Introduction

With the upcoming work I'm going to be doing on FreshPorts, I thought it best to start up a cvsup server for the source code. This server will be used to share the data among the other FreshPorts developers.

I used John Polstra's CVSup FAQ for this exercise. Of note is the section on setting up a test server. It's what I used for the basis of this article.

Installing CVSupd

Since I already had the ports collection installed, I only had to do:

# cd /usr/ports/net/cvsupd-bin
# make install

Setting Up a Test Server

In this section, I'm going to show you the bare minimum required to get the server running so you can talk to it from a client.

· Create the base directory.

This is the main directory which cvsupd uses and it's where the repositories will reside. In this example, we'll use /usr/local/etc/cvsup, which is the default. See the -b option for more information.

· Create the collection directory.

For example, /usr/local/etc/cvsup/sup. See the -c option for more information.

· Create the test collection directory.

This directory will contain the test collection. For example, /usr/local/etc/cvsup/sup/test.

· Create the releases file.

The releases file identifies the releases which are associated with this collection. Create /usr/local/etc/cvsupd/sup/test/releases and put the following in it:

cvs list=list.cvs prefix=/home/repositories

This defines the prefix. Our repository will exist at /home/repositories.

· Create the list.cvs file.

This file contains rules for use when processing the cvs release. In this case, it contains the freshports-db collection. Here's what is in that file:

upgrade freshports-db

This is your repository and it is relative to the prefix supplied in the releases file. In our example, the repository will exist at /home/repositories/freshports-db. It is the contents of this subtree which will be transferred.

Start the Server

Starting the server is as easy as running cvsupd:

# /usr/local/sbin/cvsupd

We have not specified a base directory. cvsupd will use the default directory, which we also used to create our base directory. We have not specified the -e option, which means cvsupd will run from the command line and not go into the background. Here's what it looks like when cvsupd starts:

# /usr/local/sbin/cvsupd
2000.12.17 16:54:40 NZDT [75872]: CVSup server started
2000.12.17 16:54:40 NZDT [75872]: Software version: REL_16_1
2000.12.17 16:54:40 NZDT [75872]: Protocol version: 16.1
2000.12.17 16:54:40 NZDT [75872]: Ready to service requests<>

This method is fine for testing, but I actually run it as nobody and ensure that everything it serves is readable by everyone. cvsupd does not create or write files, so from a security point of view, the risk of cvsupd being tricked into damaging your system is actually quite low.

I start cvsupd automatically at system startup by using a shell script in /usr/local/etc/rc.d. It's called cvsupd.sh and I've set its mode to 770:

# chmod 770 cvsupd.sh

The file itself looks like this:

#!/bin/sh
[ -x /usr/local/sbin/cvsupd ] && \
su -m nobody -c "/usr/local/sbin/cvsupd -e -C 8 -l @daemon" && \
echo -n ' cvsupd'

Setting Up a Test Client

We will now set up the test client to use our test server. We are doing this on the same box that is running cvsupd. Create a ~/cvs-test directory. In this directory, create a file named supfile and put the following in it:

*default host=localhost
*default base=.
*default release=cvs
*default delete use-rel-suffix
test

This is our cvsup configuration file. We have specified that we will be connecting to the cvsup server on "localhost", which is the same machine, and that we will be obtaining the "cvs" release. From that release, we want the "test" collection.

To pull down the collection, issue the following command:

% cvsup supfile

Keep in mind it is also assumed that you have the cvsup client installed. If you do not, you can do so by doing:

# cd /usr/ports/net/cvsup-bin
# make install

Here is a succesful connection and cvsup:

% cvsup supfile
Connected to localhost
Updating collection test/cvs
 Mkdir freshports-db
 Create freshports-db/freshports.db.sql,v
 Create freshports-db/permissions.txt,v
 SetAttrs freshports-db
Finished successfully

In this case, it brought down the files associated with my repository.

Restricting Access via Authentication

This section concentrates on restricting access by authenticating the connections. Authentication is controlled by the existence of a file called cvsupd.access which must be in the base directory. If the file does not exist, no authentication takes place.

The file cvsupd.passwd, again in the base directory, contains the authentication rules. Here's the contents I was testing with:

cvsup.example.org:mysecretkey
[email protected]:$md5$c2e5a85c8042ce9f8c71bcc0f52876c8::

The mysecretkey above can be anything you choose. The second line was created using cvpasswd:

% cvpasswd [email protected] cvsup.example.org
Enter password:
Enter same password again:

Send this line to the administrator at cvsup.example.org:
-----------------------------------------------
[email protected]:$md5$c2e5a85c8042ce9f8c71bcc0f52876c8::
-----------------------------------------------
Be sure to send it using a secure channel!

Add this line to your $HOME/.cvsup/auth file, replacing "XXX"
with the password you typed in:
-----------------------------------------------
cvsup.example.org:[email protected]:XXX:
-----------------------------------------------
Make sure the file is readable and writable only by you!

The password I entered was "secret", so this is what I placed in ~/.cvsup/auth on my client machine:

cvsup.example.org:[email protected]:secret:

That should be all that's needed to set up authentication.

Common Problems and Solutions

If you encounter this message:

% cvsup supfile
Connected to localhost
Server message: Collection "test" release "cvs" is not available
here
Skipping collection test/cvs
Finished successfully

The information in the releases file is not correct. In my case, I had put my data in /usr/repositories instead of /home/repositories as specified in releases. Once I moved the repositories, all was well.

If you encounter this message:

% cvsup supfile
Connected to localhost
Server message: Unknown collection "test"
Skipping collection test/cvs
Finished successfully

The collection specified in your client's supfile does not exist on the server.

If you see this message:

% cvsup supfile
Cannot connect to localhost: Connection refused
Will retry at 16:53:45

cvsupd isn't accepting connections. Make sure it's running, and make sure you're allowed to connect. If you see an authentication error instead of a refusal, then the authentication information on either the server or the client is wrong. Check both and try again.

- Dan

Return to the January 2001 Issue