Skip to main content
Jump to: navigation, search

EMFT Build Server Setup

Revision as of 21:04, 14 March 2006 by Nickb (Talk | contribs) (add custom useradd script)

EMFT Build Server Setup

You will need to be root for most of these tasks.

Set up web content

FROM ( (


Fix permissions & ownership

cd /var/www/html; find . -type f -exec chmod 664 {} \;
cd /var/www/html; find . -type d -exec chmod 775 {} \;
cd /var/www/html; find . -exec chown apache:www {} \;

cd /home/www-data/build; find . -type f -exec chmod 664 {} \;
cd /home/www-data/build; find . -type d -exec chmod 775 {} \;
cd /home/www-data/build; find . -exec chown apache:www {} \;
cd /home/www-data/build/scripts; find . -type f -name "*.sh" -exec chmod 755 {} \;

Apache 2 w/ PHP 5 was already installed. Only a few additional programs needed to be installed as well.

Install via yum using yum-xen.conf file

yum -c groupinstall "Java Development"
yum -c groupinstall "Development Tools"

Install & symlink

Fix web user (apache)

  • Edit /etc/group. Add www group:


  • Edit /etc/passwd. Change user's home directory and shell:


  • Edit /etc/sudoers to let you run commands and switch to the web user w/o needing a password. Add the following lines:


%www  ALL = (apache) NOPASSWD: ALL, (root) /usr/bin/su apache
  • Switch to the web user. You should NOT be prompted for a password.
sudo -u apache bash
  • Create an ssh key, WITH NO PASSPHRASE. Store in ~/.ssh/id_rsa and ~/.ssh/
ssh-keygen -b 2048 -t rsa
  • Copy contents of ~/.ssh/ into ~/.ssh/authorized_keys file for user on who

will be running builds. This is so that the web user can commit changes to cvs (tagging, updating map files) for I, M, S & R builds.

  • Test by ssh'ing to, where _username_ should be replaced with your actual username:
  • Run newgrp www so that when new files are created, they will use the group id www instead of apache:
newgrp www
  • Set umask 022 so that files will be created with group write perms 664 (see #/etc/bashrc):
umask 022
  • Set the remote shell connection method for CVS to be ssh instead of the default rsh (see #/etc/bashrc):
export CVS_RSH=/usr/bin/ssh
  • Set an ANT_HOME and JAVA_HOME, and add ant to the PATH (see #/etc/bashrc):
export ANT_HOME=/opt/apache-ant-1.6
export JAVA_HOME=/opt/sun-java2-5.0
export PATH=${PATH}:${ANT_HOME}/bin
  • Switch to the root user.
  • Append the following into /etc/bashrc, where _username_ should be replaced with your actual username:


umask 022
export ANT_HOME=/opt/apache-ant-1.6
export JAVA_HOME=/opt/sun-java2-5.0
export PATH=${PATH}:${ANT_HOME}/bin
export CVS_RSH=/usr/bin/ssh
  • Add the following to .bashrc and .bash_profile files:


if [ -f /etc/bashrc ]; then
  . /etc/bashrc

if [ "$PS1" ]; then
  # enable color support of ls and also add handy aliases
  eval `dircolors -b`
  alias ls='ls --color=auto'
  alias ll='ls -l --color=auto'

  # set a fancy prompt
  # 1;30 - grey, 1;31 - red, 1;32 - green, 1;33 - yellow, 1;34 - blue, etc.
  PS1="\[\033[<b>1;30</b>m\]\u@\h:\w\\[\033[0;39m\] \$ "
  export PS1=$PS1"\[\e]30;\u@\H:\w\a\]"
  export PATH

source ~/.alias
cat ~/.alias


if [ -f ~/.bashrc ]; then
  . ~/.bashrc

export PATH

Secure build script

  • Since the webserver is public but builds should only be run by authorized users, we must secure access to the build.php script.
  • Edit Apache config file to allow .htaccess rule changes to take affect. Change None to All:


# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
  AllowOverride All
  • Create password file, where _username_ should be replaced with an actual username and /path/to/password/file should be replaced with an actual path:
httpasswd -c /path/to/password/file _username_
  • You can add additional users to the password file like this:
httpasswd /path/to/password/file _username2_
  • Create .htaccess file, replacing /path/to/password/file with the same path used in the previous step:


AuthType Basic
AuthName "EMFT Build Server @"
AuthUserFile /path/to/password/file
Require valid-user
  • Restart apache, eg.:
/usr/sbin/httpd -k restart
 - or -
apache2ctl restart

Run a build

Using the username and password set up in the previous step, go here:

Check the build log while it's running or after it completes. If you see any messages such as permission denied or the following, something is amiss. Connection refused
cvs [checkout aborted]: end of file from server (consult above messages if any)

Debugging tips

  • Shell scripts must contain unix line endings. Run dos2unix to make sure, if copying them from a non-unix filesystem.
  • Directories, eg. /home/www-data/build/emft/jet/downloads/drops/1.0.0 must be writable by the web user

(or group www). See #Fix permissions & ownership.

  • CVS connection refusals are the result of not being able to automatically ssh as the web user to This

could be a problem with ssh keys (see above - #Fix web user (apache)) or the method CVS uses to connect (rsh instead of ssh - see #/etc/bashrc).

  • For any compilation-related problems, missing file problems, or other issues not touched upon in this document, see EMFT_Procedures.

Display build logs, details & test results

Builds - including unpublished Nightly builds - are listed on the downloads page here:

Published builds are located here:

Add additional users

  • As root, run the following script:

if [ $# -lt 1 ]; then
  echo "Usage: ./adduser <username>"
  last=`tail -2 /etc/group | head -1`; last=${last##*:x:}; last=${last%%:*}; (( last++ )); #echo $last

  echo -n "Adding: "
  echo $1"::"$last":"$last"::/home/"$1":/bin/bash"
  echo $1"::"$last":"$last"::/home/"$1":/bin/bash" >> /etc/passwd

  wwwgrp=`tail -1 /etc/group`","$1; #echo $wwwgrp;
  wc=`wc -l /etc/group`; wc=${wc%% *}; (( wc-- )); wc="-"$wc; #echo $wc;
  head $wc /etc/group > /etc/

  echo -n "Adding: "
  echo $newgrp
  echo $newgrp >> /etc/

  echo -n "Adding: "
  echo $wwwgrp
  echo $wwwgrp >> /etc/

  mv /etc/ /etc/group

  echo $1 | passwd --stdin $1
  echo "Creating home dir: /home/$1"
  cp -r /home/user /home/$1
  echo "Setting ownership: $1:$1"
  chown -R $1:$1 /home/$1

--Nick Boldt 20:04, 14 March 2006 (EST)

Back to the top