# Put Bazaar behind a password

John Arbash Meinel john at arbash-meinel.com
Thu Jun 14 05:16:10 BST 2007

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Don't forget to "Reply to All" so people can follow along on the mailing list.

Jason Merrill wrote:
> John Arbash Meinel <john <at> arbash-meinel.com> writes:
>
>> > On my mac box, I used macports to install bazaar, and though it has
>> installed
>> > bazaar 0.16, it seems not to have installed some of the documentation.
>
>> It might be installing them into /opt/local/share/doc
>> Or it might just be a macports issue that it isn't installing them at
>> all.
>
> Yeah, it installed *some* documents into /opt/local/share/doc, but
> strangely
> enough, not all of them, and not the http_smart_server.txt .
>

Sounds like a packaging issue.

>> > I'm a little puzzled about the note at
>> > the beginning saying that using the http smart server will allow
>> > arbitrary files on the server.  How?  Why?
>
>> It isn't *intended* to expose that much of your filesystem, just that
>> it might
>> be possible to break out of the chroot because we haven't done a full
>> audit.
>
>> > I also don't get the following
>> > instruction.  Both arguments to Alias seem to be the same.  What
>> does this mean?
>> >
>> > # bzr-smart.fcgi isn't under the DocumentRoot, so Alias it into the URL
>> >     # namespace so it can be executed.
>> >     Alias /srv/example.com/scripts/bzr-smart.fcgi
>> > /srv/example.com/scripts/bzr-smart.fcgi
>>
>> As I understand it, it is Apache voodoo. In order for Apache to find
>> 'bzr-smart.fcgi' you have to map it into the URL namespace. I guess
>> Apache
>> thinks of some files by their local paths, and other files by their
>> public
>> paths, and you have to map one into the other, even though the final
>> path is
>> the same.
>
> This is good to know.  Maybe I will take a stab at doing the apache
> setup after
> all.  I'm a little skeptical about all the apache voodoo just working on
> this
> windows setup, though.  For example, I don't think /srv will lead anywhere;
> presumably I should replace it with a path that leads to the bzr-smart.fcgi
> file, but I'm not sure if I should be filling in a local filesystem
> thing in the
> "example.com" space, or actually the domain name.  Anyway, I suppose it
> couldn't
> hurt to give it a try, and making it work might be a learning experience.
>

Yeah, I've always found Apache a bit finicky. Like I can get it to work, but I
never quite understand how (or why the other way wasn't working).

My current biggest issue is the "default" host. That I have several virtual
hosts running, but for some reason it is picking one of the as my default, even
though the first one that should be defined is clearly the first it reads...

Anyway.

> I was finally able to get OpenSSH working on the windows machine (it was
> just a
> matter of opening port 22 in the windows firewall), and I can
> successfully ssh
> in now, but I haven't succeeded in getting bzr to work over the network
> yet.
> When I do sftp user at domain.edu , it puts me in a directory
> c:\path\to\directory\, so I created a folder in that directory called
> repository, moved into the directory, and ran bzr init successfully, and
> can
> branch locally and all that.  When I try and access the branch from a
> remote
> machine, however, it doesn't work:
>
> bzr log sftp://user@domain.edu/repository/

You are using a relative path, you need to use an absolute path. Since you are
going to a windows machine it should be:

bzr log sftp://user@domain.edu/c:/path/to/repository

For sftp you can also use:

bzr log sftp://user@domain.edu/~/repository

Which means relative to the home directory.

>
> prompts for a password, and when I give it, I get
>
> bzr: ERROR: Not a branch: sftp://user@domain.edu/repository/
>
> I also took a shot at using bzr+ssh://user@domain.edu/repository/
>
> and got
>
> bzr: ERROR: exceptions.AssertionError: end of file reading from server.

A few things to mention here:

'bzr+ssh://' doesn't support the "/~/" trick to use the home directory, so you
have to use the full path.

The AssertionError is our poor handling of ssh disconnects. We expect to get a
response, but when it disconnects early we get the empty string. This really
should just be a decent error, like:

bzr: ERROR: Connection closed prematurely

Without a traceback.

Also, the "bzr: not found" error. That is Windows telling us that it cannot
find "bzr" in the search path. Try doing "ssh host" and then "bzr --version".
Most likely that won't work, but if it does, the next step is to try:

"ssh host bzr --version" which should run the command the way we are running
it. Which should fail (since it is failing for us).

You can do a couple things:

a) Make sure 'bzr' is in PATH (it may need to be bzr.bat on Windows, that has
never been very clear to me)
b) Use "BZR_REMOTE_PATH=C:/Path/to/bzr bzr log bzr+ssh://..."
The local BZR_REMOTE_PATH tells us what process to use on the remote end. But
really (a) is what you want to do.

>
> followed by a long stack trace which I'd be happy to reproduce upon
> request.
> I'm sure I'm just doing something stupid, probably not pointing to
> exactly the
> right place, but I don't know how to fix it.
>
> Thanks for all the help so far!
>
> Regards,
>
> Jason Merrill
>

I'm always happy to help. Let me know if this gets you anywhere. (And, please
continue on the list unless there is anything private)

John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGcMEKJdeBCYSNAAMRAlFuAKCkGaOlCRDE/RXOOAy9P9y/uJbP4gCfYfIU
82WNVOKzcm++4+FUAI70VLM=
=WJwU
-----END PGP SIGNATURE-----