[H-GEN] Setting up a Subversion/CVS Repository

Sarah Hollings sarah at humanfactors.uq.edu.au
Fri Sep 5 00:37:50 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Stuart Longland wrote:

> [ Humbug *General* list - semi-serious discussions about Humbug and     ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi All,
>     I'm in the process of trying to get a development server up and going,
> primarily for collaborative work on a new Linux distribution, however,
> I'm having problems getting Subversion going.

I've had no experience with subversion, and I applaud the motivation of 
the argoUML guys for wanting to write a "better cvs".  However CVS is 
very stable, well documented and very powerful.  It is possible to 
secure CVS to a very good standard.  CVS clients work well on almost any 
platform you care to name, are fast and have small footprints.

Some aspects of the architecture of subversion concern me, and I think 
it'll be a few years yet before I entrust our 1000's of LOC to it.

>     I've given up completely on CVS, as it wasn't clear how you secure it,
> however, if someone could point me to a reasonable guide on how to set
> up CVS/SSH and/or HTTPS-based Subversion, this would be great.
> 
>     Has anyone had any luck setting up either one of these two revision
> control systems?

A course that I wrote and teach covers exactly this, securing CVS using 
SSH.

The basic idea is to set up a standard packaged cvs server and sshd from 
your favourite linux distro.  During the setup process ensure you're not 
running the cvs pserver.  Clients connect over ssh by setting 
CVS_RSH=ssh.  This works on Linux, Mac and Windows (all flavours).

To harden the server set all ssh secure options, eg no password access 
(keys only), no root, no X11 forwarding, etc etc.  Per user you can 
restrict access to just the cvs server command by using their 
authorized_keys file (thanks Mark!). Using Unix groups and permissions 
you can have a fairly good level of control over writing different 
modules/projects.

An easy to setup cgi called viewcvs will give you a nice web front end 
for when you want to access doco and aren't at your cvs client; or for 
non-technical project stakeholders to access doco, logs etc.

Rgds,

Sarah


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list