Re: Welcome to gcc.gnu.org

[Christopher Faylor <cgf@redhat.com>]

On Wed, Oct 01, 2003 at 12:22:15PM +0100, Joseph S. Myers wrote:
>A few bits in this standard message need tweaking further for GCC ...:
>
>>      If your project has a web page, then there is a second mailing
>>      list for notifications about changes to them.  The addresses are
>>      just like the above ones except they include "-webpages" after the
>>      project name.  For instance,
>> 
>>          gcc-webpages-cvs-digest-subscribe@gcc.gnu.org
>
>Or, rather, gcc-cvs-wwwdocs.
>
>>      If this is all a little confusing, just use the all-doing
>>      auto-subscriber at
>>         http://gcc.gnu.org/ml/lists.html#faqs
>
>No /ml or #faqs in the correct URL.
>
>> HTTP All of the web pages on http://gcc.gnu.org/gcc/ are
>>      also under CVS.  You can create a home page (if one doesn't already
>>      exist) for gcc by putting files in the htdocs/ directory of
>>      your CVS repository.  They will appear instantly (within three or
>>      four seconds, anyway) at http://gcc.gnu.org/gcc/
>
>No /gcc/.

Here's the script.  Patch it as you see fit and send the diff here.
Remember that it handles gcc and sources.redhat.com requests.

cgf
#! /bin/sh

# Usage: create-user USERNAME FULL-NAME GROUP-NAME FORWARD-ADDR SSH-FILE
# USERNAME - login id
# FULL-NAME - a single argument which is the user's first+last names
# GROUP-NAME - Primary group for user.  This is the group of the project
#              he's being given access to.
# FORWARD-ADDR - forwarding email address
# SSH-FILE - File containing ssh key.  VALIDATE THIS BY HAND!
# MODULE - name of module they should check out

if test "$#" -lt 6 -o "$#" -gt 7; then
   echo "usage: create-user USERNAME FULL-NAME GROUP-NAME FORWARD-ADDR SSH-FILE MODULE [APPROVER]" 1>&2
   exit 1
fi

username="$1"
fullname="$2"
groupname="$3"
forward="$4"
sshfile="$5"
module="$6"
approved="$7"

KNOWN_UID=0
case "$username" in
    *-*)
	IFS='-'
	set $username
	username=$1 KNOWN_UID=$2
	IFS=' 	'
	export KNOWN_UID
esac

uhome=/home/$username

if test x"$sshfile" != 'x-'; then
    if test "`wc -l < $sshfile`" -ne 1; then
       echo "create-user: more than one line in \`$sshfile'" 1>&2
       exit 1
    fi
fi

# Don't redirect grep -- let user see the output.
# Ignore differences in case when looking for username clash.
if grep -i "^${username}:" /etc/passwd; then
   echo "create-user: user \`$username' already exists" 1>&2
   exit 1
fi

grep -i "^${groupname}:" /etc/group > /dev/null 2>&1 || {
   echo "create-user: group \`$groupname' does not exist" 1>&2
   exit 1
}

# First, create the new user.  This is tricky: we set EDITOR to be a
# shell script which does the actual dirty work for us and then use
# vipw to invoke it.
(EDITOR=create-user-helper
export EDITOR
USERNAME="$username"
export USERNAME
GROUPNAME="$groupname"
export GROUPNAME
FULLNAME="$fullname"
export FULLNAME
# FIXME: ok, we'd like to use `vipw' here, but it doesn't seem to work.
# Bummer.
# vipw
$EDITOR /etc/passwd
) || {
   echo "create-user: couldn't edit password file" 1>&2
   exit 1
}

# If the user is in a src-related group, add him to the src group if
# he isn't already in it.
case "$groupname" in
 cygwin | dejagnu | binutils | gdb | insight | cgen | sid)
    # This is much nicer than the portable method.
    usermod -G src $username
    cvsgroup=src
    ;;

 *)
    cvsgroup=$groupname
    ;;
esac

# Create the user's home.
test -d $uhome || mkdir $uhome || {
   echo "create-user: couldn't create \`$uhome'" 1>&2
   exit 1
}

# Email forwarding.
(echo "$forward" > $uhome/.qmail) || {
   echo "create-user: couldn't create \`$uhome/.qmail'" 1>&2
   exit 1
}

# Login ability.
test -d $uhome/.ssh || mkdir $uhome/.ssh || {
   echo "create-user: couldn't create \`$uhome/.ssh'" 1>&2
   exit 1
}

(echo -n 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/local/bin/cvs server" ' > $uhome/.ssh/authorized_keys \
   && cat "$sshfile" >> $uhome/.ssh/authorized_keys
) || {
   echo "create-user: couldn't create \`$uhome/.ssh/authorized_keys'" 1>&2
   exit 1
}

ok=no
chown -R $username.$groupname $uhome \
   && chmod 2755 $uhome $uhome/.ssh \
   && chmod 644 $uhome/.qmail $uhome/.ssh/authorized_keys \
   && ok=yes

if test "$ok" = no; then
   echo "create-user: couldn't set permissions on user files" 1>&2
   exit 1
fi

gnatspass=''
case "$groupname" in
    *gcc*|*java*|*c++*)
	sys=gcc.gnu.org
	gnatspass="$username"pass
	echo "adding $username to bugzilla"
	bugzilla-createuser $username "$gnatspass"
	gnatspass="password is $gnatspass"
	bugger=Bugzilla
	;;
    *)
	sys=sources.redhat.com
	gnatsdir=/sourceware/gnats/${groupname}-db
	if test -d $gnatsdir; then
	    echo "adding $username to gnats"
	    gnatspass="`gnatsadd $username $groupname $sys`"
	    case "$gnatspass" in
		password\ is\ *) ;;
		*)		gnatspass='' ;;
	    esac
	fi
	bugger=GNATS
	;;
esac

fmt > /tmp/welcome-$username << END
Your account is now active, the login name is
$username@$sys.  Mail sent to that address is forwarded
to $forward.  This forwarding is a convenience so that people who reply
directly to CVS commit mail notes will not get a bounce--publicize it at
your own risk.  If your involvement with the project ends at some point,
the mail address will become invalid and I will laugh evilly as people
try in vain to reach you.
END

[ -n "$gnatspass" ] && cat >> /tmp/welcome-$username << END

You have been assigned edit rights to the $groupname $bugger bug reporting
database.  Your $gnatspass.
END

cat >> /tmp/welcome-$username << END

You should now have write access to the $cvsgroup repository with
SSH+cvs.  Here are lots of details about how to do things.

You don't have general shell access, just CVS remote access.  Just about
everything can be done via CVS.  If there is some special requirement
that you have where you need shell access, talk to your project's lead
and have them talk to overseers@$sys.  In special cases,
we can be flexible on this requirement.

Regarding SSH: If you have provided a Protocol 1 ssh key, you will need
to add the following lines to your a .ssh/config directory:

    Host $sys
	Protocol 1

This will cause your ssh connections to properly default to protocol 1
when connecting to $sys.  If you have provided "Protocol 2"
rsa/dsa keys, then no special action is required.


CVS  CVS is used for revision control.  If you are not familiar with CVS,
     you have some reading to do.  http://cvshome.org/ is the central
     source for all things CVS.  http://cvshome.org/docs/ has some
     useful information.

     When you want to do a check-in of some change, do it like this:

     % cvs update
     % cvs diff      # carefully verify what you're about to check in!
     % cvs commit

     All of the sources are under CVS.  You have write access to the
     files in your repository.  Check them out like this:

     export CVS_RSH=ssh
     cvs -z9 -d :ext:$username@$sys:/cvs/$cvsgroup co $module

     After you've checked out some files, you won't need to specify the
     CVSROOT (-d) again, it will be picked out of the CVS control files
     (the CVS/Root file).  You will need to include the -z9; you can put
     it in your \$HOME/.cvsrc file ("cvs -z9") or add it to your command
     line whenever you're doing CVS operations.

     If you're going over a modem, you'll definitely want to get this
     as compressed as possible.

     To avoid the nuisance of having to supply your passphrase for each
     operation, you may want to use ssh-agent(1) followed by ssh-add(1)
     and entering your passphrase once for all.  Either start your
     session as a child of ssh-agent or run it as a demon and set the
     values of the environment variables SSH_AUTHENTICATION_SOCKET and
     SSH_AGENT_PID in each relevant process to what ssh-agent prints
     when it starts.  To avoid messages about (lack of) X11 forwarding,
     put in your \$HOME/.ssh/config and entry like:

        Host $sys
        ForwardX11 no 

CVS COMMIT MESSAGES
     You can get e-mail notifications for when things are checked in to
     your group's repository.  There are two notification mailing lists,
     one for the web pages for your project and one for the project
     source files.  To subscribe to your source-file-notification list,
     send a message to

         $groupname-cvs-subscribe@$sys

     To get on a digest of the above list (get one note a day), send a 
     note to 

         $groupname-cvs-digest-subscribe@$sys

     The body/Subject are ignored in these messages.  The From: address
     is the one you a requesting to subscribe.  To request an arbitrary
     address be subscribed, say foo@bar.com, send a note like this:

         $groupname-cvs-subscribe-foo=bar.com@$sys

     If your project has a web page, then there is a second mailing
     list for notifications about changes to them.  The addresses are
     just like the above ones except they include "-webpages" after the
     project name.  For instance,

         $groupname-webpages-cvs-digest-subscribe@$sys


     If this is all a little confusing, just use the all-doing 
     auto-subscriber at
        http://$sys/ml/lists.html#faqs

CVSWEB You can browse changes that are being made to the CVS repository by
     going to

	http://$sys/cgi-bin/cvsweb.cgi/$module?cvsroot=$cvsgroup

HTTP All of the web pages on http://$sys/$groupname/ are
     also under CVS.  You can create a home page (if one doesn't already
     exist) for $groupname by putting files in the htdocs/ directory of
     your CVS repository.  They will appear instantly (within three or
     four seconds, anyway) at http://$sys/$groupname/

If anything is unanswered, please ask your project mailing list.
END

echo -n "Hit enter to inspect /tmp/welcome-$username..."; read a < /dev/tty
less -c /tmp/welcome-$username
if [ -n "$approved" ]; then
    mail="mail -c $approved"
else
    mail='mail'
fi

echo -n "Hit enter to send $mail $username otherwise hit CTRL-C..."; read a < /dev/tty
$mail -s "Welcome to $sys" $username < /tmp/welcome-$username
echo "Done."

exit 0