gecko-dev/webtools/despot
justdave%bugzilla.org 51097effbd Bug 322734: sanitize sort order input
r=timeless
2006-01-09 02:25:47 +00:00
..
.cvsignore
README
checkandwhine.pl
commitcheck.templ
config.pl.dist
cvs_user.patch
despot.cgi
handcuff.gif
help.html
maketables.sh
owners.templ
syncit.pl
utils.pl

README

This is Despot, mozilla.org's system of managing users.

Maybe you'll find it useful, but for now, we're just concentrating on
developing it for our own needs.

So don't expect a lot of help from us in understanding this code...

---------------------------------------------------------------------

INSTALLATION: 

See the Bugzilla README; you'll need to install at least MySQL, Perl,
and the MySQL-related Perl module collection as documented there.
You'll need a relatively new version of MySQL: 3.20.32a is known not
work; 3.22.32 is.

You'll may also need to build a version of CVS with the patch in
cvs_user.patch applied.  I found cvs_user.patch in archives on the
net; unfortunately I didn't keep track of where.  However, the CVS 
repository for CVS itself now has this patch applied, so if your 
copy of CVS is new enough, this may not be necessary.  

# create a database called mozusers:

mysqladmin -p create mozusers

# create the tables

./maketables.sh

# insert a user with despot powers (probably yourself) and a daemon
# user (for despot to do updates and synchronization) into the users
# table of the mozusers database.

mysql mozusers

mysql> insert users set id=1, email="dmose@mozilla.org", 
	realname="Dan Mosedale", passwd="", 
	gila_group="cvsadm", cvs_group="cvsadm", despot="Yes", 
	neednewpassword="Yes", disabled="No", voucher=1, 
	signedform="No";

mysql> insert users set id=2, email="despotdaemon@foo.com", 
	realname="The Despot Daemon", passwd="", 
	gila_group="cvsadm", cvs_group="cvsadm", despot="No", 
	neednewpassword="Yes", disabled="No", voucher=1, 
	signedform="No";

# go to the webserver where you've got this set up and change the
# passwords for both of these accounts

# get anoncvs from the friedman-branch-openbsd-rel-1997-10-13
# branch.  edit as appropriate, build, and install cvspserversh.

# on the cvs servers, create a cvsadm group, and a cvsadm user in that 
# group.  they should both have a shell of cvspserversh.

# set up 2 cvs repositories, 

cvs -d /path/to/repos1 init
cvs -d /path/to/repos2 init

# create a passwd file in both CVSROOT directories and add a user in
# both places that the despotdaemon will use to do its checkins.
# the file will contain a single line that looks just like the
# following.  the first field should be an email address with @ replaced by
# %, and the second field is an already crypt()ed representation of a
# password, just like the one used in /etc/passwd.  the third field is 
# the unix group (this group needs to have write access to the
# CVSROOT/passwd files.  (don't use foo.com; use a working email address at
# your local site)

despotdaemon%foo.com:$1$2Zjkl2kjjgvGGapOsss7CLmocwX620:cvsadm

# make sure the repositories are owned by the cvsadm user
# and group.  turn on the setgid bit on all directories for appropriate
# group inheritance semantics (assuming your unix supports this).

find . -type=d -print | xargs chmod g+s /path/to/repos1 /path/to/repos2
chown -R cvsadm.cvsadm /path/to/repos1 /path/to/repos2

# create binary ,v files by doing an RCS checkin of the files in both places.  
# note that there are problems using the passwd strings from /etc/shadow 
# on linux.  the strings from /etc/shadow on solaris 2.6 machines seem to work
# however.
#
rcs -i -kb passwd
ci -u passwd

# if you're using cvs pserver, add the following line to
# /etc/inetd.conf.  this particular config line assumes tcpd is installed.

cvspserver stream tcp nowait dmose /usr/sbin/tcpd /usr/bin/cvs --allow-root=/path/to/repos1 --allow-root=/path/to/repos2 pserver

# test (at least one of) your repositories

env CVSROOT=:pserver:despotdaemon%foo.com@127.0.0.1:/path/to/repos1 cvs login
env CVSROOT=:pserver:despotdaemon%foo.com@127.0.0.1:/path/to/repos1 cvs co /

# add entries for your repositories to the repositories table in the database
#

mysql mozusers

mysql> insert repositories set id=2, name="gila", cvsroot=
 ":pserver:despotdaemon%foo.com@127.0.0.1:/export/despot/repos/fake-gila", 
	domailing=0;

mysql> insert repositories set id=3, name="cvs", cvsroot=
":pserver:despotdaemon%foo.com@127.0.0.1:/export/despot/repos/fake-lizard"
	, ownersrepository=2, ownerspath="owners.html", domailing=0;

# add default partitions for both repositories
#
mysql> insert partitions set id=1, name="default", repositoryid=2, 
       state="Open", branchid=1;

mysql> insert partitions set id=4, name="default", repositoryid=3, 
       state="Open", branchid=1;


# make sure the commitcheck.pl actually gets called.  do this in both
# repositories
#
cd CVSROOT
co -l commitinfo
echo 'ALL\t$CVSROOT/CVSROOT/commitcheck.pl' >> commitinfo
ci -u commitinfo

# XXX create a .cvspass somewhere OTHER THAN in the directory where you 
# want to run despot.  you also need to modify the path to that in at least one
# of the scripts.

# create null copies of commitcheck.pl in both repositories (repeat the
# steps below for the second repository as well)
#
cd /path/to/repos1/CVSROOT
touch commitcheck.pl
chmod 775 commitcheck.pl
chown cvsadm *
ci -u commitcheck.pl

# XXX add lines for passwd and commitcheck.pl to checkout in both repositories

# XXX edit CVSROOT/config and set stuff like SystemAuth=no