RE: cvs error: received broken pipe signal
Thanks a lot for your reminding. - host OS information for server: Redhat 9 - host OS information for client: Window 2000 - server version of cvs: cvs 1.11.6 - client version of cvs: wincvs 1.3 - nature of commitinfo, verifymsg, loginfo scripts being used (if any): in the attachment additional information: the error comes up after the commit is succeeded and version number is changed. and error does not always comes up every time. but sometimes alternately or every three time. Regards, Winnie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark D. Baushke Sent: Thursday, July 07, 2005 2:46 PM To: Yu He Cc: info-cvs@gnu.org; Peixiao Guo Subject: Re: cvs error: received broken pipe signal -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yu He [EMAIL PROTECTED] writes: Hi all: After commit,always receive the following error message, cvs [server aborted]: received broken pipe signal What's the reason? Thanks a lot in advance! You have provided insufficient information as to your configuration. At a guess, you might not be reading all of the stdin being provided to your cvs trigger scripts. For better guesses, information like: - host OS information for server - host OS information for client - server version of cvs - client version of cvs - nature of commitinfo, verifymsg, loginfo scripts being used (if any) is desirable. -- Mark -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFCzM+U3x41pRYZE/gRAuJCAKCqSqL/4wjCV3QoR45oAIuDgMyVsgCfQ/Wi jXrtVnZZQE1vvlDu/87VN54= =tfWn -END PGP SIGNATURE- #!/usr/local/ActiveTcl/bin/tclsh lappend auto_path /usr/local/ActiveTcl/lib; # commitCheck.tcl # set user [lindex $argv 0]; set repository [lindex $argv 1]; set fileList [lrange $argv 2 end]; puts Attempting commit:\n${argv}\nUser:$user Repos:$repository Files:\n$fileList; set checkoutAll 0; switch $user { heyu - ldong { puts Permission always granted to the mighty CVSAdmin!; #Source cvsDb.tcl for history recording #source [file join $env(CVSROOT) CVSROOT cvsDb.tcl]; puts Recording history; #appendHist [list action COMMIT username $user repository $repository comment Commit: $fileList] Y; exit 0; } default { puts Verifying permissions...; } } if { [catch { #Temporary controls until we can import actual scripts: switch -regexp $repository { ^/cvsroot/database/oracle/gtss2 - ^/cvsroot/database/oracle/gtss2/* { puts Commits to this repository currently disabled. Contact administrator (4-2062) for more info. exit 1; } } switch -regexp $repository { ^/usr/local/cvsroot/project/dev { switch $user { id { puts Permission Granted- Development Area; puts Have a nice day. } default { puts You don't have permission to commit to Development.; exit 1; } } } ^/usr/local/cvsroot/project/qa { switch $user { id - id2 - id3 { puts Permission Granted- qa Area; puts Have a nice day. } default { puts You don't have permission to commit to qa.; exit 1; } } } default { switch $user { default { puts You don't have permission to commit to this project (${repository}). Contact administrator. exit 1; } } } } } ret] } { #Error! puts CVS Server error. Email me with this info:$::errorInfo; exit 1; } else { #Success! #if {$checkoutAll == 1} { # exec /cvsroot/CVSROOT/checkoutAll.tcl ; #} exit 0; } ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Re: cvs error: received broken pipe signal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yu He [EMAIL PROTECTED] writes: Hi all: After commit,always receive the following error message, cvs [server aborted]: received broken pipe signal What's the reason? Thanks a lot in advance! You have provided insufficient information as to your configuration. At a guess, you might not be reading all of the stdin being provided to your cvs trigger scripts. For better guesses, information like: - host OS information for server - host OS information for client - server version of cvs - client version of cvs - nature of commitinfo, verifymsg, loginfo scripts being used (if any) is desirable. -- Mark -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFCzM+U3x41pRYZE/gRAuJCAKCqSqL/4wjCV3QoR45oAIuDgMyVsgCfQ/Wi jXrtVnZZQE1vvlDu/87VN54= =tfWn -END PGP SIGNATURE- ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Re: cvs error: received broken pipe signal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yu He [EMAIL PROTECTED] writes: Thanks a lot for your reminding. - host OS information for server: Redhat 9 - host OS information for client: Window 2000 - server version of cvs: cvs 1.11.6 - client version of cvs: wincvs 1.3 - nature of commitinfo, verifymsg, loginfo scripts being used (if any): in the attachment How is the attachment used? I am guessing it is only used from CVSROOT/commitinfo right? Is there anything in CVSROOT/loginfo ? additional information: the error comes up after the commit is succeeded and version number is changed. and error does not always comes up every time. but sometimes alternately or every three time. Ahh, this does not agree with your first problem statement where you said it always happened... Are you able to find anything in common with the times when it fails? -- Mark -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFCzNdK3x41pRYZE/gRAltnAJ9iOe0I8ZJT9bC6pGq+0TNhwFhkXQCfTXyu VFeqwMKzQNKl4zP13Bau2B8= =VNoE -END PGP SIGNATURE- ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
CVS ( Status of lock files in the repository)
Hi all, I would like have ascriptwhich will show me all the user names who have locked a particular file along with the filename , the timestamp and path of that file locked. Thanks in Advance. regards surya` Free antispam, antivirus and 1GB to save all your messages Only in Yahoo! Mail: http://in.mail.yahoo.com___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Re: cvs error: received broken pipe signal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 These two lines need to dispose of stdin: Original: project1 (chgrp -Rf project1 /usr/local/cvsroot/project1) project2 (chgrp -Rf project2 /usr/local/cvsroot/project2) Revised: project1 (chgrp -Rf project1 /usr/local/cvsroot/project1; cat) /dev/null project2 (chgrp -Rf project2 /usr/local/cvsroot/project2; cat) /dev/null Enjoy! -- Mark -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFCzN/e3x41pRYZE/gRAmr0AJ9s5/DMr7yEYugqRlp61oxQN8+5KACg0T9J 0064dezA7A87GjCC6NX3BV0= =gcll -END PGP SIGNATURE- ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
How can I administratively freeze a branch?
Greetings. I have a project which was branched some time ago and now the branch has been merged back to HEAD. No further changes must be made to the old "DEV2" branch, it is officially dead. Is there a way I can prevent developers from mistakenly committing to that branch (appart from deleting it)? Raúl Pedroche Novillo BPM TOM This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
RE: How can I administratively freeze a branch?
Original Message From: [EMAIL PROTECTED] Sent: 07 July 2005 11:09 Greetings. I have a project which was branched some time ago and now the branch has been merged back to HEAD. No further changes must be made to the old DEV2 branch, it is officially dead. Is there a way I can prevent developers from mistakenly committing to that branch (appart from deleting it)? Why not just cvs rm all the files from it, so they no longer exist at the head of the branch? People would have to accidentally checkout old revisions before they could accidentally commit to it; that's pretty improbable I think. cheers, DaveK -- Can't think of a witty .sigline today ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
RE: How can I administratively freeze a branch?
Why not just cvs rm all the files from it, so they no longer exist at the head of the branch? People would have to accidentally checkout old revisions before they could accidentally commit to it; that's pretty improbable I think. The problem is that files from old branch still exist in HEAD (in fact, what we did was to commit the branched files to HEAD). This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Smart CVS
Guys, I posted on here recently with regards to using SSH and SmartCvs, I have (i think) made a little head way in this but when trying to get the modules to read from smartCVS checkout project option i am getting the following: An i/o error occured, details: Unknown Compression method I have no idea why I am getting this! I can get the cvs now to check out files on an older version of CVS 1.2 or something like that using putty and plink, but would rather be using smartCVS Thanks again guys p.s. would have posted this on the smartCVS form but my company firewall blocks it! S. ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
pserver user id's
Hello. I have a repository configured and working with pserver. I want to restrict user's permissions on subdirectories in the repository. I don't want user A to see user B's projects and vice versa. In my $CVSROOT/CVSROOT/passwd file, I have something like: divap:YBGW948yOKKSA:cvsadm divap is a user on the system. The user id under which CVS runs is 'cvsadm'. In $CVSROOT, I have a subdirectory that looks like this: drwxrws--x 3 divapdhdev 512 Jul 06 17:16 divap/ This all works fine except that, the pserver user divap can read ALL the projects in all the other subdirectories because on the server, he is actually running as cvsadm (see the passwd file entry above). If I change the passwd file to look like this: divap:YBGW948yOKKSA:divap I get an error when I try to run a 'checkout' on a project in the divap directory that says: cvs [checkout aborted]: unrecognized auth response from cae1axp1: setgroups: Not owner I don't want everyone to run as the administrator account (cvsadm) and the docs seem to indicate that they can run as themselves (their shell accounts) but I get the above error. Any help would be GREATLY appreciated. Andrew ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Re: Possible Spam: Re: CVS and SSH V2
Russ Sherk wrote: I think you can put the port into CVS_RSH. Here is mine on winXP using plink: Z:\echo %CVS_RSH% d:\Tools\plink.exe -ssh -pw xx Z:\echo %CVSROOT% :ext:[EMAIL PROTECTED]:/var/cvs --- Does this not work on linux? No. It's an implementation difference. The src/run.c piped_child function accepts an argv array as an argument on Linux and passes that argv directly to execvp. Since argv[0] holds the contents of $CVS_RSH, the system looks for a process names $CVS_RSH, spaces, arguments, and all. The windows-NT/run.c pipted_child function turns it's argv into a single string with space-delimited arguments which it then passes back to the Windows shell for parsing, so the contents of $CVS_RSH gets resplit on spaces. Regards, Derek ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Re: pserver user id's
foomonkey wrote: Hello. I have a repository configured and working with pserver. I want to restrict user's permissions on subdirectories in the repository. I don't want user A to see user B's projects and vice versa. In my $CVSROOT/CVSROOT/passwd file, I have something like: divap:YBGW948yOKKSA:cvsadm divap is a user on the system. The user id under which CVS runs is 'cvsadm'. In $CVSROOT, I have a subdirectory that looks like this: drwxrws--x 3 divapdhdev 512 Jul 06 17:16 divap/ This all works fine except that, the pserver user divap can read ALL the projects in all the other subdirectories because on the server, he is actually running as cvsadm (see the passwd file entry above). If I change the passwd file to look like this: divap:YBGW948yOKKSA:divap I get an error when I try to run a 'checkout' on a project in the divap directory that says: cvs [checkout aborted]: unrecognized auth response from cae1axp1: setgroups: Not owner I don't want everyone to run as the administrator account (cvsadm) and the docs seem to indicate that they can run as themselves (their shell accounts) but I get the above error. Any help would be GREATLY appreciated. Andrew Obviously divap does not have write access to the repository structure. In my pserver setup, the repository directories files are owned cvs:cvs, and my users run username:password:cvs. My admin users DON'T have the :cvs part at the end, but instead are members of the linux group cvsadmin, who are granted access automatically (I'm not sure if it's by pserver or by CVS itself). Note: I am told it is ill-advised to use admin accounts for regular use. To get back to the original requirement (restricting access on a per-project basis), I believe that CVS/pserver does not conveniently suppport the granularity of access you require. julian. ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Re: Problem with admin privileges
Todd Denniston wrote: CLIP The only reason I am using pserver is that it allows my users to have CVAS controlled access to the respositories without giving them dierct write access to them. If you can suggest another way of doing that, I'd be glad to use it. As Far As I Know, you are correct, but at best you are only protecting them from a fat fingering while in the repository and do not have malicious intent. The first rule of the repository for users should be that if you are not the admin you never execute any non cvs command against it. The first rule of the repository for admins is back it up appropriately, as hardware/network/software faults can damage the work. With these two rules, I believe you should have at least as good a set of protection as pserver would get you, because you don't have developers with malicious intent and who follow the rules :} Pretty much true: if it isn't, I've got worse problems :) As long as the developers are using only :ext: cvs commands against the repository, I believe you should still be able to meet your FAA requirements: FAA-regulated environment, and my CVS respository must be secure, in that nobody can impair the lifecycle data, and all accesses must be documented and controlled, i.e.e all accesses must be via the cvs server. but would be counting on the backups to prevent you from loosing any lifecycle data, which is what you would be back to if they were looking at you with strictness when there is a known hole in pserver. In final, Yes using pserver will probably make it easier to show up front that everything meets the requirements, but in the past it has been the bain of security with cvs. I belive you are in the middle ground between the restricted execution of CVS Mark D. Baushke told you about, and the trusting developers ground of :ext: on a system they can execute more than cvs on. I further belive that you are only mildly protected from what you worry about, using your method. Where as one of the restricted execution of CVS would probably allow much more of the FAA level security lock down and logging. if you want further reading I suggest searching the list's archive for Greg Woods AND pserver OR Greg Woods AND authentication AND|OR authorization. I think the horse is dead, so I'll stop beating. SNIP Well I think the horse has completed the track, and I think we've won the race, inasmuch as I have fat-finger protection, which is all I need: I am backing up, after all, as you suggest (and as insisted upon by our friends at the FAA, in fact), and the backup includes logs, so I'm meeting the obligation. There is rarely a perfect solution for special needs situations such as this, but I think I've got the closest practical solution, and as long as my local FAA officer is happy, then so am I. Todd, you obviously spent plenty of time thinking and writing. Thank you very much for your opinions, insight and help. julian. ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Re: pserver user id's
I believe my problem lies in that my inetd.conf specifies to run cvspserver under the cvsadm user account. When I have my $CVSROOT/CVSROOT/passwd file configured like, username:password:cvsadm, everything works great. With the exception that user A can see user B's projects and vice versa. This is because cvsadm owns the repository directory structure. The mode for it is 771. When I change the passwd file to username:password:username, this does not work. I get the previously mentioned error. My belief is that pserver is running as cvsadm but wants to run in the context of the user specified in passwd. I don't know that this is possible unless pserver is running as root. In a sandbox environment, I have changed pserver to run as root (in inetd.conf) and it works correctly. I may be missing something but that's the way things appear to me. Is there any danger in having pserver run as root? inetd.conf contains many other services running as root. I realize that ANY service running as root or otherwise introduces certain vulnerabilities. Thanks for any clarification anyone can provide. Andrew ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Re: pserver user id's
foomonkey writes: If I change the passwd file to look like this: divap:YBGW948yOKKSA:divap Note that you can just omit the third field entirely in that case. I get an error when I try to run a 'checkout' on a project in the divap directory that says: cvs [checkout aborted]: unrecognized auth response from cae1axp1: setgroups: Not owner Your [x]inetd must run cvs as root to be able to switch to another user. -Larry Jones I'm not a vegetarian! I'm a dessertarian. -- Calvin ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Re: pserver user id's
foomonkey writes: I may be missing something but that's the way things appear to me. Is there any danger in having pserver run as root? inetd.conf contains many other services running as root. I realize that ANY service running as root or otherwise introduces certain vulnerabilities. You've got it. Pserver runs as root just long enough to authenticate the user and then it switches to the actual user to run everything else so there's very little risk. -Larry Jones The game's called on account of sudden death. -- Calvin ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Re: How can I administratively freeze a branch?
[EMAIL PROTECTED] wrote: Why not just cvs rm all the files from it, so they no longer exist at the head of the branch? People would have to accidentally checkout old revisions before they could accidentally commit to it; that's pretty improbable I think. The problem is that files from old branch still exist in HEAD (in fact, what we did was to commit the branched files to HEAD). I don't understand your objection. 'cvs remove' on a branch will declare the tip of the branch dead, thereby preventing anyone from checking anything into the branch. It's exactly what you want to do. -- Jim ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Re: pserver user id's
foomonkey wrote: I believe my problem lies in that my inetd.conf specifies to run cvspserver under the cvsadm user account. When I have my $CVSROOT/CVSROOT/passwd file configured like, username:password:cvsadm, everything works great. With the exception that user A can see user B's projects and vice versa. This is because cvsadm owns the repository directory structure. The mode for it is 771. When I change the passwd file to username:password:username, this does not work. I get the previously mentioned error. My belief is that pserver is running as cvsadm but wants to run in the context of the user specified in passwd. I don't know that this is possible unless pserver is running as root. In a sandbox environment, I have changed pserver to run as root (in inetd.conf) and it works correctly. I may be missing something but that's the way things appear to me. Is there any danger in having pserver run as root? inetd.conf contains many other services running as root. I realize that ANY service running as root or otherwise introduces certain vulnerabilities. Thanks for any clarification anyone can provide. Andrew As Larry said, [x]inetd must run cvs as root. But you don't want to have the repositories owned by an admin account member - it isn't necessary, and gives rise to the problems you're experiencing. Running cvs as root - as Larry says - allows it to control access to other users. To that end ... Create a separate user and group cvs, and change ownership of the repository to that user. Put :cvs after all entries in your password file (that are not admin users, of course). You already have drwxrws--x on your repository directories, which is good. The project files need/should only be 440, CVS takes care of everything. julian. ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Re: Smart CVS
Liquidchild wrote: I posted on here recently with regards to using SSH and SmartCvs, I have (i think) made a little head way in this but when trying to get the modules to read from smartCVS checkout project option i am getting the following: An i/o error occured, details: Unknown Compression method Turn off compression. There should be a checkbox on the check-in dialog for compression. There are known issues with compression on some versions of the CVS server. p.s. would have posted this on the smartCVS form but my company firewall blocks it! subscribe via email. Send an email to [EMAIL PROTECTED] Messages to the group can be sent to [EMAIL PROTECTED] once you're subscribed. -- Jim ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Re: cvs error: received broken pipe signal
Yu He wrote: Hi all: After commit,always receive the following error message, cvs [server aborted]: received broken pipe signal What's the reason? Thanks a lot in advance! Regards, Winnie The cause of this is probably the failure of a loginfo script to function as a filter and consume stdin when it is invoked. The reason it doesn't happen all the time is that there is a different amount of information on stdin every time, depending on how many files are being committed. Sometimes it fills up the internal buffers and sometimes it doesn't. This is documented in this section of the manual: https://www.cvshome.org/docs/manual/cvs-1.11.20/cvs_18.html#SEC175 -- Mark E. Hamilton Orion International Technologies, Inc. Sandia National Laboratory, NM. 505-844-7666 ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
trouble configuring CVS Server: getaddrinfo() error
I'm on Mac OS X, and that is the first weird thing -_- that' because on Os X 10.4 u can't use xinet.conf to add services but u must use a LaunchDaemons procedure that follows directives on an XML file on a certain dir of this fuzzy os so, the problem i have i'm not sure is from CVS or the super network daemon, but since nobody at Apple Discussione Forum has any clue about, i try to ask here, also. this is the error i get: getaddrinfo(): nodename nor servname provided, or not known and this is my xml file, summarized only to records useful from te unix point of view: keyDisabled/key false/ keyInitGroups/key true/ keyLabel/key stringcom.apple.cvs/string keyProgramArguments/key array string/usr/bin/cvs/string string-f/string string--allow-root=/usr/local/cvsrep/string stringpserver/string /array keySockets/key dict keyListeners/key dict keySockType/key stringstream/string /dict /dict keyWorkingDirectory/key string/usr/bin/string keyinetdCompatibility/key dict keyWait/key false/ /dict /dict /plist hope the xml is human readable any idea about? tnx allot in advance! (sorry for long message) ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs