Central CVS Service - How To

Contents

  1. Creating a new project
    1. Preface
    2. Requesting a creation of a new project
    3. Warning
  2. Accessing a project
    1. Web interfaces
    2. Access using CVS clients
  3. Administrating the project
    1. Granting write access to CVS
    2. Setting access to web interfaces
    3. E-mails sent after each commit/tag
    4. Changing the librarian
  4. Known issues
    1. CVS and secrets/passwords
  5. Help and support

 

Please, send remarks and questions to CVS.Support@ific.uv.es

 

  • Creating a new project

    1. Preface

      2. The Central CVS Service is accessible only for registered AFS users. If you don't have an AFS account, please contact secretariat to request such an account. Additionally, CVS users must be granted access to CVS repositories of different projects by contacting the responsible librarian.

    2. Requesting a creation of a new project

      3. New CVS projects (repositories) can be requested by sending an e-mail to CVS.Support@ific.uv.es. A request should contain:

      • full project name (such as "LHC software"),
      • project acronym or short name with small letters and no white-spaces (such as "lhcsof"),
      • name, e-mail address and AFS account of the responsible librarian (such as "Perico Palotes, ppalotes, Perico.Palotes@ific.uv.es"),
      • list of the AFS account names of users to be given administrative rights and R/W access (not obligatory),
      • list of the AFS account names of users to be given R/W access, but not admin rights (not obligatory),
      • information whether the project should be available via web interfaces (ViewVC) for everyone (Public), only for users in IFIC domain (Restricted) or not available at all on the web (None) - this information is not obligatory, the default is Restricted.

      Once a request is processed and a project is created, an e-mail is sent to its Librarian. It contains a confirmation that the project was indeed created and information how to access it. At this moment, the repository contains only CVSROOT directory.

    3. Warning

      4. By default, files in a repository are visible for everyone at IFIC via web interfaces. If your files contain (or will contain) any classified information (like hardcoded passwords etc.), you should take special care when setting access rights. If you want to restrict or disable Web access to your repository, please send a request to CVS.Support@ific.uv.es.

  • Accessing a project

    • A project hosted in the Central CVS Service can be accessed in two ways: using CVS clients on Linux/Unix systems or Windows platform, or via read-only web interfaces. For secure read-write access methods, one has to have an account at IFIC. If you don't have one, please contact secretariat to request such an account.

    1. Web interface

      2. Web interface provided by the CVS Service allows a read-only access to repository files (both current and previous versions) with a standard web browser. One can browse thru a repository, make diff between any two versions of a given file, download a tar-ball of a subtree, etc.

      For example, for a project called arlips:

      Please note that some projects are not visible outside IFIC, or not visible at all - depending on librarian's decision (details).

    2. Access using CVS clients

      3. There is one supported authorization method for CVS clients: Kerberos V.

      In order to access a project using Kerberos V authorization, one needs to define the following (change PROJECT to your real short project name):

              CVSROOT=:gserver:icvs.ific.uv.es:/local/reps/PROJECT

      If you do not have a valid Kerberos V ticket, issue the command(change username to your real user name):

               kinit username@IFIC.UV.ES

      N.B. KERBEROS V ACCESS IS CURRENTLY ONLY SUPPORTED ON CVS CLIENTS INCLUDING PATCH http://savannah.nongnu.org/bugs/?18830. THIS IS THE CASE FOR MOST LINUX SLI4 CVS CLIENTS

      CVS server listens on default ports for gserver (2401).

      Make sure that you don't add a slash / at the end of the path /local/reps/PROJECT.

      A CVS client distributed with all supported Unix/Linux platforms at IFIC is good enough to access the IFIC Central CVS Service.

  • Administrating the project

    1. Granting write access to CVS

      2. In principle, a person who should do an administrative work on a given project is its librarian, and not the CVS team providing the Service. Librarian is allowed to modify everything in his/her project, including the configuration files in CVSROOT directory.

      If you (the librarian or another person having write access to the CVSROOT directory) want to give write access to a given user, you will need to check-out, modify and commit the following files:

      • CVSROOT/writers
      • CVSROOT/commitavail
      • CVSROOT/tagavail

      First, put user's login name into CVSROOT/writers file (one name per line). Username must have NO WHITE SPACE before or after. Don't forget to put a new line after the last user. If this file exists and a user is not listed in it, he has read-only access. If you want to learn more about writers and readers files, have a look here.

      Next, you need to add user's name to CVSROOT/commitavail and CVSROOT/tagavail files (following the comments on those 2 files). You can list users who should have access rights for each module (or even directory) separately. To have a basic idea of the syntax used in this files, have a look at the following example of commitavail file:

      # By default nobody can commit anything

      unavail

      # Let's give access to everywhere to cvsadmin and librarian

      avail | cvsadmin yourlibrarian

      # For each module or directory we give write access to its developers:

      # dev1 and dev2 can write everywhere in ade and subdirectories,
      # dev3 only in ade/adeswitching and subdirectories

      avail | dev1 dev2 | ade
      avail | dev3 | ade/adeswitching

      # dev2 shouldn't write to ade/timingeditor, but he still can write
      # to ade and other subdirectories

      unavail | dev2 | ade/timingeditor

      # finally, dev4 can write to all modules except ade and
      # CVSROOT (where configuration files are kept)

      avail | dev4
      unavail | dev4 | ade CVSROOT

      This file is processed in top-bottom order, so the last line matters most! You can have your own tags by adding them to "avail" and "unavail" commands after a dot. Anything that is after "avail." or "unavail.", is omitted by the parser. An example: 

      avail.admins | cvsadmin yourlibrarian
      unavail.yourtag | james | myprivatemodule

    2. Setting access to web interfaces

      3. A librarian can decide whether his repository should be accessible via CVS web interfaces (currently only ViewVC) and to whom. There are three possibilities: a repository can be visible to everyone (Public access), it can be visible for users from IFIC domains only (Restricted), or it can be not visible on the web at all (None). The default access is restricted. Only the hostnames that end with ".ific.uv.es" are eligible for restricted access.

      In order to see or change a current setting, librarian should request it to CVS.Support@ific.uv.es.

    3. E-mails sent after each commit/tag

      4. If you want to have an e-mail sent to the librarian or to all developers after each commit or tag, follow these instructions:

      • (optional) Create a mailing list with all e-mail addresses of people that should receive notifications
      • Check out CVSROOT of your project and copy the files logMail.py and tagMail.py into it
      • Edit the files following the instruction in the comments: update the repository directory, "from" mailing address and "to" mailing list (search for ???). If you didn't create a mailing list, you can put a comma-separated list of e-mail addresses into toaddrs field.
      • Check that both files have execute permissions and add them to CVSROOT 
        chmod a+x logMail.py tagMail.py
        cvs add logMail.py tagMail.py
      • Add the following lines at the end of checkoutlist file: 
        logMail.py  could not check out logMail.py !
        tagMail.py  could not check out tagMail.py !
      • Add the following lines at the end of loginfo file: 
        ALL $CVSROOT/CVSROOT/logMail.py %s
      • Add the following lines at the end of taginfo file: 
        ALL $CVSROOT/CVSROOT/tagMail.py
      • Don't forget to check the CVSROOT back in! 
        cvs ci -m "Sending e-mails after commit/tag" .
      • After committing the files, check that the files are indeed executable.

    4. Changing the librarian

      5. Sometimes the person responsible for a given CVS repository (aka. librarian) changes. To change the person responsible for a CVS project, former librarian should:

      • modify, by using cvs checkout/checkin command, CVSROOT/commitavail and CVSROOT/tagavail files by adding the new librarian into the list of administrator (usually the first avail list in the file)
      Change of librarian implies also some modification in CVS Service configuration files. To request it, the former librarian should send a message to CVS.Support@ific.uv.es, naming the person who will become the new librarian.  

  • Known issues

    1. CVS and secrets/passwords

      2. Because of the open-source idea behind CVS itself, CVS does not provide any mechanisms to control read access. Repositories in the IFIC Central CVS Service are therefore readable to anyone with an account at IFIC.

      Having that in mind, developers who keep their source code in CVS should make sure that no secret information like decryption keys, passwords etc. is put into CVS. Unfortunately, such secret data is quite often hardcoded in the source code that is later being put into CVS. This is usually considered as a bad software development practice. Please read How to keep secrets secret for more information and suggestions on alternatives to hardcoding passwords.

      Librarians of the CVS repositories are also reminded that they should decide whether a Web interface (ViewVC) to their project files is either accessible to everyone; or restricted to IFIC only; or disabled completely (more details).

  • Help and support

    • The responsible librarian of each project should be taking care of:

    • questions on how to use CVS,
    • access requests to a given CVS project,
    • questions about the structure of a given CVS project.

    Report the problem providing the output of the comand "cvs -t co ...". The -t cvs option may help debugging the problem.

    All problems encountered in the central CVS service should be reported to CVS.Support@ific.uv.es