C How\sThe\sCVSTrac\sWebsite\sIs\sConfigured
D 2011-09-13T23:15:38.503
E 2011-09-13T22:39:42 a4a1f5e662e2a6f6ec84f9d966a7497e34efd359
T +bgcolor * #80d6b0
U drh
W 4765
<h2>Background</h2>

CVS is legacy.  Nobody uses it for new work any more.  And the same is true
of CVSTrac.  We continue to maintain it for the sake of sites that
continue to use it, and to continue to be able to display historical tickets
and wiki pages that where entered years ago when CVS and CVSTrac where still
in active use.  But the world has move on.  Projects should transition to
newer and better systems that are now available.  CVSTrac has become an
historical artifact.

We recently upgraded the server that hosts www.cvstrac.org, and as part of
that upgrade, we purposely did <u>not</u> install CVS, since it is a security 
risk.  All of the CVSTrac source code is now on 
[http://www.fossil-scm.org/ | Fossil] - a distributed version control system
that incorporates many of the features originally developed for CVSTrac.
In other words, CVSTrac is no longer self-hosting.  It has been moved into
a retirement home.

<h2>Server Configuration</h2>

CVSTrac is still run in order to provide access to historical tickets and
wiki pages.  The current manifestation of
CVSTrac runs as a stand-alone CGI process inside a chroot jail.  No other
software is necessary for CVSTrac to run.  Formerly, we needed /bin/sh and
/usr/bin/cvs.  But those executables are a security risk and so CVSTrac has
been enhanced to no longer require them.

The HTTP server on the www.cvstrac.org website is
[http://www.sqlite.org/docsrc/artifact/14c9965da19e | althttpd.c].
This server is implemented as a single file of ANSI-C code.  Documentation
on how to configure althttpd.c is found in a comment in the first 50
or 60 lines of the source code file.  A separate
instance of the server is launched for each inbound TCP/IP connection via
xinetd.  xinetd is configured using the file /etc/xinetd.d/http which
looks like this:

<blockquote><pre>
service http
{
  port = 80
  socket_type = stream
  wait = no
  user = root
  server = /usr/bin/althttpd
  server_args = -logfile /logs/http.log -root /home/www -user www-data
}
</pre></blockquote>

This same HTTP server also servers site [http://www.sqlite.org/] and
[http://www.fossil-scm.org/] and several other domains.  The HOST parameter
on the HTTP header determines which content is served.  Everything runs
on a single low-power [http://www.linode.com/ | Linode] virtual machine.

You can infer from the "server_args" line above that althttpd.c puts itself
in a chroot jail at /home/www and changes to the www-data user before doing
anything else.  This chroot jail contains no shared libraries and a minimal
number of executables (fossil and cvstrac, for example).  Note in particular
that this chroot jail does not contain /bin/sh or /usr/bin/cvs, which limits
the functionality of CVSTrac somewhat.

There is a file on the www.cvstrac.org website named "cvstrac".  That file has
its execute permission bit set (rwxr-xr-x) so that althttpd.c will run it as
CGI whenever it is specified on the URL path.  The file is a script, as
follows:

<blockquote><pre>
#!/usr/bin/cvstrac
directory: /cvstrac
project: cvstrac
</pre></blockquote>

The /usr/bin/cvstrac executable is really found in /home/www/usr/bin, but
the /home/www is omitted because of the chroot jail.  /usr/bin/cvstrac
is compiled with
-static so that it uses no shared libraries.  The CVSTrac database for the
CVSTrac project is located in the directory "/cvstrac" (relative to the
chroot jail, or "/home/www/cvstrac" in reality) and the name of the CVSTrac
database is "cvstrac.db".  Note that the ".db" suffix is added automatically.

<h2>Building The CVSTrac Executable</h2>

The cvstrac executable found in /home/www/usr/bin (or /usr/bin relative
to the chroot jail) is built as follows:

  1.  Checkout the CVSTrac source tree into a subdirectory named "cvstrac".
      This involves cloning the repository if necessary, then doing
      "mkdir cvstrac; cd cvstrac" and finally
      "fossil open ../cvstrac.fossil".

  2.  Create a sibling directory "bld".  Copy "linux-gcc.mk" from the source
      directory into "makefile" in the "bld" directory.

  3.  Edit "makefile":  (a)  Set SRCDIR to "../cvstrac".  (b) Change
      TCC to "gcc -Os -static -I. -DSQLITE_THREADSAFE=0 -DSQLITE_OMIT_LOAD_EXTENSION".  (c) Change LIBSQLITE to "./sqlite3.c -lcrypt -lm".

  4.  Move a copy of the SQLite amalgamation and header into the build
      directory.

  5.  Type "make".

The steps above build a statically linked binary that can then be copied into
/home/www/usr/bin.  Not all features of
CVSTrac are supported by this build, but enough features are support to
provide access to legacy wiki pages and tickets in the CVSTrac database
files.




Z 605226c99feb11412c52e14171a6a83a