RJLRef: $PH/cvs/cvsRemoteSetup050312.txt i=========================================== From dimock@cs.uml.edu Sat Mar 12 18:53:35 2005 From: Allyn Dimock To: Bob Lechner Subject: Re: cvs version control on saturn vs. mercury Bob Lechner writes: > I have no knowledge if it works thru uml/cs ssh firewalls. > Maybe someone else does know how to try it? It works both incoming and outgoing with SSH: set environment variable CVS_RSH=ssh I also have variable CVSUMASK=077 but I don't recall whether this is necessary. I use it frequently to keep my laptop synched with material on mercury -- just create a cvsroot directory on mercury and put software or documents that I may work on from home under cvs control. I also use cvs from my system at uml to work on projects onder cvs control at bu and bc. -- Allyn =========================================== > From howie.goodell@gmail.com Sat Mar 12 10:33:36 2005 > To: lechner@cs.uml.edu > Subject: CVS through firewalls > Bob, > (George forwarded your email) > > Dan set up CVS repositories on mercury for Georges' group last Fall, > and gave us a detailed proceedure for setting up individual > repositories for each project, and a one-time setup for the whole > repository -- I appended our internal Wiki pages for these 2 > procedures at the end of this email. > > The procedure for SSH setup uses an external plink program (RSH > connection) using a personal key file we need to copy to any computer > we want to set up for access. I'm happily working from home right > now; updating and checking in to the repository through the firewall, > all from within our IntelliJ IDE, just as I do at school. Pretty > slick! > > Take care! > Howie > -- > Howie Goodell hgoodell@cs.uml.edu http://goodL.org > Hardware control Info Visualization User interface > UMass Lowell Computer Science Doctoral Candidate > > ============ from IVPR internal Wiki page, "CVSSetup" =================== > > Platform CVS Setup > > Originally from Dan MacNeal's email 2/17/04, with some mods and > additions for the ivpr group repository: > > Below is a working recipe for integrating cvs into the intelliJ IDE > running on MS windows. > > (Dangerous one-time-for-whole-repository setup commands removed to > CVSInitialSetup.) > Configuring IntelliJ IDE to use CVS over SSH > > (with a windows client and a UNIX host) > > Overview: > > The local MS windows PC command line CVS client can use SSH to run > commands on the remote server and access a CVS repository on that > remote server. InteliJ IDEA (a IDE for java that the IVPR research > group favors) calls the PC CVS client. > > Users of the putty suite of programs can store ssh connection settings > like hostname/public keys in the registry > > This configuration can include a private/public key combination to > allow an SSH connection without a password. > ========================= > > ================= From IVPR Wiki Page "CVSInternalSetup ============== > Dangerous -- only once for repository! > > First of all, any authorized user of the directory needs to do an: > > cvs -d usr/cs/general/ivpr/cvs init > > (so anyone with access to mlearn can logon and do this there.) > > Obviously, you'll need to do a cvs import to get your project into CVS. > > (I removed all the CVS directories from our latest source code; then > in the DOS box located in that directory (i.e. C:\Platform on my fully > up-to-date computer), I typed: > > cvs import -m "some message" Platform uvp start > > > Note that "Platform" is the directory in the repository where the > project lives; it isn't enough to be in the Platform directory on your > machine. The last 2 parameter have to be there but aren't used. hg) > > CVS: import > > Imports a directory tree into the repository as a new Module. cvs > import [ opt ] > > Multiple release tags may be specified. > > -b -- import to a vendor branch. -d -- imports a file using > the file's modification data and time rather than the current date and > time. Only available when CVS is working in local mode. -I > -- ignore files matching -k -- control keyword > expansion -m -- sets the log message -W -- specify > files to be filtered during input > > On the SSH server (mercury) the SSH connection opened by the > public/private key can be limited so that the connection can originate > only from certain hosts and run certain commands. > > docs (in order of usefulness): > > http://www.tartarus.org/~simon/puttydoc/Chapter7.html#7.4 > > man sshd http://sourceforge.net/docman/display_doc.php?docid=766&group_id=1 > Step 1: download and install the pieces as necessary: > > In the lab, just copy Orchid Software\CVS Material to your C: and > these instructions work. You can use a different name if you like; > just put it in your path etc. as he explains below. I have a directory > "Programs" I put it in; I assume "Program Files" works but haven't > verified that. Note that none of these programs need to be installed > in the usual Windows sense; you may want to make a desktop shortcut > for the ones you use. hg) > > * PuTTY > > http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html > > * PuTTYgen > > http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe > > * plink > > http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe > > * cvs client > > https://ccvs.cvshome.org/servlets/ProjectDocumentList; you want the > latest stable version download; e.g. > https://ccvs.cvshome.org/files/documents/19/231/cvs-1-11-17.zip . > > (Note this is standard cvs not WinCVS many of us used before. I know > CVS works; WinCVS probably won't do the key pair because it stores > passwords, anyway, in the Windows registry instead of a conventional > file.) > Step 2: configure and test a stored connection > > --- set username/host and protocol --- 1) Launch putty 2) In "hostname > or IP address" put > > mercury.cs.uml.edu > > 3) In "protocol" check > > SSH > > 4) In "saved sessions" put mercury-ivpr-cvs > > 4a) click the "Connection" + put your username in the "Auto login username" > > 4b) click the "SSH" + set "preferred SSH version" to "2" > > 4c) click back on the "session" + THIS IS ESSENTIAL > > 5) Click the "Save" button > > 6) Test the saved connection from cmd prompt or run box > > C:\cvs_stuff\plink mercury-ivpr-cvs > Step 3: add keys to stored connection > > a) create place to put keys cd C:\documents and settings\\my > documents\ mkdir ssh_keys > > b) (I didn't do this yet.) Secure directory by removing permissions > from all but owner: > > cacls ssh_keys /T /G :F example: cacls # help cacls ssh_keys /T > /G PROMETHEUS\omacneil:F > > c) create keys > > run: C:\cvs_stuff\puttygen set "type of key to generate to: "SSH2 DSA" > click "generate" wave the mouse around click "save public key" save > as: C:\<...>\ssh_keys\mercury-ivpr-cvs-pub click "save private key" # > don't give it a pass phrase save as: > C:\<...>\ssh_keys\mercury-ivpr-cvs-priv (note that it adds the > extension .ppk automatically; see below.) > > DON"T QUIT puttygen > > d) add public key to server: > > right click on the area labeled: "Public key for pasting into OpenSSH > authorized_keys file" select all copy > > establish a regular putty session with mercury > > # edit w/o line wrap: pico -w .ssh/authorized_keys paste the key in > (mouse right-click) and exit (^X, saving.) > > e) add to stored connection fire up regular putty again click ONCE on > "mercury-ivpr-cvs" click the load button In the tree on the right > click the "SSH" + to expand click "Auth" In the "Private Key file for > authentication" Browse to your My > Documents\ssh_keys\mercury-ivpr-cvs-priv.ppk In the tree click > "session" click the "save" button f) test with plink > C:\cvs_stuff\plink mercury-ivpr-cvs # you should get logged in without > a password > Step 4: Configure and test command line CVS > > Configure ENVIRONMENT VARIABLES > > Use Start Menu-->settings-->control panels--> > system-->Advanced-->Environment Variables -->System variables > > a) to PATH append: ;C:\cvs_stuff;C:\cvs_stuff\cvs-1-11-12 > > b) set: CVS_RSH > > to: > > C:\cvs_stuff\plink > > set: > > CVSROOT > > to: > > :ext:mercury-ivpr-cvs:/ i.e.: > :ext:mercury-ivpr-cvs:/usr/cs/general/ivpr/cvs > > Note: The temptation is to screw this up by using something like: > > :ext:mercury.cs.uml.edu:blah, blah, blah > > For at putty/plink/MS Windows setup, this is *wrong*, for plink you > want the name of the stored configuration, not the hostname. > Step 4.5 Get the software > > Rename or move C:\Platform. You will refer to this directory to get > project files (*.iws + *.ipr) and any files with your changes, but you > need a clean checkout from this repository. The reason is that your > current directory was checked out from CVS on a different repository > and server; doing update from a new repository is asking for trouble. > > So -- > > Open a DOS box and go to C:\ > > Type, "cvs checkout Platform" > > You should see it log in with your key and scroll up the screeen as it > (very quickly) checks out all the files. You now have a clean and > up-to-date project directory in directory C:\Platform. > Step 5 configure IdeaJ > > This is using version 3 of IntelliJ; 4 will be a little different. > > In File-->Default Project Properties-->VCS Support select CVS at the > top and Add a CVS root: > > something like: > :ext:hgoodell@mercury-ivpr-cvs:22://usr/cs/general/ivpr/cvs/ > > Now under "Path to CVS client" enter C:\cvs_stuff\cvs-1-11-12\cvs.exe > (or wherever you put it.) > > (Dan says to set "Path to external rsh" to: C:\cvs_stuff\plink.exe but > I don't see where to do this in Version 3.) > > Click "Apply". Other things to make sure you set up: > > Under "Paths": > > Select your latest JDK under "Target JDK" > > Classpath should include: C:\Program > Files\IntelliJ-IDEA-3.0.5\lib\junit.jar and C:\Platform\Framework > > (Click "Apply" again.) > > Run/Debug consider defaulting to JUnit and All Tests in Package > > I chose to leave the project files out of the repository this time. > The pain is that you will either have to create new projects for the > framework and all the tools and applications using the defaults you > just set up, or else copy your old project files (*.ipr and *.iws) to > the corresponding locations in the new Platform directory, and then > edit the Project Properties VCS support on each one. However this is a > one-time problem (plus each time a new tool is added). The advantage > is that your project settings should never be overwritten. > > One additional argument for keeping your old projects instead of > creating new ones as I just did is keeping any additional settings > like the file templates (in particular directory right-click New - > JUnit test class). Those of us who created new projects will need to > pass around the templates we've created and put them in (Options - > File Templates) > > Since we don't have operable build scripts, you need to set up and > compile at least Framework, CSVDataReader Data tool and at least one > Visualization tool plus the Vizit application to have a running > application. > Step 6 tighten security on server > > (Dan's proposals below) worry about this once we're all running. I > don't think IP control is feasible because you lose your IP if you > sign off from your ISP for awhile. Prohibiting forwarding is probably > a good idea. > > edit ~/.ssh/authorized_keys > > It would be really nice to be able to use the "Command=" option but > (apparently) that breaks Intelj's CVS browsing feature modify the key > you added as follows. You will probably have a different home PC with > a different IP# that I do for the from="" option > > from="129.63.16.*,24.128.58.146",no-agent-forwarding,no-X11-forwarding > >