1This is cvs.info, produced by makeinfo version 4.0 from ./cvs.texinfo.
2
3START-INFO-DIR-ENTRY
4* CVS: (cvs). Concurrent Versions System
5END-INFO-DIR-ENTRY
6
7 Copyright (C) 1992, 1993 Signum Support AB Copyright (C) 1993, 1994
8Free Software Foundation, Inc.
9
10 Permission is granted to make and distribute verbatim copies of this
11manual provided the copyright notice and this permission notice are
12preserved on all copies.
13
14 Permission is granted to copy and distribute modified versions of
15this manual under the conditions for verbatim copying, provided also
16that the entire resulting derived work is distributed under the terms
17of a permission notice identical to this one.
18
19 Permission is granted to copy and distribute translations of this
20manual into another language, under the above conditions for modified
21versions, except that this permission notice may be stated in a
22translation approved by the Free Software Foundation.
23
24�
25File: cvs.info, Node: Intro administrative files, Next: Multiple repositories, Prev: Working directory storage, Up: Repository
26
27The administrative files
28========================
29
30 The directory `$CVSROOT/CVSROOT' contains some "administrative
31files". *Note Administrative files::, for a complete description. You
32can use CVS without any of these files, but some commands work better
33when at least the `modules' file is properly set up.
34
35 The most important of these files is the `modules' file. It defines
36all modules in the repository. This is a sample `modules' file.
37
38 CVSROOT CVSROOT
39 modules CVSROOT modules
40 cvs gnu/cvs
41 rcs gnu/rcs
42 diff gnu/diff
43 tc yoyodyne/tc
44
45 The `modules' file is line oriented. In its simplest form each line
46contains the name of the module, whitespace, and the directory where
47the module resides. The directory is a path relative to `$CVSROOT'.
48The last four lines in the example above are examples of such lines.
49
50 The line that defines the module called `modules' uses features that
51are not explained here. *Note modules::, for a full explanation of all
52the available features.
53
54Editing administrative files
55----------------------------
56
57 You edit the administrative files in the same way that you would edit
58any other module. Use `cvs checkout CVSROOT' to get a working copy,
59edit it, and commit your changes in the normal way.
60
61 It is possible to commit an erroneous administrative file. You can
62often fix the error and check in a new revision, but sometimes a
63particularly bad error in the administrative file makes it impossible
64to commit new revisions.
65
66�
67File: cvs.info, Node: Multiple repositories, Next: Creating a repository, Prev: Intro administrative files, Up: Repository
68
69Multiple repositories
70=====================
71
72 In some situations it is a good idea to have more than one
73repository, for instance if you have two development groups that work
74on separate projects without sharing any code. All you have to do to
75have several repositories is to specify the appropriate repository,
76using the `CVSROOT' environment variable, the `-d' option to CVS, or
77(once you have checked out a working directory) by simply allowing CVS
78to use the repository that was used to check out the working directory
79(*note Specifying a repository::).
80
81 The big advantage of having multiple repositories is that they can
82reside on different servers. With CVS version 1.10, a single command
83cannot recurse into directories from different repositories. With
84development versions of CVS, you can check out code from multiple
85servers into your working directory. CVS will recurse and handle all
86the details of making connections to as many server machines as
87necessary to perform the requested command. Here is an example of how
88to set up a working directory:
89
90 cvs -d server1:/cvs co dir1
91 cd dir1
92 cvs -d server2:/root co sdir
93 cvs update
94
95 The `cvs co' commands set up the working directory, and then the
96`cvs update' command will contact server2, to update the dir1/sdir
97subdirectory, and server1, to update everything else.
98
99�
100File: cvs.info, Node: Creating a repository, Next: Backing up, Prev: Multiple repositories, Up: Repository
101
102Creating a repository
103=====================
104
105 To set up a CVS repository, first choose the machine and disk on
106which you want to store the revision history of the source files. CPU
107and memory requirements are modest, so most machines should be
108adequate. For details see *Note Server requirements::.
109
110 To estimate disk space requirements, if you are importing RCS files
111from another system, the size of those files is the approximate initial
112size of your repository, or if you are starting without any version
113history, a rule of thumb is to allow for the server approximately three
114times the size of the code to be under CVS for the repository (you will
115eventually outgrow this, but not for a while). On the machines on
116which the developers will be working, you'll want disk space for
117approximately one working directory for each developer (either the
118entire tree or a portion of it, depending on what each developer uses).
119
120 The repository should be accessible (directly or via a networked
121file system) from all machines which want to use CVS in server or local
122mode; the client machines need not have any access to it other than via
123the CVS protocol. It is not possible to use CVS to read from a
124repository which one only has read access to; CVS needs to be able to
125create lock files (*note Concurrency::).
126
127 To create a repository, run the `cvs init' command. It will set up
128an empty repository in the CVS root specified in the usual way (*note
129Repository::). For example,
130
131 cvs -d /usr/local/cvsroot init
132
133 `cvs init' is careful to never overwrite any existing files in the
134repository, so no harm is done if you run `cvs init' on an already
135set-up repository.
136
137 `cvs init' will enable history logging; if you don't want that,
138remove the history file after running `cvs init'. *Note history file::.
139
140�
141File: cvs.info, Node: Backing up, Next: Moving a repository, Prev: Creating a repository, Up: Repository
142
143Backing up a repository
144=======================
145
146 There is nothing particularly magical about the files in the
147repository; for the most part it is possible to back them up just like
148any other files. However, there are a few issues to consider.
149
150 The first is that to be paranoid, one should either not use CVS
151during the backup, or have the backup program lock CVS while doing the
152backup. To not use CVS, you might forbid logins to machines which can
153access the repository, turn off your CVS server, or similar mechanisms.
154The details would depend on your operating system and how you have CVS
155set up. To lock CVS, you would create `#cvs.rfl' locks in each
156repository directory. See *Note Concurrency::, for more on CVS locks.
157Having said all this, if you just back up without any of these
158precautions, the results are unlikely to be particularly dire.
159Restoring from backup, the repository might be in an inconsistent
160state, but this would not be particularly hard to fix manually.
161
162 When you restore a repository from backup, assuming that changes in
163the repository were made after the time of the backup, working
164directories which were not affected by the failure may refer to
165revisions which no longer exist in the repository. Trying to run CVS
166in such directories will typically produce an error message. One way
167to get those changes back into the repository is as follows:
168
169 * Get a new working directory.
170
171 * Copy the files from the working directory from before the failure
172 over to the new working directory (do not copy the contents of the
173 `CVS' directories, of course).
174
175 * Working in the new working directory, use commands such as `cvs
176 update' and `cvs diff' to figure out what has changed, and then
177 when you are ready, commit the changes into the repository.
178
179�
180File: cvs.info, Node: Moving a repository, Next: Remote repositories, Prev: Backing up, Up: Repository
181
182Moving a repository
183===================
184
185 Just as backing up the files in the repository is pretty much like
186backing up any other files, if you need to move a repository from one
187place to another it is also pretty much like just moving any other
188collection of files.
189
190 The main thing to consider is that working directories point to the
191repository. The simplest way to deal with a moved repository is to
192just get a fresh working directory after the move. Of course, you'll
193want to make sure that the old working directory had been checked in
194before the move, or you figured out some other way to make sure that
195you don't lose any changes. If you really do want to reuse the existing
196working directory, it should be possible with manual surgery on the
197`CVS/Repository' files. You can see *Note Working directory storage::,
198for information on the `CVS/Repository' and `CVS/Root' files, but
199unless you are sure you want to bother, it probably isn't worth it.
200
201�
202File: cvs.info, Node: Remote repositories, Next: Read-only access, Prev: Moving a repository, Up: Repository
203
204Remote repositories
205===================
206
207 Your working copy of the sources can be on a different machine than
208the repository. Using CVS in this manner is known as "client/server"
209operation. You run CVS on a machine which can mount your working
210directory, known as the "client", and tell it to communicate to a
211machine which can mount the repository, known as the "server".
212Generally, using a remote repository is just like using a local one,
213except that the format of the repository name is:
214
215 :METHOD:USER@HOSTNAME:/path/to/repository
216
217 The details of exactly what needs to be set up depend on how you are
218connecting to the server.
219
220 If METHOD is not specified, and the repository name contains `:',
221then the default is `ext' or `server', depending on your platform; both
222are described in *Note Connecting via rsh::.
223
224* Menu:
225
226* Server requirements:: Memory and other resources for servers
227* Connecting via rsh:: Using the `rsh' program to connect
228* Password authenticated:: Direct connections using passwords
229* GSSAPI authenticated:: Direct connections using GSSAPI
230* Kerberos authenticated:: Direct connections with kerberos
231* Connecting via fork:: Using a forked `cvs server' to connect
232
233�
234File: cvs.info, Node: Server requirements, Next: Connecting via rsh, Up: Remote repositories
235
236Server requirements
237-------------------
238
239 The quick answer to what sort of machine is suitable as a server is
240that requirements are modest--a server with 32M of memory or even less
241can handle a fairly large source tree with a fair amount of activity.
242
243 The real answer, of course, is more complicated. Estimating the
244known areas of large memory consumption should be sufficient to
245estimate memory requirements. There are two such areas documented
246here; other memory consumption should be small by comparison (if you
247find that is not the case, let us know, as described in *Note BUGS::,
248so we can update this documentation).
249
250 The first area of big memory consumption is large checkouts, when
251using the CVS server. The server consists of two processes for each
252client that it is serving. Memory consumption on the child process
253should remain fairly small. Memory consumption on the parent process,
254particularly if the network connection to the client is slow, can be
255expected to grow to slightly more than the size of the sources in a
256single directory, or two megabytes, whichever is larger.
257
258 Multiplying the size of each CVS server by the number of servers
259which you expect to have active at one time should give an idea of
260memory requirements for the server. For the most part, the memory
261consumed by the parent process probably can be swap space rather than
262physical memory.
263
264 The second area of large memory consumption is `diff', when checking
265in large files. This is required even for binary files. The rule of
266thumb is to allow about ten times the size of the largest file you will
267want to check in, although five times may be adequate. For example, if
268you want to check in a file which is 10 megabytes, you should have 100
269megabytes of memory on the machine doing the checkin (the server
270machine for client/server, or the machine running CVS for
271non-client/server). This can be swap space rather than physical
272memory. Because the memory is only required briefly, there is no
273particular need to allow memory for more than one such checkin at a
274time.
275
276 Resource consumption for the client is even more modest--any machine
277with enough capacity to run the operating system in question should
278have little trouble.
279
280 For information on disk space requirements, see *Note Creating a
281repository::.
282
283�
284File: cvs.info, Node: Connecting via rsh, Next: Password authenticated, Prev: Server requirements, Up: Remote repositories
285
286Connecting with rsh
287-------------------
288
289 CVS uses the `rsh' protocol to perform these operations, so the
290remote user host needs to have a `.rhosts' file which grants access to
291the local user.
292
293 For example, suppose you are the user `mozart' on the local machine
294`toe.example.com', and the server machine is `faun.example.org'. On
295faun, put the following line into the file `.rhosts' in `bach''s home
296directory:
297
298 toe.example.com mozart
299
300 Then test that `rsh' is working with
301
302 rsh -l bach faun.example.org 'echo $PATH'
303
304 Next you have to make sure that `rsh' will be able to find the
305server. Make sure that the path which `rsh' printed in the above
306example includes the directory containing a program named `cvs' which
307is the server. You need to set the path in `.bashrc', `.cshrc', etc.,
308not `.login' or `.profile'. Alternately, you can set the environment
309variable `CVS_SERVER' on the client machine to the filename of the
310server you want to use, for example `/usr/local/bin/cvs-1.6'.
311
312 There is no need to edit `inetd.conf' or start a CVS server daemon.
313
314 There are two access methods that you use in `CVSROOT' for rsh.
315`:server:' specifies an internal rsh client, which is supported only by
316some CVS ports. `:ext:' specifies an external rsh program. By default
317this is `rsh' but you may set the `CVS_RSH' environment variable to
318invoke another program which can access the remote server (for example,
319`remsh' on HP-UX 9 because `rsh' is something different). It must be a
320program which can transmit data to and from the server without modifying
321it; for example the Windows NT `rsh' is not suitable since it by
322default translates between CRLF and LF. The OS/2 CVS port has a hack
323to pass `-b' to `rsh' to get around this, but since this could
324potentially cause problems for programs other than the standard `rsh',
325it may change in the future. If you set `CVS_RSH' to `SSH' or some
326other rsh replacement, the instructions in the rest of this section
327concerning `.rhosts' and so on are likely to be inapplicable; consult
328the documentation for your rsh replacement.
329
330 Continuing our example, supposing you want to access the module
331`foo' in the repository `/usr/local/cvsroot/', on machine
332`faun.example.org', you are ready to go:
333
334 cvs -d :ext:bach@faun.example.org:/usr/local/cvsroot checkout foo
335
336 (The `bach@' can be omitted if the username is the same on both the
337local and remote hosts.)
338
339�
340File: cvs.info, Node: Password authenticated, Next: GSSAPI authenticated, Prev: Connecting via rsh, Up: Remote repositories
341
342Direct connection with password authentication
343----------------------------------------------
344
345 The CVS client can also connect to the server using a password
346protocol. This is particularly useful if using `rsh' is not feasible
347(for example, the server is behind a firewall), and Kerberos also is
348not available.
349
350 To use this method, it is necessary to make some adjustments on both
351the server and client sides.
352
353* Menu:
354
355* Password authentication server:: Setting up the server
356* Password authentication client:: Using the client
357* Password authentication security:: What this method does and does not do
358
359�
360File: cvs.info, Node: Password authentication server, Next: Password authentication client, Up: Password authenticated
361
362Setting up the server for password authentication
363.................................................
364
365 First of all, you probably want to tighten the permissions on the
366`$CVSROOT' and `$CVSROOT/CVSROOT' directories. See *Note Password
367authentication security::, for more details.
368
369 On the server side, the file `/etc/inetd.conf' needs to be edited so
370`inetd' knows to run the command `cvs pserver' when it receives a
371connection on the right port. By default, the port number is 2401; it
372would be different if your client were compiled with `CVS_AUTH_PORT'
373defined to something else, though.
374
375 If your `inetd' allows raw port numbers in `/etc/inetd.conf', then
376the following (all on a single line in `inetd.conf') should be
377sufficient:
378
379 2401 stream tcp nowait root /usr/local/bin/cvs
380 cvs -f --allow-root=/usr/cvsroot pserver
381
382 You could also use the `-T' option to specify a temporary directory.
383
384 The `--allow-root' option specifies the allowable CVSROOT directory.
385Clients which attempt to use a different CVSROOT directory will not be
386allowed to connect. If there is more than one CVSROOT directory which
387you want to allow, repeat the option. (Unfortunately, many versions of
388`inetd' have very small limits on the number of arguments and/or the
389total length of the command. The usual solution to this problem is to
390have `inetd' run a shell script which then invokes CVS with the
391necessary arguments.)
392
393 If your `inetd' wants a symbolic service name instead of a raw port
394number, then put this in `/etc/services':
395
396 cvspserver 2401/tcp
397
398 and put `cvspserver' instead of `2401' in `inetd.conf'.
399
400 Once the above is taken care of, restart your `inetd', or do
401whatever is necessary to force it to reread its initialization files.
402
403 If you are having trouble setting this up, see *Note Connection::.
404
405 Because the client stores and transmits passwords in cleartext
406(almost--see *Note Password authentication security::, for details), a
407separate CVS password file is generally used, so people don't compromise
408their regular passwords when they access the repository. This file is
409`$CVSROOT/CVSROOT/passwd' (*note Intro administrative files::). It
410uses a colon-separated format, similar to `/etc/passwd' on Unix systems,
411except that it has fewer fields: CVS username, optional password, and
412an optional system username for CVS to run as if authentication
413succeeds. Here is an example `passwd' file with five entries:
414
415 anonymous:
416 bach:ULtgRLXo7NRxs
417 spwang:1sOp854gDF3DY
418 melissa:tGX1fS8sun6rY:pubcvs
419 qproj:XR4EZcEs0szik:pubcvs
420
421 (The passwords are encrypted according to the standard Unix
422`crypt()' function, so it is possible to paste in passwords directly
423from regular Unix `/etc/passwd' files.)
424
425 The first line in the example will grant access to any CVS client
426attempting to authenticate as user `anonymous', no matter what password
427they use, including an empty password. (This is typical for sites
428granting anonymous read-only access; for information on how to do the
429"read-only" part, see *Note Read-only access::.)
430
431 The second and third lines will grant access to `bach' and `spwang'
432if they supply their respective plaintext passwords.
433
434 The fourth line will grant access to `melissa', if she supplies the
435correct password, but her CVS operations will actually run on the
436server side under the system user `pubcvs'. Thus, there need not be
437any system user named `melissa', but there _must_ be one named `pubcvs'.
438
439 The fifth line shows that system user identities can be shared: any
440client who successfully authenticates as `qproj' will actually run as
441`pubcvs', just as `melissa' does. That way you could create a single,
442shared system user for each project in your repository, and give each
443developer their own line in the `$CVSROOT/CVSROOT/passwd' file. The CVS
444username on each line would be different, but the system username would
445be the same. The reason to have different CVS usernames is that CVS
446will log their actions under those names: when `melissa' commits a
447change to a project, the checkin is recorded in the project's history
448under the name `melissa', not `pubcvs'. And the reason to have them
449share a system username is so that you can arrange permissions in the
450relevant area of the repository such that only that account has
451write-permission there.
452
453 If the system-user field is present, all password-authenticated CVS
454commands run as that user; if no system user is specified, CVS simply
455takes the CVS username as the system username and runs commands as that
456user. In either case, if there is no such user on the system, then the
457CVS operation will fail (regardless of whether the client supplied a
458valid password).
459
460 The password and system-user fields can both be omitted (and if the
461system-user field is omitted, then also omit the colon that would have
462separated it from the encrypted password). For example, this would be a
463valid `$CVSROOT/CVSROOT/passwd' file:
464
465 anonymous::pubcvs
466 fish:rKa5jzULzmhOo:kfogel
467 sussman:1sOp854gDF3DY
468
469 When the password field is omitted or empty, then the client's
470authentication attempt will succeed with any password, including the
471empty string. However, the colon after the CVS username is always
472necessary, even if the password is empty.
473
474 CVS can also fall back to use system authentication. When
475authenticating a password, the server first checks for the user in the
476`$CVSROOT/CVSROOT/passwd' file. If it finds the user, it will use that
477entry for authentication as described above. But if it does not find
478the user, or if the CVS `passwd' file does not exist, then the server
479can try to authenticate the username and password using the operating
480system's user-lookup routines (this "fallback" behavior can be disabled
481by setting `SystemAuth=no' in the CVS `config' file, *note config::).
482Be aware, however, that falling back to system authentication might be
483a security risk: CVS operations would then be authenticated with that
484user's regular login password, and the password flies across the
485network in plaintext. See *Note Password authentication security:: for
486more on this.
487
488 Right now, the only way to put a password in the CVS `passwd' file
489is to paste it there from somewhere else. Someday, there may be a `cvs
490passwd' command.
491
492 Unlike many of the files in `$CVSROOT/CVSROOT', it is normal to edit
493the `passwd' file in-place, rather than via CVS. This is because of the
494possible security risks of having the `passwd' file checked out to
495people's working copies. If you do want to include the `passwd' file
496in checkouts of `$CVSROOT/CVSROOT', see *Note checkoutlist::.
497
498�
499File: cvs.info, Node: Password authentication client, Next: Password authentication security, Prev: Password authentication server, Up: Password authenticated
500
501Using the client with password authentication
502.............................................
503
504 To run a CVS command on a remote repository via the
505password-authenticating server, one specifies the `pserver' protocol,
506username, repository host, and path to the repository. For example:
507
508 cvs -d :pserver:bach@faun.example.org:/usr/local/cvsroot checkout someproj
509
510 or
511
512 CVSROOT=:pserver:bach@faun.example.org:/usr/local/cvsroot
513 cvs checkout someproj
514
515 However, unless you're connecting to a public-access repository
516(i.e., one where that username doesn't require a password), you'll need
517to "log in" first. Logging in verifies your password with the
518repository. It's done with the `login' command, which will prompt you
519interactively for the password:
520
521 cvs -d :pserver:bach@faun.example.org:/usr/local/cvsroot login
522 CVS password:
523
524 After you enter the password, CVS verifies it with the server. If
525the verification succeeds, then that combination of username, host,
526repository, and password is permanently recorded, so future
527transactions with that repository won't require you to run `cvs login'.
528(If verification fails, CVS will exit complaining that the password
529was incorrect, and nothing will be recorded.)
530
531 The records are stored, by default, in the file `$HOME/.cvspass'.
532That file's format is human-readable, and to a degree human-editable,
533but note that the passwords are not stored in cleartext--they are
534trivially encoded to protect them from "innocent" compromise (i.e.,
535inadvertent viewing by a system administrator or other non-malicious
536person).
537
538 You can change the default location of this file by setting the
539`CVS_PASSFILE' environment variable. If you use this variable, make
540sure you set it _before_ `cvs login' is run. If you were to set it
541after running `cvs login', then later CVS commands would be unable to
542look up the password for transmission to the server.
543
544 Once you have logged in, all CVS commands using that remote
545repository and username will authenticate with the stored password.
546So, for example
547
548 cvs -d :pserver:bach@faun.example.org:/usr/local/cvsroot checkout foo
549
550 should just work (unless the password changes on the server side, in
551which case you'll have to re-run `cvs login').
552
553 Note that if the `:pserver:' were not present in the repository
554specification, CVS would assume it should use `rsh' to connect with the
555server instead (*note Connecting via rsh::).
556
557 Of course, once you have a working copy checked out and are running
558CVS commands from within it, there is no longer any need to specify the
559repository explicitly, because CVS can deduce the repository from the
560working copy's `CVS' subdirectory.
561
562 The password for a given remote repository can be removed from the
563`CVS_PASSFILE' by using the `cvs logout' command.
564
565�
566File: cvs.info, Node: Password authentication security, Prev: Password authentication client, Up: Password authenticated
567
568Security considerations with password authentication
569....................................................
570
571 The passwords are stored on the client side in a trivial encoding of
572the cleartext, and transmitted in the same encoding. The encoding is
573done only to prevent inadvertent password compromises (i.e., a system
574administrator accidentally looking at the file), and will not prevent
575even a naive attacker from gaining the password.
576
577 The separate CVS password file (*note Password authentication
578server::) allows people to use a different password for repository
579access than for login access. On the other hand, once a user has
580non-read-only access to the repository, she can execute programs on the
581server system through a variety of means. Thus, repository access
582implies fairly broad system access as well. It might be possible to
583modify CVS to prevent that, but no one has done so as of this writing.
584
585 Note that because the `$CVSROOT/CVSROOT' directory contains `passwd'
586and other files which are used to check security, you must control the
587permissions on this directory as tightly as the permissions on `/etc'.
588The same applies to the `$CVSROOT' directory itself and any directory
589above it in the tree. Anyone who has write access to such a directory
590will have the ability to become any user on the system. Note that
591these permissions are typically tighter than you would use if you are
592not using pserver.
593
594 In summary, anyone who gets the password gets repository access
595(which may imply some measure of general system access as well). The
596password is available to anyone who can sniff network packets or read a
597protected (i.e., user read-only) file. If you want real security, get
598Kerberos.
599
600�
601File: cvs.info, Node: GSSAPI authenticated, Next: Kerberos authenticated, Prev: Password authenticated, Up: Remote repositories
602
603Direct connection with GSSAPI
604-----------------------------
605
606 GSSAPI is a generic interface to network security systems such as
607Kerberos 5. If you have a working GSSAPI library, you can have CVS
608connect via a direct TCP connection, authenticating with GSSAPI.
609
610 To do this, CVS needs to be compiled with GSSAPI support; when
611configuring CVS it tries to detect whether GSSAPI libraries using
612kerberos version 5 are present. You can also use the `--with-gssapi'
613flag to configure.
614
615 The connection is authenticated using GSSAPI, but the message stream
616is _not_ authenticated by default. You must use the `-a' global option
617to request stream authentication.
618
619 The data transmitted is _not_ encrypted by default. Encryption
620support must be compiled into both the client and the server; use the
621`--enable-encrypt' configure option to turn it on. You must then use
622the `-x' global option to request encryption.
623
624 GSSAPI connections are handled on the server side by the same server
625which handles the password authentication server; see *Note Password
626authentication server::. If you are using a GSSAPI mechanism such as
627Kerberos which provides for strong authentication, you will probably
628want to disable the ability to authenticate via cleartext passwords.
629To do so, create an empty `CVSROOT/passwd' password file, and set
630`SystemAuth=no' in the config file (*note config::).
631
632 The GSSAPI server uses a principal name of cvs/HOSTNAME, where
633HOSTNAME is the canonical name of the server host. You will have to
634set this up as required by your GSSAPI mechanism.
635
636 To connect using GSSAPI, use `:gserver:'. For example,
637
638 cvs -d :gserver:faun.example.org:/usr/local/cvsroot checkout foo
639
640�
641File: cvs.info, Node: Kerberos authenticated, Next: Connecting via fork, Prev: GSSAPI authenticated, Up: Remote repositories
642
643Direct connection with kerberos
644-------------------------------
645
646 The easiest way to use kerberos is to use the kerberos `rsh', as
647described in *Note Connecting via rsh::. The main disadvantage of
648using rsh is that all the data needs to pass through additional
649programs, so it may be slower. So if you have kerberos installed you
650can connect via a direct TCP connection, authenticating with kerberos.
651
652 This section concerns the kerberos network security system, version
6534. Kerberos version 5 is supported via the GSSAPI generic network
654security interface, as described in the previous section.
655
656 To do this, CVS needs to be compiled with kerberos support; when
657configuring CVS it tries to detect whether kerberos is present or you
658can use the `--with-krb4' flag to configure.
659
660 The data transmitted is _not_ encrypted by default. Encryption
661support must be compiled into both the client and server; use the
662`--enable-encryption' configure option to turn it on. You must then
663use the `-x' global option to request encryption.
664
665 You need to edit `inetd.conf' on the server machine to run `cvs
666kserver'. The client uses port 1999 by default; if you want to use
667another port specify it in the `CVS_CLIENT_PORT' environment variable
668on the client.
669
670 When you want to use CVS, get a ticket in the usual way (generally
671`kinit'); it must be a ticket which allows you to log into the server
672machine. Then you are ready to go:
673
674 cvs -d :kserver:faun.example.org:/usr/local/cvsroot checkout foo
675
676 Previous versions of CVS would fall back to a connection via rsh;
677this version will not do so.
678
679�
680File: cvs.info, Node: Connecting via fork, Prev: Kerberos authenticated, Up: Remote repositories
681
682Connecting with fork
683--------------------
684
685 This access method allows you to connect to a repository on your
686local disk via the remote protocol. In other words it does pretty much
687the same thing as `:local:', but various quirks, bugs and the like are
688those of the remote CVS rather than the local CVS.
689
690 For day-to-day operations you might prefer either `:local:' or
691`:fork:', depending on your preferences. Of course `:fork:' comes in
692particularly handy in testing or debugging `cvs' and the remote
693protocol. Specifically, we avoid all of the network-related
694setup/configuration, timeouts, and authentication inherent in the other
695remote access methods but still create a connection which uses the
696remote protocol.
697
698 To connect using the `fork' method, use `:fork:' and the pathname to
699your local repository. For example:
700
701 cvs -d :fork:/usr/local/cvsroot checkout foo
702
703 As with `:ext:', the server is called `cvs' by default, or the value
704of the `CVS_SERVER' environment variable.
705
706�
707File: cvs.info, Node: Read-only access, Next: Server temporary directory, Prev: Remote repositories, Up: Repository
708
709Read-only repository access
710===========================
711
712 It is possible to grant read-only repository access to people using
713the password-authenticated server (*note Password authenticated::).
714(The other access methods do not have explicit support for read-only
715users because those methods all assume login access to the repository
716machine anyway, and therefore the user can do whatever local file
717permissions allow her to do.)
718
719 A user who has read-only access can do only those CVS operations
720which do not modify the repository, except for certain "administrative"
721files (such as lock files and the history file). It may be desirable
722to use this feature in conjunction with user-aliasing (*note Password
723authentication server::).
724
725 Unlike with previous versions of CVS, read-only users should be able
726merely to read the repository, and not to execute programs on the
727server or otherwise gain unexpected levels of access. Or to be more
728accurate, the _known_ holes have been plugged. Because this feature is
729new and has not received a comprehensive security audit, you should use
730whatever level of caution seems warranted given your attitude concerning
731security.
732
733 There are two ways to specify read-only access for a user: by
734inclusion, and by exclusion.
735
736 "Inclusion" means listing that user specifically in the
737`$CVSROOT/CVSROOT/readers' file, which is simply a newline-separated
738list of users. Here is a sample `readers' file:
739
740 melissa
741 splotnik
742 jrandom
743
744 (Don't forget the newline after the last user.)
745
746 "Exclusion" means explicitly listing everyone who has _write_
747access--if the file
748
749 $CVSROOT/CVSROOT/writers
750
751exists, then only those users listed in it have write access, and
752everyone else has read-only access (of course, even the read-only users
753still need to be listed in the CVS `passwd' file). The `writers' file
754has the same format as the `readers' file.
755
756 Note: if your CVS `passwd' file maps cvs users onto system users
757(*note Password authentication server::), make sure you deny or grant
758read-only access using the _cvs_ usernames, not the system usernames.
759That is, the `readers' and `writers' files contain cvs usernames, which
760may or may not be the same as system usernames.
761
762 Here is a complete description of the server's behavior in deciding
763whether to grant read-only or read-write access:
764
765 If `readers' exists, and this user is listed in it, then she gets
766read-only access. Or if `writers' exists, and this user is NOT listed
767in it, then she also gets read-only access (this is true even if
768`readers' exists but she is not listed there). Otherwise, she gets
769full read-write access.
770
771 Of course there is a conflict if the user is listed in both files.
772This is resolved in the more conservative way, it being better to
773protect the repository too much than too little: such a user gets
774read-only access.
775
776�
777File: cvs.info, Node: Server temporary directory, Prev: Read-only access, Up: Repository
778
779Temporary directories for the server
780====================================
781
782 While running, the CVS server creates temporary directories. They
783are named
784
785 cvs-servPID
786
787where PID is the process identification number of the server. They are
788located in the directory specified by the `TMPDIR' environment variable
789(*note Environment variables::), the `-T' global option (*note Global
790options::), or failing that `/tmp'.
791
792 In most cases the server will remove the temporary directory when it
793is done, whether it finishes normally or abnormally. However, there
794are a few cases in which the server does not or cannot remove the
795temporary directory, for example:
796
797 * If the server aborts due to an internal server error, it may
798 preserve the directory to aid in debugging
799
800 * If the server is killed in a way that it has no way of cleaning up
801 (most notably, `kill -KILL' on unix).
802
803 * If the system shuts down without an orderly shutdown, which tells
804 the server to clean up.
805
806 In cases such as this, you will need to manually remove the
807`cvs-servPID' directories. As long as there is no server running with
808process identification number PID, it is safe to do so.
809
810�
811File: cvs.info, Node: Starting a new project, Next: Revisions, Prev: Repository, Up: Top
812
813Starting a project with CVS
814***************************
815
816 Because renaming files and moving them between directories is
817somewhat inconvenient, the first thing you do when you start a new
818project should be to think through your file organization. It is not
819impossible to rename or move files, but it does increase the potential
820for confusion and CVS does have some quirks particularly in the area of
821renaming directories. *Note Moving files::.
822
823 What to do next depends on the situation at hand.
824
825* Menu:
826
827* Setting up the files:: Getting the files into the repository
828* Defining the module:: How to make a module of the files
829
830�
831File: cvs.info, Node: Setting up the files, Next: Defining the module, Up: Starting a new project
832
833Setting up the files
834====================
835
836 The first step is to create the files inside the repository. This
837can be done in a couple of different ways.
838
839* Menu:
840
841* From files:: This method is useful with old projects
842 where files already exists.
843* From other version control systems:: Old projects where you want to
844 preserve history from another system.
845* From scratch:: Creating a directory tree from scratch.
846
847�
848File: cvs.info, Node: From files, Next: From other version control systems, Up: Setting up the files
849
850Creating a directory tree from a number of files
851------------------------------------------------
852
853 When you begin using CVS, you will probably already have several
854projects that can be put under CVS control. In these cases the easiest
855way is to use the `import' command. An example is probably the easiest
856way to explain how to use it. If the files you want to install in CVS
857reside in `WDIR', and you want them to appear in the repository as
858`$CVSROOT/yoyodyne/RDIR', you can do this:
859
860 $ cd WDIR
861 $ cvs import -m "Imported sources" yoyodyne/RDIR yoyo start
862
863 Unless you supply a log message with the `-m' flag, CVS starts an
864editor and prompts for a message. The string `yoyo' is a "vendor tag",
865and `start' is a "release tag". They may fill no purpose in this
866context, but since CVS requires them they must be present. *Note
867Tracking sources::, for more information about them.
868
869 You can now verify that it worked, and remove your original source
870directory.
871
872 $ cd ..
873 $ cvs checkout yoyodyne/RDIR # Explanation below
874 $ diff -r WDIR yoyodyne/RDIR
875 $ rm -r WDIR
876
877Erasing the original sources is a good idea, to make sure that you do
878not accidentally edit them in WDIR, bypassing CVS. Of course, it would
879be wise to make sure that you have a backup of the sources before you
880remove them.
881
882 The `checkout' command can either take a module name as argument (as
883it has done in all previous examples) or a path name relative to
884`$CVSROOT', as it did in the example above.
885
886 It is a good idea to check that the permissions CVS sets on the
887directories inside `$CVSROOT' are reasonable, and that they belong to
888the proper groups. *Note File permissions::.
889
890 If some of the files you want to import are binary, you may want to
891use the wrappers features to specify which files are binary and which
892are not. *Note Wrappers::.
893
894�
895File: cvs.info, Node: From other version control systems, Next: From scratch, Prev: From files, Up: Setting up the files
896
897Creating Files From Other Version Control Systems
898-------------------------------------------------
899
900 If you have a project which you are maintaining with another version
901control system, such as RCS, you may wish to put the files from that
902project into CVS, and preserve the revision history of the files.
903
904From RCS
905 If you have been using RCS, find the RCS files--usually a file
906 named `foo.c' will have its RCS file in `RCS/foo.c,v' (but it
907 could be other places; consult the RCS documentation for details).
908 Then create the appropriate directories in CVS if they do not
909 already exist. Then copy the files into the appropriate
910 directories in the CVS repository (the name in the repository must
911 be the name of the source file with `,v' added; the files go
912 directly in the appropriate directory of the repository, not in an
913 `RCS' subdirectory). This is one of the few times when it is a
914 good idea to access the CVS repository directly, rather than using
915 CVS commands. Then you are ready to check out a new working
916 directory.
917
918 The RCS file should not be locked when you move it into CVS; if it
919 is, CVS will have trouble letting you operate on it.
920
921From another version control system
922 Many version control systems have the ability to export RCS files
923 in the standard format. If yours does, export the RCS files and
924 then follow the above instructions.
925
926 Failing that, probably your best bet is to write a script that
927 will check out the files one revision at a time using the command
928 line interface to the other system, and then check the revisions
929 into CVS. The `sccs2rcs' script mentioned below may be a useful
930 example to follow.
931
932From SCCS
933 There is a script in the `contrib' directory of the CVS source
934 distribution called `sccs2rcs' which converts SCCS files to RCS
935 files. Note: you must run it on a machine which has both SCCS and
936 RCS installed, and like everything else in contrib it is
937 unsupported (your mileage may vary).
938
939From PVCS
940 There is a script in the `contrib' directory of the CVS source
941 distribution called `pvcs_to_rcs' which converts PVCS archives to
942 RCS files. You must run it on a machine which has both PVCS and
943 RCS installed, and like everything else in contrib it is
944 unsupported (your mileage may vary). See the comments in the
945 script for details.
946
947�
948File: cvs.info, Node: From scratch, Prev: From other version control systems, Up: Setting up the files
949
950Creating a directory tree from scratch
951--------------------------------------
952
953 For a new project, the easiest thing to do is probably to create an
954empty directory structure, like this:
955
956 $ mkdir tc
957 $ mkdir tc/man
958 $ mkdir tc/testing
959
960 After that, you use the `import' command to create the corresponding
961(empty) directory structure inside the repository:
962
963 $ cd tc
964 $ cvs import -m "Created directory structure" yoyodyne/DIR yoyo start
965
966 Then, use `add' to add files (and new directories) as they appear.
967
968 Check that the permissions CVS sets on the directories inside
969`$CVSROOT' are reasonable.
970
971�
972File: cvs.info, Node: Defining the module, Prev: Setting up the files, Up: Starting a new project
973
974Defining the module
975===================
976
977 The next step is to define the module in the `modules' file. This
978is not strictly necessary, but modules can be convenient in grouping
979together related files and directories.
980
981 In simple cases these steps are sufficient to define a module.
982
983 1. Get a working copy of the modules file.
984
985 $ cvs checkout CVSROOT/modules
986 $ cd CVSROOT
987
988 2. Edit the file and insert a line that defines the module. *Note
989 Intro administrative files::, for an introduction. *Note
990 modules::, for a full description of the modules file. You can
991 use the following line to define the module `tc':
992
993 tc yoyodyne/tc
994
995 3. Commit your changes to the modules file.
996
997 $ cvs commit -m "Added the tc module." modules
998
999 4. Release the modules module.
1000
1001 $ cd ..
1002 $ cvs release -d CVSROOT
1003
1004�
1005File: cvs.info, Node: Revisions, Next: Branching and merging, Prev: Starting a new project, Up: Top
1006
1007Revisions
1008*********
1009
1010 For many uses of CVS, one doesn't need to worry too much about
1011revision numbers; CVS assigns numbers such as `1.1', `1.2', and so on,
1012and that is all one needs to know. However, some people prefer to have
1013more knowledge and control concerning how CVS assigns revision numbers.
1014
1015 If one wants to keep track of a set of revisions involving more than
1016one file, such as which revisions went into a particular release, one
1017uses a "tag", which is a symbolic revision which can be assigned to a
1018numeric revision in each file.
1019
1020* Menu:
1021
1022* Revision numbers:: The meaning of a revision number
1023* Versions revisions releases:: Terminology used in this manual
1024* Assigning revisions:: Assigning revisions
1025* Tags:: Tags--Symbolic revisions
1026* Tagging the working directory:: The cvs tag command
1027* Tagging by date/tag:: The cvs rtag command
1028* Modifying tags:: Adding, renaming, and deleting tags
1029* Tagging add/remove:: Tags with adding and removing files
1030* Sticky tags:: Certain tags are persistent
1031
1032�
1033File: cvs.info, Node: Revision numbers, Next: Versions revisions releases, Up: Revisions
1034
1035Revision numbers
1036================
1037
1038 Each version of a file has a unique "revision number". Revision
1039numbers look like `1.1', `1.2', `1.3.2.2' or even `1.3.2.2.4.5'. A
1040revision number always has an even number of period-separated decimal
1041integers. By default revision 1.1 is the first revision of a file.
1042Each successive revision is given a new number by increasing the
1043rightmost number by one. The following figure displays a few
1044revisions, with newer revisions to the right.
1045
1046 +-----+ +-----+ +-----+ +-----+ +-----+
1047 ! 1.1 !----! 1.2 !----! 1.3 !----! 1.4 !----! 1.5 !
1048 +-----+ +-----+ +-----+ +-----+ +-----+
1049
1050 It is also possible to end up with numbers containing more than one
1051period, for example `1.3.2.2'. Such revisions represent revisions on
1052branches (*note Branching and merging::); such revision numbers are
1053explained in detail in *Note Branches and revisions::.
1054
1055�
1056File: cvs.info, Node: Versions revisions releases, Next: Assigning revisions, Prev: Revision numbers, Up: Revisions
1057
1058Versions, revisions and releases
1059================================
1060
1061 A file can have several versions, as described above. Likewise, a
1062software product can have several versions. A software product is
1063often given a version number such as `4.1.1'.
1064
1065 Versions in the first sense are called "revisions" in this document,
1066and versions in the second sense are called "releases". To avoid
1067confusion, the word "version" is almost never used in this document.
1068
1069�
1070File: cvs.info, Node: Assigning revisions, Next: Tags, Prev: Versions revisions releases, Up: Revisions
1071
1072Assigning revisions
1073===================
1074
1075 By default, CVS will assign numeric revisions by leaving the first
1076number the same and incrementing the second number. For example,
1077`1.1', `1.2', `1.3', etc.
1078
1079 When adding a new file, the second number will always be one and the
1080first number will equal the highest first number of any file in that
1081directory. For example, the current directory contains files whose
1082highest numbered revisions are `1.7', `3.1', and `4.12', then an added
1083file will be given the numeric revision `4.1'.
1084
1085 Normally there is no reason to care about the revision numbers--it
1086is easier to treat them as internal numbers that CVS maintains, and tags
1087provide a better way to distinguish between things like release 1
1088versus release 2 of your product (*note Tags::). However, if you want
1089to set the numeric revisions, the `-r' option to `cvs commit' can do
1090that. The `-r' option implies the `-f' option, in the sense that it
1091causes the files to be committed even if they are not modified.
1092
1093 For example, to bring all your files up to revision 3.0 (including
1094those that haven't changed), you might invoke:
1095
1096 $ cvs commit -r 3.0
1097
1098 Note that the number you specify with `-r' must be larger than any
1099existing revision number. That is, if revision 3.0 exists, you cannot
1100`cvs commit -r 1.3'. If you want to maintain several releases in
1101parallel, you need to use a branch (*note Branching and merging::).
1102
1103