Anonymous CVS

What is Anonymous CVS?

Anonymous CVS is a method of keeping your local copy of the OpenBSD source tree up to date with respect to changes made to current OpenBSD sources. In addition to following the bleeding edge of development, it is also possible to track the patches for errata of a release.

The major advantage of Anonymous CVS over other source code update techniques is that it works directly against a central source code repository or mirror. This means that you have the full set of CVS commands available to control merging and updating your changes with other source changes and for performing diff's, change histories and other queries against the central repository.

The OpenBSD Project currently has three main source repositories:

To summarize, the real strength of using Anonymous CVS is that it is a "tolerant" source code control system - it respects changes that you have made to your local sources and makes "best efforts" to update your entire source tree, rather than leaving you a list of arcane problems that have to be resolved before continuing.

What is CVS?

CVS is the source code control system used to manage the OpenBSD source tree. It implements a central repository for all officially released source code and changes, while permitting developers to maintain local copies of the source code with their working changes. Developers with "write access" can commit changes directly to the OpenBSD source tree, while "Anonymous CVS" users have "read access" and can keep their local copies of the source up to date and issue queries against the central depository.

The major strength of CVS is that it has the ability to perform intelligent merges of changes to the central repository with changes that you make to your local copy. This means that if you make a change to a module and perform an update, your changes are not "blown away", rather CVS makes best efforts to merge the changes made to the central sources with changes you've made to your local copy.

In the event that the changes can't be completely merged, CVS provides a "soft fallback", in terms of providing you with annotated changes to your local copy, preserving an unmodified copy of your version and continuing to update any other source modules you requested.

Getting Started Using Anonymous CVS.

The latest version of CVS is available at Cyclic. Versions earlier than 1.6 are not recommended, and may not work. If you already have OpenBSD installed, CVS is included.

People who own an OpenBSD CD may have seen the CVS/ dirs on it. Actually there is a reason, the CD has a checkout of the OpenBSD src module usable to continue updating from. Using this tree will result in a much faster initial CVS update than a fresh checkout of the full OpenBSD source tree. There are two ways of using the CD:

For people who don't have a CD on hand, you can use cvs(1) to "checkout" the source repository for you. This is discussed in the next section.

After this, /usr/src will be a nice checkout area where all cvs(1) commands will work OK.

Using CVS(1) to get and update your source tree.

CVS was designed to be a simple way to retrieve and update your sources, therefore there isn't much involved at all in doing so. You must first decide whether you want to track current or a patch branch. The current tree has all of the up to the minute changes, whereas a patch branch contains a formal release plus the patches from the errata already applied.

Once you have decided which tree to follow, you much choose which Anonymous CVS server you are going to use. A list of these servers is below. Do, however, notice that there are 3 ways to access these servers.

NOTE: - For users wishing to use ssh, you must first set the CVS_RSH variable to ssh.

Once you have chosen which Anonymous CVS Server you will use, and which method you will use, you can start using cvs. For those of you who have CD's you can start with the CVS checkout that is on the CD by using the method above to get the sources onto your system. If you don't have a CD handy, use the method below to checkout the sources. This method puts the OpenBSD source tree into /usr/src.

The above will checkout the current source tree. Many of you will only want a patch branch sources. To checkout a patch branch, you must specify a tag along with your command. Example:

Or OPENBSD_2_7 for 2.7, etc.

Currently only the OPENBSD_2_8 tag contains the release sources and errata already applied.

Available Anonymous CVS Servers.

There are two levels of source tree access:

Read-write access for developers:
Developers who need to commit changes to the source tree must have an account on the OpenBSD machines. Getting this access will be a natural result of working on the sources with other OpenBSD developers. If someone does some good work and shows they can work with the team, they will get an account.
Read-only access for everyone:
Anyone can access the read-only CVS repositories. These copies of the read-write CVS repository are mirrored often. To use one, set your CVSROOT environment variable to one of the following values:

Please see the note about using ssh vs. rsh below!

Note:, If your server is listed on here with inaccurate or unknown information, please contact beck@openbsd.org

You may want to use traceroute(8) to find out which server is nearest you. Problems with a server should be reported to the maintainer of the server in question.

Getting crypto sources through CVS(1)

IMPORTANT NOTE: There are a few issues relating to cryptographic software that everyone should be aware of:

Example usages for CVS(1).

A sample use of an anoncvs CVS server would be:

In order to use a cvs ``pserver'' (a direct tcp connection instead of using ssh or rsh) you must login once:

Here is how someone using anoncvs regularly would update his source tree:

To use ports, it is similar to src:

In the above example, -q is optional, only intended to minimize cvs's output. For those who like to see screenfulls of output, it can be omitted.

or to make a diff of a locally patched module (here cd.c) to include with a bug report:

The CVS(1) man page (included with the CVS sources) has much more information about how CVS can be used.

X11 Source tree
Anoncvs mirrors also carry the OpenBSD X11 source tree. You can adapt the recipe above to update your X11 source tree from the second CD. Either copy or use a union mount to get the X11 sources in /usr/X11:

After this, /usr/X11 will be ready to be used by cvs. You can for example update it to -current source (assuming you've already set the CVSROOT environment variable):

Warning: When using cvs you should take care that your current directory is either the root of the tree you are referencing or in a separate place such as /tmp. Some commands such as "get" can create an arbitrary sub-tree in the current directory, and a subsequent update will recursively flesh out this sub-tree.

The anoncvs service gives fledgling developers a chance to learn CVS operation and get thoroughly involved in the development process before getting "commit" access -- as a result of showing useful skills and high quality results they will naturally later be given developer access. As well, people providing patches can create their "diff"s relative to the CVS tree, which will ease integration.

Use rsh(1) or ssh(1)?

Anoncvs: rsh vs. ssh
By default, the CVS client uses rsh to talk to the CVS server. Many of the CVS sites no longer support rsh for security reasons or a local problem like a firewall or imperfect protocol emulator such as slirp may prevent you from using rsh. The alternative is a to use a "secure shell" connection using either OpenSSH (*FREE*) or ssh (non-commercial and commercial).

The OpenBSD anoncvs repositries support the SSH1 protocol, not the SSH2 protocol due to the use of a "strict non-commercial use licensing policy".

Once ssh is installed, one sets the environment variable CVS_RSH to point to ssh (typically /usr/bin/ssh). If your local site prevents you from connecting out to port 22 (which ssh defaults to using) use port 2022.

Do not be tempted to turn on compression since CVS already compresses. Use something like the following in your $HOME/.ssh/config file. Note that not all anoncvs servers allow ssh connections on port 2022. Also note that most anoncvs servers no longer accept the none cipher as it is disabled in recent versions of ssh for security reasons.

	Host anoncvs.ca.openbsd.org
	    Port 2022

CVS is a little noisy starting up; to quiet it a bit you may want to do this:

If you wish to change from one CVS server to another (say your normal one is down, or for any other reason), the environment variable which will let you do this is

Note that you will also need to use the -d flag as mentioned above.

Mirroring the CVS repository via sup(1).

Users wishing to mirror the OpenBSD CVS tree itself may now do so from anoncvs.usa.openbsd.org. Note that this is the cvs tree, not a checked out source tree. It is only useful if you want to be able to do fast cvs operations (diff, annotate, etc) or if you have multiple source trees and you only want to transfer new data once (you can then checkout a tree from your local cvs mirror).

A sample supfile would be:

	cvs host=anoncvs.usa.openbsd.org hostbase=/ base=/home delete

which would mirror the cvs tree into /home/cvs with the sup data files ending up in /home/sup. The full OpenBSD cvs tree is just under a gigabyte in size.

Setting up an anoncvs mirror.

If you wish to be a new anoncvs mirror site, please contact the anoncvs maintainer. Anoncvs mirrors require about 1GB of disk, and use up to 4MB of swap per anoncvs user (assuming the user does a large operation; while smaller operations use fewer resources, anoncvs still makes much more of an impact than ftp or sup). Such anoncvs machines should have excellent network connectivity for the area they are expected to serve. A document which describes the setup of anoncvs servers is available.

Final notes:

After upgrading your source tree, you should read the comments at the top of /usr/src/Makefile before attemping a build. Also, you should build a new kernel before doing a make build if possible. In some cases it may be necessary to rebuild and install the config utility before you can build the kernel. If config GENERIC fails this is probably the case.

It is important to note that upgrading from a release to the current tree by rebuilding the sources can be rather difficult due to dependencies that are often not obvious. Therefore, it is suggested that you first install the latest snapshot before attemping a tree build from source.

OpenBSD www@openbsd.org
$OpenBSD: anoncvs.html,v 1.132 2001/01/28 06:32:42 ericj Exp $