GForge(base)

From evolvis (inactive) Wiki
Jump to: navigation, search

Contents

WARNING

This is historical information. Up-to-date information for the Evolvis 5 generation can be found at the installation page or its german version.

Proceed below at your own risk. This is the PHP4-based EvolvisForge 4.5 (even pre-4.8, so dated about 2007).

Preparations

The GForge base system will be installed on a debian etch linux. Before you can start installing the GForge packages install postgresql, the apache2 webserver with php4, subversion, proftpd, postfix and mailman. You need the following debian packages:

postgresql-8.1 apache2 libapache2-mod-php4 php4-pgsql subversion proftpd postfix mailman

GForge installation

The evolvis GForge code can be found in the SCM Repository (not yet but soon ;) ).

Building the debian packages

The debian packages have to be built from the files of the SCM. You must install the following debian packages to create your own packages:

binutils gcc libc6-dev libg++ make fakeroot cpp cpio file debmake debhelper
dpkg-dev devscripts patch debian-policy developers-reference dpatch sharutils docbook-to-man   

First check out the files:

svn checkout svn://svn.evolvis.org/svnroot/evolvis/trunk/gforge_base/gforge

The code for the svn plugin is here:

svn checkout svn://svn.evolvis.org/svnroot/evolvis/trunk/gforge_base/gforge_plugins/gforge-plugin-scmsvn

Then build the debian packages in the checked out directories. The debian/rules file controles the building of the packages. Enter the gforge and afterwards the gforge-plugin-scmsvn folder and start the build process with:

dpkg-buildpackage

The created packages will be saved in the parent folder.

Installing the debian packages

Be aware that the debian packages will configure your GForge system automatically. The entries of the /etc/hosts file will be used to set the proper IP adresses and hostnames to the GForge config files. Be sure that there is listed your right IP adress (like 123.12.123.12 gforge.domain.abc gforge). Changing this values afterwards will be much more work. Install the the created GForge packages with dpkg.

dpkg -i gforge_<version>.deb ...

with all gforge packages

gforge gforge-ftp-proftpd gforge-lists-mailman gforge-mta-postfix gforge-shell-postgresql 
gforge-common gforge-web-apache gforge-db-postgresql gforge-plugin-scmsvn

More detailed configuration

For more detailed installation instructions take a look at the GForge doku

Database (postgresql)

Configure your postgresql DBMS to listen on port 5432 and the correct IP adress. Edit your postgresql.conf file and add the correct values, e.g.:

listen_addresses = 'localhost , 10.10.10.10'
port = 5432

Then you have to allow local access for the gforge user to the gforge database. Open the pg.hba.conf and add the following line:

host    gforge      gforge         127.0.0.1/32          trust

The gforge-db-postgresql package will initialize the required schema. This package will be installed later.

Webserver (apache)

The gforge-web-apache package will configure the /etc/apache2/conf.d/gforge.httpd.conf file. Most of the settings will fit GForges needs.

Certificate for ssl connections

Here you can find a Howto that explains how to create certificates for apache. Before you start, install the required packages:

openssl

Then create a Certificate for ssl connections:

make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

Afterwards edit the gforge.httpd.conf file and add the path to your certificate in all mod_ssl sections. E.g.:

<IfModule mod_ssl.c>
   SSLEngine on
   SSLCertificateFile /etc/apache2/ssl/apache.pem
   SSLCertificateKeyFile /etc/apache2/ssl/apache.pem
</IfModule>

Be sure in /etc/apache2/ports.conf you listen on port 80 and 443 for SSL:

Listen 80
Listen 443

Virtual host configuration

There are serveral virtual hosts preconfigured:

  • HTTP
    • <your hostname>
    • Alias: www.<your hostname>
    • Port 80, SSL: Port 443
  • SCM host
    • local: /usr/share/gforge/scm
  • SCM HTTP vhost
    • scm.<your hostname>
    • Port 80, SSL: Port 443
  • Download host
    • download.<your hostname>
    • Port 80
  • List host
    • lists.<your hostname>
    • Port 80, SSL: Port 443

Adjust them to your needs.

PHP

For the GForge base system php version 4 is mandatory. The following directives are required by GForge:

register_globals = On
magic_quotes_gpc = On
file_uploads = On
include_path=".:/var/www/gforge:/var/www/gforge/www/include:/etc/gforge"

They shoud be set automatically by the debian packages in the gforge.httpd.conf file. Alternatively you can set them in the php.ini.

Mailserver (postfix)

The installation of postfix with apt will remove exim and all related packages on a standard debian system. GForge uses the pgsql dictionary to access the postgresql Database. This dictionary is provided by the postfix-pgsql package. The /etc/postfix/dynamicmaps.cf tells postfix which dictionarys are available. For the pgsql dictionary the should be a line like this:

#type   location of .so file                    open function   (mkmap func)
#====   ================================        =============   ============
pgsql   /usr/lib/postfix/dict_pgsql.so          dict_pgsql_open

In the /etc/postfix/main.cf configuration file all required parameters are defined to access the database. The gforge-mta-postfix package inserts the parameters for pgsql_gforge_lists:

pgsql_gforge_lists_hosts = 127.0.0.1
pgsql_gforge_lists_user = gforge_mta
pgsql_gforge_lists_password =
pgsql_gforge_lists_dbname = gforge
pgsql_gforge_lists_domain = lists.<your_hostname>
pgsql_gforge_lists_select_field = post_address
pgsql_gforge_lists_table = mta_lists
pgsql_gforge_lists_where_field = list_name

The corresponding parameters for pgsql_gforge_users should be added as well.
Also configure the subdomains lists, gforge and users as local destinations in the main.cf file.

mydestination = users.<your_hostname>, lists.<your_hostname>, gforge.<your_hostname>

Mailing list (mailman)

Login Management

All users of the GForge system are saved in the postgresql database. User which are members of a project must be able to check file into the subversion repository via svn+ssh. To get ssh access the GForge users must be mapped to OS users. This is done with nsswitch and pam. Read the user management with postgresql (in german) howto to get more information.
To use svn+ssh you need to install the package cvs or create a file in /etc/pam.d/cvs, which content:

@include common-auth
@include common-account


svn via ssh

The anonsvnsh shell can be used to restrict the the system accounts to svn use only. anonsvnsh is a modified anoncvs for subversion. Checkout the required files from the repository:

svn checkout svn://svn.evolvis.org/svnroot/evolvis/trunk/anonsvnsh

To compile the shell properly bmake is required. After installing bmake, a simple execution of bmake in the anonsvnsh directory will compile the shell. Afterwards install it to /lib/anonsvnsh.

The local GForge admin can define different shells for each user. Choose the /bin/bash or a equivalent shell to grant full ssh access or /lib/anonsvnsh for svn only access. You have to add it to the /etc/shells file to use the shell. Gforge makes these shells listed in /etc/shells accessable for the users in the GForge settings.

svn via webdav

WebDAV can be used to access the svn contents. The write mechanism of WebDAV is the interesting part, because a read-only-access could be manged by a simple apache site. The WebDAV configuration in apache is a little tricky, especially when you want german umlauts aso. to be viewed correctly from Windows, Linux and the filesystem.

On Ubuntu Hardy this works right out of the Box with the following HowTo (Debian and others often have still some umlaut-Issues).

In apache2 the needed dav_fs-, the dav-mod and the headers-mod is installed by default on "Debian flavoured"-systems. We also need the encoding-mod:

apt-get install libapache2-mod-encoding

Now we need to add some lines to the apache2.conf. This can be done on the end right before the two "includes".

BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "Microsoft-WebDAV-MiniRedir/5.1.2600" redirect-carefully
BrowserMatch "^WebDAVFS" redirect-carefully

<IfModule mod_encoding.c>
   EncodingEngine on
   NormalizeUsername on
</IfModule>

<IfModule mod_headers.c>
   Header add MS-Author-Via "DAV"
</IfModule>

Now enable the needed apache-mods

a2enmod dav_fs 
a2enmod headers
a2enmod encoding

Next step is to configure a Location directive in the gforge-httpd.conf The following is

<Location /svnroot/>
    DAV svn
    # Directory with all SVN-projects
    SVNParentPath /svnroot/
    # Show all SVN projects
    SVNListParentPath On
    SVNAutoVersioning On
    # We want crypted access
    SSLRequireSSL
    AuthType            basic
    AuthName            "Subversion User Authentication"
    AuthBasicAuthoritative Off
    # Authentication is done by gforge using pam
    AuthPAM_Enabled On
    Require valid-user
    # Following is needed for SVN to function correctly
    ErrorDocument 404 default
    php_flag    engine off
</Location>

Now, when you restart apache

/etc/init.d/apache2 restart

everything shoud be working fine...

HTTP authentication login via PAM

If you want to protect your sites (evolvis main page, wiki, mailman-lists) avoiding any access you can create a simple Basic-Auth-Rule. Install libapache2-mod-auth-pam and add in /etc/apache2/conf.d/gforge.httpd.conf at the top

<Directory />
  ## PAM Auth

  AuthType           basic
  AuthName           "Login"
  AuthPAM_Enabled on
  AuthBasicAuthoritative off
  Require valid-user

  Options FollowSymLinks
  AllowOverride None
</Directory>

Now you can login with your evolvis-login.

SCM (subversion)

The svn access should work out of the box. But to use this (short) syntax

svn checkout svn+ssh://user@svn.yourhost.com/svnroot/reponame

instead of

svn checkout svn+ssh://user@svn.yourhost.com/var/lib/gforge/chroot/svnroot/reponame

you have to set a soft link in the root-directory:

ln -s /var/lib/gforge/chroot/svnroot/ /svnroot

To use public-key-authentication with svn, instead of passwords, see PublicKeySVN.

Cron jobs

Here you can find a summary of each Cronjob with time specification.

Update php4 to php5

working on it - yet no changes needed

Links

http://php.net/manual/de/migration5.php http://www.php.net/manual/de/migration51.php http://www.php.net/manual/de/migration52.php http://blog.tcg.com/tcg/2008/04/gforge-4511-wor.html http://ingenico.com.br/download/cd-gforge/php5/