Table of Contents

If you want to add code for RSBAC, you maybe also want to read SVK documentation.

The RSBAC SVN structure

* Main 2.6 repository
  -- rsbac-2.6
     -- trunk
     -- tags
        -- linux-2.6.16.29-rsbac-1.2.7
     -- branches
        -- rsbac-1.2
	-- rsbac-1.3
	-- rsbac-1.3-replication
	-- rsbac-1.3-virtualusers

* Main 2.4 repository
  -- rsbac-2.4
     -- trunk
     -- tags
     -- branches

* Administration tools
  -- rsbac-admin
     -- trunk
     -- tags
     -- branches

* Python bindings and tools
  -- rsbac-python
     -- python-api
     -- pyrex

* Apache integration
  -- rsbac-apache

* Other development tools
  -- rsbac-misc

There are two more repositories, linux-2.6 and linux-2.4 which are SVN copies of the current kernel releases. They are only used for merging.

What are trunk and all that ?

People using a versioning tool like SVN use to have three separate directory per project:

RSBAC uses this structure for most projects hosted.

Working with SVN

So, how do I checkout the latest linux-rsbac kernel ?

# mkdir ~/code/rsbac
# cd ~/code/rsbac

Replace “2.6” by “2.4” for the 2.4 kernel.

For anonymous checkout

Development version:
# svn checkout svn://rsbac.org/rsbac-2.6/trunk
Stable release:
# svn checkout svn://rsbac.org/rsbac-2.6/branches/rsbac-1.2 (or better)
Everything in this repository:
# svn checkout svn://rsbac.org/rsbac-2.6

For developers with write access

Development version:
# svn checkout svn+ssh://<you@>rsbac.org/daten/\
subversion/rsbac-2.6/trunk
Stable release:
# svn checkout svn+ssh://<you@>rsbac.org/daten \
subversion/rsbac-2.6/branches/rsbac-1.2
Everything in this repository:
# svn checkout svn+ssh://<you@>rsbac.org/daten \
subversion/rsbac-2.6

Great, what about committing, updating, etc ?

The following steps are executed from your checkout directory.

# cd ~/code/rsbac/trunk (or any other checkout)

Be sure to always update the repository before doing anything:

# svn update

Check what you are gonna commit, if you want to make sure:

# svn status

Commit the changes:

# svn commit

A list of the modified files will be presented to you. Check that you modified only what you wanted. Do not make a commit for every next file, but for a set of changes instead. Make sure to write a message about what you did (e.g.: Added feature XXX. Fixed Mantis Bug #3840). If you do not, we will get you and kill you :-) If you are applying a patch from someone, be nice and mention their name/nick/address whatever is relevant.

Alternatively, you can specify the message directly on the command line:

# svn commit -c "kang: Added feature XXX. This fixes Mantis bug #3840"

Never commit something “just to test” or break something intentionally in the tree. The development tree should be (as possible) always compilable and possible to run.

Again, try to make one commit per set of features.

Ok, I will take extreme care. What about diffing and creating patches ?

You can diff in the same repository:

# svn diff branches/rsbac-1.2 tags/linux-2.6.16.19-rsbac-1.2.7

If you need to create patches against the vanilla Linux kernel, use the normal diff command or install SVK

If you want to overring diffing settings and use the “svn-diff” wrapper automatically edit your “$HOME/.subversion/config” and add the following lines (make sure of the path to the “svn-diff” binary!):

	[helpers]
	diff-cmd = /usr/bin/svn-diff

How to I create a tag for a release ?

Really simple too:

# svn copy branches/rsbac-1.2 tags/linux-2.6.16.19-rsbac-1.2.7
or
# svn copy trunk tags/linux-2.6.1.19-rsbac-1.3.0pre2

Do not ever commit again over tagged versions. Tags should *not* be modified in any way. When making a bugfix release, create a new tag from this one or from another branch.

I would like to merge branches

Here we go again:

# cd trunk
# svn merge -r <first>:<last> branches/rsbac-1.3-replication

SVN will merge everything for you and show the conflicts. Fix them and commit :-)

I use my SVN tree to build the kernel and I don't want SVN to care about all the files it creates !

# cd /tmp
# wget http://www.moses.uklinux.net/patches/dontdiff
# cd ~/code/rsbac/rsbac-2.6/trunk
# svn propset svn:ignore -R -F /tmp/dontdiff .
# svn commit -m "Added svn:ignore properties." 

Speeding up svn+ssh access

From OpenSSH 4 and onwards there a new cool feature finally got merged (server side is there from 2.0) - multiplexing ssh connections. It means that you can reuse authentication principles negotiated during first connection to the server (it becomes “master” connection), efficiently using its control channel, instead of creating your own for every next connection. It really boosts logging process, because all negotating process is skipped entirelly. In real life, it makes me login to rsbac.org immidiatelly after clicking enter instead of waiting for negotiating phase to complete. And (since we are using svn via ssh) it can be used for svn access too ! Sounds cool ? Obviously, so let's get started.

Ingredients:

- OpenSSH 4.0 or later for client (ssh -V) - OpenSSH 2.0 or later for server (sshd -V)

all this requirements are met on rsbac.org svn repositories.

Add the following lines into your .ssh/config

ControlMaster auto
ControlPath ~/.ssh/ssh_control_%h_%p_%r

From now on, after initiating first connection to rsbac.org with ssh -M username@server you'll get unix socket file inside .ssh which all next connections to the same server will be (re)using. Do not close master connection ! If you have nothing to do on rsbac.org (you don't ;) issue ssh -M -f user@server sleep 10000 - this way ssh will fork into background, keeping your precious master connection in up and running. No svn modification necessary, ssh takes care about everything itself. Now you can try svn commands and see how much faster it is - you will be shocked !