[cvsnt] Problem with POSTCOMMIT on Linux

Alexander Plakidin cvsnt at plakidin.com
Fri Aug 27 09:11:48 BST 2004 

Hi All,

I have a problem with being unable to setup POSTCOMMIT to work as desired.

I already searched documentation and entire web site & mailing list archive, and
have read the following article, and a number of mailing list posts:
http://www.cvsnt.org/wiki/PostCommit


Here is my setup:

- CVS is used for web development.
- CVS server is CVSNT on a Linux server (same machine is web server).
- Clients are using TortoiseCVS on Windows.
- Web server document root needs to be updated immediately when anything is
committed to CVS.
- Here is how everything is setup on Linux server:
  - There are multiple repositories setup - for multiple projects.
  - All repositories are setup under one system user ("cvsadmin").
  - Each project is setup as a different system user (i.e. "project1",
  "project2", etc).
  - Programmers have FTP and shell access to all projects - this is required for
  various purposes.

Here is how it works now when changes are committed:
1) Changes are committed to CVS.
2) Programmer logs in via SSH as a project's system user, and runs a shell
script to update repository:

------------------------------
#!/bin/bash

rm -rf /project1/tmpdir/*
cd /project1
/usr/local/bin/cvs -d :pserver:export_user:PASSWORD at myserver.com/project1 \
                   export -f -r HEAD -d tmpdir .
cd tmpdir
cp -R * ../wwwroot/
------------------------------

It works great, but we need to automate it.

What I need, is to set it up so when anything is committed in a repository, web
server document root would automatically get updated too. I guess, my problems
are because repository and project are different system users.

I understand that if I setup repository as same system user as project, I can
setup a shell script (similar to above) to be executed on POSTCOMMIT. However,
there are reasons to not do it - in particular, because CVS users have shell
access, and will be able to access CVSROOT directly - I don't want that.

As a solution, I tried setting up the following script to POSTCOMMIT for a
repository:

-------------------------------
#!/usr/bin/expect

# run "cvs_update" shell script - similar to shell script above
spawn  su -s /bin/bash project1 -c "cd /project1; ./cvs_update"
sleep 2
expect phrase:
send "PASSWORD\r"
sleep 2
-------------------------------


However, this seems to be an ugly way, and it does not work in TortoiseCVS for
some reason... When I do a "commit" via TortoiseCVS, and "su"'s password prompt
appears in TortoiseCVS log window, it prints "ok" and just hangs forever!
Like this:

-------------------------------
......
Password: ok
-------------------------------


I guess, it is a bug of TortoiseCVS, since it works great if I commit to
repository from a standard Linux CVS client (located on same Linux server).

I don't like this method much anyway - as system user's password is disclosed in
POSTCOMMIT script. Seems to be insecure.


Can anyone suggest anything better?

THANK YOU!

Alexander.

More information about the cvsnt mailing list