2014/06/25

fossil in prison

Since my last post about how I do host fossil I have been asked write about the new setup I do have

The jail content

I have created a minimal jail:

$ find /usr/local/jails/fossil -print
/usr/local/jails/fossil/var
/usr/local/jails/fossil/var/tmp
/usr/local/jails/fossil/libexec
/usr/local/jails/fossil/libexec/ld-elf.so.1
/usr/local/jails/fossil/bin
/usr/local/jails/fossil/bin/sh
/usr/local/jails/fossil/bin/fossil
/usr/local/jails/fossil/lib
/usr/local/jails/fossil/lib/libc.so.7
/usr/local/jails/fossil/lib/libssl.so.7
/usr/local/jails/fossil/lib/libreadline.so.8
/usr/local/jails/fossil/lib/libz.so.6
/usr/local/jails/fossil/lib/libcrypto.so.7
/usr/local/jails/fossil/lib/libncurses.so.8
/usr/local/jails/fossil/lib/libedit.so.7
/usr/local/jails/fossil/data
/usr/local/jails/fossil/dev

/bin/sh is necessary to get the exec.start jail argument to work /var/tmp is necessary to get fossil to open his temporary files (I created it with 1777 credential) /data is a empty directory where the fossil files will be stored

Jail configuration

The configuration file is the following:

fossil {
	path = "/usr/local/jails/fossil";
	host.hostname = "fossil.etoilebsd.net";
	mount.devfs;
	ip4.addr="127.0.0.1";
	exec.start = "/bin/fossil server -P 8084 --localhost --files *.json,*.html,*.js,*.css,*.txt --notfound /index.html /data &";
	exec.system_jail_user = "true";
	exec.jail_user = "www";
	exec.consolelog = "/var/log/jails/fossil.log" ;
}

More about fossil itself

In /data I created an index.html which is an almost empty html with a bit of Javascript.

When loading the javascript will request a list.txt file.

This file contain the list of repositories I want to show publically (one per line).

For each of them the javascript will use the json interface of fossil (meaning your fossil has to be built with json) and gather the name and the description of the repo to print them on the index.

Starting/Stopping the service

2 simple command are necessary to manage the service:

Starting up:

# jail -c fossil

Stopping:

# jail -r fossil

The service is only listening on the localhost, it is up to you to create your reverse proxy, in my case I do use nginx with the following config:

server {
	server_name fossil.etoilebsd.net;
	listen       [::]:443 ssl;
	listen       443 ssl;
	ssl_certificate     ssl/fossil.crt;
	ssl_certificate_key ssl/fossil.key;

	location / {
		client_max_body_size 10M;
		proxy_buffering off;
		proxy_pass http://127.0.0.1:8084/;
		proxy_set_header HTTPS on;
		proxy_set_header   Host             $host;
		proxy_set_header   X-Real-IP        $remote_addr;
		proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
	}
}

2013/06/21

Stash for svn

When hacking on the ports tree or on the sources, you often have unfinished patches you are testing step by step.

I'm also hacking on something unfinished and then some other area needs some fixes with a higher priority and in the same time some people are asking for some testing/review on their own patches. So I need to quickly interrupt what I was working on get back to a clean tree, and switch from patches to patches.

While doing this is easy with git, fossil or mercurial it is more complicated with svn. The feature in particular I use on fossil/git for that is the stash feature.

So I wrote my own stash for svn, and because of mobility I was willing to be able to share my patches across boxes, so I have made stash able to be under a vcs itself, with support for git, hg, fossil and svn as a vcs for the stash.

How does it works: The stash command will discover that .svn of the working copy you are working on and will create a patches subdirectory.

Now imagine that directory itself contains a .hg, .fslckout, a .git or a .svn then stash will know it is being under vcs control.

$ stash save <name> [-u] [files...]

This will create a .svn/patches/.patch file using svn diff --git on the specified files (if none is provided it will diff the current directory the stash command is being run on).

Once the diff created it will rollback the tree (on specified files or current directory) to the clean state before any modification.)

By default it will not overwrite a patch with the same name except is -u is provided on the command line.

If the stash directory is under a vcs control then a add/commit (or just commit in case of update) will be performed in the stash directory.

$ stash ls

List all the available patches.

$ stash show <name>

Print on stdout the content of a given patch

$ stash apply <name>

Apply a specified patch on the working copy using svn patch --strip 1 from the root of the working copy.

$ stash rm <name>

Remove/destroy a patch from the stash directory. In case the stash directory is under vcs control then the proper rm command followed by the needed commit will be performed.

$ stash pop <name>

It is the equivalent of stash apply followed by stash rm this is useful when your patch is finished and you want to commit it directly.

$ stash push <name>

Push (scp) the patch on a remote site (currently freefall is hard coded :)

$ stash sync <name>

This command is only useful if the stash directory is under vcs control, it performs the necessary pull/push mechanism depending on the VCS used.

I use fossil to maintain the stash script And here is for example my repository of patches for the ports tree

No git svn won't have worked in my case for multiple reason: 1/ want something flexible which can also only work with svn 2/ the ports tree can work properly with git svn (properties setting adding new files etc will not work as one expect) 3/ I want to use fossil for the stash, other might prefer svn or hg.

Disclaimer: hg and git support hasn't been tested yet, patches welcome to fix them if needed. if you want to add support for your own favorite vcs just them me the patches I'll integrate them.

2012/05/01

From git to fossil

I recently killed git.etoilebsd.net, while I still appreciate git, and will keep it for pkgng I was looking for a new solution to be able to share my other projects.

The main problem I have with hosting git, is that I need lot of third party tools, to have some kind of project management.

To display in a web browser my git projects, I was using cgit which does its job very well, and is simple to maintain: simple and clean configuration files, just a simple C cgi, all what I do like. But for those projects I was also needing 2 others things, a simple web page, if possible maintainable within the git repository itself which cgit can do and a ticket system (some users complained not being able to report bug/feature request).

I first tried to setup and install roundup, it is quite simple and does its job quite well, it can use sqlite, to avoid me running a useless database, it doesn't require too much dependencies so it was great but badly integrated with git (I don't want to spend time tunning too much the software I use)

I also had a look to all those forge available, like chiliproject or redmine, or the old but still good trac. While I did like trac, it requires too much dependencies for my small hostings needs. The two first are even worst in that area plus I find their url completely illogical to me.

The others available were using php or java and were most of them needing a mysql/postgresql database, I rejected them because I don't want any php or java software running on my small server, and I don't want any database constantly running on it either.

For a while now I am following the development of an alternative scm, named fossil, it is a small all-in-one project: scm, wiki, events, ticket contained in a single binary. It is really easy to use, requires nearly no administration, have all the modern features you can expect from a DVCS. And not that important for me but still good, it is BSD licensed.

To migrate from git to fossil it was really easy:

$ cd poudriere
$ git fast-export --all | fossil import --git poudriere.fossil

That is all, I know have a fully working poudriere.fossil.

To serve the fossil repositories on my server here is what I did:

Add an entry to /etc/services:

$ echo "fossil	8080/tcp" >> /etc/services
$ services_mkdb /etc/services

Add an entry to inetd:

$ echo fossil stream tcp nowait.1000 www /usr/local/bin/fossil /usr/local/bin/fossil http /data/fossil" >> /etc/inetd.conf
$ echo "inetd_enable=YES >> /etc/rc.conf
$ service inetd start

Add a simple virtual host to nginx:

server {
	server_name fossil.etoilebsd.net;
	listen 80;
	listen 443 ssl;
	location / {
		access_log /var/log/nginx/fossil.access.log main;
		proxy_pass http://127.0.0.1:8080/;
		proxy_redirect off;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
}

That's all now, your fossil repositories are served properly, you can now access them from the fossil cli using both ssh or http (I only serve http for now in my case)

My fossil repositories are:

Pages : 1