Julien Herbin
Personnal page

Howto set up a CVS (Concurrent Versions System) Server

By : Julien Herbin Email : julien-www@ecranbleu.org
Don't hesitate to contact me in case you need any information. Please inform me of any mistake I may have done.
Last modified : 2005-06-18

This Howto was written for the Debian Linux distribution, because packages management and dependencies is easy and commonplace through the APT command. It doesn't mean that the configuration won't work with another Linux distribution, since packages to install should be the same, but some configuration files may be located in another directories of your filesystem.

Installation and configuration

As usual with Debian, it's really easy to install a program :
apt-get install cvs
Here is a way to create your first own repository on the CVS server :
[root@lichi] ~# mkdir /var/lib/cvs/my_cvs_rep
[root@lichi] ~# export CVSROOT=/var/lib/cvs/my_cvs_rep
[root@lichi] ~# cvs init
You can also create a CVS module (you could also do it with the cvs command as a client with the import command)
[root@lichi] ~# mkdir $CVSROOT/my_module
[root@lichi] ~# chgrp -R julien:julien $CVSROOT/my_module
[root@lichi] ~# chmod -R g+w $CVSROOT/my_module


On the same computer

[julien@lichi] ~$ export CVSROOT=/var/lib/cvs/my_cvs_rep
[julien@lichi] ~$ cvs co my_module
cvs checkout: Updating my_module

On a distant computer user pserver auth

This is totally insecured if not done over a secure channel / VPN because the data is not encrypted at all.
[julien@groseille] ~$ export CVSROOT=":pserver:julien@lichi.my-domain.name:/my_cvs_rep"
[julien@groseille] ~$ cvs co my_module
cvs checkout: Updating my_module

SSH auth

If all your CVS users have a login on the remote CVS server, there is an easy way to secure all your CVS transaction through an SSH connection.
[julien@groseille] ~$ export CVSROOT=":ext:julien@lichi.my-domain.name:
[julien@groseille] ~$ export CVS_RSH=ssh
But your passsword will be asked each time you type a CVS command which needs to communicate with the CVS server (ie : commit, checkout, update...). It is possible to avoid this thanks to the authentication key generation for SSH, which gives a method to log on a remote system whith SSH without typing any password.
[julien@groseille] ~$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/julien/.ssh/id_dsa):
/home/julien/.ssh/id_dsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/julien/.ssh/id_dsa.
Your public key has been saved in /home/julien/.ssh/id_dsa.pub.
The key fingerprint is:
aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa julien@groseille

cat .ssh/id_dsa.pub | ssh julien@lichi.my-domain.name "cat - >>.ssh/authorized_keys"
Now, if you connect with SSH to the CVS server host, no password should be asked anymore :
[julien@groseille] ~$ ssh julien@lichi.my-domain.name
Linux lichi.my-domain.name 2.4.27-1-686 #1 Wed Dec 1 19:57:47 JST 2004 i686 GNU/Linux
Last login: Sat Jun 18 10:15:23 2005 from xxx.fbx.proxad.net
[julien@lichi] ~$
Finally, you can use CVS on a secured connexion :
[julien@groseille] ~$ export CVSROOT=":ext:julien@lichi.my-domain.name:/var/lib/cvs/my_cvs_rep"
[julien@groseille] ~$ export CVS_RSH=ssh
[julien@groseille] ~$ cvs co my_module cvs checkout: Updating my_module
U my_module/pgcd.py

Refences :