[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS w/ ssh - chroot
From: |
Mark D. Baushke |
Subject: |
Re: CVS w/ ssh - chroot |
Date: |
Fri, 14 Jan 2005 11:13:33 -0800 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Grand Poohbah <address@hidden> writes:
> I am setting up a FreeBSD 5.x machine with cvs 1.11.17.
>
> My goal is to have a "guest" style read-only access to a cvs repository
> under a strict chroot environment. I have setup my repository with file
> permissions similar to those found in the how-to
> http://www.idealx.org/doc/chrooted-ssh-cvs-server.en.html However, instead
> of using a rssh or a smrsh type of shell, I am attempting to do a classic
> chroot.
>
> The cvs user logs into the server with ssh and get dropped into a chroot
> directory. I have place what I believe to be all the necessary files (cvs
> binary, permission/group files and repository files) for cvs to work inside
> this chroot environment and it *seems* to be working as intended as a chroot
> environment. However, when my remote system attempts a "cvs update -Ad" (or
> diff or other client command) I get the following errors.
>
> Root: not found
> Valid-responses: not found
> valid-requests: not found
>
> Then the process just hangs until a ^C
>
>
> Question: is there a debug or verbose mode I can use to get more output? I
> have the mirrored repository file structure and permissions set up
> correctly, my only binaries I have are the following
>
> /bin/sh
> /bin/chroot.sh
> /bin/ls
> /dev/null
> /usr/bin/rsync
> /usr/bin/cvs
You will likely also need some libraries. A stock version of FreeBSD
comes with a patched version of cvs 1.11.5-FreeBSD and needs a number of
libraries:
% uname -a
FreeBSD test52 5.2-RELEASE FreeBSD 5.2-RELEASE #0: Sun Jan 11 04:21:45 GMT 2004
address@hidden:/usr/obj/usr/src/sys/GENERIC i386
% /usr/bin/cvs -v
Concurrent Versions System (CVS) 1.11.5-FreeBSD (client/server)
Copyright (c) 1989-2002 Brian Berliner, david d `zoo' zuhn,
Jeff Polk, and other authors
CVS may be copied only under the terms of the GNU General Public License,
a copy of which can be found with the CVS distribution kit.
Specify the --help option for further information about CVS
% ldd /usr/bin/cvs
/usr/bin/cvs:
libgnuregex.so.2 => /usr/lib/libgnuregex.so.2 (0x280f3000)
libmd.so.2 => /lib/libmd.so.2 (0x280fb000)
libcrypt.so.2 => /lib/libcrypt.so.2 (0x28105000)
libz.so.2 => /lib/libz.so.2 (0x2811e000)
libgssapi.so.7 => /usr/lib/libgssapi.so.7 (0x2812c000)
libkrb5.so.7 => /usr/lib/libkrb5.so.7 (0x2813a000)
libasn1.so.7 => /usr/lib/libasn1.so.7 (0x28177000)
libcrypto.so.3 => /lib/libcrypto.so.3 (0x2819d000)
libroken.so.7 => /usr/lib/libroken.so.7 (0x282ab000)
libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x282ba000)
libc.so.5 => /lib/libc.so.5 (0x282bc000)
%
Your cvs might be more static, but you should look closely to be sure.
> Does cvs server need more binaries to work properly? Is there a way I can
> run "cvs server" by hand from the chroot environment to simulate what my
> client should be doing?
Look at what 'cvs -t' does (for cvs 1.12.x you may use up to three '-t'
options at once).
Look at what the environment variable CVS_CLIENT_LOG provides (when
given a prefix pathname it will create a .in and a .out that contains
the conversation that occurs across the client/server connection).
Read the doc/cvsclient.text file (or one of the generated output formats
of it) to better understand the client/server protocol being used.
At a guess, your cvs is not properly getting the 'server' argument right
now somehow.
If the client is using
cvs -t :ext:host.dom.ain/path/to/repository
then you should end up seing something like this output
$CVS_RSH host.dom.ain $CVS_SERVER server
where the values of $CVS_RSH may be replaced with 'ssh' or 'rsh'
and $CVS_SERVER is probably replaced with 'cvs'
Good luck,
-- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQFB6Bnd3x41pRYZE/gRAtwfAKCkxbZ9Wy81qw9j8hGbCqEOz8M/tACfaFs4
V+ayvTbqvwqZDG8+tkLLB8U=
=goUj
-----END PGP SIGNATURE-----