pjs/webtools/despot
reed%reedloden.com a9c00ca3b4 Backing out bug 374282 since bug 369013 was fixed differently. 2007-05-08 00:27:15 +00:00
..
.cvsignore
.htaccess
README
UPGRADING
checkandwhine.pl
commitcheck.templ
config.pl.dist Backing out bug 374282 since bug 369013 was fixed differently. 2007-05-08 00:27:15 +00:00
cvs_user.patch
despot.cgi
handcuff.gif
help.html
maketables.sh
owners.templ
syncit.pl Backing out bug 374282 since bug 369013 was fixed differently. 2007-05-08 00:27:15 +00:00
utils.pl Bug 369188 - "bonsai shell_escape problem" [p=reed r=reed] 2007-04-12 01:20:07 +00:00

README

This is Despot, mozilla.org's system of managing users.

Maybe you'll find it useful, but for now, we're just concentrating on
developing it for our own needs.

So don't expect a lot of help from us in understanding this code...

---------------------------------------------------------------------

INSTALLATION: 

See the Bugzilla README; you'll need to install at least MySQL, Perl,
and the MySQL-related Perl module collection as documented there.
You'll need a relatively new version of MySQL: 3.20.32a is known not
work; 3.22.32 is.

You'll may also need to build a version of CVS with the patch in
cvs_user.patch applied.  I found cvs_user.patch in archives on the
net; unfortunately I didn't keep track of where.  However, the CVS 
repository for CVS itself now has this patch applied, so if your 
copy of CVS is new enough, this may not be necessary.  

# create a database called mozusers:

mysqladmin -p create mozusers

# create the tables

./maketables.sh

# insert a user with despot powers (probably yourself) and a daemon
# user (for despot to do updates and synchronization) into the users
# table of the mozusers database.

mysql mozusers

mysql> insert users set id=1, email="dmose@mozilla.org", 
	realname="Dan Mosedale", passwd="", 
	gila_group="cvsadm", cvs_group="cvsadm", despot="Yes", 
	neednewpassword="Yes", disabled="No", voucher=1, 
	signedform="No";

mysql> insert users set id=2, email="despotdaemon@foo.com", 
	realname="The Despot Daemon", passwd="", 
	gila_group="cvsadm", cvs_group="cvsadm", despot="No", 
	neednewpassword="Yes", disabled="No", voucher=1, 
	signedform="No";

# go to the webserver where you've got this set up and change the
# passwords for both of these accounts

# get anoncvs from the friedman-branch-openbsd-rel-1997-10-13
# branch.  edit as appropriate, build, and install cvspserversh.

# on the cvs servers, create a cvsadm group, and a cvsadm user in that 
# group.  they should both have a shell of cvspserversh.

# set up 2 cvs repositories, 

cvs -d /path/to/repos1 init
cvs -d /path/to/repos2 init

# create a passwd file in both CVSROOT directories and add a user in
# both places that the despotdaemon will use to do its checkins.
# the file will contain a single line that looks just like the
# following.  the first field should be an email address with @ replaced by
# %, and the second field is an already crypt()ed representation of a
# password, just like the one used in /etc/passwd.  the third field is 
# the unix group (this group needs to have write access to the
# CVSROOT/passwd files.  (don't use foo.com; use a working email address at
# your local site)

despotdaemon%foo.com:$1$2Zjkl2kjjgvGGapOsss7CLmocwX620:cvsadm

# make sure the repositories are owned by the cvsadm user
# and group.  turn on the setgid bit on all directories for appropriate
# group inheritance semantics (assuming your unix supports this).

find . -type=d -print | xargs chmod g+s /path/to/repos1 /path/to/repos2
chown -R cvsadm.cvsadm /path/to/repos1 /path/to/repos2

# create binary ,v files by doing an RCS checkin of the files in both places.  
# note that there are problems using the passwd strings from /etc/shadow 
# on linux.  the strings from /etc/shadow on solaris 2.6 machines seem to work
# however.
#
rcs -i -kb passwd
ci -u passwd

# if you're using cvs pserver, add the following line to
# /etc/inetd.conf.  this particular config line assumes tcpd is installed.

cvspserver stream tcp nowait dmose /usr/sbin/tcpd /usr/bin/cvs --allow-root=/path/to/repos1 --allow-root=/path/to/repos2 pserver

# test (at least one of) your repositories

env CVSROOT=:pserver:despotdaemon%foo.com@127.0.0.1:/path/to/repos1 cvs login
env CVSROOT=:pserver:despotdaemon%foo.com@127.0.0.1:/path/to/repos1 cvs co /

# add entries for your repositories to the repositories table in the database
#

mysql mozusers

mysql> insert repositories set id=2, name="gila", cvsroot=
 ":pserver:despotdaemon%foo.com@127.0.0.1:/export/despot/repos/fake-gila", 
	domailing=0;

mysql> insert repositories set id=3, name="cvs", cvsroot=
":pserver:despotdaemon%foo.com@127.0.0.1:/export/despot/repos/fake-lizard"
	, ownersrepository=2, ownerspath="owners.html", domailing=0;

# add default partitions for both repositories
#
mysql> insert partitions set id=1, name="default", repositoryid=2, 
       state="Open", branchid=1;

mysql> insert partitions set id=4, name="default", repositoryid=3, 
       state="Open", branchid=1;


# make sure the commitcheck.pl actually gets called.  do this in both
# repositories
#
cd CVSROOT
co -l commitinfo
echo 'ALL\t$CVSROOT/CVSROOT/commitcheck.pl' >> commitinfo
ci -u commitinfo

# XXX create a .cvspass somewhere OTHER THAN in the directory where you 
# want to run despot.  you also need to modify the path to that in at least one
# of the scripts.

# create null copies of commitcheck.pl in both repositories (repeat the
# steps below for the second repository as well)
#
cd /path/to/repos1/CVSROOT
touch commitcheck.pl
chmod 775 commitcheck.pl
chown cvsadm *
ci -u commitcheck.pl

# XXX add lines for passwd and commitcheck.pl to checkout in both repositories

# XXX edit CVSROOT/config and set stuff like SystemAuth=no