Introduction
This document is a guide to setting up access to cvs.mozilla.org using SSH.
This document assumes that you already have a write-access CVS account to cvs.mozilla.org. Anonymous/read-only access via SSH is not available at this time. Please see our source code page for directions accessing read-only CVS, and our getting write access page for directions on obtaining write access.
Generating an SSH key
First, install ssh. Most Linux, BSD, and OSX distributions come with it installed already. Cygwin makes ssh available on Windows if you install the openssh package from the Net category. If all else fails, OpenSSH is a widely used and highly portable implementation. The following command should generate a suitable key pair:
ssh-keygen -t dsa
This will take a moment, followed by a prompt for a passphrase. Once you have entered a passphrase, ssh-keygen will create two files,
~/.ssh/id_dsa
and
~/.ssh/id_dsa.pub
Do not send id_dsa.
Do file a Server Operations bug in Bugzilla and attach your id_dsa.pub to the bug.
Setting up CVS to use SSH
In your system's environment, make sure that CVS_RSH is set to whatever your ssh binary is called; a full path is not necessary if ssh is already in your path.
Replace pserver
with ext
in your CVSROOT
environment variable. If you wish to keep your previous pserver trees, you'll need to update the Root
files in each CVS
subdirectory in your tree. This can be done using a unix-style find
and perl
:
find . -name Root -exec perl -p -i -e "s/pserver/ext/" {} \;
Dealing with firewalls
Do not attempt to perform the steps in this section unless you have first verified that you can access cvs.mozilla.org from outside of the firewall. Only proceed with these steps once you are certain you can access cvs.mozilla.org from the open Internet.
If you are behind a firewall with an http tunneling proxy, you can use a program called corkscrew, in combination with the ProxyCommand
ssh config directive to continue to access the mozilla CVS server. This technique was taken from Eric Engstrom's site, but the instructions have been re-written specifically for Mozilla.
- Download, build, and install corkscrew by following the instructions in the
INSTALL
file in the corkscrew source distribution. Corkscrew uses the standard "./configure; make install" technique common to many open source projects. - Make sure you have a
~/.ssh/config
file that has at least the following directives
PreferredAuthentications hostbased,publickey,password Host cvs.mozilla.org ProxyCommand corkscrew <i>proxyserver.foo.com</i> <i>port</i> %h %p
Replace proxyserver.foo.com with the hostname of your proxy server, and port with the numeric TCP port on which the http tunnel is running.
The usual cvs commands should now work.
Avoiding passphrase requests
You can avoid repeated passphrase requests by using ssh-agent. If you don't already run ssh-agent on your computer, it's probably easiest to start it up whenever you set up your environment to checkout and build Mozilla. Assuming you use a shell script or batch file to set things up, just add the commands below to the end of your file.
POSIX shell
eval `ssh-agent -s` ssh-add ~/.ssh/id_dsa $SHELL ssh-agent -k exit
X Windows
In "~/.xinitrc" add "ssh-add". This will bring up a graphic box just after login, and before the desktop loads, asking for your passphrase. The passphrase will be held for the length of the x session, and be passed on to all child shells.
MS-DOS command prompt
Cygwin
for /f "tokens=1,2,3* delims=; " %%a in ('ssh-agent -c') do if "%%a"=="setenv" set %%b=%%c set HOME=/cygdrive/c/path/to/your/cygwin/home/directory ssh-add ~/.ssh/id_dsa start /b /wait cmd.exe ssh-agent -k exit
Essentially both sets of commands do the same thing. First ssh-agent is called and its output is evaluated in the current environment. This sets environment variables that let cvs know how to find and use the agent. Your private key is then added to ssh-agent using ssh-add at which point you will be prompted for the key's passphrase. Since it's important that you kill the agent when you're finished with it, the last three lines start a child environment that, when exited, will result in the agent's process being killed. The environment you will actually use to build is the child environment.
There are a few things to note about the commands for the MS-DOS Command Prompt. First of all they will only work in versions of Windows based on NT (NT/2000/XP). If you're building on Win9x/WinME you'll need to find an alternative solution. If you're typing the commands directly (as opposed to storing them in a batch file that you call), you'll need to replace the occurances of "%%" in the first line with "%". Finally, note that ssh-add needs the environment variable HOME to be set with the cygwin path to your cygwin home directory.
MozillaBuild
If you're using MozillaBuild, ssh-agent should be started when you run the start-msvc???.bat file. You should be prompted to enter your passphrase.
MozillaBuild 1.2 contains a bug that will stop ssh-agent from automatically starting with MSYS. To fix this, apply this diff to c:\mozilla-build\msys\etc\profile.d\profile-sshagent.sh.