[fossil-users] AIX 7.1
On AIX 7.1, I get the following SQLite error on a open (jfs2 file system): /usr/local/bin/fossil: SQLITE_IOERR: os_unix.c:28318: (9) fsync(/home/ username/directory/project.fossil-mj40184C909) - Bad file number /usr/local/bin/fossil: disk I/O error: {COMMIT} My first thought was to try with an externally built SQLite, but I can't figure out the ./configure logic for that. Here are the 3 things I tried: PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/ ./configure --disable-internal- sqlite CFLAGS=-I/usr/local/include LDFLAGS=--L/usr/local/lib -lsqlite3 ./ configure --disable-internal-sqlite ./configure --CFLAGS=-I/usr/local/include --LDFLAGS=-L/usr/local/lib - lsqlite3 ./configure --disable-internal-sqlite My work around has been a kludge with running fossil on a Linux system with sshfs + symlinks, but maybe there a chance this is fixed, and I'm doing it wrong. -- C. Thomas Stover www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] AIX 7.1
On Mon, 25 Mar 2013 12:40:39 -0400, Richard Hipp wrote: On Mon, Mar 25, 2013 at 12:30 PM, C. Thomas Stover On AIX 7.1, I get the following SQLite error on a open (jfs2 file system): /usr/local/bin/fossil: SQLITE_IOERR: os_unix.c:28318: (9) fsync(/home/ username/directory/project.fossil-mj40184C909) - Bad file number /usr/local/bin/fossil: disk I/O error: {COMMIT} Please recompile with -DSQLITE_DISABLE_DIRSYNC and see if that doesn't fix it. That seems to have fixed it. Thanks much. -- C. Thomas Stover www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] AIX 7.1
On Mon, 25 Mar 2013 13:15:17 -0400, Richard Hipp wrote: Is there a predefined macro for AIX that we can use to make this setting automatic? Something like #ifdef __aix__? This is all new territory for me. My aim is to add portability to some of my own projects, so I'll be looking. This page might be accurate: http://nadeausoftware.com/articles/2012/01/ c_c_tip_how_use_compiler_predefined_macros_detect_operating_system will test... ..ok tested === aixtest.c #include stdio.h int main(void) { #if defined(_AIX) printf(this should be AIX\n); #else printf(probably not compiled on AIX\n); #endif return 0; } = gcc aixtest.c ./a.out this should be AIX xlc aixtest.c ./a.out this should be AIX On the other hand this may be more of a file system specific issue rather than an OS specific one. I would say just doing the above test would be perfectly acceptable. -- C. Thomas Stover www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] source viewing code
I wanted to take a look at the code that renders files for the web interface. Can anyone point me in the right direction? Is it using the vfile stuff to put a temp file on disk and then going with the browse code, or is there something that prints out a blob somewhere? Ultimately, I wanted to see how feasible it would be to use some server side code for syntax highlighting. -- C. Thomas Stover www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] source viewing code
On Thu, 21 Mar 2013 17:49:38 +0100, Stephan Beal wrote: The easiest way to found that sort of thing in fossil is to look at the URL you are wanting to explore, e.g. /timeline and then run, from the command line, something like: stephan@tiny:~/cvs/fossil/fossil/src$ grep 'WEBPAGE: timeline' *.c great. that works well. I also never thought of that use case for grep. Next any tips for adding new themeable fields in the style sheet logic? For instance, the thing I'm working on references css stuff like: .c_keyword { color: red; } I'll report back soon with hopefully something worth showing. I'm working on a home grown document generation tool, which lead me to a syntax highlighting facility. I wanted to make sure I didn't forget to have some possibility of using that one piece from inside fossil. The larger project is a ways off, but that portion of it is nearly presentable. (Lastly as a side note, my apologies if this reply comes in crazy. I have set all my mailman mailing list that I'm a subscriber of to vacation mode, and have been using Pan (a gtk newsreader) with gmane exclusively for days. This is my first test replying to a thread from the newsreader side.) -- C. Thomas Stover www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Fossil on Windows NT 4.0
On Sat, 26 Jan 2013 19:04:26 -0800 Edward Berner e...@bernerfam.com wrote: Yes, I use Fossil on Windows NT 4.0... ... ... The attached patch modifies winhttp.c to load the offending functions at run time and only call them if they actually exist. Bravo! Someone get that man a sandwich. Drop me line off list some day about retro-computing. -- C. Thomas Stover www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] some questions about fossil-as-document-repo
On Thu, 17 Jan 2013 07:55:09 -0600 Carson Chittom car...@wistly.net wrote: C. Thomas Stover c...@thomasstover.com writes: Well if hardcopy means scanned paper (no ocr) then it sounds like a very large binary file set. I'm showing my ignorance, but does OCR matter in this case? We already have OCR capabilities, and I had intended to scan in the documents using it--because, why not, if you can? I didn't think to mention it in my original post to the list because I didn't think it would change the average file size significantly. Well think about like this. In order to get a good enough detail for most purposes, these document scanners have somewhere around 600x600dpi resolution. At first you might think monochrome would work great (and it is still used sometimes with very high res modes), but in practice gray scale (or color) is really needed for handwriting, old paper, charts, and all sorts of applications. So the uncompressed bitmap for a single page can be quite big. So what about image/raster data compression? Well you either have loss-less (PNG) which works great for rendered vector graphics (diagrams, screen shots, etc), or loss-y (JPEG) which uses the characteristics of they way human vision processes colors to really work great for photographs. Neither one of these work that good for generic pieces of paper. What ends up happening is people just do an image resize to a smaller resolution, which (especially for handwriting) can be self defeating. On the other hand think how much space it takes for a page of UTF-8 text. Not much. So perfect OCR (which is a virtual impossibility) would take a 10+mb bitmap and convert it into a 2k text file. The solution today's technology uses is by using a container format like PDF where both images and text can be stored, the scanner software/firmware will OCR what it can and then mix that with little cropped images. This of course leads to the your mileage may very file sizes. -- C. Thomas Stover www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] some questions about fossil-as-document-repo
On Thu, 17 Jan 2013 19:48:20 +0100 Stephan Beal sgb...@googlemail.com wrote: FWIW: if the documents are having to be archived for legal reasons then the OCR versions are essentially only useful for convenience in searching, and not for legal purposes. that's good information to know On Thu, 17 Jan 2013 19:51:58 +0100 j. van den hoff veedeeh...@googlemail.com wrote: just my 2c: there's also djvu http://djvu.org/ which provides astonishingly good compression for scanned documents, separation of layers, OCR etc. always good to find new things otherwise I don't think that a SCM is really the suitable tool for your intended purpose (which I perceive as maintaining/backing up a list of versioned binary files): all SCMs that I know are not really good at handling big binary data sets (and delta-compression sure will not work that great...). so the repo will get real big in no time yep. I've tried this a number of ways with photos, and it just didn't work out. Although I have stored large number of mostly text-based pdf's in scm before for lack of better tool, and it wasn't the end of the world. Someday someone will create a tool to fill in the gap. Sort of a DVCS style metadata logging and control facility to a rsync style technology. Kind of like some of the interpretations of distributed file system back in the plan 9 lineage of thought for instance. C. Thomas Stover www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] some questions about fossil-as-document-repo
On Wed, 16 Jan 2013 16:11:49 -0600 Carson Chittom car...@wistly.net wrote: Yes, basically, it's the probably should save for later need--mostly for legal reasons. Currently all this is in hardcopy, as I mentioned, the volume of which has reached such a level as to be simply impenetrable; part of the reason for putting them as images into a repository is simply to organize them. Well if hardcopy means scanned paper (no ocr) then it sounds like a very large binary file set. That sort of thing quickly gets up larger than most photo collections. The logic of the concept is sound. Report back on how it goes in practice. -- C. Thomas Stover www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] applied DVCS for collaborative work - on the fossil project itself, or otherwise
On Thu, 13 Dec 2012 09:27:03 -0700 Matt Welland estifo...@gmail.com wrote: One partial solution available today is to use http://chiselapp.com. Simply use their clone repo feature with regular pull. What exactly does that do over a regular clone pull? -- www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] pushing only specific branches to specific servers?
Actually it turns out I can do what I want the existing private branch feature. I noticed that on --push, --pull, and --clone there is a --private option that says to include private branches. So to use my earlier example, branch would be private, and pushes to sever1 would use the --private option. -- C. Thomas Stover Stover Enterprises, LLC ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] applied DVCS for collaborative work - on the fossil project itself, or otherwise
blabbing I have made some great progress on my continuing quest for fire with Fossil yesterday and today. In this episode, my juggling of over-committed time cycled back around to answering questions about branching and merging in the context of various development models using Fossil. In no way am I ashamed to say this this entire area (not just with Fossil) can be exceedingly complex, and really can make an old dog feel incapable of learning new tricks. Chin up, and persevere. For all the playing around with it is very much worth the headaches. The DVCS model(s) really are powerful time amplifying tools, of which Fossil clearly is the least nonsense, most purposeful winner. /blabbing For example, to experiment with some private changes to an actively developed codebase within a publicly cloneable Fossil project, one simply (honoring licenses, etc): 1. clones it 2. makes a branch 3. hacks 4. occasionally --pull from the official project; and merge with trunk 5. optionally publicly host this repository Now for some questions and observations... If the official project maintainers would like to bring in this branch onto their own Fossil server (either to simply host it, or to attempt a merge) they can do so with a --pull. However this currently would have the consequence of the all or nothing (wiki pages, other branches, tickets) behavior. Even so, having Fossil display and generate diffs so as to allow the changes of choice to be visualized and read clearly before being patched into a forked version (official or otherwise) is still about 1000:1 sanity improvement over emailing diff attachments. A project using Fossil may host some code with a F/OSS license of some kind, but it may or may not have as copyright holders granted the right to re-host things like wiki pages. So this detail would need to be considered before hosting a clone of someone else's project. Again some type of clone/push/pull granularity might be useful to avoid a legal, courtesy, or outright malicious incident. Consider the case of a new user who wants to try out your project. So they google your project name. The user unknowingly ends up at the site of some kid who had no intention infringing on your trademark, but was instead simply trying to give back their hack, for say - GPL compliance. (contrived, but you get the point) In the case of the Fossil project specifically, what sort of steps would make it ok to say hey folks check out fossil hack, it's up on a cloned repo at url abc. Even if one was in the position of a regular contributor, they still might want to do something like this as sort of a public private branch in between contribution worthy revisions. -- C. Thomas Stover Stover Enterprises, LLC ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] pushing only specific branches to specific servers?
Is there some way to push just a specific branch to a server other than the private branch feature? For example branch A and B are both stored locally, and are both pushed to server 1, yet only branch B is pushed to server 2. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Using fossil as CMS
On Mon, 26 Nov 2012 16:06:31 +0200 Zeev Pekar z.pe...@gmail.com wrote: Hi, I'm considering droping Drupal and move to using fossil also as a CMS. I've done some experimenting with this idea. In my mind the jury is still out. One problem is images. Most browsers will make potentially many simultaneous connections to fetch all the images on a page at the same time (think: often images/adds are actually on different severs anyway). Where as a normally loaded fossil site might not get hit with problems relating to sqlite database lock contention, this scenario I found could. One work around is storing images not in the scm files, but passing through with the doc hosting mechanism. Storing a static site in fossil scm of course works - i.e. exporting the files to a server root. So maybe there is good strategy to run a script to export files from the scm database to a doc folder or something. -- C. Thomas Stover Stover Enterprises, LLC ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] SSH url concept question
On Sunday, October 7, 2012 6:28pm, Richard Hipp d...@sqlite.org said: No password is required to access the repository on the remote end. Because you are accessing it locally, you have complete administrator/setup rights. It will let you do anything. Permissions do not matter. Ok, great! Still trying to get it working though... When I run fossil clone with a ssh url, I am prompted for as password. This shouldn't be the ssh program since, passwordless key pair auth is functioning. So is it fossil? Is it asking for the ssh password, the remote repository password, or maybe a new password for the cloned repository? I've tried everything. I'm using the latest source tarball. Is there a way to specify, or to know what command it is trying to run on the remote computer? Maybe that is the problem. I get fossil: ssh connection failed: [You are connecting via SSH.] Before I upgraded I got stdin: is not a tty. ssh logs confirm login was successful. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] SSH url concept question
I figured it out. I had to hack the source a little. I'll be back with some sort of coherent response ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] suggested modifications to ssh code
I'm going to have to call it a day, but this is good enough to communicate my points (I hope). The ssh transport does not run fossil as a remote command via the invocation of ssh (as in ssh -l user -p port host 'fossil parameters'). Instead it uses ssh to log into the shell, then from there runs fossil. Before doing that it runs the command echo test to see if in fact the string test comes back as expected. There are some issues with this not working if the welcome text or shell prompt output being more or different than expected. The diffs below fixed that for me at least. The next thing is that on linux/posix systems fossil using the ssh transport has the opportunity to feature something that to my knowledge no other SCM does. Because fossil already has a built in user access control scheme, with minimal modification, can support a SETUID based security model. For example, let us say that we create the example repository alpha. Then we: -create a dedicated user account on the host system for the project administrator of alpha, say alpha-adm -make a copy of the fossil binary for just the use of project alpha, ie fossil-alpha. change the owner of this copy to alpha-adm, and turn on the set-uid bit. -add a column in the user table of the project file to hold a numerical posix user id, i.e. sqlite alter table user add column posix_uid int; (using the integer version lets us skip the task of dealing with different id to name resolution schemes) -for local host operating system users that we to give some *controlled* level of access to, we add them a regular fossil user account. Fossil remains in control of the level of access said user will have. Say user bob. -we add the posix user id for bob to the before mentioned column: sqlite update user set posix_uid=12345678 where uid = 1; -Bob has no file permission to read or write to the fossil project database on the host system. -bob then wants to access project alpha via ssh. He configures the server side fossil command to the project specific fossil binary, which is set to always run with an effective user id of alpha-adm which does have file permission to the database. -As part of his command line / environment bob sets the REMOTE_USER variable to bob. In the diffs below, the local fossil command when using ssh mode, checks to see if that variable is present in the environment. If so, it will use the export command to set that variable on the remote host just before running the special set-uid fossil. i.e. REMOTE_USER=bob fossil clone ssh://bob:*@host//path/to/repo?fossil=fossil-alpha local-repo-name.fossil -Also in the diffs the normal no login card code path for ssh is bypassed if this environment variable is present. -Next in the diffs, the server side instance of fossil overides the normal localauth code path when REMOTE_USER is present. Then if the real user id (the one the host operating system / ssh server has already authenticated bob as) matches the one in the posix_uid column for that REMOTE_USER, then bob is good to go as the internal fossil user bob. -Bob can still have a password for use with web access. -Now we can have multi-user fined-grained access, with all the features of the http(s) model with 100% ssh based authentication. Let me know if I screwed this diff thing up. (modifications to 3 files) No doubt numerous problems exist with the below over-coffeed proof of concept. = $ diff -u fossil-src-20120808112557/src/login.c fossil-src-modified/src/login.c --- fossil-src-20120808112557/src/login.c 2012-08-08 06:49:21.0 -0500 +++ fossil-src-modified/src/login.c 2012-10-09 19:02:24.366460497 -0500 @@ -387,6 +387,7 @@ */ static int isHuman(const char *zAgent){ int i; + if( zAgent==0 ) return 0; /* If not UserAgent, then probably a bot */ for(i=0; zAgent[i]; i++){ if( prefix_match(bot, zAgent+i) ) return 0; @@ -743,6 +744,7 @@ const char *zCookie, /* Login cookie value */ const char *zRemoteAddr/* Abbreviated IP address for valid login */ ){ + int uid; if( fossil_strcmp(zLogin, anonymous)==0 ) return 0; if( fossil_strcmp(zLogin, nobody)==0 ) return 0; @@ -776,6 +778,7 @@ char *zRemoteAddr;/* Abbreviated IP address of the requestor */ const char *zCap = 0; /* Capability string */ const char *zPublicPages = 0; /* GLOB patterns of public pages */ + const char *zRemoteUser = P(REMOTE_USER); /* Only run this check once. */ if( g.userUid!=0 ) return; @@ -795,6 +798,7 @@ g.useLocalauth db_get_int(localauth,0)==0 P(HTTPS)==0 +(zRemoteUser == NULL) ){ uid = db_int(0, SELECT uid FROM user WHERE cap LIKE '%%s%%'); g.zLogin = db_text(?, SELECT login FROM user WHERE uid=%d, uid); @@ -863,13 +867,28 @@ ** then accept the value of REMOTE_USER as the user. */ if( uid==0 ){ -const char *zRemoteUser = P(REMOTE_USER);
[fossil-users] SSH url concept question
I'm looking for the web page / archived email thread / source file / person who could clear this up. From what I can piece together the ssh transport, at a minimum, can be used to substitute a regular sshd setup for a http/https server in the role of a *transport*. For instance: thomas@netbook:~$ ssh 127.0.0.1 Linux netbook 2.6.32-5-686 #1 SMP Sun May 6 04:01:19 UTC 2012 i686 ... Last login: Sat Oct 6 12:42:43 2012 from localhost thomas@netbook:~$ logout Connection to 127.0.0.1 closed. thomas@netbook:~$ mkdir fossil-test thomas@netbook:~$ cd fossil-test/ thomas@netbook:~/fossil-test$ fossil init test.fossil project-id: 552443d800c3b059410a94af195981035f001bdb server-id: d3116e43357b61e4f51e88b2622087c88416cc74 admin-user: thomas (initial password is a7ed20) thomas@netbook:~/fossil-test$ fossil clone ssh://thomas@127.0.0.1/home/thomas/fossil-test/test.fossil test-cloned.fossil password for thomas: ssh -e none -T thomas@127.0.0.1 fossil: ssh connection failed: ... thomas@netbook:~/fossil-test$ Is there also a technique to then tell the instance of fossil on the server to use some arbitrary internal fossil user for the connection regardless of passwords? Similar to a fossil ui in the sense that administrative ownership of the database is ultimately enforced by file permissions / host environment. and yes clearly this would be the same level of security as a single shared user. although that bridge is already crossed by giving access to a shell account with write permission anyway. www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] not saving password on clients during clone update operations
Well, I really thought I was doing this at one point, but I can't seem to find out how anymore. How do I tell fossil to just prompt me for a password every time instead of saving it on a slightly-untrustworthy computer? -- www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] manifest file is malformed - one cause explained
On Monday, July 9, 2012 12:51pm, Stephan Beal sgb...@googlemail.com said: Are you sure this has to do with absolute file names? We had a bug a week or two ago with a malformed manifest, and you might be seeing that. Can you try this with the latest version, and paste in any error messages? No I'm not sure. That was just one guess I had since the problem went away when I made the directory names the same as on the source computer. Hopefully later today / early tomorrow I'll get a chance to get you guys something more to go on. I'll try the latest source on it also. www.thomasstover.com___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] manifest file is malformed - one cause explained
Forgoing the sordid tale of why I had to do this, to commit changes from a laptop, I had to copy my fossil project directories over to another computer with functioning internet connectivity. Once there, I tried a fossil commit only to be hit with a manifest file is malformed error. Some searching yielded some talk on the list about some mysteries about the error in the past. In my case the problem was apparently that fossil was storing absolute file names, which were now different. So even though I didn't rename any of my project files, fossil was afraid that it had lost track of a rename or something to that effect. The solution was to mangle directory names around until the project was using the same absolute file names that existed on the laptop. Hey at least it's not like the time I opened the gates of hell with a similar stunt involving linux - windows raw directory copies with svn. -- www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] fossil hosting althttpd xinetd stunnel IPv6
Being IPv6 world launch day[1], I thought I would share some quick config file lines that seemed to have taken an inordinate amount of time to arrive at. I'm on debian 6, which is important because from searching one can see that behavior moderately platform dependent, and documentation is in some cases flat wrong. Anyway for xinetd this is what I now have for /etc/xinetd.d/www service www { flags = IPv4 socket_type = stream wait= no user= root server = /usr/local/bin/althttpd server_args = -logfile althttpd.log -root /var/repositories -user www-data } service www { bind= 2600:3c02::f03c:91ff:fedf:a5ba flags = IPv6 socket_type = stream wait= no user= root server = /usr/local/bin/althttpd server_args = -logfile althttpd.log -root /var/repositories -user www-data } So yes it takes 2 entries. The magic logic is that ipv4 bind-all 0.0.0.0 sometimes conflicts with the ipv6 bind-all, causing bind() to fail with address already in use (even though that is not exactly the case) - unless one or both of the listings explicitly specifies a bind address. In the above example, the ipv4 socket is bind-all and the ipv6 socket is bound the global ipv6 address. Now for stunnel: [https] accept = atlanta1.stoverenterprises.com:443 TIMEOUTclose = 0 exec = /usr/local/bin/althttpd execargs = /usr/local/bin/althttpd -logfile althttpd.log -root /var/repositories -user www-data -https 1 [httpsv4] accept = 66.228.62.210:443 TIMEOUTclose = 0 exec = /usr/local/bin/althttpd execargs = /usr/local/bin/althttpd -logfile althttpd.log -root /var/repositories -user www-data -https 1 Again two entries required. The [section names] have nothing to do with entries in /etc/services like xinetd, and are just labels. They must be unique though. Similar kong fu as above, exept for extra fun stunnel wont parse ipv6 address. It will however resolve names in /etc/hosts. Now I still can't say why, but if you put the ipv6 entry first - then at least on this platform you get a socket bound just to that ipv6 address for the host name. Then just put the ipv4 next, and don't use the bind-all address. The stunnel docs are more vague since the ipv6 example it shows is for a port forward, not a exec handler. So in conclusion, for those you on linode and other hosting providers ISPs with ipv6 - add those DNS records and tweak those config files! [1]http://www.google.com/url?sa=trct=jq=ipv6%20launch%20daysource=webcd=1ved=0CF4QFjAAurl=http%3A%2F%2Fwww.worldipv6launch.org%2Fei=56XPT-fkFerb0QHMo-GQCAusg=AFQjCNHpsDXQ-_c7lT6obm2BA8QMYdbocQcad=rja -- www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] althttpd.c apache log analyzers
On Wed, 30 May 2012 18:14:54 -0400 Richard Hipp wrote: Can you send the output of diff -u please? I can't quite figure out how to apply the diff below. See if that works. Admittedly I never use diff. --- src/althttpd.c 2011-12-28 15:42:28.0 -0500 +++ althttpd.c 2012-05-30 17:49:59.0 -0400 @@ -205,6 +205,11 @@ rScale = 1.0/(double)sysconf(_SC_CLK_TCK); chdir((zRoot zRoot[0]) ? zRoot : /); if( (log = fopen(zLogFile,a))!=0 ){ +#ifdef COMMON_LOG_FORMAT + fprintf(log, %s - - [%s +] \GET %s HTTP/1.0\ %d %d \%s\ \%s\, + zRemoteAddr, zDate, zScript, zReplyStatus, nOut, zReferer, zAgent); + +#else fprintf(log, %s %s %s://%s%s %s %s %d %d %g %g %g %g %d %d %s %s\n, zDate, zRemoteAddr, zHttp, zHttpHost, zScript, zReferer, zReplyStatus, nIn, nOut, @@ -213,8 +218,8 @@ rScale*sTms.tms_cutime, rScale*sTms.tms_cstime, (int)(now - beginTime), - nRequest, zAgent, zRM - ); + nRequest, zAgent, zRM); +#endif fclose(log); nIn = nOut = 0; } -- www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] althttpd.c apache log analyzers
On Wed, 30 May 2012 20:19:55 -0400 James Turner wrote: On Wed, May 30, 2012 at 08:09:54PM -0400, Richard Hipp wrote: But now I see that the patch is not quite right: it is also missing a \n (1) You always use GET instead of the value in the zMethod variable (2) You always use HTTP/1.0 instead of the value in zProtocol will fix (3) The date format is wrong just use TZ's locale? (4) You append two extra fields not mentioned in the wikipedia documentation on the Common Log Format The diff is actually for what apache calls the combined log format which includes the referer and user-agent at the end. All I was doing was just trying to imitate the log format of boa, which I knew was working for my purposes. I had wondered about the discrepancy though. http://www.boa.org/ I'll iron it out, just after I figure out why it wont work with some of my jpg files... --- www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Security of Fossil
On Thu, 31 May 2012 12:00:48 +1000 Chen, Zon wrote: - By default, there doesn't seem to be a feature to stop brute-force attacks on passwords, like a max-number-of-invalid-logins thing. Are there ways to protect our user accounts from such attacks? TLS/SSL (https) is the first step towards protecting password security in all matters www. Even though this would be on top of the measures fossil is taking to not send a password in clear text over the wire. I think stunnel works on windows. Good question about the max number of login attempts. - It would also be good to be able to limit Administrator access to only the local PC or local LAN, is there a way to do this? You mean the administration of the fossil project right? Windows does have file permissions, and the user that fossil is being run as is up to you. Sadly this is so over complicated in windows that it can be hard to say when everything is actually configured correctly. hint - watch those inherited permissions! I'm only half joking when I say it's easier to just learn linux. :) -- www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Security of Fossil
On Thu, 31 May 2012 13:44:52 +1000 Chen, Zon wrote: By my second question, I meant Fossil's Administrator account, not that of windows. Assuming that I don't find a solution for people brute-forcing passwords for regular accounts, that's not a big deal. However, if people can brute-force the Fossil Admin account, then that would be a problem. Similarly, if there was a feature where an account would get locked out after 3 incorrect logins, that can't apply to the Admin account, or else we wouldn't be able to unlock, etc. So ideally we want to be able to limit Fossil's Administrator account to only work from the local PC (or better yet, from LAN only.) ok that makes sense. I do know that you can unlock the admin account by just doing a fossil ui on it locally, which I have done when I have just forgotten the password. I'd like to see what the other answers turn out to be. -- www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] althttpd.c apache log analyzers
- The diff below implements combined log format used by several popular web traffic analyzers, when the COMBINED_LOG_FORMAT macro is defined. ie gcc althttpd.c -DCOMBINED_LOG_FORMAT -o /usr/local/bin/althttpd - The date should now be in the right format. I think the reason it still worked in the wrong format is the use of the abbreviated textual month in the current locale as part of the format spec which in the strictest sense requires analyzers to just treat that part as opaq text. - Also in this diff is a quick addressing of the CGI POST handling code path's use of a unchecked fopen(), which kept me dead in the water back when I was first starting. - btw for other list archaeologists trying to squash bugs, my problem with .jpg files not loading was because they somehow had the execute flag turned on (digital camera's FAT fs). Remember that althttpd simply looks at that criteria for the CGI code path. - Having to go to named based virtual servers over IP based virtual servers is what finally forced my transition from the boa web server. The althttpd xinetd stunnel combination makes an outstanding strategy for bare-minimum nonsense, low resource usage, and acceptable security risk. --- src/althttpd.c 2011-12-28 15:42:28.0 -0500 +++ althttpd.c 2012-05-31 00:33:05.0 -0400 @@ -200,11 +200,17 @@ if( zAgent==0 || zAgent[0]==0 ) zAgent = *; time(now); pTm = localtime(now); -strftime(zDate, sizeof(zDate), %Y-%m-%d %H:%M:%S, pTm); times(sTms); rScale = 1.0/(double)sysconf(_SC_CLK_TCK); chdir((zRoot zRoot[0]) ? zRoot : /); if( (log = fopen(zLogFile,a))!=0 ){ +#ifdef COMBINED_LOG_FORMAT + strftime(zDate, sizeof(zDate), %d/%b/%Y:%H:%M:%S %z, pTm); + fprintf(log, %s - - [%s] \%s %s %s\ %d %d \%s\ \%s\\n, + zRemoteAddr, zDate, zMethod, zScript, zProtocol, + zReplyStatus, nOut, zReferer, zAgent); +#else + strftime(zDate, sizeof(zDate), %Y-%m-%d %H:%M:%S, pTm); fprintf(log, %s %s %s://%s%s %s %s %d %d %g %g %g %g %d %d %s %s\n, zDate, zRemoteAddr, zHttp, zHttpHost, zScript, zReferer, zReplyStatus, nIn, nOut, @@ -213,8 +219,8 @@ rScale*sTms.tms_cutime, rScale*sTms.tms_cstime, (int)(now - beginTime), - nRequest, zAgent, zRM - ); + nRequest, zAgent, zRM); +#endif fclose(log); nIn = nOut = 0; } @@ -1021,7 +1027,17 @@ sprintf(zTmpNamBuf, /tmp/-post-data-XX); zTmpNam = zTmpNamBuf; mkstemp(zTmpNam); -out = fopen(zTmpNam,w); +if((out = fopen(zTmpNam,w)) == NULL) { + StartResponse(500 Internal Server Error); + nOut += printf( +Content-type: text/html\r\n +\r\n +\nhint: check permissions on /tmp +/body\n); + MakeLogEntry(0); + exit(0); +} + zBuf = SafeMalloc( len ); alarm(15 + len/2000); n = fread(zBuf,1,len,stdin); -- www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] clearsign, so what
I'm trying to follow along here, and have a few abstract questions. If an attacker takes control over a repository, then that repository is compromised, and would need to be restored from a non-compromised back up. By compromised we mean someone deleted it, defaced it, or worse tries to hide malicious code in it. The issue is then being able to notice / discover that a given fossil project has been compromised by an unauthorized user trying to hide malicious code in something? (this is a question) The only way to ever know such a thing (from a technology point of view), would be: -to either compare the entire project.fossil file with a known good copy for changes (totally unrealistic since the project would almost always be newer than a backup file. plus how do you know one is good to archive as a known good copy) -Algorithmically verify that changes are signed by trusted users on push/pull operations. (this is also a question) So from the ideal scm features point of view, what is suppose to happen? Just verify that diffs and/or complete project versions are signed by a user? As in a property of a user being a public key? Or as in some sort of hook script check this externally before allowing a sync? If a signing key is later found to be compromised, then changes made with that signature need to be flagged for inspection? www.thomasstover.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] Last changed date on wiki pages
Anyway to make a place on a wiki page say something like this was last updated on x/x/x? ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] web page icon propagation
At first it appeared that push/pull was propagating the project icon. Then it looked like it was not, so I started adding it manually. Then I realized that was just browser silliness. Now I'm back to not seeing it working. Would someone tell me if this is suppose to work, since I have confused my self senseless. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] web page icon propagation
On Thursday, February 16, 2012 11:23am, Richard Hipp d...@sqlite.org said: fossil configure pull fossil configure push skin ok. I think one time I did do a configure pull, and another time just pull. The user accounts are not by chance part of this configuration? ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Last changed date on wiki pages
On Thursday, February 16, 2012 9:33am, Stephan Beal sgb...@googlemail.com said: The adventurous can get that via the json api: fossil json wiki get PageName Or: http://... /json/wiki/get/PageName Should do the trick. Interesting. Once I figured out I needed to rebuild with --enable-json it worked. I wonder if it could be crafted to just return the the timestamp. Or is the idea to render then wiki page in-browser with java script once pulled over from that call? ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] web page icon propagation
I spoke too soon. I get fossil: unknown command: configure on all my installations. Do I need another build flag? ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] web page icon propagation
On Thursday, February 16, 2012 11:47am, Lluís Batlle i Rossell vi...@viric.name said: On Thu, Feb 16, 2012 at 11:41:53AM -0600, Thomas Stover wrote: I spoke too soon. I get fossil: unknown command: configure on all my installations. Do I need another build flag? No json. 'fossil configuration' I don't follow you. I rebuilt without the --enable-json, which didn't change anything. Maybe you meant something else? ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] web page icon propagation
On Thursday, February 16, 2012 12:18pm, Weber, Martin S martin.we...@nist.gov said: It's easy actually. The full command is configuration, to which all of Awesome. fossil configuration pull skin did it. Looking at the bytes transferred, the icon itself must have already come over in another operation. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Last changed date on wiki pages
On Thursday, February 16, 2012 12:13pm, Stephan Beal sgb...@googlemail.com said: Doh, i almost forgot a recently-added feature... try: http://.../json/wiki/get/PAGENAME?format=none Or: fossil wiki get PAGENAME -format none that will return a given page's metadata without its content: { fossil:4272d03e324ea05ea7dfad67e2d481e6db003864, timestamp:1329415928, command:wiki/get, procTimeMs:12, payload:{ name:whio_vlbm, uuid:4053d1e97499c9c9454f16d996b06ca88dca88e8, lastSavedBy:stephan, timestamp:1306176658, contentLength:3991 } } That would be great. For me it worked with the command line, but not through the browser. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Annotation information not propagated across branches
On Mon, 16 Jan 2012 00:32:08 +0530 ashish...@lostca.se (Ashish SHUKLA) wrote: Dude! How did you get a picture to show up in the header of of your email? I've never seen that before. I'm seeing this with Claws Mail. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] fossil for photos archive?
Just about every time I get started on a new software tool, I revisit the question of it will help me finally get my family photos under control, regardless of whether or not it makes any sense. Storing large numbers of pictures in subversion for instance, turned out to be a very bad idea. Anyone else doing this? There seems to be allot going for fossil for this use case: -tool reuse -offline / synchronized / backups -authenticated wiki page Based on about 20 minutes of experimentation, I would start by making some import script, that given a directory of jpgs: -use imagemagick's (http://www.imagemagick.org/script/command-line-tools.php) command line tools to generate thumbnails and browser size versions. -add and commit to fossil -then hit the fossil web interface to find out what urls/artifacts the files (all three versions) where given (better way?) -stub out a wiki page with just things like a href=fossil relative url for medium size versionimg src=fossil relative url for thumbnail version/a Of course, in real use the fossil file would quickly become very large. In the abstract, would this make any sense? ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] diagnosing log in problems
On Tue, 10 Jan 2012 07:58:11 -0500 Richard Hipp d...@sqlite.org wrote: If this is all your log shows, that indicates that Fossil is never seeing the actual login attempt. The error appears to be occurring somewhere before reaching Fossil. Indeed. It appears the problem is with althttp. /var/log/messages has a number of these lines: Jan 10 10:06:24 (none) kernel: althttpd[28560]: segfault at 0 ip 7f1abf42dd84 sp 7fffa88a3a10 error 4 in libc-2.11.2.so[7f1abf3ca000+158000] After I rebuilt althttp with -g, I have made several attempts to no avail to get the right configuration to have stunnel run valgrind run althttp. For instance, setting up stunnel for logging, and then using this configuration: execargs = /usr/bin/valgrind /usr/local/bin/althttpd -logfile althttpd.log -root /var/repositories -user www-data -https 1 causes this output from althttp: (null) 500 Server Malfunction Connection: close Date: Tue, 10 Jan 2012 17:29:53 + Content-type: text/html headtitleServer Malfunction/title/head bodyh1Server Malfunction/h1 pThis web server has malfunctioned. (Error number: 1444)/p pno root directory specified/p /body Oh well. Any ideas? ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] diagnosing log in problems
On Tue, 10 Jan 2012 12:55:20 -0500 Richard Hipp d...@sqlite.org wrote: exec = /usr/bin/althttpd execargs = /usr/bin/althttpd -logfile /logs/http.log -root /home/www -user www-data -https 1 That helped, I forget the separate exec and execargs parts. Relevant valgrind output is: ==29180== Invalid read of size 2 ==29180==at 0x4E8CD84: fwrite (iofwrite.c:43) ==29180==by 0x4033D1: ProcessOneRequest (althttpd.c:1029) ==29180==by 0x40482B: main (althttpd.c:1484) ==29180== Address 0x0 is not stack'd, malloc'd or (recently) free'd Which takes us to the following code excerpt: sprintf(zTmpNamBuf, /tmp/-post-data-XX); zTmpNam = zTmpNamBuf; mkstemp(zTmpNam); out = fopen(zTmpNam,w); zBuf = SafeMalloc( len ); alarm(15 + len/2000); n = fread(zBuf,1,len,stdin); nIn += n; fwrite(zBuf,1,n,out); free(zBuf); fclose(out); This clue is that the value returned from fopen() isn't being check for NULL. Which brings me to the solution to my problem - my chroot environment has no /tmp directory. It works now! ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] althttpd cgi chroot stunnel
As promissed, a stab at some more dumbed down instructions. (So at least I might be able to figure this out again later) = Checklist For stunnel + althttpd + fossil configuration This configuration allows for multiple fossil projects, static contents, other non-fossil cgi content, to all be served with a single IP address and domain name using only the standard http and https ports (80/443) -You will need a user account. Many/most systems use www-data and are already have this account created. -Start with a dedicated directory for everything. Example “/repos”. The www-data user needs read and write permission. -Generate stunnel keys -Configure and restart stunnel. Example stunnel.conf cert = /etc/ssl/certs/stunnel.pem key = /etc/ssl/certs/stunnel.pem sslVersion = SSLv3 pid = /var/run/stunnel4.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 [https] accept = 443 TIMEOUTclose = 0 exec = /usr/local/bin/althttpd execargs = /usr/local/bin/althttpd -logfile althttpd.log -root /repos -user www-data -https 1 In this example configuration, stunnel does not enter into a chroot environment, nor does it change from another user besides root. Both of these tasks will be left (optionally) to althttpd. -After cranking that up, netstat -ltnp should output a line that looks similar to: tcp0 0 0.0.0.0:443 0.0.0.0:* LISTEN 29333/stunnel4 -Because althttpd itself is not being run inside a chroot environment, it can be built with static or dynamic linkage. Example gcc althttpd.c -o althttpd mv althttpd /usr/local/bin/ -There is no althttpd configuration file. The configuration is the command line given to it. In this the “execargs” line in the stunnel.conf file. The option -root /repos means that a chroot WILL be taking place., which means that the cgi programs that it runs will all see /repos as /. Therefore either the C runtime library (pretty much /lib/*), and possibly other will need to be inside there, or static linking will be required. “-user www-data” is of course the user to run programs as and access files as (so again everything in /repos needs read/write/execute permission with user www-data). The “-https 1“ is required to get CGI scripts (fossil) to return the correct “https” prefix in the generated urls. -Again, because of the chroot, “-logfile althttpd.log” will mean that the althttpd log file would be /repos/althttpd.log -To build fossil for static linkage try: ./configure --static --with-ssl=none make clean make -althttpd looks for directories that end with the .website suffix, and defaulting to default.website. So create one or more directories like this /repos/project1.website /repos/project2.website, which will then corrispond to the URLs https://domainname/project1, and https://domainname/project2. You could then create a symlink (or just have one project as) to default.website, so one of those comes up as just https://domainname/. -Inside the above directories, create fossil cgi wrapper scripts, ie #!/fossil repository: /project2/project2.fossil -This would require the fossil executable to be at /repos/fossil, and the fossil project file to be at /repos/project2/project2.fossil -If this wrapper script is name /repos/project2/foo (needs to be executable), then the url would be https://domainname/project2/foo -Make sure there is a /tmp folder in the chroot environment for CGI POSTs to work, ie /repos/tmp. Again check permissions. -Regular non-ssl http support comes from configuring inetd or xinetd. -c...@thomasstover.com 1/10/12 ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] diagnosing log in problems
On Mon, 9 Jan 2012 19:31:38 -0500 Richard Hipp d...@sqlite.org wrote: Make sure the fossil repository itself and the directory that contains the repository are readable and writable by the www-data user. Yep it is. In fact ./fossil server buildconfigurationadjust.fossil works just fine. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] C API
How about a SOAP or REST full api in the web interface? ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users