To: developers@freebsd.org Subject: HEADS UP - IMPORTANT - freebsd.org committers please read! fcc: sent -------- Sometime after 3pm freefall-time (6pm US east coast, 22:00 UTC), I'll be moving the freefall CVS repo. This is roughly half an hour from now. Please pay attention to the following notes or you will not be able to commit. When using remote cvs to commit, please use the following remote name and repo path: cvs -d you@ncvs.freebsd.org:/home/ncvs ..... This is currently pointed to freefall via a DNS alias. Do not reference freefall directly, because once I make the changeover, commits will be happening on a different machine and freefall will reject the commit attempts. I will update the DNS at the same time, but that has a few minutes of propoagation delays. There will be a few hiccups, but it should not take long to settle down. Please start to use the new name (ncvs.freebsd.org) instead of freefall as soon as you read this. It works already. Just prior to the move, I will be locking down the entire repo in order to get a good sync. Do not be suprised if you run into this, I'll be working as quickly as I can, but try again in 20-30 minutes. Also note that if you want to do commits on freefall itself, you will need to use remote cvs to "you@ncvs.freebsd.org:/home/ncvs". Yes, the only commit access will be via remote cvs. Yes, I'm a little nervous about this, but we'll just have to fix any bugs we run into. It works well enough for just about everybody else "out there". Freefall will have a readonly NFS mount from the repo machine. If I catch people abusing this, I'll have to kill them. :-] Using it is ok, but abusing it is not. This is what the cvsup replication system is for. The new machine is a sealed box. There are no login shells on it, except for the repomeisters. If you try to ssh to it, it'll rudely remind you of the correct remote cvs hostnames and paths. The intent here is to make it a tougher target should machines on the cluster suffer security issues or people's ssh keys/agents/whatever get stolen or hijacked. The only way to change the repo should be via committing, which is rather public. The other plan is to make it possible to do the much-discussed repo split. The new server fully supports multiple repositories and different administrative groups and access controls for the repositories. eg: portmgr can have a seperate group of folks to do ports repo-copies and have seperate committer access lists. More on the repo splitup later. Footnote: The move has been done. Some things I didn't mention: - ncvs.freebsd.org only accepts ssh2 protocol and keys. If you have not already done it, use ssh-keygen -t dsa and generate a ssh2 key and append the id_dsa.pub to ~/.ssh/authorized_keys on freefall. - You can do local checkouts on freefall using nfs by doing cvs -R -d /home/ncvs checkout.. but you cannot commit that way. - preferably just set CVSROOT to you@ncvs.freebsd.org:/home/ncvs and just use remote cvs mode. It is preferable to work from your personal machine instead of freefall. You can ssh directly to the server. Cheers, -Peter -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5