version=pmwiki-2.2.130 ordered=1 urlencoded=1 agent=w3m/0.5.3+git20210102 author=jrmu charset=UTF-8 csum= ctime=1632993970 host=38.87.162.47 name=Cvs.Anoncvs rev=51 targets=Cvs.Repo,Cvs.Intro,Cvs.Cvsweb text=This guide assumes you have already [[cvs/repo|created a new CVS root]] and imported repositories. Committers will use the real CVS repo for reading and writing, whereas in this guide, we create an anoncvs mirror for guest read-only access.%0a%0a[@%0a$ mkdir ~/anoncvs%0a$ cd ~/anoncvs%0a$ ftp https://www.openbsd.org/anoncvs.shar%0a$ sh anoncvs.shar%0a@]%0a%0aEdit the first line of ~/Makefile:%0a%0a[@%0aCVSROOT=anoncvs@anoncvs.example.com:/cvs%0a@]%0a%0aReplace anoncvs.example.com with your domain. You want to leave /cvs as-is%0abecause CVS runs inside a chroot jail.%0a%0a[@%0a$ make%0a$ doas useradd -m -d /open/anoncvs -s /open/anoncvssh anoncvs%0a$ doas cp anoncvssh /open/anoncvssh%0a$ doas chmod 4111 /open/anoncvssh%0a@]%0a%0aYou will need to set anoncvs so it has no password. Run @@doas vipw@@%0aand edit the line so it looks like this (except with the uid and gid 1001%0aperhaps changed to another value):%0a%0a[@%0aanoncvs::1001:1001::0:0::/open/anoncvs:/open/anoncvssh%0a@]%0a%0aAdd this to the bottom of /etc/ssh/sshd_config:%0a%0a[@%0aMatch User anoncvs%0a PermitEmptyPasswords yes%0a AllowTcpForwarding no%0a AllowAgentForwarding no%0a X11Forwarding no%0a PermitTTY no%0a@]%0a%0aThen restart sshd:%0a%0a[@%0a$ doas rcctl restart sshd%0a@]%0a%0aRun as root to create the chroot jail:%0a%0a[@%0aexport CVSYNCUSER=$USER%0amkdir /open/anoncvs/cvs%0achown -R $CVSYNCUSER:commit /open/anoncvs/cvs%0achmod -R g+w /open/anoncvs/cvs%0a@]%0a%0aThe person maintaining the cvs archive is $CVSYNCUSER . Replace $USER with the maintainer's username.%0a%0aThe commands below are needed for OpenBSD 6.9 stable:%0a%0a[@%0atouch /open/anoncvs/.hushlogin%0atouch /open/anoncvs/.profile%0amkdir /open/anoncvs/{bin,dev,tmp,usr,var,etc}%0acp /bin/{cat,pwd,rm,sh} /open/anoncvs/bin/%0amknod -m 666 /open/anoncvs/dev/null c 2 2%0amknod -m 666 /open/anoncvs/dev/zero c 2 12%0acp /etc/{hosts,protocols,resolv.conf,services,ttys} /open/anoncvs/etc/%0achmod 444 /open/anoncvs/etc/{hosts,protocols,resolv.conf,services,ttys}%0aln -s /open/anoncvs/tmp /open/anoncvs/var/tmp%0achmod a+rwx /open/anoncvs/tmp%0amkdir /open/anoncvs/usr/{bin,lib}%0acp /usr/bin/cvs /open/anoncvs/usr/bin/%0amkdir /open/anoncvs/usr/libexec%0acp /usr/libexec/ld.so /open/anoncvs/usr/libexec/%0acp /usr/lib/libz.so.5.0 /open/anoncvs/usr/lib/%0acp /usr/lib/libc.so.96.0 /open/anoncvs/usr/lib/%0achown -R root:wheel /open/anoncvs%0a@]%0a%0a(:if false:)%0aThis was recommended by the README in the shar file from OpenBSD's anoncvs instructions, but I found it was unnecessary and potentially leaks system information:%0a%0acp /etc/{group,hosts,passwd,protocols} /open/anoncvs/etc/%0acp /etc/{pwd.db,resolv.conf,services,ttys} /open/anoncvs/etc/%0a(:ifend:)%0a%0a!! Syncing repos%0a%0aYou now want to sync repos from the committers' CVSROOT to the anoncvs CVSROOT. You want to run this command while logged in as the CVS maintainer:%0a%0a[@%0a$ openrsync -a --delete --rsync-path=openrsync /CVS/ /open/anoncvs/cvs/%0a@]%0a%0aWe will set up a cronjob so the repos are synced daily:%0a%0a[@%0a$ crontab -e%0a@]%0a%0a[@%0a@daily -s /usr/bin/openrsync -a --delete --rsync-path=/usr/bin/openrsync /CVS/ /open/anoncvs/cvs/%0a@]%0a%0a!! Results%0a%0aThe /open/anoncvs/cvs/ directory should look like this:%0a%0a[@%0a# ls -lha /open/anoncvs/cvs%0atotal 28%0adrwxr-xr-x 7 root wheel 512B Oct 9 06:19 .%0adrwxr-xr-x 10 root wheel 512B Oct 9 06:10 ..%0adrwxrwxr-x 3 jrmu commit 1.0K Apr 29 06:48 CVSROOT%0adrwxrwxr-x 9 jrmu commit 512B May 8 11:42 acopm%0adrwxrwxr-x 2 jrmu commit 1.0K Aug 26 04:17 botnow%0adrwxrwxr-x 8 jrmu commit 512B May 27 16:57 brogue-ce%0adrwxrwxr-x 6 jrmu commit 512B May 7 06:46 ircnowd%0a@]%0a%0a!! Publish SSH fingerprints%0a%0aMake sure to publish your [[https://wiki.ircnow.org/index.php?n=Ssh.Fingerprints|SSH fingerprints]] so users can be certain that the source code was transported securely.%0a%0a!! Test anoncvs%0a%0aYou'll want to [[cvs/intro|test anoncvs]] to make sure it's working.%0a%0aRecommended Reading:%0a%0ahttps://www.openbsd.org/anoncvs.html%0a%0ahttps://www.openbsd.org/anoncvs.shar%0a%0aSee Also:%0a%0a[[Cvs/repo|CVS repo Guide]]%0a[[Cvs/Cvsweb|Cvsweb Guide]]%0a[[Cvs/Intro|CVS Intro]]%0a time=1634443248 author:1634443248=jrmu diff:1634443248:1634192621:=1,2c1,2%0a%3c This guide assumes you have already [[cvs/repo|created a new CVS root]] and imported repositories. Committers will use the real CVS repo for reading and writing, whereas in this guide, we create an anoncvs mirror for guest read-only access.%0a%3c %0a---%0a> This guide assumes you have already [[cvs/commit|created a new CVS root]] and imported repositories. Committers will use the real CVS repo for reading and writing, whereas in this guide, we create an anoncvs mirror for guest read-only access.%0a> %0a141c141%0a%3c [[Cvs/repo|CVS repo Guide]]%0a---%0a> [[Cvs/commit|CVS repo Guide]]%0a host:1634443248=38.87.162.47 author:1634192621=jrmu diff:1634192621:1634192564:=141c141%0a%3c [[Cvs/commit|CVS repo Guide]]%0a---%0a> [[Cvs/Anoncvs|Anoncvs Guide]]%0a host:1634192621=38.87.162.47 author:1634192564=jrmu diff:1634192564:1634192501:=138,143d137%0a%3c %0a%3c See Also:%0a%3c %0a%3c [[Cvs/Anoncvs|Anoncvs Guide]]%0a%3c [[Cvs/Cvsweb|Cvsweb Guide]]%0a%3c [[Cvs/Intro|CVS Intro]]%0a host:1634192564=38.87.162.47 author:1634192501=jrmu diff:1634192501:1634192300:=96c96%0a%3c $ openrsync -a --delete --rsync-path=openrsync /CVS/ /open/anoncvs/cvs/%0a---%0a> $ openrsync -a --delete --rsync-path=/usr/bin/openrsync /CVS/ /open/anoncvs/cvs/%0a host:1634192501=38.87.162.47 author:1634192300=jrmu diff:1634192300:1634192142:=111c111%0a%3c The /open/anoncvs/cvs/ directory should look like this:%0a---%0a> A sample directory should look like this:%0a host:1634192300=38.87.162.47 author:1634192142=jrmu diff:1634192142:1634191887:=57d56%0a%3c chmod -R g+w /open/anoncvs/cvs%0a109,112c108,113%0a%3c !! Results%0a%3c %0a%3c A sample directory should look like this:%0a%3c %0a---%0a> !! Adding Repos%0a> %0a> To add your repo to anoncvs, copy the folders into /open/anoncvs/cvs.%0a> %0a> If you have not already done so [[CVS/commit|when creating the CVS repo]] may want to create a new group with commit rights:%0a> %0a114,122c115%0a%3c # ls -lha /open/anoncvs/cvs%0a%3c total 28%0a%3c drwxr-xr-x 7 root wheel 512B Oct 9 06:19 .%0a%3c drwxr-xr-x 10 root wheel 512B Oct 9 06:10 ..%0a%3c drwxrwxr-x 3 jrmu commit 1.0K Apr 29 06:48 CVSROOT%0a%3c drwxrwxr-x 9 jrmu commit 512B May 8 11:42 acopm%0a%3c drwxrwxr-x 2 jrmu commit 1.0K Aug 26 04:17 botnow%0a%3c drwxrwxr-x 8 jrmu commit 512B May 27 16:57 brogue-ce%0a%3c drwxrwxr-x 6 jrmu commit 512B May 7 06:46 ircnowd%0a---%0a> # groupadd commit%0a124a118,146%0a> For each user you want to give commit rights to:%0a> %0a> [@%0a> # usermod -G commit USERNAME%0a> @]%0a> %0a> Replace USERNAME with the committer's user's name.%0a> %0a> You will then want to change group ownership and provide group write permissions:%0a> %0a> [@%0a> # chown -R CVSYNCUSER:commit /open/anoncvs/cvs%0a> # chmod -R g+w /open/anoncvs/cvs%0a> @]%0a> %0a> A sample directory should look like this:%0a> %0a> [@%0a> # ls -lha /open/anoncvs/cvs%0a> total 28%0a> drwxr-xr-x 7 root wheel 512B Oct 9 06:19 .%0a> drwxr-xr-x 10 root wheel 512B Oct 9 06:10 ..%0a> drwxrwxr-x 3 jrmu commit 1.0K Apr 29 06:48 CVSROOT%0a> drwxrwxr-x 9 jrmu commit 512B May 8 11:42 acopm%0a> drwxrwxr-x 2 jrmu commit 1.0K Aug 26 04:17 botnow%0a> drwxrwxr-x 8 jrmu commit 512B May 27 16:57 brogue-ce%0a> drwxrwxr-x 6 jrmu commit 512B May 7 06:46 ircnowd%0a> @]%0a> %0a128,131d149%0a%3c %0a%3c !! Test anoncvs%0a%3c %0a%3c You'll want to [[cvs/intro|test anoncvs]] to make sure it's working.%0a host:1634192142=38.87.162.47 author:1634191887=jrmu diff:1634191887:1634191709:=95a96%0a> $ openrsync -a --delete --rsync-path=/usr/bin/openrsync /CVS/ /var/www/cvs/%0a105a107%0a> @daily -s /usr/bin/openrsync -a --delete --rsync-path=/usr/bin/openrsync /CVS/ /var/www/cvs/%0a host:1634191887=38.87.162.47 author:1634191709=jrmu diff:1634191709:1634191633:= host:1634191709=38.87.162.47 author:1634191633=jrmu diff:1634191633:1634190900:=56c56%0a%3c chown -R $CVSYNCUSER:commit /open/anoncvs/cvs%0a---%0a> chown -R $CVSYNCUSER /open/anoncvs/cvs%0a host:1634191633=38.87.162.47 author:1634190900=jrmu diff:1634190900:1634190121:=90,93c90,95%0a%3c !! Syncing repos%0a%3c %0a%3c You now want to sync repos from the committers' CVSROOT to the anoncvs CVSROOT. You want to run this command while logged in as the CVS maintainer:%0a%3c %0a---%0a> !! Adding Repos%0a> %0a> To add your repo to anoncvs, copy the folders into /open/anoncvs/cvs.%0a> %0a> If you have not already done so [[CVS/commit|when creating the CVS repo]] may want to create a new group with commit rights:%0a> %0a95,96c97%0a%3c $ openrsync -a --delete --rsync-path=/usr/bin/openrsync /CVS/ /open/anoncvs/cvs/%0a%3c $ openrsync -a --delete --rsync-path=/usr/bin/openrsync /CVS/ /var/www/cvs/%0a---%0a> # groupadd commit%0a99,100c100,101%0a%3c We will set up a cronjob so the repos are synced daily:%0a%3c %0a---%0a> For each user you want to give commit rights to:%0a> %0a102c103%0a%3c $ crontab -e%0a---%0a> # usermod -G commit USERNAME%0a104a106,109%0a> Replace USERNAME with the committer's user's name.%0a> %0a> You will then want to change group ownership and provide group write permissions:%0a> %0a106,107c111,112%0a%3c @daily -s /usr/bin/openrsync -a --delete --rsync-path=/usr/bin/openrsync /CVS/ /open/anoncvs/cvs/%0a%3c @daily -s /usr/bin/openrsync -a --delete --rsync-path=/usr/bin/openrsync /CVS/ /var/www/cvs/%0a---%0a> # chown -R CVSYNCUSER:commit /open/anoncvs/cvs%0a> # chmod -R g+w /open/anoncvs/cvs%0a110,115c115,116%0a%3c !! Adding Repos%0a%3c %0a%3c To add your repo to anoncvs, copy the folders into /open/anoncvs/cvs.%0a%3c %0a%3c If you have not already done so [[CVS/commit|when creating the CVS repo]] may want to create a new group with commit rights:%0a%3c %0a---%0a> A sample directory should look like this:%0a> %0a117c118,126%0a%3c # groupadd commit%0a---%0a> # ls -lha /open/anoncvs/cvs%0a> total 28%0a> drwxr-xr-x 7 root wheel 512B Oct 9 06:19 .%0a> drwxr-xr-x 10 root wheel 512B Oct 9 06:10 ..%0a> drwxrwxr-x 3 jrmu commit 1.0K Apr 29 06:48 CVSROOT%0a> drwxrwxr-x 9 jrmu commit 512B May 8 11:42 acopm%0a> drwxrwxr-x 2 jrmu commit 1.0K Aug 26 04:17 botnow%0a> drwxrwxr-x 8 jrmu commit 512B May 27 16:57 brogue-ce%0a> drwxrwxr-x 6 jrmu commit 512B May 7 06:46 ircnowd%0a120,121c129,132%0a%3c For each user you want to give commit rights to:%0a%3c %0a---%0a> !! Syncing repos%0a> %0a> You will want to set up a cronjob:%0a> %0a123c134%0a%3c # usermod -G commit USERNAME%0a---%0a> $ crontab -e%0a126,129d136%0a%3c Replace USERNAME with the committer's user's name.%0a%3c %0a%3c You will then want to change group ownership and provide group write permissions:%0a%3c %0a131,146c138,139%0a%3c # chown -R CVSYNCUSER:commit /open/anoncvs/cvs%0a%3c # chmod -R g+w /open/anoncvs/cvs%0a%3c @]%0a%3c %0a%3c A sample directory should look like this:%0a%3c %0a%3c [@%0a%3c # ls -lha /open/anoncvs/cvs%0a%3c total 28%0a%3c drwxr-xr-x 7 root wheel 512B Oct 9 06:19 .%0a%3c drwxr-xr-x 10 root wheel 512B Oct 9 06:10 ..%0a%3c drwxrwxr-x 3 jrmu commit 1.0K Apr 29 06:48 CVSROOT%0a%3c drwxrwxr-x 9 jrmu commit 512B May 8 11:42 acopm%0a%3c drwxrwxr-x 2 jrmu commit 1.0K Aug 26 04:17 botnow%0a%3c drwxrwxr-x 8 jrmu commit 512B May 27 16:57 brogue-ce%0a%3c drwxrwxr-x 6 jrmu commit 512B May 7 06:46 ircnowd%0a---%0a> @daily -s /usr/bin/openrsync -a --delete --rsync-path=/usr/bin/openrsync /CVS/ /open/anoncvs/cvs/%0a> @daily -s /usr/bin/openrsync -a --delete --rsync-path=/usr/bin/openrsync /CVS/ /var/www/cvs/%0a host:1634190900=38.87.162.47 author:1634190121=jrmu diff:1634190121:1634190105:=1c1%0a%3c This guide assumes you have already [[cvs/commit|created a new CVS root]] and imported repositories. Committers will use the real CVS repo for reading and writing, whereas in this guide, we create an anoncvs mirror for guest read-only access.%0a---%0a> This guide assumes you have already [[CVS/commit|created a new CVS root]] and imported repositories. Committers will use the real CVS repo for reading and writing, whereas in this guide, we create an anoncvs mirror for guest read-only access.%0a host:1634190121=38.87.162.47 author:1634190105=jrmu diff:1634190105:1634189588:=1,2c1,2%0a%3c This guide assumes you have already [[CVS/commit|created a new CVS root]] and imported repositories. Committers will use the real CVS repo for reading and writing, whereas in this guide, we create an anoncvs mirror for guest read-only access.%0a%3c %0a---%0a> On OpenBSD 6.9 Stable:%0a> %0a61,62d60%0a%3c The commands below are needed for OpenBSD 6.9 stable:%0a%3c %0a94c92%0a%3c If you have not already done so [[CVS/commit|when creating the CVS repo]] may want to create a new group with commit rights:%0a---%0a> You may want to create a new group with commit rights:%0a host:1634190105=38.87.162.47 author:1634189588=jrmu diff:1634189588:1634189402:=54c54%0a%3c export CVSYNCUSER=$USER%0a---%0a> export CVSYNCUSER=USERNAME%0a59c59%0a%3c The person maintaining the cvs archive is $CVSYNCUSER . Replace $USER with the maintainer's username.%0a---%0a> The person maintaining the cvs archive is $CVSYNCUSER . Replace USERNAME with the maintainer's username.%0a host:1634189588=38.87.162.47 author:1634189402=jrmu diff:1634189402:1634186300:=4,5c4,5%0a%3c $ mkdir ~/anoncvs%0a%3c $ cd ~/anoncvs%0a---%0a> $ mkdir ~/cvs%0a> $ cd ~/cvs%0a host:1634189402=38.87.162.47 author:1634186300=jrmu diff:1634186300:1634050252:=127,136c127,128%0a%3c !! Syncing repos%0a%3c %0a%3c You will want to set up a cronjob:%0a%3c %0a%3c [@%0a%3c $ crontab -e%0a%3c @]%0a%3c %0a%3c [@%0a%3c @daily -s /usr/bin/openrsync -a --delete --rsync-path=/usr/bin/openrsync /CVS/ /open/anoncvs/cvs/%0a---%0a> !! Cronjob%0a> %0a138c130,132%0a%3c @]%0a---%0a> @daily -s /usr/bin/openrsync -a --delete --rsync-path=/usr/bin/openrsync /CVS/ /anoncvs/anoncvs/cvs/%0a> @daily -s /usr/bin/openrsync -a --delete --rsync-path=/usr/bin/openrsync /home/username/CVS/mtctl /var/www/cvs/%0a> @daily -s /usr/bin/openrsync -a --delete --rsync-path=/usr/bin/openrsync /home/username/CVS/mtctl /anoncvs/anoncvs/cvs/%0a host:1634186300=38.87.162.47 author:1634050252=jrmu diff:1634050252:1634024714:=126,132d125%0a%3c %0a%3c !! Cronjob%0a%3c %0a%3c @daily -s /usr/bin/openrsync -a --delete --rsync-path=/usr/bin/openrsync /CVS/ /var/www/cvs/%0a%3c @daily -s /usr/bin/openrsync -a --delete --rsync-path=/usr/bin/openrsync /CVS/ /anoncvs/anoncvs/cvs/%0a%3c @daily -s /usr/bin/openrsync -a --delete --rsync-path=/usr/bin/openrsync /home/username/CVS/mtctl /var/www/cvs/%0a%3c @daily -s /usr/bin/openrsync -a --delete --rsync-path=/usr/bin/openrsync /home/username/CVS/mtctl /anoncvs/anoncvs/cvs/%0a host:1634050252=38.87.162.47 author:1634024714=jrmu diff:1634024714:1634024004:=126,129d125%0a%3c %0a%3c !! Publish SSH fingerprints%0a%3c %0a%3c Make sure to publish your [[https://wiki.ircnow.org/index.php?n=Ssh.Fingerprints|SSH fingerprints]] so users can be certain that the source code was transported securely.%0a host:1634024714=38.87.162.47 author:1634024004=jrmu diff:1634024004:1634023610:=110c110%0a%3c # chmod -R g+w /open/anoncvs/cvs%0a---%0a> # chmod g+w /open/anoncvs/cvs%0a host:1634024004=38.87.162.47 author:1634023610=jrmu diff:1634023610:1634022756:=109c109%0a%3c # chown -R CVSYNCUSER:commit /open/anoncvs/cvs%0a---%0a> # chown -R CVSYNCUSER:USERNAME /open/anoncvs/cvs%0a host:1634023610=38.87.162.47 author:1634022756=jrmu diff:1634022756:1634022658:=110d109%0a%3c # chmod g+w /open/anoncvs/cvs%0a120,124c119,123%0a%3c drwxrwxr-x 3 jrmu commit 1.0K Apr 29 06:48 CVSROOT%0a%3c drwxrwxr-x 9 jrmu commit 512B May 8 11:42 acopm%0a%3c drwxrwxr-x 2 jrmu commit 1.0K Aug 26 04:17 botnow%0a%3c drwxrwxr-x 8 jrmu commit 512B May 27 16:57 brogue-ce%0a%3c drwxrwxr-x 6 jrmu commit 512B May 7 06:46 ircnowd%0a---%0a> drwxr-xr-x 3 jrmu commit 1.0K Apr 29 06:48 CVSROOT%0a> drwxr-xr-x 9 jrmu commit 512B May 8 11:42 acopm%0a> drwxr-xr-x 2 jrmu commit 1.0K Aug 26 04:17 botnow%0a> drwxr-xr-x 8 jrmu commit 512B May 27 16:57 brogue-ce%0a> drwxr-xr-x 6 jrmu commit 512B May 7 06:46 ircnowd%0a host:1634022756=38.87.162.47 author:1634022658=jrmu diff:1634022658:1634021871:=104,105c104,105%0a%3c Replace USERNAME with the committer's user's name.%0a%3c %0a---%0a> Replace USERNAME with the user's name.%0a> %0a109c109%0a%3c # chown -R CVSYNCUSER:USERNAME /open/anoncvs/cvs%0a---%0a> %0a119,123c119,123%0a%3c drwxr-xr-x 3 jrmu commit 1.0K Apr 29 06:48 CVSROOT%0a%3c drwxr-xr-x 9 jrmu commit 512B May 8 11:42 acopm%0a%3c drwxr-xr-x 2 jrmu commit 1.0K Aug 26 04:17 botnow%0a%3c drwxr-xr-x 8 jrmu commit 512B May 27 16:57 brogue-ce%0a%3c drwxr-xr-x 6 jrmu commit 512B May 7 06:46 ircnowd%0a---%0a> drwxr-xr-x 3 jrmu jrmu 1.0K Apr 29 06:48 CVSROOT%0a> drwxr-xr-x 9 jrmu jrmu 512B May 8 11:42 acopm%0a> drwxr-xr-x 2 jrmu jrmu 1.0K Aug 26 04:17 botnow%0a> drwxr-xr-x 8 jrmu jrmu 512B May 27 16:57 brogue-ce%0a> drwxr-xr-x 6 jrmu jrmu 512B May 7 06:46 ircnowd%0a host:1634022658=38.87.162.47 author:1634021871=jrmu diff:1634021871:1634020774:=106,107c106,107%0a%3c You will then want to change group ownership and provide group write permissions:%0a%3c %0a---%0a> A sample directory should look like this:%0a> %0a109,114d108%0a%3c %0a%3c @]%0a%3c %0a%3c A sample directory should look like this:%0a%3c %0a%3c [@%0a124a119%0a> %0a host:1634021871=38.87.162.47 author:1634020774=jrmu diff:1634020774:1633797899:=94,104c94,97%0a%3c [@%0a%3c # groupadd commit%0a%3c @]%0a%3c %0a%3c For each user you want to give commit rights to:%0a%3c %0a%3c [@%0a%3c # usermod -G commit USERNAME%0a%3c @]%0a%3c %0a%3c Replace USERNAME with the user's name.%0a---%0a> doas groupadd commit%0a> %0a> A sample directory should look like this:%0a> %0a host:1634020774=38.87.162.47 author:1633797899=jrmu diff:1633797899:1633777408:=93,94d92%0a%3c %0a%3c doas groupadd commit%0a host:1633797899=38.87.162.47 author:1633777408=jrmu diff:1633777408:1633776940:=92,93d91%0a%3c You may want to create a new group with commit rights:%0a%3c %0a107d104%0a%3c %0a host:1633777408=38.87.162.47 author:1633776940=jrmu diff:1633776940:1633776424:=81,83d80%0a%3c (:if false:)%0a%3c This was recommended by the README in the shar file from OpenBSD's anoncvs instructions, but I found it was unnecessary and potentially leaks system information:%0a%3c %0a86d82%0a%3c (:ifend:)%0a host:1633776940=38.87.162.47 author:1633776424=jrmu diff:1633776424:1633775789:=68,69c68,70%0a%3c cp /etc/{hosts,protocols,resolv.conf,services,ttys} /open/anoncvs/etc/%0a%3c chmod 444 /open/anoncvs/etc/{hosts,protocols,resolv.conf,services,ttys}%0a---%0a> cp /etc/{group,hosts,passwd,protocols} /open/anoncvs/etc/%0a> cp /etc/{pwd.db,resolv.conf,services,ttys} /open/anoncvs/etc/%0a> chmod 444 /open/anoncvs/etc/{group,hosts,passwd,protocols,pwd.db,resolv.conf,services,ttys}%0a80,82d80%0a%3c %0a%3c cp /etc/{group,hosts,passwd,protocols} /open/anoncvs/etc/%0a%3c cp /etc/{pwd.db,resolv.conf,services,ttys} /open/anoncvs/etc/%0a host:1633776424=38.87.162.47 author:1633775789=jrmu diff:1633775789:1633775117:=55a56%0a> chown $CVSYNCUSER /open/anoncvs%0a host:1633775789=38.87.162.47 author:1633775117=jrmu diff:1633775117:1633663751:=81,98d80%0a%3c @]%0a%3c %0a%3c !! Adding Repos%0a%3c %0a%3c To add your repo to anoncvs, copy the folders into /open/anoncvs/cvs.%0a%3c %0a%3c A sample directory should look like this:%0a%3c %0a%3c [@%0a%3c # ls -lha /open/anoncvs/cvs%0a%3c total 28%0a%3c drwxr-xr-x 7 root wheel 512B Oct 9 06:19 .%0a%3c drwxr-xr-x 10 root wheel 512B Oct 9 06:10 ..%0a%3c drwxr-xr-x 3 jrmu jrmu 1.0K Apr 29 06:48 CVSROOT%0a%3c drwxr-xr-x 9 jrmu jrmu 512B May 8 11:42 acopm%0a%3c drwxr-xr-x 2 jrmu jrmu 1.0K Aug 26 04:17 botnow%0a%3c drwxr-xr-x 8 jrmu jrmu 512B May 27 16:57 brogue-ce%0a%3c drwxr-xr-x 6 jrmu jrmu 512B May 7 06:46 ircnowd%0a host:1633775117=38.87.162.47 author:1633663751=jrmu diff:1633663751:1633663635:=1,2d0%0a%3c On OpenBSD 6.9 Stable:%0a%3c %0a host:1633663751=38.87.162.47 author:1633663635=jrmu diff:1633663635:1633623510:=20c20%0a%3c $ doas cp anoncvssh /open/anoncvssh%0a---%0a> $ doas cp anoncvssh.o /open/anoncvssh%0a host:1633663635=38.87.162.47 author:1633623510=jrmu diff:1633623510:1633621148:=22,29d21%0a%3c @]%0a%3c %0a%3c You will need to set anoncvs so it has no password. Run @@doas vipw@@%0a%3c and edit the line so it looks like this (except with the uid and gid 1001%0a%3c perhaps changed to another value):%0a%3c %0a%3c [@%0a%3c anoncvs::1001:1001::0:0::/open/anoncvs:/open/anoncvssh%0a host:1633623510=38.87.162.47 author:1633621148=jrmu diff:1633621148:1633621007:=44d43%0a%3c export CVSYNCUSER=USERNAME%0a50c49%0a%3c The person maintaining the cvs archive is $CVSYNCUSER . Replace USERNAME with the maintainer's username.%0a---%0a> The person maintaining the cvs archive is $CVSYNCUSER%0a host:1633621148=38.87.162.47 author:1633621007=jrmu diff:1633621007:1633620633:=71,76d70%0a%3c %0a%3c Recommended Reading:%0a%3c %0a%3c https://www.openbsd.org/anoncvs.html%0a%3c %0a%3c https://www.openbsd.org/anoncvs.shar%0a host:1633621007=38.87.162.47 author:1633620633=jrmu diff:1633620633:1633534701:=19c19%0a%3c $ doas useradd -m -d /open/anoncvs -s /open/anoncvssh anoncvs%0a---%0a> $ doas useradd -m -d /open/anoncvs -s /open/anoncvssh cvs%0a host:1633620633=38.87.162.47 author:1633534701=jrmu diff:1633534701:1633530796:=60d59%0a%3c chmod 444 /open/anoncvs/etc/{group,hosts,passwd,protocols,pwd.db,resolv.conf,services,ttys}%0a host:1633534701=38.87.162.47 author:1633530796=jrmu diff:1633530796:1633530533:=45,46c45%0a%3c chown $CVSYNCUSER /open/anoncvs%0a%3c chown -R $CVSYNCUSER /open/anoncvs/cvs%0a---%0a> chown -R $CVSYNCUSER /open/anoncvs/cvs /open/anoncvs%0a host:1633530796=38.87.162.47 author:1633530533=jrmu diff:1633530533:1633529715:=67d66%0a%3c chown -R root:wheel /open/anoncvs%0a host:1633530533=38.87.162.47 author:1633529715=jrmu diff:1633529715:1633527466:=21d20%0a%3c $ doas chmod 4111 /open/anoncvssh%0a host:1633529715=38.87.162.47 author:1633527466=jrmu diff:1633527466:1633445988:=58,65d57%0a%3c ln -s /open/anoncvs/tmp /open/anoncvs/var/tmp%0a%3c chmod a+rwx /open/anoncvs/tmp%0a%3c mkdir /open/anoncvs/usr/{bin,lib}%0a%3c cp /usr/bin/cvs /open/anoncvs/usr/bin/%0a%3c mkdir /open/anoncvs/usr/libexec%0a%3c cp /usr/libexec/ld.so /open/anoncvs/usr/libexec/%0a%3c cp /usr/lib/libz.so.5.0 /open/anoncvs/usr/lib/%0a%3c cp /usr/lib/libc.so.96.0 /open/anoncvs/usr/lib/%0a host:1633527466=38.87.162.47 author:1633445988=jrmu diff:1633445988:1633445863:=56,57c56,57%0a%3c cp /etc/{group,hosts,passwd,protocols} /open/anoncvs/etc/%0a%3c cp /etc/{pwd.db,resolv.conf,services,ttys} /open/anoncvs/etc/%0a---%0a> cp /etc/{group,hosts,passwd,protocols} etc/%0a> cp /etc/{pwd.db,resolv.conf,services,ttys} etc/%0a host:1633445988=38.87.162.47 author:1633445863=jrmu diff:1633445863:1633418034:=54,57d53%0a%3c mknod -m 666 /open/anoncvs/dev/null c 2 2%0a%3c mknod -m 666 /open/anoncvs/dev/zero c 2 12%0a%3c cp /etc/{group,hosts,passwd,protocols} etc/%0a%3c cp /etc/{pwd.db,resolv.conf,services,ttys} etc/%0a58a55,65%0a> %0a> Using mknod, make a dev/null that has the same major/minor numbers as%0a> your /dev/null, and make it mode 666.%0a> %0a> Some shared library systems require a dev/zero created in the same way.%0a> %0a> Fill etc space for the account%0a> cp /etc/{group,hosts,passwd,protocols} etc/%0a> cp /etc/{pwd.db,resolv.conf,services,ttys} etc/%0a> modify these files to suit your idea of system security%0a> %0a host:1633445863=38.87.162.47 author:1633418034=jrmu diff:1633418034:1633417835:=49,54c49,53%0a%3c [@%0a%3c touch /open/anoncvs/.hushlogin%0a%3c touch /open/anoncvs/.profile%0a%3c mkdir /open/anoncvs/{bin,dev,tmp,usr,var,etc}%0a%3c cp /bin/{cat,pwd,rm,sh} /open/anoncvs/bin/%0a%3c @]%0a---%0a> cd /open/anoncvs%0a> touch .hushlogin%0a> touch .profile%0a> mkdir bin dev tmp usr var etc%0a> cp /bin/{cat,pwd,rm,sh} bin/%0a host:1633418034=38.87.162.47 author:1633417835=jrmu diff:1633417835:1633417072:=39,64d38%0a%3c %0a%3c Run as root to create the chroot jail:%0a%3c %0a%3c [@%0a%3c mkdir /open/anoncvs/cvs%0a%3c chown -R $CVSYNCUSER /open/anoncvs/cvs /open/anoncvs%0a%3c @]%0a%3c %0a%3c The person maintaining the cvs archive is $CVSYNCUSER%0a%3c %0a%3c cd /open/anoncvs%0a%3c touch .hushlogin%0a%3c touch .profile%0a%3c mkdir bin dev tmp usr var etc%0a%3c cp /bin/{cat,pwd,rm,sh} bin/%0a%3c %0a%3c Using mknod, make a dev/null that has the same major/minor numbers as%0a%3c your /dev/null, and make it mode 666.%0a%3c %0a%3c Some shared library systems require a dev/zero created in the same way.%0a%3c %0a%3c Fill etc space for the account%0a%3c cp /etc/{group,hosts,passwd,protocols} etc/%0a%3c cp /etc/{pwd.db,resolv.conf,services,ttys} etc/%0a%3c modify these files to suit your idea of system security%0a%3c %0a host:1633417835=38.87.162.47 author:1633417072=jrmu diff:1633417072:1633417002:=13,15d12%0a%3c %0a%3c Replace anoncvs.example.com with your domain. You want to leave /cvs as-is%0a%3c because CVS runs inside a chroot jail.%0a host:1633417072=38.87.162.47 author:1633417002=jrmu diff:1633417002:1633416515:=16,17c16,17%0a%3c $ doas useradd -m -d /open/anoncvs -s /open/anoncvssh cvs%0a%3c $ doas cp anoncvssh.o /open/anoncvssh%0a---%0a> $ doas useradd -m -d /home/cvs -s /home/cvs/anoncvssh cvs%0a> $ doas cp anoncvssh.o /home/cvs/anoncvssh%0a host:1633417002=38.87.162.47 author:1633416515=jrmu diff:1633416515:1633415486:=18,34d17%0a%3c @]%0a%3c %0a%3c Add this to the bottom of /etc/ssh/sshd_config:%0a%3c %0a%3c [@%0a%3c Match User anoncvs%0a%3c PermitEmptyPasswords yes%0a%3c AllowTcpForwarding no%0a%3c AllowAgentForwarding no%0a%3c X11Forwarding no%0a%3c PermitTTY no%0a%3c @]%0a%3c %0a%3c Then restart sshd:%0a%3c %0a%3c [@%0a%3c $ doas rcctl restart sshd%0a host:1633416515=38.87.162.47 author:1633415486=jrmu diff:1633415486:1633414292:=6,14d5%0a%3c @]%0a%3c %0a%3c Edit the first line of ~/Makefile:%0a%3c %0a%3c [@%0a%3c CVSROOT=anoncvs@anoncvs.example.com:/cvs%0a%3c @]%0a%3c %0a%3c [@%0a17a9,12%0a> %0a> In /home/jrmu/Makefile:%0a> %0a> CVSROOT=anoncvs@anoncvs.ircnow.org:/cvs%0a host:1633415486=38.87.162.47 author:1633414292=jrmu diff:1633414292:1633005758:=0a1,2%0a> In ~/%0a> %0a2,3d3%0a%3c $ mkdir ~/cvs%0a%3c $ cd ~/cvs%0a7,12c7,8%0a%3c $ doas useradd -m -d /home/cvs -s /home/cvs/anoncvssh cvs%0a%3c $ doas cp anoncvssh.o /home/cvs/anoncvssh%0a%3c %0a%3c In /home/jrmu/Makefile:%0a%3c %0a%3c CVSROOT=anoncvs@anoncvs.ircnow.org:/cvs%0a---%0a> $ doas cp anoncvssh.o /usr/local/bin/anoncvssh%0a> $ doas useradd -m -d /home/cvs -s /usr/local/bin/anoncvssh cvs%0a host:1633414292=38.87.162.47 author:1633005758=jrmu diff:1633005758:1632993970:=8d7%0a%3c $ doas useradd -m -d /home/cvs -s /usr/local/bin/anoncvssh cvs%0a host:1633005758=38.87.162.47 author:1632993970=jrmu diff:1632993970:1632993970:=1,8d0%0a%3c In ~/%0a%3c %0a%3c [@%0a%3c $ ftp https://www.openbsd.org/anoncvs.shar%0a%3c $ sh anoncvs.shar%0a%3c $ make%0a%3c $ doas cp anoncvssh.o /usr/local/bin/anoncvssh%0a%3c @]%0a host:1632993970=38.87.162.47