Skip to content

bugzilla
bugzilla
Commit 3b3f69d7 authored by jake%bugzilla.org's avatar jake%bugzilla.org
Browse files
Options

Bug 191034, step 1 - Refactoring the installation chapter to provide sections…

Bug 191034, step 1 - Refactoring the installation chapter to provide sections for OS Specific notes and configuration help on multiple web servers. Also added some terms to the glossary.
parent 7e2802df
Show whitespace changes
Inline Side-by-side
Showing with 856 additions and 1512 deletions
docs/sgml/administration.sgml
View file @ 3b3f69d7
......@@ -904,72 +904,12 @@
is provided for those that want to know exactly what is created.
</para>
<para>Note the instructions which follow are Apache-specific. If you
<para>FIX ME BEFORE RELEASE!!!!!
Note the instructions which follow are Apache-specific. If you
use IIS, Netscape, or other non-Apache web servers, please consult
your system documentation for how to secure these files from being
transmitted to curious users.</para>
<para><filename>$BUGZILLA_HOME/.htaccess</filename>
<programlisting><![CDATA[
# don't allow people to retrieve non-cgi executable files or our private data
<FilesMatch ^(.*\.pl|.*localconfig.*|processmail|runtests.sh)$>
deny from all
</FilesMatch>
<FilesMatch ^(localconfig.js|localconfig.rdf)$>
allow from all
</FilesMatch>
]]></programlisting>
</para>
<para><filename>$BUGZILLA_HOME/data/.htaccess</filename>
<programlisting><![CDATA[
# nothing in this directory is retrievable unless overriden by an .htaccess
# in a subdirectory; the only exception is duplicates.rdf, which is used by
# duplicates.xul and must be loadable over the web
deny from all
<Files duplicates.rdf>
allow from all
</Files>
]]></programlisting>
</para>
<para><filename>$BUGZILLA_HOME/data/webdot</filename>
<programlisting><![CDATA[
# Restrict access to .dot files to the public webdot server at research.att.com
# if research.att.com ever changed their IP, or if you use a different
# webdot server, you'll need to edit this
<FilesMatch ^[0-9]+\.dot$>
Allow from 192.20.225.10
Deny from all
</FilesMatch>
# Allow access by a local copy of 'dot' to .png, .gif, .jpg, and
# .map files
<FilesMatch ^[0-9]+\.(png|gif|jpg|map)$>
Allow from all
</FilesMatch>
# And no directory listings, either.
Deny from all
]]></programlisting>
</para>
<para><filename>$BUGZILLA_HOME/Bugzilla/.htaccess</filename>
<programlisting>
# nothing in this directory is retrievable unless overriden by an .htaccess
# in a subdirectory
deny from all
</programlisting>
</para>
<para><filename>$BUGZILLA_HOME/template/.htaccess</filename>
<programlisting>
# nothing in this directory is retrievable unless overriden by an .htaccess
# in a subdirectory
deny from all
</programlisting>
</para>
</listitem>
</orderedlist>
</para>
......
docs/sgml/glossary.sgml
View file @ 3b3f69d7
......@@ -24,23 +24,66 @@
<glossdiv id="gloss-a">
<title>A</title>
<glossentry>
<glossentry id="gloss-apache">
<glossterm>Apache</glossterm>
<glossdef>
<para>In this context, Apache is the web server most commonly used
for serving up
<glossterm>Bugzilla</glossterm>
for serving up Bugzilla
pages. Contrary to popular belief, the apache web server has nothing
to do with the ancient and noble Native American tribe, but instead
derived its name from the fact that it was
<quote>a patchy</quote>
version of the original
<acronym>NCSA</acronym>
world-wide-web server.</para>
<variablelist>
<title>Useful Directives when configuring Bugzilla</title>
<varlistentry>
<term><computeroutput><ulink url="http://httpd.apache.org/docs-2.0/mod/core.html#addhandler">AddHandler</ulink></computeroutput></term>
<listitem>
<para>Tell Apache that it's OK to run CGI scripts.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><computeroutput><ulink url="http://httpd.apache.org/docs-2.0/mod/core.html#allowoverride">AllowOverride</ulink></computeroutput></term>
<term><computeroutput><ulink url="http://httpd.apache.org/docs-2.0/mod/core.html#options">Options</ulink></computeroutput></term>
<listitem>
<para>These directives are used to tell Apache many things about
the directory they apply to. For Bugzilla's purposes, we need
them to allow script execution and <filename>.htaccess</filename>
overrides.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><computeroutput><ulink url="http://httpd.apache.org/docs-2.0/mod/mod_dir.html#directoryindex">DirectoryIndex</ulink></computeroutput></term>
<listitem>
<para>Used to tell Apache what files are indexes. If you can
not add <filename>index.cgi</filename> to the list of valid files,
you'll need to set <computeroutput>$index_html</computeroutput> to
1 in <filename>localconfig</filename> so
<command>./checksetup.pl</command> will create an
<filename>index.html</filename> that redirects to
<filename>index.cgi</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><computeroutput><ulink url="http://httpd.apache.org/docs-2.0/mod/core.html#scriptinterpretersource">ScriptInterpreterSource</ulink></computeroutput></term>
<listitem>
<para>Used when running Apache on windows so the shebang line
doesn't have to be changed in every Bugzilla script.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>For more information about how to configure Apache for Bugzilla,
see <xref linkend="http-apache"/>.
</para>
</glossdef>
</glossentry>
</glossdiv>
......@@ -89,6 +132,17 @@
<title>
</title>
<glossentry id="gloss-cgi">
<glossterm>Common Gateway Interface</glossterm>
<acronym>CGI</acronym>
<glossdef>
<para><acronym>CGI</acronym> is an acronym for Common Gateway Interface. This is
a standard for interfacing an external application with a web server. Bugzilla
is an example of a <acronym>CGI</acronym> application.
</para>
</glossdef>
</glossentry>
<glossentry id="gloss-component">
<glossterm>Component</glossterm>
......@@ -138,10 +192,9 @@
</glossdiv>
<glossdiv id="gloss-g">
<title>
</title>
<title>G</title>
<glossentry>
<glossentry id="gloss-groups">
<glossterm>Groups</glossterm>
<glossdef>
......@@ -159,6 +212,18 @@
</glossentry>
</glossdiv>
<glossdiv id="gloss-j">
<title>J</title>
<glossentry id="gloss-javascript">
<glossterm>JavaScript</glossterm>
<glossdef>
<para>JavaScript is cool, we should talk about it.
</para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv id="gloss-m">
<title>M</title>
......@@ -291,6 +356,18 @@
fixed, or an enhancement will be implemented.</para>
</glossdef>
</glossentry>
<glossentry id="gloss-tcl">
<glossterm>Tool Command Language</glossterm>
<acronym>TCL</acronym>
<glossdef>
<para>TCL is an open source scripting language available for Windows,
Macintosh, and Unix based systems. Bugzilla 1.0 was written in TCL but
never released. The first release of Bugzilla was 2.0, which was when
it was ported to perl.
</para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv id="gloss-z">
......
docs/sgml/installation.sgml
View file @ 3b3f69d7
......@@ -5,20 +5,20 @@
<section id="stepbystep" xreflabel="Bugzilla Installation Step-by-step">
<title>Step-by-step Install</title>
<section>
<section id="intstall-into">
<title>Introduction</title>
<para>Bugzilla has been successfully installed under Solaris, Linux,
and Win32. Win32 is not yet officially supported, but many people
have got it working fine.
Please see the
<xref linkend="win32" />
Please see
<xref linkend="os-win32" />
for further advice on getting Bugzilla to work on Microsoft
Windows.</para>
</section>
<section>
<section id="install-package-list">
<title>Package List</title>
<note>
......@@ -483,7 +483,7 @@
<para>The GD library was written by Thomas Boutell a long while ago to
programatically generate images in C. Since then it's become the
defacto standard for programatic image construction. The Perl bindings
defacto standard for programmatic image construction. The Perl bindings
to it found in the GD library are used on millions of web pages to
generate graphs on the fly. That's what Bugzilla will be using it for
so you must install it if you want any of the graphing to work.</para>
......@@ -523,65 +523,22 @@
</section>
<section>
<section id="sbs-http">
<title>HTTP Server</title>
<para>You have a freedom of choice here - Apache, Netscape or any other
server on UNIX would do. You can run the web server on a
different machine than MySQL, but need to adjust the MySQL
<quote>bugs</quote>
user permissions accordingly.
<para>You have freedom of choice here, pretty much any web server that
is capable of running <glossterm linkend="gloss-cgi">CGI</glossterm>
scripts will work. <xref linkend="http"/> has more information about
configuring web servers to work with Bugzilla.
</para>
<note>
<para>We strongly recommend Apache as the web server to use. The
Bugzilla Guide installation instructions, in general, assume you are
using Apache. If you have got Bugzilla working using another webserver,
please share your experiences with us.</para>
</note>
</para>
<para>You'll want to make sure that your web server will <emphasis>run</emphasis>
any file
with the .cgi extension as a CGI program and not simply display the source
code. If you're
using Apache that means uncommenting the following line in the httpd.conf
file:
<programlisting>
AddHandler cgi-script .cgi
</programlisting>
</para>
<para>With Apache you'll also want to make sure that within the
httpd.conf file these lines:
<programlisting><![CDATA[
Options +ExecCGI
AllowOverride Limit
]]></programlisting>
are in the stanza that covers the directories into which you intend to
put the bugzilla .html and .cgi files.
<note>
<para>AllowOverride Limit allows the use of a Deny statement in the
.htaccess file generated by checksetup.pl</para>
<para>Users of older versions of Apache may find the above lines
in the srm.conf and access.conf files, respectively.</para>
</note>
</para>
<warning>
<para>There are important files and directories that should not be a
served by the HTTP server - most files in the
<quote>data</quote>
directory and the
<quote>localconfig</quote>
file. You should configure your HTTP server to not serve
these files. Failure to do so will expose critical passwords and
other data. Please see
<xref linkend="htaccess" />
for details on how to do this for Apache; the checksetup.pl
script should create appropriate .htaccess files for you.</para>
</warning>
</section>
<section>
......@@ -598,7 +555,7 @@ AllowOverride Limit
<tip>
<para>If you symlink the bugzilla directory into your Apache's HTML
heirarchy, you may receive
hierarchy, you may receive
<errorname>Forbidden</errorname>
errors unless you add the
<quote>FollowSymLinks</quote>
......@@ -829,7 +786,7 @@ perl -pi -e 's@#\!/usr/bonsaitools/bin/perl@#\!/usr/bin/perl@' *cgi *pl Bug.pm p
</simplelist>
</para>
<para>This means anyone from anywhere on the internet can not only drop
<para>This means anyone from anywhere on the Internet can not only drop
the database with one SQL command, and they can write as root to the
system.</para>
......@@ -1005,7 +962,7 @@ perl -pi -e 's@#\!/usr/bonsaitools/bin/perl@#\!/usr/bin/perl@' *cgi *pl Bug.pm p
Alternatively, you could set up a webdot server, or use the AT&amp;T
public webdot server (the
default for the webdotbase param). Note that AT&amp;T's server won't work
if Bugzilla is only accessible using HTTPS.
if Bugzilla is only accessible using HARTS.
</para>
</section>
......@@ -1335,693 +1292,190 @@ bash# perl -pi -e "s/Content-Type\: text\/html/Content-Type\: text\/html\; chars
</section>
</section>
<section id="win32" xreflabel="Win32 Installation Notes">
<title>Win32 Installation Notes</title>
<para>This section covers installation on Microsoft Windows.
Bugzilla has been made to work on Win32 platforms, but the Bugzilla team
wish to emphasise that The easiest way to install Bugzilla on
Intel-archiecture machines
is to install some variant of GNU/Linux, then follow the UNIX
installation instructions in this Guide. If you have any influence in the
platform choice for running this system, please choose GNU/Linux instead
of Microsoft Windows.</para>
<warning>
<para>After that warning, here's the situation for 2.16
and Windows. It doesn't work at all out of the box.
You are almost certainly better off getting
the 2.17 version from CVS (after consultation with the Bugzilla Team to
make sure you are pulling on a stable day) because we'll be doing a load
of work to make the Win32 experience more pleasant than it is now.
</para>
</warning>
<para>
If you still want to try this, to have any hope of getting it to work,
you'll need to apply the
<ulink url="">mail patch</ulink> from
<ulink url="http://bugzilla.mozilla.org/show_bug.cgi?id=124174">bug 124174</ulink>.
After that, you'll need to read the (outdated) installation
instructions below, some (probably a lot better) <ulink url="http://bugzilla.mozilla.org/attachment.cgi?id=84430&amp;action=view">more
recent ones</ulink> kindly provided by Toms Baugis and Jean-Sebastien
Guay, and also check the
<ulink url="http://www.bugzilla.org/releases/2.16/docs/win32.html">Bugzilla 2.16 Win32 update page
</ulink>. If we get time,
we'll write some better installation instructions for 2.16 and put
them up there. But no promises.
</para>
<section id="wininstall" xreflabel="Win32 Installation: Step-by-step">
<title>Win32 Installation: Step-by-step</title>
<note>
<para>You should be familiar with, and cross-reference, the rest of
the
<xref linkend="installation" />
section while performing your Win32 installation.</para>
<para>Making Bugzilla work on Microsoft Windows is no picnic. Support
for Win32 has improved dramatically in the last few releases, but, if
you choose to proceed, you should be a
<emphasis>very</emphasis>
skilled Windows Systems Administrator with strong troubleshooting
abilities, a high tolerance for pain, and moderate perl skills.
Bugzilla on NT requires hacking source code and implementing some
advanced utilities. What follows is the recommended installation
procedure for Win32; additional suggestions are provided in
<xref linkend="faq" />
.</para>
</note>
<procedure>
<step>
<para>Install
<ulink url="http://www.apache.org/">Apache Web Server</ulink>
for Windows, and copy the Bugzilla files somewhere Apache can serve
them. Please follow all the instructions referenced in
<xref linkend="installation" />
<section id="os-specific">
<title>OS Specific Installation Notes</title>
regarding your Apache configuration, particularly instructions
regarding the
<quote>AddHandler</quote>
parameter and
<quote>ExecCGI</quote>
.</para>
<note>
<para>You may also use Internet Information Server or Personal
Web Server for this purpose. However, setup is quite different.
If ActivePerl doesn't seem to handle your file associations
correctly (for .cgi and .pl files), please consult
<xref linkend="faq" />
.</para>
<para>If you are going to use IIS, if on Windows NT you must be
updated to at least Service Pack 4. Windows 2000 ships with a
sufficient version of IIS.</para>
</note>
</step>
<step>
<para>Install
<ulink url="http://www.activestate.com/">ActivePerl</ulink>
for Windows. Check
<ulink
url="http://aspn.activestate.com/ASPN/Downloads/ActivePerl/">
http://aspn.activestate.com/ASPN/Downloads/ActivePerl</ulink>
for a current compiled binary.</para>
<para>Please also check the following links to fully understand the
status of ActivePerl on Win32:
<ulink url="http://language.perl.com/newdocs/pod/perlport.html">
Perl Porting</ulink>
, and
<ulink
url="http://ftp.univie.ac.at/packages/perl/ports/nt/FAQ/perlwin32faq5.html">
Perl on Win32 FAQ</ulink>
</para>
</step>
<step>
<para>Use ppm from your perl\bin directory to install the following
packs: DBI, DBD-Mysql, TimeDate, Chart, Date-Calc, Date-Manip, GD,
AppConfig, and Template. You may need to extract them from .zip
format using Winzip or other unzip program first. Most of these
additional ppm modules can be downloaded from ActiveState, but
AppConfig and Template should be obtained from OpenInteract using
<ulink type="http" url="http://openinteract.sourceforge.net/">the
instructions on the Template Toolkit web site</ulink>
.</para>
<note>
<para>You can find a list of modules at
<ulink
url="http://www.activestate.com/PPMPackages/zips/5xx-builds-only">
http://www.activestate.com/PPMPackages/zips/5xx-builds-only/</ulink>
or
<ulink url="http://www.activestate.com/PPMPackages/5.6plus">
http://www.activestate.com/PPMPackages/5.6plus</ulink>
<para>Many aspects of the Bugzilla installation can be affected by the
the operating system you choose to install it on. Sometimes it can be made
easier and others more difficult. This section will attempt to help you
understand both the difficulties of running on specific operating systems
and the utilities available to make it easier.
</para>
</note>
<para>The syntax for ppm is:
<computeroutput>
<prompt>C:&gt;</prompt>
<command>ppm &lt;modulename&gt;</command>
</computeroutput>
<para>If you have anything to add or notes for an operating system not
covered, please file a bug in &bzg-bugs;.
</para>
<example>
<title>Installing ActivePerl ppd Modules on Microsoft
Windows</title>
<para>
<prompt>C:&gt;</prompt>
<section id="os-win32">
<title>Microsoft Windows</title>
<command>ppm
<option>DBD-Mysql</option>
</command>
<para>Making Bugzilla work on windows is still a very painful processes.
The Bugzilla Team is working to make it easier, but that goal is not
considered a top priority. If you wish to run Bugzilla, we still
recommend doing so on a Unix based system such as GNU/Linux. As of this
writing, all members of the Bugzilla team and all known large installations
run on Unix based systems.
</para>
<para>Watch your capitalization!</para>
</example>
<para>ActiveState's 5.6Plus directory also contains an AppConfig
ppm, so you might see the following error when trying to install
the version at OpenInteract:</para>
<para>
<computeroutput>Error installing package 'AppConfig': Read a PPD
for 'AppConfig', but it is not intended for this build of Perl
(MSWin32-x86-multi-thread)</computeroutput>
<para>If after hearing all that, you have enough pain tolerance to attempt
installing Bugzilla on Win32, here are some pointers.
<![%bz-devel;[
Because this is a development version of the guide, these instructions
are subject to change without notice. In fact, the Bugzilla Team hopes
they do as we would like to have Bugzilla resonabally close to "out of
the box" compatibility by the 2.18 release.
]]>
</para>
<para>If so, download both
<ulink
url="http://openinteract.sourceforge.net/ppmpackages/AppConfig.tar.gz">
the tarball</ulink>
and
<ulink
url="http://openinteract.sourceforge.net/ppmpackages/AppConfig.ppd">
the ppd</ulink>
directly from OpenInteract, then run ppm from within the same
directory to which you downloaded those files and install the
package by referencing the ppd file explicitly via in the install
command, f.e.:
<example>
<title>Installing OpenInteract ppd Modules manually on Microsoft
Windows</title>
<section id="win32-perl">
<title>Win32 Perl</title>
<para>
<computeroutput>
<command>install
<filename>C:\AppConfig.ppd</filename>
</command>
</computeroutput>
</para>
</example>
</para>
</step>
<step>
<para>Install MySQL for NT.
<note>
<para>You can download MySQL for Windows NT from
<ulink url="http://www.mysql.com/">MySQL.com</ulink>
. Some find it helpful to use the WinMySqlAdmin utility, included
with the download, to set up the database.</para>
</note>
</para>
</step>
<step>
<para>Setup MySQL</para>
<substeps>
<step>
<para>
<computeroutput>
<prompt>C:&gt;</prompt>
<command>C:\mysql\bin\mysql -u root mysql</command>
</computeroutput>
</para>
</step>
<step>
<para>
<computeroutput>
<prompt>mysql&gt;</prompt>
<command>DELETE FROM user WHERE Host='localhost' AND
User='';</command>
</computeroutput>
</para>
</step>
<step>
<para>
<computeroutput>
<prompt>mysql&gt;</prompt>
<command>UPDATE user SET Password=PASSWORD ('new_password')
WHERE user='root';</command>
</computeroutput>
</para>
<para>
<quote>new_password</quote>
, above, indicates whatever password you wish to use for your
<quote>root</quote>
user.</para>
</step>
<step id="ntbugs-password">
<para>
<computeroutput>
<prompt>mysql&gt;</prompt>
<command>GRANT SELECT, INSERT, UPDATE, DELETE, INDEX,
ALTER, CREATE, DROP, REFERENCES ON bugs.* to bugs@localhost
IDENTIFIED BY 'bugs_password';</command>
</computeroutput>
</para>
<para>
<quote>bugs_password</quote>
, above, indicates whatever password you wish to use for your
<quote>bugs</quote>
user.</para>
</step>
<step>
<para>
<computeroutput>
<prompt>mysql&gt;</prompt>
<command>FLUSH PRIVILEGES;</command>
</computeroutput>
</para>
</step>
<step>
<para>
<computeroutput>
<prompt>mysql&gt;</prompt>
<command>create database bugs;</command>
</computeroutput>
</para>
</step>
<step>
<para>
<computeroutput>
<prompt>mysql&gt;</prompt>
<command>exit;</command>
</computeroutput>
</para>
</step>
<step>
<para>
<computeroutput>
<prompt>C:&gt;</prompt>
<command>C:\mysql\bin\mysqladmin -u root -p
reload</command>
</computeroutput>
</para>
</step>
</substeps>
</step>
<step>
<para>Edit
<filename>checksetup.pl</filename>
in your Bugzilla directory. Change this line:</para>
<para>
<programlisting>my $webservergid =
getgrnam($my_webservergroup);</programlisting>
<para>Perl for Windows can be obtained from <ulink
url="http://www.activestate.com/">ActiveState</ulink>. You should be
able to find a compiled binary at <ulink
url="http://aspn.activestate.com/ASPN/Downloads/ActivePerl/">http://aspn.activestate.com/ASPN/Downloads/ActivePerl/</ulink>.
</para>
</section>
<para>to</para>
<section id="win32-perl-modules">
<title>Perl Modules on Win32</title>
<para>
<programlisting>my $webservergid =
$my_webservergroup;</programlisting>
or the name of the group you wish to own the files explicitly:
<programlisting>my $webservergid =
'Administrators'</programlisting>
<para>Bugzilla on Windows requires the same perl modules found in
<xref linkend="install-package-list"/>. The main difference is that
windows uses <command>ppm</command> instead of CPAN.
</para>
</step>
<step>
<para>Run
<filename>checksetup.pl</filename>
from the Bugzilla directory.</para>
</step>
<step>
<para>Edit
<filename>localconfig</filename>
to suit your requirements. Set
<varname>$db_pass</varname>
to your
<quote>bugs_password</quote>
from
<xref linkend="ntbugs-password" />
, and
<varname>$webservergroup</varname>
to
<quote>8</quote>
.</para>
<programlisting>
C:\perl&gt; <command>ppm &lt;module name&gt;</command>
</programlisting>
<note>
<para>Not sure on the
<quote>8</quote>
for
<varname>$webservergroup</varname>
above. If it's wrong, please send corrections.</para>
</note>
</step>
<step>
<para>Edit
<filename>defparams.pl</filename>
to suit your requirements. Particularly, set
<varname>DefParam("maintainer")</varname>
and
<varname>DefParam("urlbase") to match your install.</varname>
<para>The above syntax should work for all modules with the exception
of Template Toolkit. The <ulink
url="http://tt2.org/download.html#win32">Template Toolkit website</ulink>
suggests using the instructions on <ulink
url="http://openinteract.sourceforge.net/">OpenInteract's website</ulink>.
</para>
<note>
<para>This is yet another step I'm not sure of, since the
maintainer of this documentation does not maintain Bugzilla on
NT. If you can confirm or deny that this step is required, please
let me know.</para>
</note>
</step>
<step>
<note>
<para>There are several alternatives to Sendmail that will work
on Win32. The one mentioned here is a
<emphasis>suggestion</emphasis>
, not a requirement. Some other mail packages that can work
include
<ulink url="http://www.blat.net/">BLAT</ulink>
,
<ulink url="http://www.geocel.com/windmail/">Windmail</ulink>
,
<ulink url="http://www.dynamicstate.com/">Mercury
Sendmail</ulink>
, and the CPAN Net::SMTP Perl module (available in .ppm). Every
option requires some hacking of the Perl scripts for Bugzilla to
make it work. The option here simply requires the least.</para>
</note>
<procedure>
<step>
<para>Download NTsendmail, available from
<ulink url="http://www.ntsendmail.com/">
www.ntsendmail.com</ulink>
. You must have a "real" mail server which allows you to relay
off it in your $ENV{"NTsendmail"} (which you should probably
place in globals.pl)</para>
</step>
<step>
<para>Put ntsendmail.pm into your .\perl\lib directory.</para>
</step>
<step>
<para>Add to globals.pl:</para>
<programlisting># these settings configure the NTsendmail
process use NTsendmail;
$ENV{"NTsendmail"}="your.smtpserver.box";
$ENV{"NTsendmail_debug"}=1;
$ENV{"NTsendmail_max_tries"}=5;</programlisting>
<note>
<para>Some mention to also edit
<varname>$db_pass</varname>
in
<filename>globals.pl</filename>
to be your
<quote>bugs_password</quote>
. Although this may get you around some problem
authenticating to your database, since globals.pl is not
normally restricted by
<filename>.htaccess</filename>
, your database password is exposed to whoever uses your web
server.</para>
</note>
</step>
<step>
<para>Find and comment out all occurences of
<quote>
<command>open(SENDMAIL</command>
</quote>
in your Bugzilla directory. Then replace them with:
<programlisting># new sendmail functionality my $mail=new
NTsendmail; my $from="bugzilla\@your.machine.name.tld"; my
$to=$login; my $subject=$urlbase;
$mail-&gt;send($from,$to,$subject,$msg);</programlisting>
<para>A complete list of modules that can be installed using ppm can
be found at <ulink url="http://www.activestate.com/PPMPackages/5.6plus">http://www.activestate.com/PPMPackages/5.6plus</ulink>.
</para>
<note>
<para>Some have found success using the commercial product,
<productname>Windmail</productname>
. You could try replacing your sendmail calls with:
<programlisting>open SENDMAIL,
"|\"C:/General/Web/tools/Windmail 4.0 Beta/windmail\" -t &gt;
mail.log";</programlisting>
or something to that effect.</para>
</note>
</step>
</procedure>
</step>
<step>
<para>Change all references in all files from
<filename>processmail</filename>
to
<filename>processmail.pl</filename>
</section>
, and rename
<filename>processmail</filename>
<section id="win32-code-changes">
<title>Code changes required to run on win32</title>
to
<filename>processmail.pl</filename>
<para>Unfortunately, Bugzilla still doesn't run "out of the box" on
Windows. There is work in progress to make this easier, but until that
happens code will have to be modified. This section is an attempt to
list the required changes. It is an attempt to be all inclusive, but
there may be other changes required. If you find something is missing,
please file a bug in &bzg-bugs;.
</para>
.</para>
<section id="win32-code-checksetup">
<title>Changes to <filename>checksetup.pl</filename></title>
<note>
<para>Many think this may be a change we want to make for
main-tree Bugzilla. It's painless for the UNIX folks, and will
make the Win32 people happier.</para>
</note>
<para>In <filename>checksetup.pl</filename>, the line reading:</para>
<note>
<para>Some people have suggested using the Net::SMTP Perl module
instead of NTsendmail or the other options listed here. You can
change processmail.pl to make this work.
<programlisting>
<![CDATA[
my $smtp = Net::SMTP->new('<Name of your SMTP server>'); #connect to SMTP server
$smtp->mail('<your name>@<you smpt server>');# use the sender's adress here
$smtp->to($tolist); # recipient's address
$smtp->data(); # Start the mail
$smtp->datasend($msg);
$smtp->dataend(); # Finish sending the mail
$smtp->quit; # Close the SMTP connection
$logstr = "$logstr; mail sent to $tolist $cclist";
}
]]>
my $mysql_binaries = `which mysql`;
</programlisting>
here is a test mail program for Net::SMTP:
<para>to</para>
<programlisting>
<![CDATA[
use Net::SMTP;
my $smtp = Net::SMTP->new('<Name of your SMTP server', Timeout => 30, Debug
=> 1, ); # connect to SMTP server
$smtp->auth;
$smtp->mail('you@yourcompany.com');# use the sender's adress
here
$smtp->to('someotherAddress@someotherdomain.com'); #
recipient's address
$smtp->data(); # Start the mail
$smtp->datasend('test');
$smtp->dataend(); # Finish sending the mail
$smtp->quit; # Close the SMTP connection
exit;
]]>
my $mysql_binaries = "D:\\mysql\\bin\\mysql";
</programlisting>
</para>
</note>
</step>
<step>
<note>
<para>This step is optional if you are using IIS or another web
server which only decides on an interpreter based upon the file
extension (.pl), rather than the
<quote>shebang</quote>
line (#/usr/bonsaitools/bin/perl)</para>
</note>
<para>Modify the path to perl on the first line (#!) of all files
to point to your Perl installation, and add
<quote>perl</quote>
to the beginning of all Perl system calls that use a perl script as
an argument. This may take you a while. There is a
<quote>setperl.csh</quote>
<para>And you'll also need to change:</para>
utility to speed part of this procedure, available in the
<xref linkend="patches" />
section of The Bugzilla Guide. However, it requires the Cygwin
GNU-compatible environment for Win32 be set up in order to work.
See
<ulink url="http://www.cygwin.com/">http://www.cygwin.com/</ulink>
for details on obtaining Cygwin.</para>
</step>
<step>
<para>Modify the invocation of all system() calls in all perl
scripts in your Bugzilla directory. You should specify the full
path to perl for each system() call. For instance, change this line
in processmail:
<programlisting>
<![CDATA[
system ("./processmail",@ARGLIST);
</programlisting> to
my $webservergid = getgrnam($my_webservergroup)
</programlisting>
<para>to</para>
<programlisting>
system ("C:\\perl\\bin\\perl", "processmail", @ARGLIST);
]]>
my $webservergid = '8'
</programlisting>
</para>
</step>
</section>
</procedure>
<section id="win32-code-mail">
<title>Making mail work</title>
<tip>
<para>If you are using IIS or Personal Web Server, you must add cgi
relationships to Properties -&gt; Home directory (tab) -&gt;
Application Settings (section) -&gt; Configuration (button), such
as:</para>
<para>
<programlisting>.cgi to: &lt;perl install directory&gt;\perl.exe %s
%s .pl to: &lt;perl install directory&gt;\perl.exe %s %s
GET,HEAD,POST</programlisting>
<para>The easiest way to get mail working is to use the mail patches
on <ulink url="http://bugzilla.mozilla.org/show_bug.cgi?id=124174">bug
124174</ulink>. With any luck, this patch will receive the required
reviews and integrated into the main Bugzilla distribution very soon.
Until that happens, there's at least one report of this patch working
well on Windows.
</para>
Change the path to Perl to match your install, of course.</para>
</tip>
</section>
<section id="addlwintips">
<title>Additional Windows Tips</title>
<section>
<title>System Calls</title>
<tip>
<para>From Andrew Pearson:
<blockquote>
<para>You can make Bugzilla work with Personal Web Server for
Windows 98 and higher, as well as for IIS 4.0. Microsoft has
information available at
<ulink
url=" http://support.microsoft.com/support/kb/articles/Q231/9/98.ASP">
http://support.microsoft.com/support/kb/articles/Q231/9/98.ASP</ulink>
<para>In order to get system calls to work on win32's perl, you need
to tell the windows shell what interpreter to use. This is done by
changing the <function>system</function> calls. You will need to
search all of Bugzilla's code for <function>system</function> calls.
To tell perl your interpreter, it needs to be the first argument to
the <function>system</function> call. For example, you'll need to
change:
</para>
<para>Basically you need to add two String Keys in the registry at
the following location:</para>
<para>
<!-- We'll need a different example when there's no more processmail -->
<programlisting>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ScriptMap</programlisting>
</para>
system("./processmail", $id, $exporter);
</programlisting>
<para>with</para>
<programlisting>
system("C:\\perl\\bin\\perl", "processmail", $id, $exporter);
</programlisting>
<para>The keys should be called ".pl" and ".cgi", and both should
have a value something like:
<command>c:/perl/bin/perl.exe "%s" "%s"</command>
<para>Notice that the <computeroutput>./</computeroutput> is also
removed.
</para>
<para>The KB article only talks about .pl, but it goes into more
detail and provides a perl test script.</para>
</blockquote>
<tip>
<para>The <command>grep</command> command is very helpful in finding
these <function>system</function> calls, assuming you have the
<productname class="trade">cygwin</productname> utilities.
</para>
</tip>
<tip>
<para>If attempting to run Bugzilla 2.12 or older, you will need to
remove encrypt() calls from the Perl source. This is
<emphasis>not necessary</emphasis>
</section>
for Bugzilla 2.13 and later, which includes the current release,
Bugzilla &amp;bz-ver;.
<example>
<title>Removing encrypt() for Windows NT Bugzilla version 2.12 or
earlier</title>
</section>
<para>Replace this:
<programlisting>SendSQL("SELECT encrypt(" . SqlQuote($enteredpwd) .
", " . SQLQuote(substr($realcryptpwd, 0, 2)) . ")"); my
$enteredcryptpwd = FetchOneColumn();</programlisting>
<section id="win32-http">
<title>Serving the web pages</title>
with this:
<programlisting>my $enteredcryptpwd = $enteredpwd</programlisting>
<para>As is the case on Unix based systems, any web server should be
able to handle Bugzilla; however, the Bugzilla Team still recommends
Apache whenever asked. No matter what web server you choose, be sure
to pay attention to the security notes in <xref linkend="security"/>.
More information on configuring specific web servers can be found in
<xref linkend="http"/>.
</para>
in cgi.pl.</para>
</example>
<note>
<para>If using Apache on windows, you can set the <ulink
url="http://httpd.apache.org/docs-2.0/mod/core.html#scriptinterpretersource">ScriptInterpreterSource</ulink>
directive in your Apache config, if you don't do this, you'll have
to modify the first line of every script to contain your path to
perl instead of <filename>/usr/bonsaitools/bin/perl</filename>.
</para>
</tip>
</note>
</section>
</section>
<section id="osx">
<title>Mac OS X Installation Notes</title>
<section id="os-macosx">
<title><productname>Mac OS X</productname></title>
<!-- XXX - Clean me up... (Mac OS X) -->
<para>There are a lot of common libraries and utilities out there that
Apple did not include with Mac OS X, but which run perfectly well on it.
The GD library, which Bugzilla needs to do bug graphs, is one of
......@@ -2030,7 +1484,7 @@ system ("C:\\perl\\bin\\perl", "processmail", @ARGLIST);
<para>The easiest way to get a lot of these is with a program called
Fink, which is similar in nature to the CPAN installer, but installs
common GNU utilities. Fink is available from
&lt;http://sourceforge.net/projects/fink/&gt;.</para>
<ulink url="http://sourceforge.net/projects/fink/"/>.</para>
<para>Follow the instructions for setting up Fink. Once it's installed,
you'll want to run the following as root:
......@@ -2091,6 +1545,207 @@ system ("C:\\perl\\bin\\perl", "processmail", @ARGLIST);
</section>
</section>
<section id="http">
<title>HTTP Server Configuration</title>
<para>The Bugzilla Team recommends Apache when using Bugzilla, however, any web server
that can be configured to run <glossterm linkend="gloss-cgi">CGI</glossterm> scripts
should be able to handle Bugzilla. No matter what web server you choose, but
especially if you choose something other than Apache, you should be sure to read
<xref linkend="security"/>.
</para>
<para>The plan for this section is to eventually document the specifics of how to lock
down permissions on individual web servers.
</para>
<section id="http-apache">
<title>Apache <productname>httpd</productname></title>
<para>As mentioned above, the Bugzilla Team recommends Apache for use
with Bugzilla. You will have to make sure that Apache is properly
configured to run the Bugzilla CGI scripts. You also need to make sure
that the <filename>.htaccess</filename> files created by
<command>./checksetup.pl</command> (shown in <xref linkend="http-apache-htaccess"/>
for the curious) are allowed to override Apache's normal access
permissions or else important password information may be exposed to the
Internet.
</para>
<para>Many Apache installations are not configured to run scripts
anywhere but in the <filename class="directory">cgi-bin</filename>
directory; however, we recommend that Bugzilla not be installed in the
<filename class="directory">cgi-bin</filename>, otherwise the static
files such as images and <xref linkend="gloss-javascript"/>
will not work correctly. To allow scripts to run in the normal
web space, the following changes should be made to your
<filename>httpd.conf</filename> file.
</para>
<para>To allow files with a .cgi extension to be run, make sure the
following line exists and is uncommented:</para>
<programlisting>
AddHandler cgi-script .cgi
</programlisting>
<para>To allow <filename>.htaccess</filename> files to override
permissions and .cgi files to run in the Bugzilla directory, make sure
the following two lines are in a <computeroutput>Directory</computeroutput>
directive that applies to the Bugzilla directory on your system
(either the Bugzilla directory or one of its parents).
</para>
<programlisting>
Options +ExecCGI
AllowOverride Limit
</programlisting>
<note>
<para>For more information on Apache and its directives, see the
glossary entry on <xref linkend="gloss-apache"/>.
</para>
</note>
<example id="http-apache-htaccess">
<title><filename>.htaccess</filename> files for Apache</title>
<para><filename>$BUGZILLA_HOME/.htaccess</filename>
<programlisting><![CDATA[
# don't allow people to retrieve non-cgi executable files or our private data
<FilesMatch ^(.*\.pl|.*localconfig.*|processmail|runtests.sh)$>
deny from all
</FilesMatch>
<FilesMatch ^(localconfig.js|localconfig.rdf)$>
allow from all
</FilesMatch>
]]></programlisting>
</para>
<para><filename>$BUGZILLA_HOME/data/.htaccess</filename>
<programlisting><![CDATA[
# nothing in this directory is retrievable unless overriden by an .htaccess
# in a subdirectory; the only exception is duplicates.rdf, which is used by
# duplicates.xul and must be loadable over the web
deny from all
<Files duplicates.rdf>
allow from all
</Files>
]]></programlisting>
</para>
<para><filename>$BUGZILLA_HOME/data/webdot</filename>
<programlisting><![CDATA[
# Restrict access to .dot files to the public webdot server at research.att.com
# if research.att.com ever changed their IP, or if you use a different
# webdot server, you'll need to edit this
<FilesMatch ^[0-9]+\.dot$>
Allow from 192.20.225.10
Deny from all
</FilesMatch>
# Allow access by a local copy of 'dot' to .png, .gif, .jpg, and
# .map files
<FilesMatch ^[0-9]+\.(png|gif|jpg|map)$>
Allow from all
</FilesMatch>
# And no directory listings, either.
Deny from all
]]></programlisting>
</para>
<para><filename>$BUGZILLA_HOME/Bugzilla/.htaccess</filename>
<programlisting>
# nothing in this directory is retrievable unless overriden by an .htaccess
# in a subdirectory
deny from all
</programlisting>
</para>
<para><filename>$BUGZILLA_HOME/template/.htaccess</filename>
<programlisting>
# nothing in this directory is retrievable unless overriden by an .htaccess
# in a subdirectory
deny from all
</programlisting>
</para>
</example>
</section>
<section id="http-iis">
<title>Microsoft <productname>Internet Information Services</productname></title>
<para>If you need, or for some reason even want, to use Microsoft's
<productname>Internet Information Services</productname> or
<productname>Personal Web Server</productname> you should be able
to. You will need to configure them to know how to run CGI scripts,
however. This is described in Microsoft Knowledge Base article
<ulink url="http://support.microsoft.com/support/kb/articles/Q245/2/25.asp">Q245225 </ulink>
for <productname>Internet Information Services</productname> and
<ulink url="http://support.microsoft.com/support/kb/articles/Q231/9/98.asp">Q231998</ulink>
for <productname>Personal Web Server</productname>.
</para>
<para>Also, and this can't be stressed enough, make sure that files such as
<filename>localconfig</filename> and your <filename class="directory">data</filename>
directory are secured as described in <xref linkend="security"/>.
</para>
</section>
<section id="http-aol">
<title>AOL Server</title>
<para>Ben FrantzDale reported success using AOL Server with Bugzilla. He
reported his experience and what appears below is based on that.
</para>
<para>AOL Server will have to be configured to run
<glossterm linkend="gloss-cgi">CGI</glossterm> scripts, please consult
the documentation that came with your server for more information on
how to do this.
</para>
<para>Because AOL Server doesn't support <filename>.htaccess</filename>
files, you'll have to create a <glossterm linkend="gloss-tcl">TCL</glossterm>
script. You should create an <filename>aolserver/modules/tcl/filter.tcl</filename>
file (the filename shouldn't matter) with the following contents (change
<computeroutput>/bugzilla/</computeroutput> to the web-based path to
your Bugzilla installation):
</para>
<programlisting>
ns_register_filter preauth GET /bugzilla/localconfig filter_deny
ns_register_filter preauth GET /bugzilla/*.pl filter_deny
ns_register_filter preauth GET /bugzilla/localconfig filter_deny
ns_register_filter preauth GET /bugzilla/processmail filter_deny
ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny
ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny
proc filter_deny { why } {
ns_log Notice "filter_deny"
return "filter_return"
}
</programlisting>
<warning>
<para>This doesn't appear to account for everything mentioned in
<xref linkend="security"/>. In particular, it doesn't block access
to the <filename class="directory">data</filename> or
<filename class="directory">template</filename> directories. It also
doesn't account for the editor backup files that were the topic of
<ulink url="http://bugzilla.mozilla.org/show_bug.cgi?id=186383">bug
186383</ulink>, <ulink
url="http://online.securityfocus.com/bid/6501">Bugtraq ID 6501</ulink>,
and a partial cause for the 2.16.2 release.
</para>
</warning>
</section>
</section>
<section id="troubleshooting">
<title>Troubleshooting</title>
......
docs/xml/administration.xml
View file @ 3b3f69d7
......@@ -904,72 +904,12 @@
is provided for those that want to know exactly what is created.
</para>
<para>Note the instructions which follow are Apache-specific. If you
<para>FIX ME BEFORE RELEASE!!!!!
Note the instructions which follow are Apache-specific. If you
use IIS, Netscape, or other non-Apache web servers, please consult
your system documentation for how to secure these files from being
transmitted to curious users.</para>
<para><filename>$BUGZILLA_HOME/.htaccess</filename>
<programlisting><![CDATA[
# don't allow people to retrieve non-cgi executable files or our private data
<FilesMatch ^(.*\.pl|.*localconfig.*|processmail|runtests.sh)$>
deny from all
</FilesMatch>
<FilesMatch ^(localconfig.js|localconfig.rdf)$>
allow from all
</FilesMatch>
]]></programlisting>
</para>
<para><filename>$BUGZILLA_HOME/data/.htaccess</filename>
<programlisting><![CDATA[
# nothing in this directory is retrievable unless overriden by an .htaccess
# in a subdirectory; the only exception is duplicates.rdf, which is used by
# duplicates.xul and must be loadable over the web
deny from all
<Files duplicates.rdf>
allow from all
</Files>
]]></programlisting>
</para>
<para><filename>$BUGZILLA_HOME/data/webdot</filename>
<programlisting><![CDATA[
# Restrict access to .dot files to the public webdot server at research.att.com
# if research.att.com ever changed their IP, or if you use a different
# webdot server, you'll need to edit this
<FilesMatch ^[0-9]+\.dot$>
Allow from 192.20.225.10
Deny from all
</FilesMatch>
# Allow access by a local copy of 'dot' to .png, .gif, .jpg, and
# .map files
<FilesMatch ^[0-9]+\.(png|gif|jpg|map)$>
Allow from all
</FilesMatch>
# And no directory listings, either.
Deny from all
]]></programlisting>
</para>
<para><filename>$BUGZILLA_HOME/Bugzilla/.htaccess</filename>
<programlisting>
# nothing in this directory is retrievable unless overriden by an .htaccess
# in a subdirectory
deny from all
</programlisting>
</para>
<para><filename>$BUGZILLA_HOME/template/.htaccess</filename>
<programlisting>
# nothing in this directory is retrievable unless overriden by an .htaccess
# in a subdirectory
deny from all
</programlisting>
</para>
</listitem>
</orderedlist>
</para>
......
docs/xml/glossary.xml
View file @ 3b3f69d7
......@@ -24,23 +24,66 @@
<glossdiv id="gloss-a">
<title>A</title>
<glossentry>
<glossentry id="gloss-apache">
<glossterm>Apache</glossterm>
<glossdef>
<para>In this context, Apache is the web server most commonly used
for serving up
<glossterm>Bugzilla</glossterm>
for serving up Bugzilla
pages. Contrary to popular belief, the apache web server has nothing
to do with the ancient and noble Native American tribe, but instead
derived its name from the fact that it was
<quote>a patchy</quote>
version of the original
<acronym>NCSA</acronym>
world-wide-web server.</para>
<variablelist>
<title>Useful Directives when configuring Bugzilla</title>
<varlistentry>
<term><computeroutput><ulink url="http://httpd.apache.org/docs-2.0/mod/core.html#addhandler">AddHandler</ulink></computeroutput></term>
<listitem>
<para>Tell Apache that it's OK to run CGI scripts.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><computeroutput><ulink url="http://httpd.apache.org/docs-2.0/mod/core.html#allowoverride">AllowOverride</ulink></computeroutput></term>
<term><computeroutput><ulink url="http://httpd.apache.org/docs-2.0/mod/core.html#options">Options</ulink></computeroutput></term>
<listitem>
<para>These directives are used to tell Apache many things about
the directory they apply to. For Bugzilla's purposes, we need
them to allow script execution and <filename>.htaccess</filename>
overrides.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><computeroutput><ulink url="http://httpd.apache.org/docs-2.0/mod/mod_dir.html#directoryindex">DirectoryIndex</ulink></computeroutput></term>
<listitem>
<para>Used to tell Apache what files are indexes. If you can
not add <filename>index.cgi</filename> to the list of valid files,
you'll need to set <computeroutput>$index_html</computeroutput> to
1 in <filename>localconfig</filename> so
<command>./checksetup.pl</command> will create an
<filename>index.html</filename> that redirects to
<filename>index.cgi</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><computeroutput><ulink url="http://httpd.apache.org/docs-2.0/mod/core.html#scriptinterpretersource">ScriptInterpreterSource</ulink></computeroutput></term>
<listitem>
<para>Used when running Apache on windows so the shebang line
doesn't have to be changed in every Bugzilla script.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>For more information about how to configure Apache for Bugzilla,
see <xref linkend="http-apache"/>.
</para>
</glossdef>
</glossentry>
</glossdiv>
......@@ -89,6 +132,17 @@
<title>
</title>
<glossentry id="gloss-cgi">
<glossterm>Common Gateway Interface</glossterm>
<acronym>CGI</acronym>
<glossdef>
<para><acronym>CGI</acronym> is an acronym for Common Gateway Interface. This is
a standard for interfacing an external application with a web server. Bugzilla
is an example of a <acronym>CGI</acronym> application.
</para>
</glossdef>
</glossentry>
<glossentry id="gloss-component">
<glossterm>Component</glossterm>
......@@ -138,10 +192,9 @@
</glossdiv>
<glossdiv id="gloss-g">
<title>
</title>
<title>G</title>
<glossentry>
<glossentry id="gloss-groups">
<glossterm>Groups</glossterm>
<glossdef>
......@@ -159,6 +212,18 @@
</glossentry>
</glossdiv>
<glossdiv id="gloss-j">
<title>J</title>
<glossentry id="gloss-javascript">
<glossterm>JavaScript</glossterm>
<glossdef>
<para>JavaScript is cool, we should talk about it.
</para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv id="gloss-m">
<title>M</title>
......@@ -291,6 +356,18 @@
fixed, or an enhancement will be implemented.</para>
</glossdef>
</glossentry>
<glossentry id="gloss-tcl">
<glossterm>Tool Command Language</glossterm>
<acronym>TCL</acronym>
<glossdef>
<para>TCL is an open source scripting language available for Windows,
Macintosh, and Unix based systems. Bugzilla 1.0 was written in TCL but
never released. The first release of Bugzilla was 2.0, which was when
it was ported to perl.
</para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv id="gloss-z">
......
docs/xml/installation.xml
View file @ 3b3f69d7
......@@ -5,20 +5,20 @@
<section id="stepbystep" xreflabel="Bugzilla Installation Step-by-step">
<title>Step-by-step Install</title>
<section>
<section id="intstall-into">
<title>Introduction</title>
<para>Bugzilla has been successfully installed under Solaris, Linux,
and Win32. Win32 is not yet officially supported, but many people
have got it working fine.
Please see the
<xref linkend="win32" />
Please see
<xref linkend="os-win32" />
for further advice on getting Bugzilla to work on Microsoft
Windows.</para>
</section>
<section>
<section id="install-package-list">
<title>Package List</title>
<note>
......@@ -483,7 +483,7 @@
<para>The GD library was written by Thomas Boutell a long while ago to
programatically generate images in C. Since then it's become the
defacto standard for programatic image construction. The Perl bindings
defacto standard for programmatic image construction. The Perl bindings
to it found in the GD library are used on millions of web pages to
generate graphs on the fly. That's what Bugzilla will be using it for
so you must install it if you want any of the graphing to work.</para>
......@@ -523,65 +523,22 @@
</section>
<section>
<section id="sbs-http">
<title>HTTP Server</title>
<para>You have a freedom of choice here - Apache, Netscape or any other
server on UNIX would do. You can run the web server on a
different machine than MySQL, but need to adjust the MySQL
<quote>bugs</quote>
user permissions accordingly.
<para>You have freedom of choice here, pretty much any web server that
is capable of running <glossterm linkend="gloss-cgi">CGI</glossterm>
scripts will work. <xref linkend="http"/> has more information about
configuring web servers to work with Bugzilla.
</para>
<note>
<para>We strongly recommend Apache as the web server to use. The
Bugzilla Guide installation instructions, in general, assume you are
using Apache. If you have got Bugzilla working using another webserver,
please share your experiences with us.</para>
</note>
</para>
<para>You'll want to make sure that your web server will <emphasis>run</emphasis>
any file
with the .cgi extension as a CGI program and not simply display the source
code. If you're
using Apache that means uncommenting the following line in the httpd.conf
file:
<programlisting>
AddHandler cgi-script .cgi
</programlisting>
</para>
<para>With Apache you'll also want to make sure that within the
httpd.conf file these lines:
<programlisting><![CDATA[
Options +ExecCGI
AllowOverride Limit
]]></programlisting>
are in the stanza that covers the directories into which you intend to
put the bugzilla .html and .cgi files.
<note>
<para>AllowOverride Limit allows the use of a Deny statement in the
.htaccess file generated by checksetup.pl</para>
<para>Users of older versions of Apache may find the above lines
in the srm.conf and access.conf files, respectively.</para>
</note>
</para>
<warning>
<para>There are important files and directories that should not be a
served by the HTTP server - most files in the
<quote>data</quote>
directory and the
<quote>localconfig</quote>
file. You should configure your HTTP server to not serve
these files. Failure to do so will expose critical passwords and
other data. Please see
<xref linkend="htaccess" />
for details on how to do this for Apache; the checksetup.pl
script should create appropriate .htaccess files for you.</para>
</warning>
</section>
<section>
......@@ -598,7 +555,7 @@ AllowOverride Limit
<tip>
<para>If you symlink the bugzilla directory into your Apache's HTML
heirarchy, you may receive
hierarchy, you may receive
<errorname>Forbidden</errorname>
errors unless you add the
<quote>FollowSymLinks</quote>
......@@ -829,7 +786,7 @@ perl -pi -e 's@#\!/usr/bonsaitools/bin/perl@#\!/usr/bin/perl@' *cgi *pl Bug.pm p
</simplelist>
</para>
<para>This means anyone from anywhere on the internet can not only drop
<para>This means anyone from anywhere on the Internet can not only drop
the database with one SQL command, and they can write as root to the
system.</para>
......@@ -1005,7 +962,7 @@ perl -pi -e 's@#\!/usr/bonsaitools/bin/perl@#\!/usr/bin/perl@' *cgi *pl Bug.pm p
Alternatively, you could set up a webdot server, or use the AT&amp;T
public webdot server (the
default for the webdotbase param). Note that AT&amp;T's server won't work
if Bugzilla is only accessible using HTTPS.
if Bugzilla is only accessible using HARTS.
</para>
</section>
......@@ -1335,693 +1292,190 @@ bash# perl -pi -e "s/Content-Type\: text\/html/Content-Type\: text\/html\; chars
</section>
</section>
<section id="win32" xreflabel="Win32 Installation Notes">
<title>Win32 Installation Notes</title>
<para>This section covers installation on Microsoft Windows.
Bugzilla has been made to work on Win32 platforms, but the Bugzilla team
wish to emphasise that The easiest way to install Bugzilla on
Intel-archiecture machines
is to install some variant of GNU/Linux, then follow the UNIX
installation instructions in this Guide. If you have any influence in the
platform choice for running this system, please choose GNU/Linux instead
of Microsoft Windows.</para>
<warning>
<para>After that warning, here's the situation for 2.16
and Windows. It doesn't work at all out of the box.
You are almost certainly better off getting
the 2.17 version from CVS (after consultation with the Bugzilla Team to
make sure you are pulling on a stable day) because we'll be doing a load
of work to make the Win32 experience more pleasant than it is now.
</para>
</warning>
<para>
If you still want to try this, to have any hope of getting it to work,
you'll need to apply the
<ulink url="">mail patch</ulink> from
<ulink url="http://bugzilla.mozilla.org/show_bug.cgi?id=124174">bug 124174</ulink>.
After that, you'll need to read the (outdated) installation
instructions below, some (probably a lot better) <ulink url="http://bugzilla.mozilla.org/attachment.cgi?id=84430&amp;action=view">more
recent ones</ulink> kindly provided by Toms Baugis and Jean-Sebastien
Guay, and also check the
<ulink url="http://www.bugzilla.org/releases/2.16/docs/win32.html">Bugzilla 2.16 Win32 update page
</ulink>. If we get time,
we'll write some better installation instructions for 2.16 and put
them up there. But no promises.
</para>
<section id="wininstall" xreflabel="Win32 Installation: Step-by-step">
<title>Win32 Installation: Step-by-step</title>
<note>
<para>You should be familiar with, and cross-reference, the rest of
the
<xref linkend="installation" />
section while performing your Win32 installation.</para>
<para>Making Bugzilla work on Microsoft Windows is no picnic. Support
for Win32 has improved dramatically in the last few releases, but, if
you choose to proceed, you should be a
<emphasis>very</emphasis>
skilled Windows Systems Administrator with strong troubleshooting
abilities, a high tolerance for pain, and moderate perl skills.
Bugzilla on NT requires hacking source code and implementing some
advanced utilities. What follows is the recommended installation
procedure for Win32; additional suggestions are provided in
<xref linkend="faq" />
.</para>
</note>
<procedure>
<step>
<para>Install
<ulink url="http://www.apache.org/">Apache Web Server</ulink>
for Windows, and copy the Bugzilla files somewhere Apache can serve
them. Please follow all the instructions referenced in
<xref linkend="installation" />
<section id="os-specific">
<title>OS Specific Installation Notes</title>
regarding your Apache configuration, particularly instructions
regarding the
<quote>AddHandler</quote>
parameter and
<quote>ExecCGI</quote>
.</para>
<note>
<para>You may also use Internet Information Server or Personal
Web Server for this purpose. However, setup is quite different.
If ActivePerl doesn't seem to handle your file associations
correctly (for .cgi and .pl files), please consult
<xref linkend="faq" />
.</para>
<para>If you are going to use IIS, if on Windows NT you must be
updated to at least Service Pack 4. Windows 2000 ships with a
sufficient version of IIS.</para>
</note>
</step>
<step>
<para>Install
<ulink url="http://www.activestate.com/">ActivePerl</ulink>
for Windows. Check
<ulink
url="http://aspn.activestate.com/ASPN/Downloads/ActivePerl/">
http://aspn.activestate.com/ASPN/Downloads/ActivePerl</ulink>
for a current compiled binary.</para>
<para>Please also check the following links to fully understand the
status of ActivePerl on Win32:
<ulink url="http://language.perl.com/newdocs/pod/perlport.html">
Perl Porting</ulink>
, and
<ulink
url="http://ftp.univie.ac.at/packages/perl/ports/nt/FAQ/perlwin32faq5.html">
Perl on Win32 FAQ</ulink>
</para>
</step>
<step>
<para>Use ppm from your perl\bin directory to install the following
packs: DBI, DBD-Mysql, TimeDate, Chart, Date-Calc, Date-Manip, GD,
AppConfig, and Template. You may need to extract them from .zip
format using Winzip or other unzip program first. Most of these
additional ppm modules can be downloaded from ActiveState, but
AppConfig and Template should be obtained from OpenInteract using
<ulink type="http" url="http://openinteract.sourceforge.net/">the
instructions on the Template Toolkit web site</ulink>
.</para>
<note>
<para>You can find a list of modules at
<ulink
url="http://www.activestate.com/PPMPackages/zips/5xx-builds-only">
http://www.activestate.com/PPMPackages/zips/5xx-builds-only/</ulink>
or
<ulink url="http://www.activestate.com/PPMPackages/5.6plus">
http://www.activestate.com/PPMPackages/5.6plus</ulink>
<para>Many aspects of the Bugzilla installation can be affected by the
the operating system you choose to install it on. Sometimes it can be made
easier and others more difficult. This section will attempt to help you
understand both the difficulties of running on specific operating systems
and the utilities available to make it easier.
</para>
</note>
<para>The syntax for ppm is:
<computeroutput>
<prompt>C:&gt;</prompt>
<command>ppm &lt;modulename&gt;</command>
</computeroutput>
<para>If you have anything to add or notes for an operating system not
covered, please file a bug in &bzg-bugs;.
</para>
<example>
<title>Installing ActivePerl ppd Modules on Microsoft
Windows</title>
<para>
<prompt>C:&gt;</prompt>
<section id="os-win32">
<title>Microsoft Windows</title>
<command>ppm
<option>DBD-Mysql</option>
</command>
<para>Making Bugzilla work on windows is still a very painful processes.
The Bugzilla Team is working to make it easier, but that goal is not
considered a top priority. If you wish to run Bugzilla, we still
recommend doing so on a Unix based system such as GNU/Linux. As of this
writing, all members of the Bugzilla team and all known large installations
run on Unix based systems.
</para>
<para>Watch your capitalization!</para>
</example>
<para>ActiveState's 5.6Plus directory also contains an AppConfig
ppm, so you might see the following error when trying to install
the version at OpenInteract:</para>
<para>
<computeroutput>Error installing package 'AppConfig': Read a PPD
for 'AppConfig', but it is not intended for this build of Perl
(MSWin32-x86-multi-thread)</computeroutput>
<para>If after hearing all that, you have enough pain tolerance to attempt
installing Bugzilla on Win32, here are some pointers.
<![%bz-devel;[
Because this is a development version of the guide, these instructions
are subject to change without notice. In fact, the Bugzilla Team hopes
they do as we would like to have Bugzilla resonabally close to "out of
the box" compatibility by the 2.18 release.
]]>
</para>
<para>If so, download both
<ulink
url="http://openinteract.sourceforge.net/ppmpackages/AppConfig.tar.gz">
the tarball</ulink>
and
<ulink
url="http://openinteract.sourceforge.net/ppmpackages/AppConfig.ppd">
the ppd</ulink>
directly from OpenInteract, then run ppm from within the same
directory to which you downloaded those files and install the
package by referencing the ppd file explicitly via in the install
command, f.e.:
<example>
<title>Installing OpenInteract ppd Modules manually on Microsoft
Windows</title>
<section id="win32-perl">
<title>Win32 Perl</title>
<para>
<computeroutput>
<command>install
<filename>C:\AppConfig.ppd</filename>
</command>
</computeroutput>
</para>
</example>
</para>
</step>
<step>
<para>Install MySQL for NT.
<note>
<para>You can download MySQL for Windows NT from
<ulink url="http://www.mysql.com/">MySQL.com</ulink>
. Some find it helpful to use the WinMySqlAdmin utility, included
with the download, to set up the database.</para>
</note>
</para>
</step>
<step>
<para>Setup MySQL</para>
<substeps>
<step>
<para>
<computeroutput>
<prompt>C:&gt;</prompt>
<command>C:\mysql\bin\mysql -u root mysql</command>
</computeroutput>
</para>
</step>
<step>
<para>
<computeroutput>
<prompt>mysql&gt;</prompt>
<command>DELETE FROM user WHERE Host='localhost' AND
User='';</command>
</computeroutput>
</para>
</step>
<step>
<para>
<computeroutput>
<prompt>mysql&gt;</prompt>
<command>UPDATE user SET Password=PASSWORD ('new_password')
WHERE user='root';</command>
</computeroutput>
</para>
<para>
<quote>new_password</quote>
, above, indicates whatever password you wish to use for your
<quote>root</quote>
user.</para>
</step>
<step id="ntbugs-password">
<para>
<computeroutput>
<prompt>mysql&gt;</prompt>
<command>GRANT SELECT, INSERT, UPDATE, DELETE, INDEX,
ALTER, CREATE, DROP, REFERENCES ON bugs.* to bugs@localhost
IDENTIFIED BY 'bugs_password';</command>
</computeroutput>
</para>
<para>
<quote>bugs_password</quote>
, above, indicates whatever password you wish to use for your
<quote>bugs</quote>
user.</para>
</step>
<step>
<para>
<computeroutput>
<prompt>mysql&gt;</prompt>
<command>FLUSH PRIVILEGES;</command>
</computeroutput>
</para>
</step>
<step>
<para>
<computeroutput>
<prompt>mysql&gt;</prompt>
<command>create database bugs;</command>
</computeroutput>
</para>
</step>
<step>
<para>
<computeroutput>
<prompt>mysql&gt;</prompt>
<command>exit;</command>
</computeroutput>
</para>
</step>
<step>
<para>
<computeroutput>
<prompt>C:&gt;</prompt>
<command>C:\mysql\bin\mysqladmin -u root -p
reload</command>
</computeroutput>
</para>
</step>
</substeps>
</step>
<step>
<para>Edit
<filename>checksetup.pl</filename>
in your Bugzilla directory. Change this line:</para>
<para>
<programlisting>my $webservergid =
getgrnam($my_webservergroup);</programlisting>
<para>Perl for Windows can be obtained from <ulink
url="http://www.activestate.com/">ActiveState</ulink>. You should be
able to find a compiled binary at <ulink
url="http://aspn.activestate.com/ASPN/Downloads/ActivePerl/">http://aspn.activestate.com/ASPN/Downloads/ActivePerl/</ulink>.
</para>
</section>
<para>to</para>
<section id="win32-perl-modules">
<title>Perl Modules on Win32</title>
<para>
<programlisting>my $webservergid =
$my_webservergroup;</programlisting>
or the name of the group you wish to own the files explicitly:
<programlisting>my $webservergid =
'Administrators'</programlisting>
<para>Bugzilla on Windows requires the same perl modules found in
<xref linkend="install-package-list"/>. The main difference is that
windows uses <command>ppm</command> instead of CPAN.
</para>
</step>
<step>
<para>Run
<filename>checksetup.pl</filename>
from the Bugzilla directory.</para>
</step>
<step>
<para>Edit
<filename>localconfig</filename>
to suit your requirements. Set
<varname>$db_pass</varname>
to your
<quote>bugs_password</quote>
from
<xref linkend="ntbugs-password" />
, and
<varname>$webservergroup</varname>
to
<quote>8</quote>
.</para>
<programlisting>
C:\perl&gt; <command>ppm &lt;module name&gt;</command>
</programlisting>
<note>
<para>Not sure on the
<quote>8</quote>
for
<varname>$webservergroup</varname>
above. If it's wrong, please send corrections.</para>
</note>
</step>
<step>
<para>Edit
<filename>defparams.pl</filename>
to suit your requirements. Particularly, set
<varname>DefParam("maintainer")</varname>
and
<varname>DefParam("urlbase") to match your install.</varname>
<para>The above syntax should work for all modules with the exception
of Template Toolkit. The <ulink
url="http://tt2.org/download.html#win32">Template Toolkit website</ulink>
suggests using the instructions on <ulink
url="http://openinteract.sourceforge.net/">OpenInteract's website</ulink>.
</para>
<note>
<para>This is yet another step I'm not sure of, since the
maintainer of this documentation does not maintain Bugzilla on
NT. If you can confirm or deny that this step is required, please
let me know.</para>
</note>
</step>
<step>
<note>
<para>There are several alternatives to Sendmail that will work
on Win32. The one mentioned here is a
<emphasis>suggestion</emphasis>
, not a requirement. Some other mail packages that can work
include
<ulink url="http://www.blat.net/">BLAT</ulink>
,
<ulink url="http://www.geocel.com/windmail/">Windmail</ulink>
,
<ulink url="http://www.dynamicstate.com/">Mercury
Sendmail</ulink>
, and the CPAN Net::SMTP Perl module (available in .ppm). Every
option requires some hacking of the Perl scripts for Bugzilla to
make it work. The option here simply requires the least.</para>
</note>
<procedure>
<step>
<para>Download NTsendmail, available from
<ulink url="http://www.ntsendmail.com/">
www.ntsendmail.com</ulink>
. You must have a "real" mail server which allows you to relay
off it in your $ENV{"NTsendmail"} (which you should probably
place in globals.pl)</para>
</step>
<step>
<para>Put ntsendmail.pm into your .\perl\lib directory.</para>
</step>
<step>
<para>Add to globals.pl:</para>
<programlisting># these settings configure the NTsendmail
process use NTsendmail;
$ENV{"NTsendmail"}="your.smtpserver.box";
$ENV{"NTsendmail_debug"}=1;
$ENV{"NTsendmail_max_tries"}=5;</programlisting>
<note>
<para>Some mention to also edit
<varname>$db_pass</varname>
in
<filename>globals.pl</filename>
to be your
<quote>bugs_password</quote>
. Although this may get you around some problem
authenticating to your database, since globals.pl is not
normally restricted by
<filename>.htaccess</filename>
, your database password is exposed to whoever uses your web
server.</para>
</note>
</step>
<step>
<para>Find and comment out all occurences of
<quote>
<command>open(SENDMAIL</command>
</quote>
in your Bugzilla directory. Then replace them with:
<programlisting># new sendmail functionality my $mail=new
NTsendmail; my $from="bugzilla\@your.machine.name.tld"; my
$to=$login; my $subject=$urlbase;
$mail-&gt;send($from,$to,$subject,$msg);</programlisting>
<para>A complete list of modules that can be installed using ppm can
be found at <ulink url="http://www.activestate.com/PPMPackages/5.6plus">http://www.activestate.com/PPMPackages/5.6plus</ulink>.
</para>
<note>
<para>Some have found success using the commercial product,
<productname>Windmail</productname>
. You could try replacing your sendmail calls with:
<programlisting>open SENDMAIL,
"|\"C:/General/Web/tools/Windmail 4.0 Beta/windmail\" -t &gt;
mail.log";</programlisting>
or something to that effect.</para>
</note>
</step>
</procedure>
</step>
<step>
<para>Change all references in all files from
<filename>processmail</filename>
to
<filename>processmail.pl</filename>
</section>
, and rename
<filename>processmail</filename>
<section id="win32-code-changes">
<title>Code changes required to run on win32</title>
to
<filename>processmail.pl</filename>
<para>Unfortunately, Bugzilla still doesn't run "out of the box" on
Windows. There is work in progress to make this easier, but until that
happens code will have to be modified. This section is an attempt to
list the required changes. It is an attempt to be all inclusive, but
there may be other changes required. If you find something is missing,
please file a bug in &bzg-bugs;.
</para>
.</para>
<section id="win32-code-checksetup">
<title>Changes to <filename>checksetup.pl</filename></title>
<note>
<para>Many think this may be a change we want to make for
main-tree Bugzilla. It's painless for the UNIX folks, and will
make the Win32 people happier.</para>
</note>
<para>In <filename>checksetup.pl</filename>, the line reading:</para>
<note>
<para>Some people have suggested using the Net::SMTP Perl module
instead of NTsendmail or the other options listed here. You can
change processmail.pl to make this work.
<programlisting>
<![CDATA[
my $smtp = Net::SMTP->new('<Name of your SMTP server>'); #connect to SMTP server
$smtp->mail('<your name>@<you smpt server>');# use the sender's adress here
$smtp->to($tolist); # recipient's address
$smtp->data(); # Start the mail
$smtp->datasend($msg);
$smtp->dataend(); # Finish sending the mail
$smtp->quit; # Close the SMTP connection
$logstr = "$logstr; mail sent to $tolist $cclist";
}
]]>
my $mysql_binaries = `which mysql`;
</programlisting>
here is a test mail program for Net::SMTP:
<para>to</para>
<programlisting>
<![CDATA[
use Net::SMTP;
my $smtp = Net::SMTP->new('<Name of your SMTP server', Timeout => 30, Debug
=> 1, ); # connect to SMTP server
$smtp->auth;
$smtp->mail('you@yourcompany.com');# use the sender's adress
here
$smtp->to('someotherAddress@someotherdomain.com'); #
recipient's address
$smtp->data(); # Start the mail
$smtp->datasend('test');
$smtp->dataend(); # Finish sending the mail
$smtp->quit; # Close the SMTP connection
exit;
]]>
my $mysql_binaries = "D:\\mysql\\bin\\mysql";
</programlisting>
</para>
</note>
</step>
<step>
<note>
<para>This step is optional if you are using IIS or another web
server which only decides on an interpreter based upon the file
extension (.pl), rather than the
<quote>shebang</quote>
line (#/usr/bonsaitools/bin/perl)</para>
</note>
<para>Modify the path to perl on the first line (#!) of all files
to point to your Perl installation, and add
<quote>perl</quote>
to the beginning of all Perl system calls that use a perl script as
an argument. This may take you a while. There is a
<quote>setperl.csh</quote>
<para>And you'll also need to change:</para>
utility to speed part of this procedure, available in the
<xref linkend="patches" />
section of The Bugzilla Guide. However, it requires the Cygwin
GNU-compatible environment for Win32 be set up in order to work.
See
<ulink url="http://www.cygwin.com/">http://www.cygwin.com/</ulink>
for details on obtaining Cygwin.</para>
</step>
<step>
<para>Modify the invocation of all system() calls in all perl
scripts in your Bugzilla directory. You should specify the full
path to perl for each system() call. For instance, change this line
in processmail:
<programlisting>
<![CDATA[
system ("./processmail",@ARGLIST);
</programlisting> to
my $webservergid = getgrnam($my_webservergroup)
</programlisting>
<para>to</para>
<programlisting>
system ("C:\\perl\\bin\\perl", "processmail", @ARGLIST);
]]>
my $webservergid = '8'
</programlisting>
</para>
</step>
</section>
</procedure>
<section id="win32-code-mail">
<title>Making mail work</title>
<tip>
<para>If you are using IIS or Personal Web Server, you must add cgi
relationships to Properties -&gt; Home directory (tab) -&gt;
Application Settings (section) -&gt; Configuration (button), such
as:</para>
<para>
<programlisting>.cgi to: &lt;perl install directory&gt;\perl.exe %s
%s .pl to: &lt;perl install directory&gt;\perl.exe %s %s
GET,HEAD,POST</programlisting>
<para>The easiest way to get mail working is to use the mail patches
on <ulink url="http://bugzilla.mozilla.org/show_bug.cgi?id=124174">bug
124174</ulink>. With any luck, this patch will receive the required
reviews and integrated into the main Bugzilla distribution very soon.
Until that happens, there's at least one report of this patch working
well on Windows.
</para>
Change the path to Perl to match your install, of course.</para>
</tip>
</section>
<section id="addlwintips">
<title>Additional Windows Tips</title>
<section>
<title>System Calls</title>
<tip>
<para>From Andrew Pearson:
<blockquote>
<para>You can make Bugzilla work with Personal Web Server for
Windows 98 and higher, as well as for IIS 4.0. Microsoft has
information available at
<ulink
url=" http://support.microsoft.com/support/kb/articles/Q231/9/98.ASP">
http://support.microsoft.com/support/kb/articles/Q231/9/98.ASP</ulink>
<para>In order to get system calls to work on win32's perl, you need
to tell the windows shell what interpreter to use. This is done by
changing the <function>system</function> calls. You will need to
search all of Bugzilla's code for <function>system</function> calls.
To tell perl your interpreter, it needs to be the first argument to
the <function>system</function> call. For example, you'll need to
change:
</para>
<para>Basically you need to add two String Keys in the registry at
the following location:</para>
<para>
<!-- We'll need a different example when there's no more processmail -->
<programlisting>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ScriptMap</programlisting>
</para>
system("./processmail", $id, $exporter);
</programlisting>
<para>with</para>
<programlisting>
system("C:\\perl\\bin\\perl", "processmail", $id, $exporter);
</programlisting>
<para>The keys should be called ".pl" and ".cgi", and both should
have a value something like:
<command>c:/perl/bin/perl.exe "%s" "%s"</command>
<para>Notice that the <computeroutput>./</computeroutput> is also
removed.
</para>
<para>The KB article only talks about .pl, but it goes into more
detail and provides a perl test script.</para>
</blockquote>
<tip>
<para>The <command>grep</command> command is very helpful in finding
these <function>system</function> calls, assuming you have the
<productname class="trade">cygwin</productname> utilities.
</para>
</tip>
<tip>
<para>If attempting to run Bugzilla 2.12 or older, you will need to
remove encrypt() calls from the Perl source. This is
<emphasis>not necessary</emphasis>
</section>
for Bugzilla 2.13 and later, which includes the current release,
Bugzilla &amp;bz-ver;.
<example>
<title>Removing encrypt() for Windows NT Bugzilla version 2.12 or
earlier</title>
</section>
<para>Replace this:
<programlisting>SendSQL("SELECT encrypt(" . SqlQuote($enteredpwd) .
", " . SQLQuote(substr($realcryptpwd, 0, 2)) . ")"); my
$enteredcryptpwd = FetchOneColumn();</programlisting>
<section id="win32-http">
<title>Serving the web pages</title>
with this:
<programlisting>my $enteredcryptpwd = $enteredpwd</programlisting>
<para>As is the case on Unix based systems, any web server should be
able to handle Bugzilla; however, the Bugzilla Team still recommends
Apache whenever asked. No matter what web server you choose, be sure
to pay attention to the security notes in <xref linkend="security"/>.
More information on configuring specific web servers can be found in
<xref linkend="http"/>.
</para>
in cgi.pl.</para>
</example>
<note>
<para>If using Apache on windows, you can set the <ulink
url="http://httpd.apache.org/docs-2.0/mod/core.html#scriptinterpretersource">ScriptInterpreterSource</ulink>
directive in your Apache config, if you don't do this, you'll have
to modify the first line of every script to contain your path to
perl instead of <filename>/usr/bonsaitools/bin/perl</filename>.
</para>
</tip>
</note>
</section>
</section>
<section id="osx">
<title>Mac OS X Installation Notes</title>
<section id="os-macosx">
<title><productname>Mac OS X</productname></title>
<!-- XXX - Clean me up... (Mac OS X) -->
<para>There are a lot of common libraries and utilities out there that
Apple did not include with Mac OS X, but which run perfectly well on it.
The GD library, which Bugzilla needs to do bug graphs, is one of
......@@ -2030,7 +1484,7 @@ system ("C:\\perl\\bin\\perl", "processmail", @ARGLIST);
<para>The easiest way to get a lot of these is with a program called
Fink, which is similar in nature to the CPAN installer, but installs
common GNU utilities. Fink is available from
&lt;http://sourceforge.net/projects/fink/&gt;.</para>
<ulink url="http://sourceforge.net/projects/fink/"/>.</para>
<para>Follow the instructions for setting up Fink. Once it's installed,
you'll want to run the following as root:
......@@ -2091,6 +1545,207 @@ system ("C:\\perl\\bin\\perl", "processmail", @ARGLIST);
</section>
</section>
<section id="http">
<title>HTTP Server Configuration</title>
<para>The Bugzilla Team recommends Apache when using Bugzilla, however, any web server
that can be configured to run <glossterm linkend="gloss-cgi">CGI</glossterm> scripts
should be able to handle Bugzilla. No matter what web server you choose, but
especially if you choose something other than Apache, you should be sure to read
<xref linkend="security"/>.
</para>
<para>The plan for this section is to eventually document the specifics of how to lock
down permissions on individual web servers.
</para>
<section id="http-apache">
<title>Apache <productname>httpd</productname></title>
<para>As mentioned above, the Bugzilla Team recommends Apache for use
with Bugzilla. You will have to make sure that Apache is properly
configured to run the Bugzilla CGI scripts. You also need to make sure
that the <filename>.htaccess</filename> files created by
<command>./checksetup.pl</command> (shown in <xref linkend="http-apache-htaccess"/>
for the curious) are allowed to override Apache's normal access
permissions or else important password information may be exposed to the
Internet.
</para>
<para>Many Apache installations are not configured to run scripts
anywhere but in the <filename class="directory">cgi-bin</filename>
directory; however, we recommend that Bugzilla not be installed in the
<filename class="directory">cgi-bin</filename>, otherwise the static
files such as images and <xref linkend="gloss-javascript"/>
will not work correctly. To allow scripts to run in the normal
web space, the following changes should be made to your
<filename>httpd.conf</filename> file.
</para>
<para>To allow files with a .cgi extension to be run, make sure the
following line exists and is uncommented:</para>
<programlisting>
AddHandler cgi-script .cgi
</programlisting>
<para>To allow <filename>.htaccess</filename> files to override
permissions and .cgi files to run in the Bugzilla directory, make sure
the following two lines are in a <computeroutput>Directory</computeroutput>
directive that applies to the Bugzilla directory on your system
(either the Bugzilla directory or one of its parents).
</para>
<programlisting>
Options +ExecCGI
AllowOverride Limit
</programlisting>
<note>
<para>For more information on Apache and its directives, see the
glossary entry on <xref linkend="gloss-apache"/>.
</para>
</note>
<example id="http-apache-htaccess">
<title><filename>.htaccess</filename> files for Apache</title>
<para><filename>$BUGZILLA_HOME/.htaccess</filename>
<programlisting><![CDATA[
# don't allow people to retrieve non-cgi executable files or our private data
<FilesMatch ^(.*\.pl|.*localconfig.*|processmail|runtests.sh)$>
deny from all
</FilesMatch>
<FilesMatch ^(localconfig.js|localconfig.rdf)$>
allow from all
</FilesMatch>
]]></programlisting>
</para>
<para><filename>$BUGZILLA_HOME/data/.htaccess</filename>
<programlisting><![CDATA[
# nothing in this directory is retrievable unless overriden by an .htaccess
# in a subdirectory; the only exception is duplicates.rdf, which is used by
# duplicates.xul and must be loadable over the web
deny from all
<Files duplicates.rdf>
allow from all
</Files>
]]></programlisting>
</para>
<para><filename>$BUGZILLA_HOME/data/webdot</filename>
<programlisting><![CDATA[
# Restrict access to .dot files to the public webdot server at research.att.com
# if research.att.com ever changed their IP, or if you use a different
# webdot server, you'll need to edit this
<FilesMatch ^[0-9]+\.dot$>
Allow from 192.20.225.10
Deny from all
</FilesMatch>
# Allow access by a local copy of 'dot' to .png, .gif, .jpg, and
# .map files
<FilesMatch ^[0-9]+\.(png|gif|jpg|map)$>
Allow from all
</FilesMatch>
# And no directory listings, either.
Deny from all
]]></programlisting>
</para>
<para><filename>$BUGZILLA_HOME/Bugzilla/.htaccess</filename>
<programlisting>
# nothing in this directory is retrievable unless overriden by an .htaccess
# in a subdirectory
deny from all
</programlisting>
</para>
<para><filename>$BUGZILLA_HOME/template/.htaccess</filename>
<programlisting>
# nothing in this directory is retrievable unless overriden by an .htaccess
# in a subdirectory
deny from all
</programlisting>
</para>
</example>
</section>
<section id="http-iis">
<title>Microsoft <productname>Internet Information Services</productname></title>
<para>If you need, or for some reason even want, to use Microsoft's
<productname>Internet Information Services</productname> or
<productname>Personal Web Server</productname> you should be able
to. You will need to configure them to know how to run CGI scripts,
however. This is described in Microsoft Knowledge Base article
<ulink url="http://support.microsoft.com/support/kb/articles/Q245/2/25.asp">Q245225 </ulink>
for <productname>Internet Information Services</productname> and
<ulink url="http://support.microsoft.com/support/kb/articles/Q231/9/98.asp">Q231998</ulink>
for <productname>Personal Web Server</productname>.
</para>
<para>Also, and this can't be stressed enough, make sure that files such as
<filename>localconfig</filename> and your <filename class="directory">data</filename>
directory are secured as described in <xref linkend="security"/>.
</para>
</section>
<section id="http-aol">
<title>AOL Server</title>
<para>Ben FrantzDale reported success using AOL Server with Bugzilla. He
reported his experience and what appears below is based on that.
</para>
<para>AOL Server will have to be configured to run
<glossterm linkend="gloss-cgi">CGI</glossterm> scripts, please consult
the documentation that came with your server for more information on
how to do this.
</para>
<para>Because AOL Server doesn't support <filename>.htaccess</filename>
files, you'll have to create a <glossterm linkend="gloss-tcl">TCL</glossterm>
script. You should create an <filename>aolserver/modules/tcl/filter.tcl</filename>
file (the filename shouldn't matter) with the following contents (change
<computeroutput>/bugzilla/</computeroutput> to the web-based path to
your Bugzilla installation):
</para>
<programlisting>
ns_register_filter preauth GET /bugzilla/localconfig filter_deny
ns_register_filter preauth GET /bugzilla/*.pl filter_deny
ns_register_filter preauth GET /bugzilla/localconfig filter_deny
ns_register_filter preauth GET /bugzilla/processmail filter_deny
ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny
ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny
proc filter_deny { why } {
ns_log Notice "filter_deny"
return "filter_return"
}
</programlisting>
<warning>
<para>This doesn't appear to account for everything mentioned in
<xref linkend="security"/>. In particular, it doesn't block access
to the <filename class="directory">data</filename> or
<filename class="directory">template</filename> directories. It also
doesn't account for the editor backup files that were the topic of
<ulink url="http://bugzilla.mozilla.org/show_bug.cgi?id=186383">bug
186383</ulink>, <ulink
url="http://online.securityfocus.com/bid/6501">Bugtraq ID 6501</ulink>,
and a partial cause for the 2.16.2 release.
</para>
</warning>
</section>
</section>
<section id="troubleshooting">
<title>Troubleshooting</title>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment