The path of the CVS repository can be specified with the -d option every time you call cvs:

cvs -d /afs/psi.ch/project/linux/cvsroot co linux

Or you can tell CVS the repository path with the CVSROOT environment variable. In Bash you have to enter the following command (substitute the directory name):

export CVSROOT=/afs/psi.ch/project/linux/cvs/root

and with (T)csh:

setenv CVSROOT /afs/psi.ch/project/linux/cvs/root

After setting the environment variable you can enter the above CVS command as follows:

cvs co linux

	In the following examples, we assumed that the environment variable CVSROOT has been set accordingly.

If you want to access a CVS repository via the gateway, you must set the environment variable CVS_RSH to the value ssh.

With Bash:

export CVS_RSH=ssh

and with (T)csh:

setenv CVS_RSH ssh

Creating a new repository take place in several steps. In the first step we initialize the repository. In the following steps you have to set access permissions for the different kind of users.

In this section we describe the recommended creation of a CVS repository at PSI. The directory layout differs from the usual one, but there a good reasons to follow our recommendation.

The following example demonstrates how to create a new repository for a project linux (assuming there is an admin group named linux_adm and you are member of this group):

cd /afs/psi.ch/project/linux

pts creategroup linux_adm:cvs_adm -owner linux_adm         

mkdir cvs                                                  
fs setacl -dir cvs  -user linux_adm:cvs_adm rlidwka
mkdir cvs/root
mkdir cvs/lock
mkdir cvs/hist

cvs -d cvs/root init                                       

mv cvs/root/CVSROOT/history cvs/hist                       
ln -s cvs/hist/history cvs/root/CVSROOT

$EDITOR cvs/root/CVSROOT/config                            
	

	Create the AFS group for the repository administrators. You must be member of the group linux_adm to execute this command.
	Create top directories of the repository and initialize AFS access list. The members of group linux_adm:cvs_adm get all permissions (but there are still some restrictions). cvs/root This is the $CVSROOT directory. cvs/lock Directory for lock files. Normally CVS writes lock files into $CVSROOT. But than you must grant write permissions to $CVSROOT for all users even for users with read-only access. cvs/hist Directory for the history file. Usually the history file stays in $CVSROOT/CVSROOT. But the history file must be writable by everybody with access to the repository. Since AFS supports access lists only for directories but not for files, the directory with the history file must be writable by everybody with access to the repository. Normally only the repositories administrators should have write access to $CVSROOT/CVSROOT. The best and easiest solution is to move the history file to another directory and to create a symbolic link.
	Initialize CVS repository
	Move the history file and create the symbolic link.
	You must set the variable LockDir in the CVS configuration file $CVSROOT/CVSROOT/config to the directory where you want to store lock files. In our example this would be /afs/psi.ch/project/linux/cvs/lock.

	If you don't want to keep a history of CVS commands, you must remove the file $CVSROOT/CVSROOT/history.

To grant all users inside an AFS group read and write access to a repository, set the ACL's as follows:

cd /afs/psi.ch/project/linux/cvs

pts creategroup linux_adm:cvs_rw -owner linux_adm:cvs_adm  

find root -type d -noleaf \                                
        -exec fs setacl {} -acl linux_adm:cvs_rw rlidw \;
find lock -type d -noleaf \                                
        -exec fs setacl {} -acl linux_adm:cvs_rw rlid \;
find hist -type d -noleaf \                                
        -exec fs setacl {} -acl linux_adm:cvs_rw rlw \;

	Create the AFS groups for user with read/write access. You must be member of the group linux_adm:cvs_adm to execute this command.
	Set ACL's for CVSROOT
	Set ACL's for the directory keeping the look files
	Set ACL's for the directory keeping the history file.

Add all users with read/write access to a “read/write” group. In the above example, we use the group linux_adm:cvs_rw.

The user needs a valid AFS token to access the repository

The configuration for read/write access via the gateway is the same as for direct read/write access. You will be ask for your AFS password.

To grant all users inside an AFS group read-only access to a repository, set the ACL's as follows:

cd /afs/psi.ch/project/linux/cvs

pts creategroup linux_adm:cvs_ro -owner linux_adm:cvs_adm  

find root -type d -noleaf \                                
        -exec fs setacl {} -acl linux_adm:cvs_ro rl \;
find lock -type d -noleaf \                                
        -exec fs setacl {} -acl linux_adm:cvs_ro rlid \;
find hist -type d -noleaf \                                
        -exec fs setacl {} -acl linux_adm:cvs_ro rlw 	\;

	Create the AFS groups for user with read-only access. You must be member of the group linux_adm:cvs_adm to execute this command.
	Set ACL's for CVSROOT
	Set ACL's for the directory keeping the look files. The permissions are the same as for read/write access.
	Set ACL's for the directory keeping the history file. The permissions are the same as for read/write access.

Add users with read-only access to a “read-only” group. In the above example, we use the group linux_adm:cvs_ro.

The user needs a valid AFS token to access the repository

The configuration for read-only access via the gateway is the same as for direct read-only access. You will be ask for your AFS password.

Direct anonymous read-only access is not recommended!

There are several problems with anonymous read access to a CVS repository on AFS. The biggest problem is, that CVS must be able to create lock files - even for a checkout. Thus there must be a worldwide access-able directory where CVS can create and delete files! Thus there must be a directory where anybody in the world running an AFS client can store and remove files! This is nothing we want ...

The recommended solution is to access the repository via a gateway with CVS over SSH.

To grant the anonymous user read-only access, configure the following access lists:

cd /afs/psi.ch/project/linux/

find cvs/root -type d -noleaf \                            
        -exec fs setacl {} -acl savannah rl \;
find cvs/lock -type d -noleaf \                            
        -exec fs setacl {} -acl savannah rlid \;
find cvs/hist -type d -noleaf \                            
        -exec fs setacl {} -acl savannah rlw \;
	

	Set ACL's for CVSROOT
	Set ACL's for the directory keeping the look files.
	Set ACL's for the directory keeping the history file.

The ACL's are the same as for authenticated read-only access. The reason not to add the “user” savannah to the read-only group is of technical natur. In AFS, a “user entry” may be user name or a machine identifier (e.g.an IP address). The entry savannah is an AFS group. The only member within this group is the user entry with the IP address of the system savannah.psi.ch. Unfortunately the current AFS version dos not support groups within groups. So you cannot add savannah to your read-only group. It would be possible to add the machine entry (i.e. the IP address of the Savannah system) to your read-only group, but the IP address may change and then you have to change the group entry.

The next step is to configure the repository, so that commits from anonymous users will be denied. For this you have to add a line to the CVS configuration file CVSROOT/commitinfo:

cvs checkout CVSROOT
cd CVSROOT
echo "ALL  /usr/bin/cvs_deny_anonymous_commits" >> commitinfo
cvs commit -m "Added ALL check" commitinfo

Read the added line as: For ALL modules call the specified program to check whether commits are allowed or not. The program cvs_deny_anonymous_commits denies commits for the users cvs and svn.

This is the case if you are working at PSI and have a working AFS connection, both from Linux or Windows clients. Since the repository is seen within the normal global file system structure you just need to use your CVS client.

cvs -d /afs.psi.ch/project/linux/cvs/root co .

In this case you have to use the Savanna gateway and the SSH protocol:

export CVS_RSH=ssh
	cvs -d :ext:johnsmit@savannah.psi.ch:/afs/psi.ch/project/linux/cvsroot co .

Just enter your normal AFS password.

For anonymous access you can use the account cvs. The password is cvs. Of course the repository must be opened for anonymous access in order for this to work.