mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Change to update sections 3 and 4, miscellaneous updates.

This commit is contained in:
barnboy%trilobyte.net 2001-03-07 20:55:39 +00:00
Родитель f5d1d74918
Коммит 1d53981880
1 изменённых файлов: 142 добавлений и 86 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

228
webtools/bugzilla/README
Просмотреть файл

@ -5,11 +5,14 @@ This is Bugzilla. See <http://www.mozilla.org/bugs/>.
DISCLAIMER
==========
This is not very well packaged code. It's not packaged at all. Don't
come here expecting something you plop in a directory, twiddle a few
things, and you're off and using it. Work has to be done to get there.
We'd like to get there, but it wasn't clear when that would be, and so we
decided to let people see it first.
Bugzilla is not a package where you can just plop it in a directory,
twiddle a few things, and you're off. Installing Bugzilla assumes you
know your variant of UNIX or Microsoft Windows well, are familiar with the
command line, and are comfortable compiling and installing a plethora
of third-party utilities. To install Bugzilla on Win32 requires
fair Perl proficiency, and if you use a webserver other than Apache you
should be intimately familiar with the security mechanisms and CGI
environment thereof.
Bugzilla has not undergone a complete security review. Security holes
may exist in the code. Great care should be taken both in the installation
@ -17,26 +20,46 @@ and usage of this software. Carefully consider the implications of
installing other network services with Bugzilla.
===========
CONVENTIONS
===========
Throughout this README and "The Bugzilla Guide" in the docs/ folder,
we use some writing conventions. Bourne shell prompts are used
generically to indicate any shell.
File Names file.extension
Directory Names directory/
Commands to be typed <shell> command
Prompt of user command under bash shell: bash$
Prompt of root user command under bash shell: bash#
Prompt of user command under tcsh shell: tcsh$
Environment Variables VARIABLE
Emphasized word *word*
============
INSTALLATION
============
0. Introduction
Installation of bugzilla is pretty straight forward, especially if your
Installation of bugzilla is pretty straightforward, particularly if your
machine already has MySQL and the MySQL-related perl packages installed.
If those aren't installed yet, then that's the first order of business. The
other necessary ingredient is a web server set up to run cgi scripts.
While using Apache for your webserver is not required, it is recommended.
Bugzilla has been successfully installed under Solaris, Linux, and
Windows NT. The peculiarities of installing on Windows NT have not
been included in this README; please consult the Bugzilla Guide for
detailed Windows NT installation instructions.
Win32. The peculiarities of installing on Win32 (Win98+/NT/2K) are not
included in this README; please consult the Bugzilla Guide for more
detailed Win32 installation instructions.
The Bugzilla Guide is contained in the "docs/" folder. It is available
in plain text (docs/txt), HTML (docs/html), or SGML source (docs/sgml).
news://news.mozilla.org/19990913183810.SVTR29939.mta02@onebox.com
1. Installing the Prerequisites
@ -50,18 +73,22 @@ news://news.mozilla.org/19990913183810.SVTR29939.mta02@onebox.com
6. TimeDate Perl module collection
7. GD perl module (1.8.3)
8. Chart::Base Perl module (0.99c)
9. The web server of your choice
9. The web server of your choice. Apache is recommended.
Bugzilla has quite a few prerequisites, but none of them are TCL.
Previous versions required TCL, but it no longer needed (or used).
For the contrib/bug_email.pl interface, you also need:
10. MIME::Parser Perl module
You must also run Bugzilla on a filesystem that supports file locking via
You must also run Bugzilla on a filesystem that supports file locking via
flock(). This is necessary for Bugzilla to operate safely with multiple
instances.
It is a good idea, while installing Bugzilla, to ensure it is not
accessible from the Internet. The machine may be vulnerable to attacks
while you are installing.
1.1. Getting and setting up MySQL database (3.22.5 or greater)
Visit MySQL homepage at http://www.mysql.org and grab the latest stable
Visit MySQL homepage at http://www.mysql.org/ and grab the latest stable
release of the server. Both binaries and source are available and which
you get shouldn't matter. Be aware that many of the binary versions
of MySQL store their data files in /var which on many installations
@ -80,6 +107,10 @@ may put on bugs. If you add something like "-O max_allowed_packet=1M"
to the command that starts mysqld (or safe_mysqld), then you will be
able to have attachments up to about 1 megabyte.
If you plan on running Bugzilla and MySQL on the same machine,
consider using the "--skip-networking" option in the init script.
This enhances security by preventing network access to MySQL.
1.2. Perl (5.004 or greater)
Any machine that doesn't have perl on it is a sad machine indeed. Perl
@ -94,6 +125,20 @@ a sane install. In the subsequent sections you'll be installing quite
a few perl modules; this can be quite ornery if your perl installation
isn't up to snuff.
SHORTCUT: You can skip the following Perl module installation
steps by installing "Bundle::Bugzilla" from CPAN, which includes them.
All Perl module installation steps require you have an active Internet
connection.
bash# perl -MCPAN -e 'install "Bundle::Bugzilla"'
Bundle::Bugzilla doesn't include GD, Chart::Base, or MIME::Parser,
which are not essential to a basic Bugzilla install. If installing
this bundle fails, you should install each module individually to
isolate the problem.
1.3. DBI Perl module
The DBI module is a generic Perl module used by other database related
@ -113,7 +158,7 @@ which does all the hard work for you.
To use the CPAN shell to install DBI:
1. Type perl -MCPAN -e 'install "DBI"'
bash# perl -MCPAN -e 'install "DBI"'
(replace DBI with the name of the module you wish to install, Data::Dumper,
etc...)
@ -209,7 +254,8 @@ versions of GD.
You have a freedom of choice here - Apache, Netscape or any other
server on UNIX would do. You can easily run the web server on a different
machine than MySQL, but that makes MySQL permissions harder to manage.
machine than MySQL, but need to adjust the MySQL "bugs" user permissions
accordingly.
You'll want to make sure that your web server will run any file
with the .cgi extension as a cgi and not just display it. If you're using
@ -231,24 +277,32 @@ access.conf.
2. Installing the Bugzilla Files
You should untar the bugzilla files into a directory that you're
You should untar the Bugzilla files into a directory that you're
willing to make writable by the default web server user (probably
'nobody'). You may decide to put the files off of the main web space
for your web server or perhaps off of /usr/local with a symbolic link
in the web space that points to the bugzilla directory. At any rate,
just dump all the files in the same place (optionally omitting the CVS
directory if it accidentally got tarred up with the rest of bugzilla)
and make sure you can get at the files in that directory through your
directories if they were accidentally tarred up with the rest of Bugzilla)
and make sure you can access the files in that directory through your
web server.
HINT: If you symlink the bugzilla directory into your Apache's
HTML heirarchy, you may receive "Forbidden" errors unless you
add the "FollowSymLinks" directive to the <Directory> entry
for the HTML root.
Once all the files are in a web accessible directory, make that
directory writable by your webserver's user (which may require just
making it world writable).
making it world writable). This is a temporary step until you run
the post-install "checksetup.pl" script, which locks down your
installation.
Lastly, you'll need to set up a symbolic link from /usr/bonsaitools/bin
to the correct location of your perl executable (probably /usr/bin/perl).
Or, you'll have to hack all the .cgi files to change where they look
for perl.
Otherwise you must hack all the .cgi files to change where they look
for perl. To make future upgrades easier, you should use the symlink
approach.
3. Setting Up the MySQL database
@ -256,62 +310,55 @@ for perl.
to start preparing the database for its life as a the back end to a high
quality bug tracker.
First, you'll want to fix MySQL permissions. By default, Bugzilla
logs in as user "bugs", with no password. That needs to work. MySQL
permissions are a deep, nasty complicated thing. I've just turned
them off. If you want to do that, too, then the magic is to do run
"mysql mysql", and feed it commands like this (replace all instances of
HOSTNAME with the name of the machine mysql is running on):
First, you'll want to fix MySQL permissions to allow access from
Bugzilla. For the purpose of this README, the Bugzilla username
will be "bugs", and will have minimal permissions. Bugzilla has
not undergone a thorough security audit. It may be possible for
a system cracker to somehow trick Bugzilla into executing a command
such as "; DROP DATABASE mysql".
DELETE FROM host;
DELETE FROM user;
INSERT INTO host VALUES
('localhost','%','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
INSERT INTO host VALUES
(HOSTNAME,'%','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
INSERT INTO user VALUES
('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y',
'Y','Y','Y','Y','Y');
INSERT INTO user VALUES
(HOSTNAME,'','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y',
'Y','Y','Y');
INSERT INTO user VALUES
(HOSTNAME,'root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y',
'Y','Y','Y','Y');
INSERT INTO user VALUES
('localhost','','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y',
'Y','Y','Y','Y');
That would be bad.
The number of 'Y' entries to use varies with the version of MySQL; they
keep adding columns. The list here should work with version 3.22.23b.
Give the MySQL root user a password. MySQL passwords are
limited to 16 characters.
This run of "mysql mysql" may need some extra parameters to deal with
whatever database permissions were set up previously. In particular,
you might have to say "mysql -uroot mysql", and give it an appropriate
password.
bash$ mysql -u root mysql
mysql> UPDATE user SET Password=PASSWORD ('new_password')
WHERE user='root';
mysql> FLUSH PRIVILEGES;
For much more information about MySQL permissions, see the MySQL
documentation.
From this point on, if you need to access MySQL as the
MySQL root user, you will need to use "mysql -u root -p" and
enter your new_password. Remember that MySQL user names have
nothing to do with Unix user names (login names).
After you've tweaked the permissions, run "mysqladmin reload" to make
sure that the database server knows to look at your new permission list.
Next, we create the "bugs" user, and grant sufficient
permissions for checksetup.pl, which we'll use later, to work
its magic. This also restricts the "bugs" user to operations
within a database called "bugs", and only allows the account
to connect from "localhost". Modify it to reflect your setup
if you will be connecting from another machine or as a different
user.
Or, at the mysql prompt:
Remember to set bugs_password to some unique password.
mysql> flush privileges;
mysql> GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,
ALTER,CREATE,DROP,REFERENCES
ON bugs.* TO bugs@localhost
IDENTIFIED BY 'bugs_password';
mysql> FLUSH PRIVILEGES;
You must explictly tell mysql to reload permissions before running
checksetup.pl.
Next, run the magic checksetup.pl script. (Many thanks to Holger
Schurig <holgerschurig@nikocity.de> for writing this script!)
It will make sure Bugzilla files and directories have reasonable
permissions, set up the "data" directory, and create all the MySQL
tables.
Next, you can just run the magic checksetup.pl script. (Many thanks
to Holger Schurig <holgerschurig@nikocity.de> for writing this script!)
It will make sure things have reasonable permissions, set up the "data"
directory, and create all the MySQL tables. Just run:
./checksetup.pl
bash$ ./checksetup.pl
The first time you run it, it will create a file called "localconfig".
4. Tweaking localconfig
This file contains a variety of settings you may need to tweak including
@ -322,18 +369,16 @@ how Bugzilla should connect to the MySQL database.
1. server's host: just use "localhost" if the MySQL server is
local
2. database name: "bugs" if you're following these directions
3. MySQL username: whatever you created for your webserver user
4. Password for the MySQL account in item 3.
3. MySQL username: "bugs" if you're following these directions
4. Password for the "bugs" MySQL account in item 3.
Once you are happy with the settings, re-run checksetup.pl. On this
second run, it will do the real work of creating the database.
second run, it will create the database and an administrator account
for which you will be prompted to provide information.
One thing it will do is to automatically create an administrator account
from information it will ask for.
When logged into an administrator account, if you go to the query page
(off of the bugzilla main menu), you'll find an 'edit parameters' option
that is filled with editable treats.
When logged into an administrator account once Bugzilla is running,
if you go to the query page (off of the bugzilla main menu), you'll
find an 'edit parameters' option that is filled with editable treats.
Should everything work, you should have a nearly empty copy of the bug
tracking setup.
@ -351,12 +396,12 @@ without causing harm. You should run it after any upgrade to Bugzilla.
5. Setting Up Maintainers Manually (Optional)
If you want to add someone else to every group by hand, you can do it
by typing the appropriate MySQL commands. Run 'mysql bugs' (you may need
extra parameters, depending on your security settings according to
section 3, above), and type:
by typing the appropriate MySQL commands. Run 'mysql -u root -p bugs'
(you may need different parameters, depending on your security settings
according to section 3, above). Then:
update profiles set groupset=0x7fffffffffffffff
where login_name = 'XXX';
mysql> update profiles set groupset=0x7fffffffffffffff
where login_name = 'XXX';
replacing XXX with the Bugzilla email address.
@ -373,16 +418,22 @@ crontab man page):
7. Bug Graphs (Optional)
As long as you installed the GD and Graph::Base Perl modules you might
as well turn on the nifty bugzilla bug reporting graphs. Just add
the command:
as well turn on the nifty bugzilla bug reporting graphs.
cd <your-bugzilla-directory> ; ./collectstats.pl
bash# crontab -e
Adding this entry runs collectstats daily at 5 after midnight:
5 0 * * * cd <your-bugzilla-directory> ; ./collectstats.pl
as a nightly entry to your crontab and after two days have passed you'll
be able to view bug graphs from the Bug Reports page.
After two days have passed you'll be able to view bug graphs from the
Bug Reports page.
8. Real security for MySQL
If you followed the README for setting up your "bugs" and "root" user in
MySQL, much of this should not apply to you. If you are upgrading
an existing installation of Bugzilla, you should pay close attention
to this section.
MySQL has "interesting" default security parameters:
mysqld defaults to running as root
it defaults to allowing external network connections
@ -507,5 +558,10 @@ Martin Pool, & Dan Mosedale (But don't send bug reports to them!
Report them using bugzilla, at http://bugzilla.mozilla.org/enter_bug.cgi ,
project Webtools, component Bugzilla).
This document was heavily modified again Wednesday, March 07 2001 to
reflect changes for Bugzilla 2.12 release by Matthew P. Barnson. The
securing MySQL section should be changed to become standard procedure
for Bugzilla installations.
Comments from people using this document for the first time are
especially welcomed.