REPOCAFE(1) User Contributed Perl Documentation REPOCAFE(1)
NNAAMMEE
repocafe - self-service for svn hosting
UUSSAAGGEE
Repocafe helps admins and users to manage subversion repositories.
· Admins can easily set up svn hosting.
· Users can create repositories and manage access rights, using a web
application.
· Authentication is ldap based, but guest accounts can be created as
well.
Central to a repocafe installation is the _c_o_n_f_i_g _f_i_l_e. It is used by
the web application, and all setup- and support scripts.
Creating a config file is the biggest part of setting up a repocafe.
CCOONNFFIIGG FFIILLEE
llooccaattiioonn
The default locations of the config file are :
* ..//rreeppooccaaffee..ccoonnff
* $$HHOOMMEE//..rreeppooccaaffee..ccoonnff
* //eettcc//rreeppooccaaffee..ccoonnff
ssyynnttaaxx
A config file looks like this :
+--------------------------------------------------
│# lines that start with ’#’ are comment
│# blank lines are ignored too
│# tabs are replaced by a space
│
│# the config entries are ’key’ and ’value’ pairs
│# a ’key’ begins in column 1
│# the ’value’ is the rest of the line
│somekey part1 part2 part3 ...
│otherkey part1 part2 part3 ...
│
│# keyword EMPTY represents the empty string ;
│# in the next line some_key’s part2 is set to ’’
│somekey part1 EMPTY part3 ...
│
│# indented lines are glued
│# the next three lines mean ’somekey part1 part2 part3’
│somekey part1
│ part2
│ part3
│
│# lines starting with a ’+’ are concatenated
│# the next three lines mean ’somekey part1part2part3’
│somekey part1
│+ part2
│+ part3
│
│# lines starting with a ’.’ are glued too
│# don’t use a ’.’ on a line by itself
│# ’somekey’ gets the value "part1\n part2\n part3"
│somekey part1
│. part2
│. part3
+--------------------------------------------------
In some places in the config (so indicated below) you can glue a
"string with spaces" into one _p_a_r_t by replacing spaces with underscores
as in "string_with_spaces".
ccoonnffiigg ffiillee :: rreeqquuiirreedd eennttrriieess
dir_admin _p_a_t_h
Specify the full pathname of the "admin" tree.
dir_admin /path/to/admin-tree
dir_www _p_a_t_h
Specify the full pathname of the "www" tree.
dir_www /path/to/www-tree
dir_data _p_a_t_h
Specify the full pathname of the directory where the data lives.
dir_data /path/to/data-tree
The data directory is created by "setup-data" in the setup phase.
It contains subdirectories "admin", "archive", "logs" and "repos".
organisation _h_t_m_l
Specify the name of your organisation ; this will be embedded in
the user documention, so an url is fine.
organisation my organisation
db_host _h_o_s_t
Specify the hostname of your database server
db_host pghost.some.name.org
db_name _n_a_m_e
Specify the name of the database where the repocafe tables live.
See _d_b___p_r_e_f below.
db_user _u_s_e_r
Specify the username for the database connections in applications.
db_pswd _p_a_s_s_w_o_r_d
Specify the password for the database connections in applications.
admin_user _n_a_m_e
Specify the uid (name or number) of the user who owns the files in
the admin tree and the www tree. This information is used only in
the setup-scripts.
admin_group _n_a_m_e
Specify the gid (name or number) of the _a_d_m_i_n___u_s_e_r. This informa-
tion is used only in the setup-scripts.
www_user _n_a_m_e
Specify the uid (name or number) of the apache httpd run-user
(APACHE_RUN_USER). All files created by the httpd (including the
repositories, logs etc) will be owned by this uid. This informa-
tion is used only in the setup-scripts.
www_group _n_a_m_e
Specify the gid (name or number) of the _w_w_w___u_s_e_r
(APACHE_RUN_GROUP). This information is used only in the
setup-scripts.
www_server _n_a_m_e
Specify the name of your web server
www_server repocafe.science.uu.nl
www_secret _s_t_r_i_n_g
Specify a long, _s_e_c_r_e_t (random) string ; this secret is used in the
web applications to checksum the contents of sessions, protect
plots from prying eyes etc.
www_secret jlsadywr4n8sdydf8wery
Your secret should be random, and at least 16 characters long.
www_contact _s_t_r_i_n_g
Specify an email address, so users can contact the svn-admins.
www_contact svn-admins@my.org
This address is also used in (the default for) the From:-line of
mail sent to guests ; see "mail_from_admin".
clas _c_l_a_s_s ldap _l_d_a_p_-_t_a_g _p_a_t_t_e_r_n [_d_e_s_c_r_i_p_t_i_o_n]
clas guests table repo_guests login passwd name [_d_e_s_c_r_i_p_t_i_o_n]
Specify one or more _u_s_e_r _c_l_a_s_s_e_s. When a user attempts to login,
the clas-lines are tried in turn to verify the user’s username and
password. The line that succeeds, determines the logged-in user’s
_c_l_a_s_s.
The _d_e_s_c_r_i_p_t_i_o_n should describe the user class (staff, students,
sales, marketing). Write blanks as underscores to make it a single
string. The descriptions are shown on the login page, and should
explain which users should use what username/passwd. The default
for _d_e_s_c_r_i_p_t_i_o_n is the configured _c_l_a_s_s.
For an _l_d_a_p _u_s_e_r _c_l_a_s_s, the ldap server, identified by _l_d_a_p_-_t_a_g, is
queried anonymously. If/when a DN is returned, it is matched
against _p_a_t_t_e_r_n. If it matches, an authenticated bind is done. If
it succeeds, the user is authenticated.
See also optional config entry _l_d_a_p.
For the _g_u_e_s_t_s _u_s_e_r _c_l_a_s_s, a database table lookup is done. If it
succeeds and the password matches, the user’s class is ’guests’.
If you want guests, copy this line into the config:
clas guests table repo_guests login passwd name
The extra parameters (table, repo_guests, login, passwd, name) are
there for possible future enhancements.
A simple setup would be :
ldap myldap ldap.your.org ou=people,dc=my.org,dc=nl usual
clas guests table repo_guests login passwd name
clas user ldap myldap ,ou=people my.org_users
You have guest accounts, and one class of ldap users. The login
page says :
guests : use the login/password we sent you
my.org users : use your usual login/password
A more complicated example :
ldap sci ldap.science.uu.nl dc=science,dc=uu,dc=nl solis-id/password
ldap art ldap.arts.uu.nl dc=arts,dc=uu,dc=nl arts.uu.nl_id
clas guests table repo_guests login passwd name
clas sci ldap sci ou=staff,ou=users science_staff
clas edu ldap sci ou=students,ou=users science_students
clas staff ldap art ou=people,ou=staff arts_staff
clas students ldap art ou=people,ou=students arts_students
Here we define two ldap servers, one for ’science’ (with usernames
known as _s_o_l_i_s _i_d_’_s) and one for ’arts’ (with _a_r_t_s_._u_u_._n_l _i_d_’_s).
We have five user classes: _g_u_e_s_t_s, _s_c_i_e_n_c_e staff and students, _a_r_t_s
staff and students.
tree _p_a_t_h _p_r_e_f_i_x [_u_s_e_r_-_c_l_a_s_s_e_s]
Specify one or more _t_r_e_e-lines. It describes how actual repository
names are structured. Field _u_s_e_r_-_c_l_a_s_s_e_s is a (possibly empty)
comma-separated list of user classes (eg "staff,students").
When a user creates a repository, he/she supplies an alpha-numeric
_n_a_m_e for the repository. Optionally, this _n_a_m_e is prefixed with a
tag that depends on the user’s class and/or username. For
instance, if you want staff repository names to be prefixed with
’stf’, and student’s repository names with ’edu’, you specify
tree stf %p staff
tree edu %p student
If you want student’s repository names prefixed with ’edu._l_o_g_i_n_-
_n_a_m_e’, you specify
tree edu %p.%o student
Admins can create repositories in all trees ; if no _u_s_e_r_-_c_l_a_s_s_e_s
are specified in a tree-line, users are told repositories in that
tree can be created _o_n _r_e_q_u_e_s_t. You configure :
tree EMPTY
For a simple, _f_l_a_t namespace, specify
tree EMPTY EMPTY clas1,clas2,clas3
where keyword "EMPTY" represents the empty string and
_c_l_a_s_1_,_c_l_a_s_2_,_c_l_a_s_3 sums up the user classes that may create reposi-
tories. The name of a repository will be the name supplied by the
owner/creator of the repository.
In general, each tree-line specifies which user classes can create
repositories prefixed with the given _p_a_t_h. The actual repository
names are generated by substituting, in the given _p_r_e_f_i_x, the given
_p_a_t_h for ’%p’ and the username of the creator for ’%o’.
CCaavveeaatt: Once you configure a certain tree layout, you can’t change
or remove a tree-line, if/when repositories in that tree have been
created. The actual file path of a new repository isn’t saved in
the database after creation. Instead, the pathname is recomputed
each time when needed, based on _t_r_e_e, _o_w_n_e_r and _n_a_m_e and the config
file. So, if/when the (user or tree) config changes, we can’t
compute the proper repo’s pathname from the info in the database.
Hm, a quick fix seems obvious. However, the best solution would be
to put user/tree stuff in the database and under application con-
trol, so a change in ’config’ could result in a proper ’renaming’
of repo’s.
ccoonnffiigg ffiillee :: ooppttiioonnaall eennttrriieess
create_guests _c_l_a_s_1 _c_l_a_s_2 ...
Optionally specify the classes of users that may create _g_u_e_s_t_s.
create_guests staff
If only admins may create guests, don’t specify "create_guests" or
configure
create_guests EMPTY
no_viewvc
If you don’t have package _v_i_e_w_v_c installed (yet), configure
no_viewvc
to get rid of the (non-working) "viewvc"-urls in the web pages.
no_groups
If you don’t want your repocafe to have _g_r_o_u_p_s, configure
no_groups
motd _h_t_m_l
Optionally specify a _m_e_s_s_a_g_e_-_o_f_-_t_h_e_-_d_a_y which will be displayed
prominently on every page.
ldap _t_a_g _l_d_a_p_-_h_o_s_t _b_a_s_e [_d_e_s_c_r_i_p_t_i_o_n]
Optionally specify one or more _l_d_a_p_-_h_o_s_ts that can authenticate
users. When a user attempts to login, the _l_d_a_p_-_h_o_s_ts are queried,
using base _b_a_s_e.
The _d_e_s_c_r_i_p_t_i_o_n should be name for the username/password verified
by the ldap (_s_c_h_o_o_l _i_d, _u_n_i_x_/_l_i_n_u_x, _u_s_u_a_l). The descriptions are
shown on the login page, and should explain which users should use
what username/passwd. Write blanks as underscores to make it a
single string.
ldap cs ldap.cs.uu.nl dc=cs,dc=uu,dc=nl cs.uu.nl_user_id
The default for _d_e_s_c_r_i_p_t_i_o_n is the configured _t_a_g.
See optional configuration entries "bind" and "attr" for more con-
figuration options.
bind _l_d_a_p_-_t_a_g _b_i_n_d_d_n _b_i_n_d_p_w
Optionally specify a _d_n and _p_a_s_s_w_o_r_d for the indicated ldap-server
; useful only if the ldap-server does not allow anonymous binds.
attr _l_d_a_p_-_t_a_g _l_o_g_i_n _f_u_l_l_-_n_a_m_e _e_m_a_i_l
Optionally specify the attribute-names for the indicated
ldap-server.
The default is
attr uid cn mail
Some ldap-servers use this set of attribute-names :
attr cn displayName mail
top_head _h_t_m_l
aux_head _h_t_m_l
Optionally specify some html to be included at the beginning (end)
of the "HEAD"-section of every page.
top_body _h_t_m_l
aux_body _h_t_m_l
Optionally specify some html to be included at the beginning (end)
of the "BODY"-section of every page.
top_rules_usage _h_t_m_l
Optionally specify one or more _L_I items to be included in the user
documentation page, as the first bullets under _r_u_l_e_s _- _u_s_a_g_e.
top_rules_usage never, never, ....
always follow instructions of ....
aux_rules_usage _h_t_m_l
Optionally specify one or more _L_I items to be included in the user
documentation page, as the last bullets under _r_u_l_e_s _- _u_s_a_g_e.
aux_rules_usage
finally, remember that ...
top_statistics _h_t_m_l
Optionally specify one or more _L_I items to be included in the user
documentation page, as the first bullets under _s_t_a_t_i_s_t_i_c_s.
aux_statistics _h_t_m_l
Optionally specify one or more _L_I items to be included in the user
documentation page, as the last bullets under _s_t_a_t_i_s_t_i_c_s.
db_pref _p_r_e_f_i_x
Optionally specify a _p_r_e_f_i_x for the names of all database tables.
The default is EMPTY (’’) ; a prefix must be all lowercase.
db_owner _u_s_e_r
Optionally specify a the _o_w_n_e_r of the database. This user must be
allowed to create/drop tables etc. it is used to connect to the
database in the "setup-db" and "upd-admins" scripts script. The
default is EMPTY (’’).
db_opswd _p_a_s_s_w_o_r_d
Optionally specify the database _p_a_s_s_w_o_r_d of the database _o_w_n_e_r ; it
is used to connect to the database in the "setup-db" and
"upd-admins" scripts. The default is EMPTY (’’).
mail_from_admin
Optionally specify the From: address used in mail to guests ; by
default, the configured "www_contact" mail address is used.
mail_from_noreply
Optionally specify the From: address used in _c_o_m_m_i_t emails ; by
default, "svn-no-reply@"_w_w_w___s_e_r_v_e_r is used ; where "www_server" is
the configured www server hostname.
www_scheme _h_t_t_p ││ _h_t_t_p_s
Optionally specify the _s_c_h_e_m_e for the _w_w_w___s_e_r_v_e_r ; the default is
www_scheme https
file_access _f_i_l_e_n_a_m_e
Optionally specify the name of the svn accessfile. The default is
’svnaccessfile’.
file_guests _f_i_l_e_n_a_m_e
Optionally specify the name of the DB file where the apache server
looks up the guests’ credentials. The default is ’guestusers’.
file_log _f_i_l_e_n_a_m_e
Optionally specify the name of the file where logins/outs etc are
logged. The default is "repocafe_log".
cmd_commit_email _c_o_m_m_a_n_d
This option now obsolete.
cmd_svnadmin _p_a_t_h
Optionally specify the full pathname of the ssvvnnaaddmmiinn command. The
default is "/usr/bin/svnadmin".
cmd_svnlook _p_a_t_h
Optionally specify the full pathname of the ssvvnnllooookk command. The
default is "/usr/bin/svnlook".
cmd_perl _p_a_t_h
Optionally specify the full pathname of the ppeerrll command. The
default is "/usr/bin/perl".
SSUUPPPPOORRTT SSCCRRIIPPTTSS
The setup support scripts are documented in section "INSTALLATION".
mmaaiinntteennaannccee
* mk_stats
Program mmkk__ssttaattss collects version and size info of each repository.
It should be run daily by cron from the configured directory
_d_i_r___a_d_m_i_n.
42 05 * * * ( cd ; /usr/bin/perl mk_stats -f )
A plot is genererated by "gnuplot".
Usage: mk_stats [-v] [-q] [-d] [-f] [-p] [-t] [-c conf]
option v : be verbose
option q : be quiet
option d : show debug info
option f : action ; otherwise dry-run
option p : just do the plots
option t : initialize table ’repo_tots’ ; use only for upgrades
option c : use config file
----------------------------------------
- mk_stats - collect repocafe statistics.
- For each repo, collect version and size into table repo_stats.
- Program mk_stats should be run daily by cron.
- Cronjob :
( cd ; perl mk_stats -f )
----------------------------------------
* upd-xusers
Program uuppdd--xxuusseerrss updates table "repo_xusers" (ex-users). It
should be run daily by cron from the configured directory
_d_i_r___a_d_m_i_n.
44 05 * * * ( cd ; /usr/bin/perl upd-xusers -f )
Running it as "upd-xusers -l -v" will show a detailed list of all
logins.
Usage: upd-xusers [-v] [-q] [-d] [-f] [-l] [-c conf] [ login ... ]
option v : be verbose
option q : be quiet
option d : show debug info
option f : action ; otherwise dry-run
option l : list xusers (no updates) ;
option c : use config
arguments login ... : restrict to login1, login2, ...
----------------------------------------
- upd-xusers - update the repo_xusers table.
- Table repo_xusers contains repocafe users that can’t be found
in the configured ldap(s) or table repo_guests.
- The repo_xusers table in only used in the statistics page.
- Running "upd-xusers -l -v" gives a detailed listing of all logins
found as owners, in access-rights or as group members.
- Because running upd-xusers may take some time to complete,
we suggest to run it daily by cron.
- Cronjob : ( cd ; /usr/bin/perl upd_xusers -f )
----------------------------------------
ssyysstteemm
The scripts in this section are called by the php programs. Normally,
they are not used by repocafe admins.
mail-watchers
After a commit, program "mail-watchers" notifies (by mail) the
repository’s watchers. It inspects the _d_i_f_f, which contains various
_p_a_r_t_s. A user is notified if he/she is a watcher of any _p_a_r_t. The
notification mail contains only the relevant parts of the _d_i_f_f.
Usage: mail-watchers [-v] [-q] [-d] path-to-repo rev repo_id
option v : be verbose ; dry-run
option q : be quiet
option d : show debug info
----------------------------------------
- mail-watchers - send commit-mail to watchers.
- mail-watchers is called from ’REPO/hooks/post-commit’ as
mail-watchers REPO REVISION REPO_ID
- It computes the watchers and uses SVN::Notify to notify each watcher ;
mail-watchers picks the relevant parts from the "svn-diff".
- Normally mail-watchers is not used by admins.
----------------------------------------
mk_guest_list
Program "mk_guest_list" creates the DB file, used by the httpd to
authenticate guests.
Usage: mk_guest_list [-v] [-q] [-d] [-c conf] out
option v : be verbose
option q : be quiet
option d : show debug info
option c : use config
----------------------------------------
- mk_guest_list - create the login:password file for guests.
- Program mk_guest_list is called by the php programs when a guest is added/deleted,
or when a guest changes his/her password.
- Specifically it creates:
out.db : a DB_file with (user -> password) pairs, used by httpd ;
out.txt : for your information, as text, the same pairs.
- Normally, mk_guest_list is not used by repocafe admins.
----------------------------------------
new-post-commit
Program "new-post-commit" creates post-commit hooks.
Usage: new-commit-hook [-v] [-q] [-d] [-f] [-c conf] [-pre] [-post] [-a │ repo_id]
option v : be verbose
option q : be quiet
option d : show debug info
option f : action ; otherwise dry-run
option c : use config file
option a : install new commit hooks for all repo’s
option pre : only install pre-commit hooks
option post : only install post-commit hooks
argument repo_id : install commit hooks for repo with id
----------------------------------------
- new-commit-hook - create repocafe commit hooks.
- new-commit-hook creates commit-hooks for one specified repo, or all repo’s (-a) ;
- by default, both ’pre-commit’ and ’post-commit’ hooks are installed,
from templates in ’lib/’.
- It is called by the web application when a new repository is created.
- Normally, new-commit-hook is not used by repocafe admins.
----------------------------------------
IINNSSTTAALLLLAATTIIOONN
rreeqquuiirreemmeennttss,, pprree--sseettuupp ccoonnssiiddeerraattiioonnss
* required : perl
Required Perl modules : "DBI", "DBD::Pg", "Net::LDAP",
"SVN::Notify"
* required : a secure apache web server
Because the application handles usernames and passwords, the web-
server should support _h_t_t_p_s connections and have a valid certifi-
cate.
The statistics plots use ’jpgraph’, which is easy to install. The
daily plots are generated with _g_n_u_p_l_o_t.
The software now runs on apache 2.2 with php-5 ; "mod_dav" is
required.
* summary for _U_b_u_n_t_u _S_e_r_v_e_r
To dress up an Ubuntu Server (10.10), you need the following :
sudo apt-get install apache2
sudo apt-get install subversion
sudo apt-get install apache2 libapache2-svn
sudo apt-get install libapache2-mod-php5
sudo apt-get install perl
sudo apt-get install postgresql
sudo apt-get install gnuplot-nox
sudo apt-get install libdbi-perl
sudo apt-get install libdbd-pg-perl
sudo apt-get install libnet-ldap-perl
sudo apt-get install php5-ldap
sudo apt-get install php5-pgsql
sudo apt-get install libio-socket-ssl-perl
sudo apt-get install viewvc
sudo a2enmod authn_alias
sudo a2enmod authn_dbm
sudo a2enmod rewrite
sudo a2enmod ssl
sudo a2enmod ldap
sudo a2enmod authnz_ldap
Edit /etc/viewvc/viewvc.conf :
root_parents = /data/svn/repos : svn
docroot = /viewvc-doc
JPGraph: dowload and install latest version from jpgraph website,
because the packages distributed in Ubuntu are old (version 1.5) ;
possibly due to the license of jpgraph (commercial, but free for
opensource and non-profit use).
* required : a postgresql database
Repocafe needs some postgresql database tables to store informa-
tion. To set up the database, talk to your database administrator
(DBA).
First determine a database _u_s_e_r (username, password) that can
_s_e_l_e_c_t_/_d_e_l_e_t_e_/_u_p_d_a_t_e the tables ; you configure :
db_user ...
db_pswd ...
How you obtain a new, empty database depends on your DBA.
IIff yyoouurr DDBBAA lleettss yyoouu oowwnn aa ddaattaabbaassee, determine a database _o_w_n_e_r
(username, password).
Ask your DBA to create a database "repocafe" where _o_w_n_e_r has been
granted all priviliges :
CREATE DATABASE repocafe WITH OWNER
or
CREATE DATABASE repocafe
GRANT ALL ON DATABASE repocafe TO
You configure the database owner’s username and password :
db_owner ....
db_opswd ....
IIff yyoouurr DDBBAA ccaann’’tt lleett yyoouu oowwnn aa ddaattaabbaassee, she has to create the
database tables for you. There are two cases :
1 the DBA wants to create the tables in a new database
You configure :
db_pref EMPTY
db_owner EMPTY
db_opswd EMPTY
2 the DBA wants to create the tables in an existing database
Now your DBA may want to prefix the table names with a common
prefix _m_y___p_r_e_f_i_x. You configure :
db_pref
db_owner EMPTY
db_opswd EMPTY
When you have finished creating your config, send your DBA the out-
put of
setup-db -sql
The DBA can create the tables for you, and your database setup is
complete.
* consideration : structure repocafe’s repository names
If you expect that your users will create many (hundreds of) repos-
itories, and you have two or more identifiable user groups, you may
want to divide up the repository name space, so the repository
overviews will look more _o_r_g_a_n_i_s_e_d. For details, see the config
entries for _u_s_e_r and _t_r_e_e. Please note that if you decide not to
structure your name space, adding (or changing) structure later,
will require a lot of hand-work.
ddoowwnnllooaadd tthhee ssooffttwwaarree
Checkout the software ; the latest release :
checkout https://svn.science.uu.nl/repos/project.repocafe.dev/release
or the development version (recommended) :
checkout https://svn.science.uu.nl/repos/project.repocafe.dev/trunk
The _d_e_v_e_l_o_p_m_e_n_t _v_e_r_s_i_o_n ("trunk") is stable and used in production by
the authors.
The distro has two parts : the "admin" tree and the "www" tree. The
"admin" tree is used for setup and maintenance ; the "www" tree will be
your apache’s DOCUMENTROOT.
Later, you can move each tree to a new location ; if you do, remember
to fix the config file and "www/local.ppp" (see below).
sseettuupp
* documentation
The documentation is in de "admin/doc" directory :
- "repocafe.html"
a html page
- "repocafe.1"
a man(1) source
- "repocafe.txt"
a formatted man page
All three pages contain the same information.
* the config file
In the "admin" tree, create the config file "repocafe.conf". Here
is a start :
organisation
. Name of My Organisation
dir_admin /path/to/admin/tree
dir_data /path/to/data/tree
dir_www /path/to/www/tree
admin_user
admin_group
www_user
www_group
www_server repocafe.my-org.org
www_secret **********
www_contact svn-admin@my-org.org
db_host pghost.my-org.org
db_name repocafe
db_user apache
db_pswd **********
ldap my_tag ldap.my-org.org dc=my-org,dc=nl usual
clas users ldap my_tag ou=people my-org_users
clas guests table repo_guests login passwd name
# users and guests can create repositories
tree EMPTY EMPTY users,guests
Test the config by running "configtest".
Program ccoonnffiiggtteesstt just loads the config ; any detected errors will
be shown. Optionally, it connects to the database as the configured
database user _d_b___u_s_e_r or _d_b___o_w_n_e_r. The program can also test the
ldap connections(s).
Usage: configtest [-v] [-q] [-d] [-u] [-o] [-t] [-l] [-V] [-R] [-a] [-c conf]
option v : be verbose
option q : be quiet
option d : show debug info
option u : also try to connect to the database as ’db_user’
option o : also try to connect to the database as ’db_owner’
option t : also try to check the database has all the tables
option l : also try to bind to all the ldap servers
option a : test all : implies -u -o -t -l
option c : use config file
option V : show repocafe version ; exit
option R : show repocafe revision ; exit
----------------------------------------
- configtest - test the repocafe configuration.
- Program configtest just loads the config ; any detected errors will be shown.
- Optionally, configtest connects to the database as the configured database
user db_user or db_owner.
- The program can also test the ldap connection(s).
----------------------------------------
* _s_e_t_u_p_-_d_a_t_a
Run sseettuupp--ddaattaa to setup the various files and directories. It
should run as root so it can chown stuff to _w_w_w___u_s_e_r/_w_w_w___g_r_o_u_p.
Usage: setup-data [-v] [-q] [-d] [-f] [-c conf]
option v : be verbose
option q : be quiet
option d : show debug info
option f : action ; otherwise dry-run
option c : use config-file
----------------------------------------
- setup-data - setup the repocafe data.
- setup-data creates and/or chowns the configured data files and directories.
- setup-data must run as root or the configured , unless in dry-runs.
----------------------------------------
* _s_e_t_u_p_-_v_h_o_s_t
Run sseettuupp--vvhhoosstt ; it shows (on STDOUT) the suggested vhost setup.
Catch the output and use it to set up an appropriate apache vhost.
Use "-a" to see the suggested apache _a_u_t_h_c_o_n_f_i_g.
You may have to tweak the vhost and auth configs to make them fit
in your distro’s default apache setup.
Usage: setup-vhost [-v] [-q] [-d] [-a] [-c conf]
option v : be verbose
option q : be quiet
option d : show debug info
option a : show the ’authconfig’ config
option c : use config-file
----------------------------------------
- setup-vhost - show the suggested repocafe vhost or auth apache config.
- setup-vhost generates apache configs from templates ; you may have to
tweak them.
- The generated configs must be placed in the apache config tree ;
the precise locations depend on the distro/apache installation.
----------------------------------------
* _s_e_t_u_p_-_d_b
If you own the repocafe database, you can use program "setup-db" to
setup the repocafe tables.
If not, you can send your DBA the output of
setup-db -sql
and she can create the tables for you.
Please note:
1 program _s_e_t_u_p_-_d_b should only be used during setup and upgrades
2 always do dry-runs before forcing action with option "-f"
Program "setup-db" checks the database for the presence of required
tables, contraints, triggers etc.
After doing a dry-run, create/fix the database setup with option
"-f". When upgrading, make a backup of your database before you
use program "setup-db" ; always use dry-runs.
RReeppooccaaffee requires that database-language _p_l_p_g_s_q_l is enabled for the
repocafe database. To check if it is, use :
SELECT * FROM pg_catalog.pg_language WHERE lanname = ’plpgsql’
Program "setup-db" will attempt to _c_r_e_a_t_e the language, if it is
not enabled for your database :
CREATE LANGUAGE plpgsql
but may lack permission. To avoid the problem, make sure language
"plpgsql" is enabled for the repocafe databse, _b_e_f_o_r_e running pro-
gram "setup-db" :
1 use program "psql" to check :
SELECT * FROM pg_catalog.pg_language WHERE lanname = ’plpgsql’ ;
2 if the selection is empty, attempt to _c_r_e_a_t_e the language
CREATE LANGUAGE plpgsql ;
3 if you lack permission, ask your DBA to _c_r_e_a_t_e the language.
Usage: setup-db [-v] [-q] [-d] [-f] [-sql] [-c conf] [ table ]
option v : be verbose
option q : be quiet ; print only sql commands
option d : show debug info
option f : action ; otherwise dry-run
option sql : just show the sql to be executed
option c : use config-file
argument table : only process (unless -sql is specified)
----------------------------------------
- setup-db - setup the repocafe database tables.
- Program setup-db creates missing tables, foreign key constraints etc.
- After doing a dry-run, create the database setup with option -f.
If, during setup, you change your config, re-run setup-db.
- Use ’setup-db -f’ with care, after setup is complete.
----------------------------------------
* _u_p_d_-_a_d_m_i_n_s
Define repocafe admins with "upd-admins".
Normally, only the configured _d_b___o_w_n_e_r can do actual add/deletes,
and database user "db_user" can only do SELECT and UPDATE on the
_r_e_p_o___r_o_o_t_s database table. However, if _d_b___o_w_n_e_r or _d_b___o_p_s_w_d is
empty or not configured, the _d_b___u_s_e_r, _d_b___p_s_w_d username and password
are used by "upd-admins".
Before an admin is added, the specified admin login is looked up.
Usage: upd-admins [-v] [-q] [-d] [-f] [-del admin] [-add admin] [-c conf]
option v : be verbose
option q : be quiet
option d : show debug info
option f : action ; otherwise dry-run
option del : delete admin
option add : add admin
option c : use config-file
----------------------------------------
- upd-admins - create/delete repocafe admins.
- By default, upd-admins lists the current admins.
- Normally, only the configured db_owner can do actual add/deletes, and
database user db_user can only do SELECT and UPDATE on the repo_roots
database table. However, if db_owner or db_opswd is empty or not
configured, upd-admins uses db_user/db_pswd for the database-connection.
- Before an admin is added, the specified admin login is looked up.
----------------------------------------
* "local.ppp"
Check the contents of file "dir_www/local.ppp" (created by
"setup-data") ; it should contain the full pathname of the config
file ; for example :
$CONF_ROOT = ’/home/repocafe/repocafe.conf’ ;
?>
Make sure the apache/php config allows php scripts to read the con-
fig file.
ffiinniisshh
The repocafe setup is now almost complete. A few more details remain :
* viewvc
Install package viewvc, or do it later ; nothing depends on it.
You can (temporarily) configure
no_viewvc
to get rid of the (non-working) "viewvc"-urls in the web pages.
* php package "jpgraph"
Install php package jjppggrraapphh ; this should work :
require_once ’jpgraph/src/jpgraph.php’ ;
require_once ’jpgraph/src/jpgraph_line.php’ ;
Package jjppggrraapphh is used in "plot.php".
* "gnuplot"
Make sure program "gnuplot" is installed ; it is used by "mk_stats"
to plot the data.
* cron jobs
Remember to setup cronjobs for "mk_stats" and "upd-xusers".
42 05 * * * ( cd ; /usr/bin/perl mk_stats -f )
44 05 * * * ( cd ; /usr/bin/perl upd-xusers -f )
* mail alias
You may want to set an email alias for the configured "www_con-
tact".
* configuration
If you have configured a (non-EMPTY) _d_b___o_w_n_e_r and _d_b___o_p_s_w_d, you can
now remove them from the config. You will have to put them back in
later, if/when you want to add or delete svn-admins with
"upd_admins".
* feedback
If you got this far, please send some feedback to the authors
(repocafe@cs.uu.nl). What was the hardest part of setting up the
cafe ? What was unclear (or wrong) ? Ideas for improvement ?
AADDMMIINNIISSTTRRAATTIIOONN
After setting up a repocafe, there is not a lot to do for the admins.
Here are a few points an admin should know :
* active / inactive
When you (an admin) login, you are either _a_c_t_i_v_e or _i_n_a_c_t_i_v_e (as an
admin). When _a_c_t_i_v_e, you have full admin rights ; when _i_n_a_c_t_i_v_e
repocafe treats you as it would any other user.
When you are logged in, every page shows a button with which you
can switch between _a_c_t_i_v_e and _i_n_a_c_t_i_v_e.
* guest accounts
Use config_option "create_guests" to specify which user classes are
allowd to create guests.
Guest accounts are created by web form. You only need to specify a
_f_u_l_l _n_a_m_e and an _e_m_a_i_l _a_d_d_r_e_s_s. A login-name is generated from the
_f_u_l_l _n_a_m_e ; the login-name and a random password are mailed to the
guest.
When a guest tries to login, and her password fails, the guest can
request that her password is sent to her (again).
A logged-in guest can change her password.
* repositories on request
If you have structured your repository names, and the config has
tree-lines without user-classes, then repositories in those trees
can only be created _o_n _r_e_q_u_e_s_t ; that means you, because only the
admins can create them.
* cleanup the archive
When a user or admin deletes a repository, the repository is moved
from "dir_data/repos/" to "dir_data/archive/". The repository’s
name is suffixed with a number, so deleting more than one reposi-
tory with the same name, doesn’t give a name conflict in
"dir_data/archive".
On deletion, the repository directory is _t_o_u_c_h_e_d, so with "ls
-lart" you can list (and remove) the archived repostories by dele-
tion date.
* cleanup repositories
In the _s_t_a_t_i_s_t_i_c_s _p_a_g_e, there is a list of _r_e_v_i_s_i_o_n _0 repositories
: repositories that were created, but were used to put stuff in.
The list is ordered by date. You may want to delete them after some
(fixed, announced) time.
The statistics page also has lists of _u_n_u_s_e_d _g_u_e_s_t_s and _u_n_u_s_e_d
_g_r_o_u_p_s ; _u_n_u_s_e_d meaning _u_n_r_e_f_e_r_e_n_c_e_d.
* cleanup ex-users
An _e_x_-_u_s_e_r is a login-name that appears in a repocafe (as owner, in
the repository rights, or as group member) but can’t be found in
the cafe’s guest list or ldap(s).
The statistics page shows a list of repositories owned by ex-users.
The statistics page also shows a list of ex-users holding access
rights and/or group memberships. For every ex-user you see :
1 the _r_e_p_o_s_i_t_o_r_i_e_s where the ex-user has access rights,
2 the _g_r_o_u_p_s where the ex-user is a member,
3 a button to remove all the ex-user’s access rights and group mem-
berships.
WWIISSHHLLIISSTT
Here are a few things we would like to add to "Repocafe" :
* support for other versioning systems, like "git"
* support for other database systems besides "postgresql"
* support for authentication based on "active directory"
* support for _d_i_s_k _q_u_o_t_a ; "lock" users who are exceeding their quota
A base quotum per user-class ; plus a quotum per user.
AAUUTTHHOORR
(c) 2010 - 2016 Koos van den Hout -- Henk P. Penning
k.vandenhout@uu.nl -- http://idefix.net/
penning@uu.nl -- http://www.staff.science.uu.nl/~penni101/
ICT-beta, Faculty of Science, Utrecht University
repocafe version 0.13.6 - Tue Jan 19 16:00:37 2016 - revision 257
perl v5.8.8 2016-01-19 REPOCAFE(1)