Re: remote cvs access - recommendations
Eric Siegerman wrote: On Wed, Oct 08, 2003 at 10:59:37AM -0700, [EMAIL PROTECTED] wrote: but in general, someone who accesses cvs [via SSH] has system access. not only can my co-developer do things like cvs checkout and cvs commit, but he can also ssh into the machine and work at a remote shell. is there a way to give co-developers access to cvs WITHOUT giving them system level access? You can configure sshd to only allow one command, cvs. I'm not sure how to do that, but it's been discussed here in the last few days, so check the list archives. prepend the following commands to the respective entry in the authorized_key[2] file of the account on your cvs box (typically in ~/.ssh/): no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command=/usr/bin/cvs server ssh-rsa YOUR_KEY_HERE bye Ludger ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
RE: help on pserver connection
On Fri, 2003-10-10 at 14:37, Gagneet Singh wrote: Hi! Sorry for not clarifying the mail contents. But they are better understood from the Cederqvist Manual. yah... im here... The Home is in the environment settins for the CVS Server. This is an optional field and can be ignored for now. Actually, this is the place where the users data is stored and when using a *nx system you have to make use of this if you want to access the CVS repository, but as you have 'root' control over the server, it will not be required by you, IMO, it is a good practice to use... :-) ok thanks for clarifying. Gagneet PS: Did the mentioned solution work??? still not... im wondering what went wrong |-Original Message- |From: kent emia [mailto:[EMAIL PROTECTED] |Sent: Friday, 10 October, 2003 10:54 AM |To: [EMAIL PROTECTED] |Subject: RE: help on pserver connection | | |On Fri, 2003-10-10 at 12:42, Gagneet Singh wrote: | Hi! | | I think the thing you have done wrong is to not visit the latest of | the CVS Cederqvist manual. | | It shows that after the RedHat 7 distribution the control for | cvspserver had shifted to the xnetd services avialble as separate | files under the /etc/xinetd.d directory. Here you create a |file named | cvspserver and feed in the following contents to it. | | # default: on | # | # service cvspserver | # | service cvspserver | { |disable = no |id = cvspserver |env = HOME=/home/cvs | |whats this HOME for | | |socket_type = stream |protocol= tcp |port= 2401 |wait= no |user= root |passenv = PATH |server = /usr/bin/cvs |server_args = -f --allow-root=/cvs pserver | } | | Where server_args is the place where you give the path to your | repository. | | Hope this helps. For better understanding read the Cederqvist Manual | on CVS 1.11.5, this can be found on http://www.cvshome.org/ | | Gagneet | | | | |-Original Message- | |From: [EMAIL PROTECTED] | |[mailto:[EMAIL PROTECTED] On Behalf | |Of kent emia | |Sent: Friday, 10 October, 2003 9:13 AM | |To: info-CVS | |Subject: help on pserver connection | | | | | |hello to all.. ... as of the moment i succesfully setup a | |winNT CVS server and its not that hard at all. workstations | |can login/logout checkin/checkout files | | | |but since we are switching all workstations to linux, i want | |to try it in linux. im having hard time seting up a CVS SERVER | |in a redhat9 environment. | | | |im encountering this problem: | |'cvs [login aborted]: reading from server: Connection reset by peer' | | | |as i've read | |http://www.cvshome.org/docs/manual/cvs-|1.11.7/cvs_21.html#SEC18 | |4 it says that i am missing pserver in my 'inetd.conf' but i | |have it right there this is my 'inetd.conf' file | | | |cvspserver stream tcp nowait root /usr/local/bin/cvs cvs | |--allow-root=/repo pserver | | | |that is in one line | | | |running 'nmap localhost' on the server i can see | |'2401/tcp opencvspserver' in it.. | | | |im wondering what else could be wrong | | | | | |-- | |-BEGIN GEEK CODE BLOCK- | |Version: 3.1 | |GCS d- s: a- C U P+ L+++ E W+ N++ o- K- w--- | |O-- M+ V-- PS PE++ Y+ PGP- t--- 5-- X++ R tv++ b+ DI-- D+ | |G++ e h! r++ y-- | |--END GEEK CODE BLOCK-- | | | | | | | |___ | |Info-cvs mailing list | |[EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs | | |-- |-BEGIN GEEK CODE BLOCK- |Version: 3.1 |GCS d- s: a- C U P+ L+++ E W+ N++ o- K- w--- |O-- M+ V-- PS PE++ Y+ PGP- t--- 5-- X++ R tv++ b+ DI-- D+ |G++ e h! r++ y-- |--END GEEK CODE BLOCK-- | | |-- Kent C. Emia -- | |Software Studio for Concepts, |Development and Research, Corp. |: Unit 307 3rd flr Central Plaza 1, | J.P. Laurel Avenue, Davao City | 8000 Philippines |: http://www.cdr.com.ph |: +(6382)225-3728 | |- my IM's - |icq : 347511398 |yahoo : kent_emia |hotmail : kentskie | |- my page |: http://www.cdr.com.ph/~kent/ | |- my mobile - | | -- -BEGIN GEEK CODE BLOCK- Version: 3.1 GCS d- s: a- C U P+ L+++ E W+ N++ o- K- w--- O-- M+ V-- PS PE++ Y+ PGP- t--- 5-- X++ R tv++ b+ DI-- D+ G++ e h! r++ y-- --END GEEK CODE BLOCK-- -- Kent C. Emia -- Software Studio for Concepts, Development and Research, Corp. : Unit 307 3rd flr Central Plaza 1, J.P. Laurel Avenue, Davao City 8000 Philippines : http://www.cdr.com.ph : +(6382)225-3728 - my IM's - icq : 347511398 yahoo : kent_emia hotmail : kentskie - my page : http://www.cdr.com.ph/~kent/ - my mobile - ___ Info-cvs mailing list [EMAIL PROTECTED]
RE: improper behavior or improper usage?
On Friday, October 10, 2003 6:00 AM, Larry Jones [SMTP:[EMAIL PROTECTED] wrote: Mark Jaffe writes [in exceedingly long lines]: CVS is not behaving as expected, and causing great difficulty. Your expectations are wrong. The CVS philosophy is that you tag entire modules, not bits and pieces. -Larry Jones I think Larry is right in that Lawrence's expectations are wrong. But I think the problem is something different. Lawrence, if I understand correctly, you are tagging files that are ready to become part of the main product, then trying to check out a working copy that is the sum of the 'main product' tag and the 'ready' tag? This is contrary to CVS's normal mode of working. Normally you check out a working copy, do the development, then *commit* files to make them part of the product. You can then export or checkout to a common code area if you need to. If this doesn't work for you, why not just have a 'current product' tag, and add or remove it from files as necessary? But by doing this you are circumventing a lot of the good stuff CVS has to offer. What we will be doing here is: every time we are ready to make a release, tag all the files for that release with a 'release' tag. Then we can export on just that tag. We can tag individual files if we like (for example if we are making a patch release and only need some of the 'library routines' module) and that works fine. Andy Jones Tapestry Software. ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: help on pserver connection
[EMAIL PROTECTED] kent]$ cvs login Logging in to :pserver:[EMAIL PROTECTED]:2401/repo CVS password: cvs [login aborted]: reading from server: Connection reset by peer [EMAIL PROTECTED] kent]$ from the Online-Manual :pserver: Errors along the lines of connection refused typically indicate that inetd isn't even listening for connections on port 2401 whereas errors like connection reset by peer, received broken pipe signal, recv() from server: EOF, or end of file from server typically indicate that inetd is listening for connections but is unable to start CVS (this is frequently caused by having an incorrect path in `inetd.conf' or by firewall software rejecting the connection). snip maybe they are referring to '/etc/xinetd.d/cvspserver' isn't it? my settings in /etc/xinetd.d/cvspserver # default on # # service cvspserver service cvspserver { disable = no id = cvspserver env = HOME =/home/cvs socket_type = stream protocol= tcp port= 2401 wait= no user= root passenv = PATH server = /usr/bin/cvs server_args = -f --allow-root=/repo pserver } On Fri, 2003-10-10 at 13:16, kent emia wrote: On Fri, 2003-10-10 at 12:02, [EMAIL PROTECTED] wrote: On Fri 10 Oct 03, 11:43 AM, kent emia [EMAIL PROTECTED] said: hello to all.. ... as of the moment i succesfully setup a winNT CVS server and its not that hard at all. workstations can login/logout checkin/checkout files but since we are switching all workstations to linux, i want to try it in linux. im having hard time seting up a CVS SERVER in a redhat9 environment. im encountering this problem: 'cvs [login aborted]: reading from server: Connection reset by peer' as i've read http://www.cvshome.org/docs/manual/cvs-1.11.7/cvs_21.html#SEC184 it says that i am missing pserver in my 'inetd.conf' but i have it right there this is my 'inetd.conf' file cvspserver stream tcp nowait root /usr/local/bin/cvs cvs --allow-root=/repo pserver that is in one line running 'nmap localhost' on the server i can see '2401/tcp opencvspserver' in it.. im wondering what else could be wrong hi kent, i'm a cvs newbie, but here are some ideas: 1. anytime you edit /etc/inetd.conf, you need to restart the inetd service by doing: /etc/init.d/inetd restart im did restart it... i thought redhat used xinetd, though (i'm exclusively debian). ok 2. try using tcpdump to make sure packets are being received: tcpdump -i eth0 tcp port 2401 here's the output [EMAIL PROTECTED] admin]# tcpdump -i eth0 tcp port 2401 tcpdump: listening on eth0 13:06:52.120827 leprechaun.cdr.com.55072 genesis.cdr.com.cvspserver: S 1493157523:1493157523(0) win 5840 mss 1460,sackOK,timestamp 10302474 0,nop,wscale 0 (DF) 13:06:52.120899 genesis.cdr.com.cvspserver leprechaun.cdr.com.55072: S 1166485185:1166485185(0) ack 1493157524 win 5792 mss 1460,sackOK,timestamp 8746928 10302474,nop,wscale 0 (DF) 13:06:52.121104 leprechaun.cdr.com.55072 genesis.cdr.com.cvspserver: . ack 1 win 5840 nop,nop,timestamp 10302474 8746928 (DF) 13:06:52.121482 leprechaun.cdr.com.55072 genesis.cdr.com.cvspserver: P 1:71(70) ack 1 win 5840 nop,nop,timestamp 10302474 8746928 (DF) 13:06:52.121518 genesis.cdr.com.cvspserver leprechaun.cdr.com.55072: . ack 71 win 5792 nop,nop,timestamp 8746928 10302474 (DF) 13:06:52.123421 genesis.cdr.com.cvspserver leprechaun.cdr.com.55072: R 1:1(0) ack 71 win 5792 nop,nop,timestamp 8746928 10302474 (DF) from the client [EMAIL PROTECTED] kent]$ cvs login Logging in to :pserver:[EMAIL PROTECTED]:2401/repo CVS password: cvs [login aborted]: reading from server: Connection reset by peer [EMAIL PROTECTED] kent]$ 3. don't forget your log files. i'm not sure where your syslogd will put the logs on redhat, so you can just grep for them: # cd /var/log # grep cvs * | there's no cvs there *should* be something in there. im wondering why there's no log... 4. look in /etc/hosts.deny and /etc/hosts.allow. many people put ALL: ALL in /etc/hosts.deny and only allow services on a host by host (or network by network) basis. this is the most secure way to firewall: shut everything off and then turn stuff on little by little, rather than allowing everything and walling things off service by service. my hosts.deny is empty and so is host.allow hth, pete -- -BEGIN GEEK CODE BLOCK- Version: 3.1 GCS d- s: a- C U P+ L+++ E W+ N++ o- K- w--- O-- M+ V-- PS PE++ Y+ PGP- t--- 5-- X++ R tv++ b+ DI-- D+ G++ e h! r++ y-- --END GEEK CODE BLOCK--
Re: CVS patch for unedit -e
Unfortunately the link was pointing to sourceforge.net and not cvshome.org. I have searched projects in cvshome.org though, but sill haven't found required patch. Is there any place, where all patches are stored together? Anyway, why project RCVS in sourceforge.net is not available? Maybe the message I got, was caused by the fact that this project has been removed? Regards, Krzysztof Grbiel Eric Siegerman [EMAIL PROTECTED] Wysane przez:Do: [EMAIL PROTECTED] info-cvs-bounces+krzysztof_gorbiel=raiffeisen DW: [EMAIL PROTECTED] Temat: Re: CVS patch for unedit -e 2003-10-09 19:48 On Thu, Oct 09, 2003 at 09:42:40AM +0200, Krzysztof GORBIEL wrote: I have also tried to point my browser to the link attached in one of replies (dated 2001) but I got message: Permission: User Not Found: Only members of this project have permission to view this page (you are not listed as a member of this project You could always join... If it's the main CVS project on cvshome.org, I believe anyone's allowed to join with read-only access. Approval is only required because the software they're using to host the site won't let them turn off that feature. In other words, if you're asking for read-only access, approval is required, but isn't too hard to get. At least, that's how it was when I joined a year or two ago; is it still the case? -- | | /\ |-_|/ Eric Siegerman, Toronto, Ont.[EMAIL PROTECTED] | | / When I came back around from the dark side, there in front of me would be the landing area where the crew was, and the Earth, all in the view of my window. I couldn't help but think that there in front of me was all of humanity, except me. - Michael Collins, Apollo 11 Command Module Pilot ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: limit project size
Wim Bertels wrote: howdy, is it possible to limit the maximum project size in some way, depending on the project, eg i create a project A and set the maximum size to NumberSoMuch1 and i create a project B and set the maximum size to NumberSoMuch2 Not with CVS. Use disk quotas or the like. -Matt ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Stable CVS 1.11.9 Released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stable CVS 1.11.9 has been released. Stable releases contain only bug fixes from previous versions of CVS. This release fixes two backwards compatibility issues in 1.11.7 and 1.11.8 as well as an issue that could cause some files to become unavailable to clients running on systems with case insensitive filesystems. We recommend this upgrade for all CVS clients and servers! Take a look at the NEWS file from the source distribution http://ccvs.cvshome.org/source/browse/ccvs/NEWS?rev=1.116.2.25content-type=text/x-cvsweb-markup or go directly to the downloads page http://ccvs.cvshome.org/servlets/ProjectDownloadList. Derek - -- ~*8^) Email: [EMAIL PROTECTED] Get CVS support at http://ximbiot.com! - -- I will not teach others to fly. I will not teach others to fly. I will not teach others to fly... ~ - Bart Simpson on chalkboard, _The Simpsons_ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org iD8DBQE/hsOQLD1OTBfyMaQRAgPMAJwP7uvmW5y8eAo80aNjIpOCqwTBLQCdHtC/ z/bOoGvGAONveiwxVSIF3ac= =fJ1u -END PGP SIGNATURE- ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: help on pserver connection
One other fun thing to check on after you have modified /etc/xinetd.d/cvspserver ( http://www.cvshome.org/docs/manual/cvs-1.11.7/cvs_2.html#SEC30 ), and restarted xinetd, and found it is still now working on leprechaun, is to see if the same `cvs -d :pserver:[EMAIL PROTECTED]:2401/repo login` works on genesis. If it does work there have someone familair with linux firewalling look to see if the kernel is bitbucketing all your packets from off machine, 2401 should be out of that range...but it might not be. I have had this problem with a recent RH and another service (RSH), don't you just love admining a machine some one else setup. kent emia wrote: [EMAIL PROTECTED] kent]$ cvs login Logging in to :pserver:[EMAIL PROTECTED]:2401/repo CVS password: cvs [login aborted]: reading from server: Connection reset by peer [EMAIL PROTECTED] kent]$ from the Online-Manual :pserver: Errors along the lines of connection refused typically indicate that inetd isn't even listening for connections on port 2401 whereas errors like connection reset by peer, received broken pipe signal, recv() from server: EOF, or end of file from server typically indicate that inetd is listening for connections but is unable to start CVS (this is frequently caused by having an incorrect path in `inetd.conf' or by firewall software rejecting the connection). snip maybe they are referring to '/etc/xinetd.d/cvspserver' isn't it? my settings in /etc/xinetd.d/cvspserver # default on # # service cvspserver service cvspserver { disable = no id = cvspserver env = HOME =/home/cvs socket_type = stream protocol= tcp port= 2401 wait= no user= root passenv = PATH server = /usr/bin/cvs server_args = -f --allow-root=/repo pserver } SNIP -- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
FWD: Announce: Cvs-Brancher 1.00
This came across another list I'm on, but it's clearly relevent to CVS :-) Some people might find it useful. I haven't tried it myself; it just looks intriguing. Here's a link to the overview file from its documentation: http://cvs.sourceforge.net/viewcvs.py/tgen/Cvs-Brancher/doc/OVERVIEW?rev=1.3view=auto - Forwarded message from Bryce Harrington [EMAIL PROTECTED] - Subject: [Templates] Announce: Cvs-Brancher 1.00 From: Bryce Harrington [EMAIL PROTECTED] Date: Fri, 10 Oct 2003 10:56:09 -0700 (PDT) To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Static websites have a number of advantages over dynamically built sites, but one of the disadvantages is being able to schedule deployment of new content at arbitrary times. Cvs-Brancher is designed to address this issue by making it straightforward to branch a CVS tree and schedule a merge and rebuild using 'at'. http://freshmeat.net/projects/cvsbrancher/ An example for use of this is for posting press releases and other assorted website changes at 5am west coast time, to co-incide with start of business east coast time. This was the primary motivation for writing it. The advantage of doing a branch/merge is that regular maintenance can go on while the scheduled release is assembled and tested. Cvs-Brancher provides options to control what actions it should take in case of merge errors. While intended for CVS-based websites that use a build tool such as ttree, it is implemented generically and may have non-web uses, such as deploying cfengine-based system config changes, etc. Bryce ___ templates mailing list [EMAIL PROTECTED] http://lists.template-toolkit.org/mailman/listinfo/templates - End forwarded message - -- | | /\ |-_|/ Eric Siegerman, Toronto, Ont.[EMAIL PROTECTED] | | / When I came back around from the dark side, there in front of me would be the landing area where the crew was, and the Earth, all in the view of my window. I couldn't help but think that there in front of me was all of humanity, except me. - Michael Collins, Apollo 11 Command Module Pilot ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
RE: help on pserver connection
Hi! I think the error lies in the xinetd service, did you try and restart the service after creating that file. If so then, have you already created the repository with the required user permissions. This could be a problem with the permissions on the server files also. Plz check that out. Usually the CVS repository is accessible by the group which has its modules in it. This has to be an nherited permission for the group to all the modules. Another thing, are you directly accessing the server and if so what are you logging in as as 'root' is not allowed to perform operations on any of the CVS repositories. Plz confirm this fact too. You can try and remove the env tag also and then try. Also, renmove the env line and then try connecting to it when logged in as a normal user and not 'su' or 'root'. You also seem to be using the raw IP address, have you tried activating Samba and using a NetBIOS name instead, sometimes that too helps on the Red Hat systems. Gagneet |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf |Of kent emia |Sent: Friday, 10 October, 2003 13:49 PM |To: info-CVS |Subject: Re: help on pserver connection | | |[EMAIL PROTECTED] kent]$ cvs login |Logging in to :pserver:[EMAIL PROTECTED]:2401/repo |CVS password: |cvs [login aborted]: reading from server: Connection reset by |peer [EMAIL PROTECTED] kent]$ | |from the Online-Manual |:pserver: | |Errors along the lines of connection refused typically |indicate that inetd isn't even listening for |connections on port |2401 whereas errors like connection reset by peer, received |broken pipe signal, recv() from server: EOF, or end of file |from server typically indicate that inetd is listening for |connections but is unable to start CVS (this is frequently |caused by having an incorrect path in `inetd.conf' or by |firewall software rejecting the connection). | |snip | |maybe they are referring to '/etc/xinetd.d/cvspserver' isn't it? | |my settings in /etc/xinetd.d/cvspserver |# default on |# |# service cvspserver | |service cvspserver |{ |disable = no |id = cvspserver |env = HOME =/home/cvs |socket_type = stream |protocol= tcp |port= 2401 |wait= no |user= root |passenv = PATH |server = /usr/bin/cvs |server_args = -f --allow-root=/repo pserver |} | |On Fri, 2003-10-10 at 13:16, kent emia wrote: | On Fri, 2003-10-10 at 12:02, [EMAIL PROTECTED] wrote: | On Fri 10 Oct 03, 11:43 AM, kent emia [EMAIL PROTECTED] | said: | hello to all.. ... as of the moment i succesfully setup a winNT | CVS server and its not that hard at all. workstations can | login/logout checkin/checkout files | | but since we are switching all workstations to linux, i want to | try it in linux. im having hard time seting up a CVS SERVER in a | redhat9 environment. | | im encountering this problem: | 'cvs [login aborted]: reading from server: Connection reset by | peer' | | as i've read | http://www.cvshome.org/docs/manual/cvs-1.11.7/cvs_21.html#SEC184 | it says that i am missing pserver in my 'inetd.conf' but |i have it | right there this is my 'inetd.conf' file | | cvspserver stream tcp nowait root /usr/local/bin/cvs cvs | --allow-root=/repo pserver | | that is in one line | | running 'nmap localhost' on the server i can see | '2401/tcp opencvspserver' in it.. | | im wondering what else could be wrong | | hi kent, | | i'm a cvs newbie, but here are some ideas: | | 1. anytime you edit /etc/inetd.conf, you need to restart |the inetd service | by doing: | |/etc/init.d/inetd restart | | im did restart it... | | | i thought redhat used xinetd, though (i'm exclusively debian). | | ok | | | | 2. try using tcpdump to make sure packets are being received: | | tcpdump -i eth0 tcp port 2401 | | here's the output | | [EMAIL PROTECTED] admin]# tcpdump -i eth0 tcp port 2401 | tcpdump: listening on eth0 | 13:06:52.120827 leprechaun.cdr.com.55072 |genesis.cdr.com.cvspserver: | S | 1493157523:1493157523(0) win 5840 mss 1460,sackOK,timestamp 10302474 | 0,nop,wscale 0 (DF) | 13:06:52.120899 genesis.cdr.com.cvspserver |leprechaun.cdr.com.55072: S | 1166485185:1166485185(0) ack 1493157524 win 5792 mss | 1460,sackOK,timestamp 8746928 10302474,nop,wscale 0 (DF) | 13:06:52.121104 leprechaun.cdr.com.55072 |genesis.cdr.com.cvspserver: . | ack 1 win 5840 nop,nop,timestamp 10302474 8746928 (DF) | 13:06:52.121482 leprechaun.cdr.com.55072 |genesis.cdr.com.cvspserver: P | 1:71(70) ack 1 win 5840 nop,nop,timestamp 10302474 8746928 (DF) | 13:06:52.121518 genesis.cdr.com.cvspserver |leprechaun.cdr.com.55072: . | ack 71 win 5792