I'm using cvs and cvsd to write paper and code with several people around
the world, it's great tool however we need to notify each other the changes!
cvsd is a ch-rooted program thus it's executed in jail, we need to be
carefully to populate the jail with tools that can be used to escape, copy
the essential commands under the bin of the chrooted system in my case it
is /var/lib/cvsd/.
1) the bash /bin/sh copy to MY_CVS_ROOT/bin/sh
2) the cat /bin/cat copy to MY_CVS_ROOT/bin/cat
3) the echo /bin/echo copy to MY_CVS_ROOT/bin/echo
4) the date /bin/date copy to MY_CVS_ROOT/bin/date check the libraries needed
5) the sed /bin/sed copy to MY_CVS_ROOT/bin/sed
you may also need to add under the chrooted lib the library
required by the executables dynamically linked. Remember that
ldd command
e.g., ldd /bin/cat lists the library needed by cat i.e.,:
most of the library should already be installed when installing cvsd,
copy the missing under MY_CVS_ROOT/lib
DANGER !!!
Of course, now there is a shell available and someone can use it to exploit
the system!
For each project you need to edit and customize the loginfo file that is
located under the cvs root, for example in my case for the icsm2004oo
project I edited the file
MY_CVS_ROOT/icsm2004oo/CVSROOT/loginfo
the sample loginfo can be downloaded from my site. Basically it contains a line:
#
ALL /usr/bin/cvs-log.sh $CVSROOT/CVSROOT/commitlog $USER %s /etc/icsm_list icsm
#
the last two params are the mailing list to be used and a file suffix. The
mailing list must me a comma separated list where the firs is the one
getting the replay-to!
xy_23@xlp.org,34tpt@wzx.qpt.com,....
We need to create a file for each commit action and then send out the e-mails.
This is done in two phases:
1) create a file with essential information of each commit action under MY_CVS_ROOT/tmp
2) actually send out, by the "external" system the e-mails.
Place the script cvs-log.sh under usr/bin of the chrooted system, the
script is invoked each time there is a commit if you edit the loginfo file
of your project(s).
cvs-log.sh on my machine is stored under MY_CVS_ROOT/usr/bin
Once a commit action is encountered a file is created under MY_CVS_ROOT/tmp
file name is something like: log_cvs_TueDec_9_4_12_00icsm.mail
and the content should be something like:
REP: /icsm2004oo/CVSROOT/commitlog
DATE: Tue Dec 9 16:54:00 UTC 2003
USER: toor
FILE: Makefile
LIST: /etc/icsm_list
Now to actually send out at fixed times e-mail someone have to check if
e-mails to be send exists, edit your rc.local my is something like:
/usr/local/bin/send-out.sh 2>&1 >/dev/null &
If you do not have rc.local just use the last started service on your
machine, or add to the cron table.
The send out sh is really stupid and you can do better basically an infinite loop with
wait 2 minutes ... of course you also need to store the perl script sending out
the e-mails.
My configuration is:
send-out.sh under /usr/local/bin/
cvs-mail.pl under /usr/local/bin/
