymous read only access using the - :pserver: method by logging on as <systemitem class="username">root</systemitem> - and executing the following commands:</para> - -<screen role="root"><userinput>(grep anonymous /etc/passwd || useradd anonymous -s /bin/false -u 98) && -echo anonymous: > /srv/cvsroot/CVSROOT/passwd && -echo anonymous > /srv/cvsroot/CVSROOT/readers</userinput></screen> - - <para>If you use <command>inetd</command>, the following command - will add the <application>CVS</application> entry to - <filename>/etc/inetd.conf</filename>:</para> - -<screen role="root"><userinput>echo "2401 stream tcp nowait root /usr/bin/cvs cvs -f \ - --allow-root=/srv/cvsroot pserver" >> /etc/inetd.conf</userinput></screen> - - <indexterm zone="cvsserver cvsserver-config"> - <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary> - </indexterm> - - <para>Issue a <command>killall -HUP inetd</command> to reread the changed - <filename>inetd.conf</filename> file.</para> - - <para>If you use <command>xinetd</command>, the following command will create - the CVS file as <filename>/etc/xinetd.d/cvspserver</filename>:</para> - -<screen role="root"><userinput>cat >> /etc/xinetd.d/cvspserver << "EOF" -<literal># Begin /etc/xinetd.d/cvspserver - - service cvspserver - { - port = 2401 - socket_type = stream - protocol = tcp - wait = no - user = root - passenv = PATH - server = /usr/bin/cvs - server_args = -f --allow-root=/srv/cvsroot pserver - } - -# End /etc/xinetd.d/cvspserver</literal> -EOF</userinput></screen> - - <indexterm zone="cvsserver cvsserver-config"> - <primary sortas="e-etc-xinetd.d-cvspserver">/etc/xinetd.d/cvspserver</primary> - </indexterm> - - <para>Issue a <command>/etc/rc.d/init.d/xinetd reload</command> to reread - the changed <filename>xinetd.conf</filename> file.</para> - - <para>Testing anonymous access to the new repository requires an account - on another machine that can reach the CVS server via network. No account - on the CVS repository is needed. To test anonymous access to the CVS - repository, log in to another machine as an unprivileged user and execute - the following command:</para> - -<screen><userinput>cvs -d:pserver:anonymous@<replaceable><servername></replaceable>:/srv/cvsroot co cvstest</userinput></screen> - - <note> - <para>Replace <replaceable><servername></replaceable> with the - IP address or hostname of the CVS server.</para> - </note> - - </sect2> - - <sect2 role="commands"> - <title>Command Explanations</title> - - <para><command>mkdir /srv/cvsroot</command>: Create the CVS - repository directory.</para> - - <para><command>chmod 1777 /srv/cvsroot</command>: Set sticky bit - permissions for <envar>CVSROOT</envar>.</para> - - <para><command>export CVSROOT=/srv/cvsroot</command>: Specify new - <envar>CVSROOT</envar> for all <command>cvs</command> commands.</para> - - <para><command>cvs init</command>: Initialize the new CVS - repository.</para> - - <para><command>cvs import -m "repository test" cvstest vendortag - releasetag</command>: All source code modules must be imported into the - CVS repository before use, with the <command>cvs import</command> command. - The <option>-m</option> flags specifies an initial descriptive entry for - the new module. The <option>cvstest</option> parameter is the name used - for the module in all subsequent <command>cvs</command> commands. The - <option>vendortag</option> and <option>releasetag</option> parameters are - used to further identify each CVS module and are mandatory whether used - or not.</para> - - <para><command>(grep anonymous /etc/passwd || useradd anonymous -s - /bin/false -u 98)</command>: Check for an existing <systemitem - class="username">anonymous</systemitem> user and create one if not - found.</para> - - <para><command>echo anonymous: > /srv/cvsroot/CVSROOT/passwd</command>: - Add the <systemitem class="username">anonymous</systemitem> user to the - CVS passwd file, which is unused for anything else in this - configuration.</para> - - <para><command>echo anonymous > /srv/cvsroot/CVSROOT/readers</command>: - Add the <systemitem class="username">anonymous</systemitem> user to the - CVS readers file, a list of users who have read only access to the - repository.</para> - - </sect2> - - <sect2 role="content"> - <title>Contents</title> - - <segmentedlist> - <segtitle>Installed Programs</segtitle> - <segtitle>Installed Libraries</segtitle> - <segtitle>Installed Directories</segtitle> - - <seglistitem> - <seg>None</seg> - <seg>None</seg> - <seg>/srv/cvsroot</seg> - </seglistitem> - </segmentedlist> - - </sect2> - -</sect1> Modified: trunk/BOOK/server/other/other.xml =================================================================== --- trunk/BOOK/server/other/other.xml 2011-11-16 02:41:22 UTC (rev 8968) +++ trunk/BOOK/server/other/other.xml 2011-11-16 04:12:05 UTC (rev 8969) @@ -28,7 +28,7 @@ <!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="rsync.xml"/> --> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="virtuoso.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="soprano.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="cvsserver.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="svnserver.xml"/> +<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="cvsserver.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="svnserver.xml"/> --> </chapter> Deleted: trunk/BOOK/server/other/svnserver.xml =================================================================== --- trunk/BOOK/server/other/svnserver.xml 2011-11-16 02:41:22 UTC (rev 8968) +++ trunk/BOOK/server/other/svnserver.xml 2011-11-16 04:12:05 UTC (rev 8969) @@ -1,291 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" - "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ - <!ENTITY % general-entities SYSTEM "../../general.ent"> - %general-entities; -]> - -<sect1 id="svnserver" xreflabel="Running a Subversion Server"> - <?dbhtml filename="svnserver.html"?> - - <sect1info> - <othername>$LastChangedBy$</othername> - <date>$Date$</date> - </sect1info> - - <title>Running a Subversion Server</title> - - <sect2 role="package"> - <title>Running a Subversion Server</title> - - <para>This section will describe how to set up, administer and secure - a <application>Subversion</application> server.</para> - - <!-- <note> - <para>The default build instructions for - <application>Subversion</application> disabled the - <application>Berkeley DB</application> repository back-end due to the - errors encountered in the test suite while building the - <xref linkend="subversion"/> package. This should not present a - functionality issue as the FSFS repository back-end is now the default, - and recommended by the <application>Subversion</application> development - team.</para> - - <para>If you have existing repositories based on a - <application>Berkeley DB</application> back-end and you followed the - BLFS instructions for building <application>Subversion</application>, - you'll need to dump the databases, create new repositories using the - FSFS back-end, then then reload the data into the new repositories. - Instructions for performing these operations can be found at <ulink - url="http://svnbook.red-bean.com/en/1.1/ch05s03.html#svn-ch-5-sect-3.5"/>. - </para> - </note> --> - - <bridgehead renderas="sect3">Subversion Server Dependencies</bridgehead> - - <bridgehead renderas="sect4">Required</bridgehead> - <para><xref linkend="subversion"/> and - <xref linkend="openssh"/></para> - - </sect2> - - <sect2 role="configuration"> - <title>Setting up a Subversion Server.</title> - - <para>The following instructions will install a - <application>Subversion</application> server, which will be set up - to use <application>OpenSSH</application> as the secure remote access - method, with <command>svnserve</command> available for anonymous - access.</para> - - <para>Configuration of the <application>Subversion</application> server - consists of the following steps:</para> - - <sect3> - <title>1. Setup Users, Groups, and Permissions</title> - - <para>You'll need to be user - <systemitem class='username'>root</systemitem> for the initial portion of - configuration. Create the <systemitem class="username">svn</systemitem> - user and group with the following commands:</para> - -<screen role="root"><userinput>groupadd -g 56 svn && -useradd -c "SVN Owner" -d /home/svn -m -g svn -s /bin/false -u 56 svn</userinput></screen> - - <para>If you plan to have multiple repositories, you should have a - group dedicated to each repository for ease of administration. Create - the <systemitem class="groupname">svntest</systemitem> group for the test - repository and add the <systemitem class="username">svn</systemitem> - user to that group with the following commands:</para> - -<screen role="root"><userinput>groupadd -g 57 svntest && -usermod -G svntest -a svn</userinput></screen> - - <para>Additionally you should set <command>umask 002</command> while - working with a repository so that all new files will be writable by - owner and group. This is made mandatory by creating a wrapper script for - <command>svn</command> and <command>svnserve</command>:</para> - -<screen role="root"><userinput>mv /usr/bin/svn /usr/bin/svn.orig && -mv /usr/bin/svnserve /usr/bin/svnserve.orig && -cat >> /usr/bin/svn << "EOF" -<literal>#!/bin/sh -umask 002 -/usr/bin/svn.orig "$@"</literal> -EOF -cat >> /usr/bin/svnserve << "EOF" -<literal>#!/bin/sh -umask 002 -/usr/bin/svnserve.orig "$@"</literal> -EOF -chmod 0755 /usr/bin/svn{,serve}</userinput></screen> - - <note> - <para>If you use <application>Apache</application> for working with - the repository over HTTP, even for anonymous access, you should wrap - <command>/usr/sbin/httpd</command> in a similar script.</para> - </note> - - </sect3> - - <sect3> - <title>2. Create a Subversion repository.</title> - - <para>With subversion-1.1.0 and greater, a new type of repository - data-store is available, FSFS. There is a tradeoff for speed with - the new backend, however, the repository can now be placed on a - network mount, and any corruption does not require an admin to - recover the repository. For more information and comparison between - FSFS and BDB, see <ulink - url="http://svnbook.red-bean.com/svnbook-1.1/ch05.html#svn-ch-5-sect-1.2.A"/>. - </para> - - <para>Create a new <application>Subversion</application> repository with - the following commands:</para> - -<screen role="root"><userinput>install -v -m 0755 -d /srv && -install -v -m 0755 -o svn -g svn -d /srv/svn/repositories && -svnadmin create --fs-type fsfs /srv/svn/repositories/svntest</userinput></screen> - - <para>Now that the repository is created, it should be populated with - with something useful. You'll need to have a predefined directory - layout set up exactly as you want your repository to look. For - example, here is a sample BLFS layout setup with a root of - <filename>svntest/</filename>. You'll need to setup a directory - tree similar to the following:</para> - -<screen><literal> svntest/ # The name of the repository - trunk/ # Contains the existing source tree - BOOK/ - bootscripts/ - edguide/ - patches/ - scripts/ - branches/ # Needed for additional branches - tags/ # Needed for tagging release points</literal></screen> - - <para>Once you've created your directory layout as shown above, you - are ready to do the initial import:</para> - -<screen role="root"><userinput>svn import -m "Initial import." \ - <replaceable></path/to/source/tree></replaceable> \ - file:///srv/svn/repositories/svntest</userinput></screen> - - <para>Now change owner and group information on the - repository, and add an unprivileged user to the - <systemitem class="groupname">svn</systemitem> and - <systemitem class="groupname">svntest</systemitem> groups:</para> - -<screen role="root"><userinput>chown -R svn:svntest /srv/svn/repositories/svntest && -chmod -R g+w /srv/svn/repositories/svntest && -chmod g+s /srv/svn/repositories/svntest/db && -usermod -G svn,svntest -a <replaceable><username></replaceable></userinput></screen> - - <para><systemitem class="groupname">svntest</systemitem> is the group - assigned to the svntest repository. As mentioned earlier, this eases - administration of multiple repositories when using - <application>OpenSSH</application> for authentication. Going forward, - you'll need to add your unprivileged user, and any additional users that - you wish to have write access to the repository, to the - <systemitem class="groupname">svn</systemitem> and - <systemitem class="groupname">svntest</systemitem> groups.</para> - - <para>In addition, you'll notice that the new repository's - <filename>db</filename> directory is set-groupID. If the reasoning is - not immediately obvious, when using any external authentication method - (such as <command>ssh</command>), the sticky bit is set so that all - new files will be owned by the user, but group of - <systemitem class="groupname">svntest</systemitem>. Anyone in the - <systemitem class="groupname">svntest</systemitem> group can create - files, but still give the entire group write access to those - files. This avoids locking out other users from the repository.</para> - - <para>Now, return to an unprivileged user account, and take a - look at the new repository using <command>svnlook</command>:</para> - -<screen><userinput>svnlook tree /srv/svn/repositories/svntest/</userinput></screen> - - <note> - <para>You may need to log out and back in again to refresh your group - memberships. '<command>su <replaceable><username></replaceable></command>' - should work as well.</para> - </note> - - </sect3> - - <sect3> - <title>3. Configure the Server</title> - - <para>As mentioned previously, these instructions will configure the - server to use only <command>ssh</command> for write access to the - repository and to provide anonymous access using - <command>svnserve</command>. There are several other ways to provide - access to the repository. These additional configurations are best - explained at <ulink url="http://svnbook.red-bean.com/"/>.</para> - - <para>Access configuration needs to be done for each repository. - Create the <filename>svnserve.conf</filename> file for the svntest - repository using the following commands:</para> - -<screen role="root"><userinput>cp /srv/svn/repositories/svntest/conf/svnserve.conf \ - /srv/svn/repositories/svntest/conf/svnserve.conf.default && -cat > /srv/svn/repositories/svntest/conf/svnserve.conf << "EOF" -<literal>[general] -anon-access = read -auth-access = write</literal> -EOF</userinput></screen> - - <para>There is not a lot to the configuration file at all. You'll - notice that only the general section is required. Take a look at the - <filename>svnserve.conf.default</filename> file for information on using - <command>svnserve</command>'s built-in authentication method.</para> - - </sect3> - - <sect3 id="svnserver-init"> - <title>4. Starting the Server</title> - - <para>There are a couple of ways to start <command>svnserve</command>. - The most common way is to start it as an <command>inetd</command> or - <command>xinetd</command> process. Alternately, you can use a - bootscript to start the service at startup.</para> - - <note> - <para>If you do not wish to provide anonymous access to your svn - repositories or use <command>svnserve</command>'s built-in - authentication, you do not need to run - <command>svnserve</command>.</para> - </note> - - <para>If you use <command>inetd</command>, add a line to - <filename>/etc/inetd.conf</filename> using the following - commands:</para> - - <indexterm zone="svnserver svnserver-init"> - <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary> - </indexterm> - -<screen role="root"><userinput>cat >> /etc/inetd.conf << "EOF" -<literal>svn stream tcp nowait svn /usr/bin/svnserve svnserve -i</literal> -EOF</userinput></screen> - - <para>If you use <command>xinetd</command>, the following command will - create the <application>Subversion</application> server file as - <filename>/etc/xinetd.d/svn</filename>:</para> - - <indexterm zone="svnserver svnserver-init "> - <primary sortas="e-etc-xinetd.d-svn">/etc/xinetd.d/svn</primary> - </indexterm> - -<screen role="root"><userinput>cat >> /etc/xinetd.d/svn << "EOF" -<literal># Begin /etc/xinetd.d/svn - -service svn -{ - port = 3690 - socket_type = stream - protocol = tcp - wait = no - user = svn - server = /usr/bin/svnserve - server_args = -i -r /srv/svn/repositories -} - -# End /etc/xinetd.d/svn</literal> -EOF</userinput></screen> - - <para>Finally, if you wish to simply start the server at - startup, install the svn bootscript included in the - <xref linkend="bootscripts"/> package.</para> - - <indexterm zone="svnserver svnserver-init"> - <primary sortas="f-svn">svn</primary> - </indexterm> - -<screen role="root"><userinput>make install-svn</userinput></screen> - - </sect3> - - </sect2> - -</sect1> -- http://linuxfromscratch.org/mailman/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
