summaryrefslogtreecommitdiffstats
path: root/docs/txt/Bugzilla-Guide.txt
diff options
context:
space:
mode:
Diffstat (limited to 'docs/txt/Bugzilla-Guide.txt')
-rw-r--r--docs/txt/Bugzilla-Guide.txt1340
1 files changed, 775 insertions, 565 deletions
diff --git a/docs/txt/Bugzilla-Guide.txt b/docs/txt/Bugzilla-Guide.txt
index a5fd79fcb..46972a7d8 100644
--- a/docs/txt/Bugzilla-Guide.txt
+++ b/docs/txt/Bugzilla-Guide.txt
@@ -7,11 +7,6 @@ Matthew P. Barnson
Zach Lipton
zach@NOSPAM.zachlipton.com
-
-Edited by
-
-I. P. Freely
-
Revision History
Revision v2.11 20 December 2000 Revised by: MPB
Converted the README, FAQ, and DATABASE information into SGML docbook
@@ -52,6 +47,11 @@ I. P. Freely
responsible for installing and maintaining this software is a
qualified professional on operating system upon which you install
Bugzilla.
+
+ THIS DOCUMENTATION IS MAINTAINED IN DOCBOOK 4.1 SGML FORMAT. IF YOU
+ WISH TO MAKE CORRECTIONS, PLEASE MAKE THEM IN PLAIN TEXT OR SGML DIFFS
+ AGAINST THE SOURCE. I CANNOT ACCEPT ADDITIONS TO THE GUIDE WRITTEN IN
+ HTML!
_________________________________________________________________
Table of Contents
@@ -80,7 +80,7 @@ I. P. Freely
2.3.3.1. Writing a Great Bug Report
2.3.3.2. Managing your Bug Reports
- 2.4. What's in it for me?
+ 2.4. Where can I find my user preferences?
2.4.1. Account Settings
2.4.2. Email Settings
@@ -113,7 +113,7 @@ I. P. Freely
3.2.12. HTTP Server
3.2.13. Installing the Bugzilla Files
3.2.14. Setting Up the MySQL Database
- 3.2.15. Tweaking "localconfig"
+ 3.2.15. Tweaking localconfig
3.2.16. Setting Up Maintainers Manually (Optional)
3.2.17. The Whining Cron (Optional)
3.2.18. Bug Graphs (Optional)
@@ -126,7 +126,11 @@ I. P. Freely
3.5.1. Modifying Your Running System
3.5.2. Upgrading From Previous Versions
3.5.3. .htaccess files and security
- 3.5.4. UNIX Installation Instructions History
+ 3.5.4. mod_throttle and Security
+ 3.5.5. Preventing untrusted Bugzilla content from executing
+ malicious Javascript code
+
+ 3.5.6. UNIX Installation Instructions History
3.6. Win32 Installation Notes
@@ -162,7 +166,7 @@ I. P. Freely
5.1. Bonsai
5.2. CVS
5.3. Perforce SCM
- 5.4. Tinderbox
+ 5.4. Tinderbox/Tinderbox2
6. The Future of Bugzilla
A. The Bugzilla FAQ
@@ -178,15 +182,21 @@ I. P. Freely
C.3. MySQL Permissions & Grant Tables
- 7. Bugzilla Variants
+ 7. Bugzilla Variants and Competitors
7.1. Red Hat Bugzilla
+ 7.2. Loki Bugzilla (Fenris)
+ 7.3. Issuezilla
+ 7.4. Scarab
+ 7.5. Perforce SCM
+ 7.6. SourceForge
D. Useful Patches and Utilities for Bugzilla
- D.1. The setperl.csh Utility
- D.2. Command-line Bugzilla Queries
- D.3. The Quicksearch Utility
+ D.1. Apache mod_rewrite magic
+ D.2. The setperl.csh Utility
+ D.3. Command-line Bugzilla Queries
+ D.4. The Quicksearch Utility
E. GNU Free Documentation License
@@ -211,7 +221,9 @@ I. P. Freely
3-1. Setting up bonsaitools symlink
3-2. Running checksetup.pl as the web user
3-3. Installing ActivePerl ppd Modules on Microsoft Windows
- 3-4. Removing encrypt() for Windows NT installations
+ 3-4. Removing encrypt() for Windows NT Bugzilla version 2.12 or
+ earlier
+
4-1. Creating some Components
4-2. Common Use of Versions
4-3. A Different Use of Versions
@@ -231,14 +243,13 @@ Chapter 1. About This Guide
I left untouched for nearly half a year. After numerous complete
rewrites and reformatting, it is the document you see today.
- Despite the lack of updates, Bugzilla is simply the best piece of
- bug-tracking software the world has ever seen. This document is
- intended to be the comprehensive guide to the installation,
- administration, maintenance, and use of the Bugzilla bug-tracking
- system.
+ Bugzilla is simply the best piece of bug-tracking software the world
+ has ever seen. This document is intended to be the comprehensive guide
+ to the installation, administration, maintenance, and use of the
+ Bugzilla bug-tracking system.
- This release of the Bugzilla Guide is the 2.14.0 release. It is so
- named that it may match the current version of Bugzilla. The numbering
+ This release of the Bugzilla Guide is the 2.14 release. It is so named
+ that it may match the current version of Bugzilla. The numbering
tradition stems from that used for many free software projects, in
which even-numbered point releases (1.2, 1.14, etc.) are considered
"stable releases", intended for public consumption; on the other hand,
@@ -253,7 +264,7 @@ Chapter 1. About This Guide
of Bugzilla, as of this writing (August 10, 2001) is 2.14; if
something were seriously wrong with that edition of the Guide,
subsequent releases would receive an additional dotted-decimal digit
- to indicate the update (2.14.0.1, 2.14.0.2, etc.). Got it? Good.
+ to indicate the update (2.14.1, 2.14.2, etc.). Got it? Good.
I wrote this in response to the enormous demand for decent Bugzilla
documentation. I have incorporated instructions from the Bugzilla
@@ -322,7 +333,7 @@ Chapter 1. About This Guide
1.4. New Versions
- This is the 2.14.0 version of The Bugzilla Guide. If you are reading
+ This is the 2.14 version of The Bugzilla Guide. If you are reading
this from any source other than those below, please check one of these
mirrors to make sure you are reading an up-to-date version of the
Guide.
@@ -431,7 +442,7 @@ Chapter 2. Using Bugzilla
- What, Why, How, & What's in it for me?
+ What, Why, How, & Where?
_________________________________________________________________
2.1. What is Bugzilla?
@@ -461,16 +472,18 @@ Chapter 2. Using Bugzilla
protocol
* email, XML, console, and HTTP APIs
* available integration with automated software configuration
- management systems, including Perforce and CVS
+ management systems, including Perforce and CVS (through the
+ Bugzilla email interface and checkin/checkout scripts)
* too many more features to list
- Despite its current robustness and popularity, however, Bugzilla faces
- some near-term challenges, such as reliance on a single database, a
- lack of abstraction of the user interface and program logic, verbose
- email bug notifications, a powerful but daunting query interface,
- little reporting configurability, problems with extremely large
- queries, some unsupportable bug resolution options, no
- internationalization, and dependence on some nonstandard libraries.
+ Despite its current robustness and popularity, Bugzilla faces some
+ near-term challenges, such as reliance on a single database, a lack of
+ abstraction of the user interface and program logic, verbose email bug
+ notifications, a powerful but daunting query interface, little
+ reporting configurability, problems with extremely large queries, some
+ unsupportable bug resolution options, little internationalization
+ (although non-US character sets are accepted for comments), and
+ dependence on some nonstandard libraries.
Some recent headway has been made on the query front, however. If you
are using the latest version of Bugzilla, you should see a "simple
@@ -479,9 +492,8 @@ Chapter 2. Using Bugzilla
information. This is also available as "queryhelp.cgi".
Despite these small problems, Bugzilla is very hard to beat. It is
- under very active development to address the current issues, and a
- long-awaited overhaul in the form of Bugzilla 3.0 is expected sometime
- later this year.
+ under very active development to address the current issues, and
+ continually gains new features.
_________________________________________________________________
2.2. Why Should We Use Bugzilla?
@@ -522,7 +534,7 @@ Chapter 2. Using Bugzilla
Bugzilla can dramatically increase the productivity and accountability
of individual employees by providing a documented workflow and
positive feedback for good performance. How many times do you wake up
- in the morning, remembering that you were supposed to do *something*
+ in the morning, remembering that you were supposed to do something
today, but you just can't quite remember? Put it in Bugzilla, and you
have a record of it from which you can extrapolate milestones, predict
product versions for integration, and by using Bugzilla's e-mail
@@ -555,7 +567,7 @@ Chapter 2. Using Bugzilla
Note
Some people have run into difficulties completing this tutorial. If
- you run into problems, please check the updated, online documentation
+ you run into problems, please check the updated online documentation
available at http://www.trilobyte.net/barnsons. If you're still
stumped, please subscribe to the newsgroup and provide details of
exactly what's stumping you! If enough people complain, I'll have to
@@ -581,10 +593,10 @@ Chapter 2. Using Bugzilla
2. Enter your "E-mail address" and "Real Name" (or whatever name you
want to call yourself) in the spaces provided, then select the
"Create Account" button.
- 3. Within 5-10 minutes, you should receive an email to the address
- you provided above, which contains your login name (generally the
- same as the email address), and a password you can use to access
- your account. This password is randomly generated, and should be
+ 3. Within moments, you should receive an email to the address you
+ provided above, which contains your login name (generally the same
+ as the email address), and a password you can use to access your
+ account. This password is randomly generated, and should be
changed at your nearest opportunity (we'll go into how to do it
later).
4. Click the "Log In" link in the yellow area at the bottom of the
@@ -603,8 +615,8 @@ Chapter 2. Using Bugzilla
Many modern browsers include an "Auto-Complete" or "Form Fill" feature
to remember the user names and passwords you type in at many sites.
- Unfortunately, sometimes they attempt to "guess" what you will put in
- as your password, and guess wrong. If you notice a text box is already
+ Unfortunately, sometimes they attempt to guess what you will put in as
+ your password, and guess wrong. If you notice a text box is already
filled out, please overwrite the contents of the text box so you can
be sure to input the correct information.
@@ -617,17 +629,17 @@ Chapter 2. Using Bugzilla
2.3.2. The Bugzilla Query Page
- The Bugzilla Query Page is the heart and soul of Bugzilla. It is the
- master interface where you can find any bug report, comment, or patch
- currently in the Bugzilla system. We'll go into how to create your own
- bug report later on.
+ The Bugzilla Query Page is the heart and soul of the Bugzilla user
+ experience. It is the master interface where you can find any bug
+ report, comment, or patch currently in the Bugzilla system. We'll go
+ into how to create your own bug report later on.
There are efforts underway to simplify query usage. If you have a
local installation of Bugzilla 2.12 or higher, you should have
- "quicksearch.html" available to use and simplify your searches. There
- is also, or shortly will be, a helper for the query interface, called
- "queryhelp.cgi". Landfill tends to run the latest code, so these two
- utilities should be available there for your perusal.
+ quicksearch.html available to use and simplify your searches. There is
+ also a helper for the query interface, called queryhelp.cgi. Landfill
+ tends to run the latest code, so these two utilities should be
+ available there for your perusal.
At this point, please visit the main Bugzilla site,
bugzilla.mozilla.org, to see a more fleshed-out query page.
@@ -645,13 +657,13 @@ Chapter 2. Using Bugzilla
"Back" button in your browser.
I'm sure that after checking out the online help, you are now an
- Expert on the Bugzilla Query Page. If, however, you feel you haven't
+ expert on the Bugzilla Query Page. If, however, you feel you haven't
mastered it yet, let me walk you through making a few successful
queries to find out what there are in the Bugzilla bug-tracking system
itself.
- 1. Ensure you are back on the "Bugzilla Query Page" Do nothing in the
- boxes marked "Status", "Resolution", "Platform", "OpSys",
+ 1. Ensure you are back on the "Bugzilla Query Page". Do nothing in
+ the boxes marked "Status", "Resolution", "Platform", "OpSys",
"Priority", or "Severity". The default query for "Status" is to
find all bugs that are NEW, ASSIGNED, or REOPENED, which is what
we want. If you don't select anything in the other 5 scrollboxes
@@ -661,7 +673,7 @@ Chapter 2. Using Bugzilla
have it figured out.
Basically, selecting anything on the query page narrows your
search down. Leaving stuff unselected, or text boxes unfilled,
- broadens your search!
+ broadens your search.
2. You see the box immediately below the top six boxes that contains
an "Email" text box, with the words "matching as", a drop-down
selection box, then some checkboxes with "Assigned To" checked by
@@ -786,13 +798,17 @@ Chapter 2. Using Bugzilla
2.3.3.1. Writing a Great Bug Report
Before we plunge into writing your first bug report, I encourage you
- to read Mozilla.org's Bug Writing Guidelines. While some of the advice
- is Mozilla-specific, the basic principles of reporting Reproducible,
- Specific bugs, isolating the Product you are using, the Version of the
- Product, the Component which failed, the Hardware Platform, and
- Operating System you were using at the time of the failure go a long
- way toward ensuring accurate, responsible fixes for the bug that bit
- you.
+ to read some bug-writing guidelines. If you are reading this document
+ as part of a Bugzilla CVS checkout or un-tarred Bugzilla distribution,
+ you should be able to read them by clicking here. If you are reading
+ this online, check out the Mozilla.org bug-writing guidelines at
+ http://www.mozilla.org/quality/bug-writing-guidelines.html. While some
+ of the advice is Mozilla-specific, the basic principles of reporting
+ Reproducible, Specific bugs, isolating the Product you are using, the
+ Version of the Product, the Component which failed, the Hardware
+ Platform, and Operating System you were using at the time of the
+ failure go a long way toward ensuring accurate, responsible fixes for
+ the bug that bit you.
While you are at it, why not learn how to find previously reported
bugs? Mozilla.org has published a great tutorial on finding duplicate
@@ -872,7 +888,7 @@ Chapter 2. Using Bugzilla
"Reports" link at the footer of each page.
_________________________________________________________________
-2.4. What's in it for me?
+2.4. Where can I find my user preferences?
@@ -894,34 +910,25 @@ Chapter 2. Using Bugzilla
"Old Password" field. If you wish to change your password, type the
new password you want into the "New Password" field and again into the
"Re-enter new password" field to ensure you typed your new password
- correctly. Select the "Submit" button and you're done!
+ correctly. Select the "Submit" button and you are done.
_________________________________________________________________
2.4.2. Email Settings
2.4.2.1. Email Notification
- Note
-
- The email notification settings described below have been obsoleted in
- Bugzilla 2.12, and this section will be replaced with a comprehensive
- description of the amazing array of new options at your disposal.
- However, in the meantime, throw this chunk out the window and go crazy
- with goofing around with different notification options.
-
- Ahh, here you can reduce or increase the amount of email sent you from
- Bugzilla! In the drop-down "Notify me of changes to", select one of
-
- All qualifying bugs: sends you every change to every bug where your
- name is somewhere on it, regardless of who changed it.
- Only those bugs which I am listed in the CC line: prevents you from
- receiving mail for which you are the reporter,' owner, or QA contact.
- If you are on the CC list, presumably someone had a good reason for
- you to get the email.
- All qulifying bugs except those which I change: This is the default,
- and a sensible setting. If someone else changes your bugs, you will
- get emailed, but if you change bugs yourself you will receive no
- notification of the change.
+ Here you can reduce or increase the amount of email sent you from
+ Bugzilla. Although this is referred to as "Advanced Email Filtering
+ Options", they are, in fact, the standard email filter set. All of
+ them are self-explanatory, but you can use the filters in interesting
+ ways. For instance, some people (notably Quality Assurance personnel)
+ often only care to receive updates regarding a bug when the bug
+ changes state, so they can track bugs on their flow charts and know
+ when it is time to pull the bug onto a quality assurance platform for
+ inspection. Other people set up email gateways to Bonsai, the Mozilla
+ automated CVS management system or Tinderbox, the Mozilla automated
+ build management system, and restrict which types of Bugzilla
+ information are fed to these systems..
_________________________________________________________________
2.4.2.2. New Email Technology
@@ -1126,32 +1133,49 @@ Chapter 3. Installation
Internet. Many installation steps require an active Internet
connection to complete, but you must take care to ensure that at no
point is your machine vulnerable to an attack.
+
+ Note
+
+ Linux-Mandrake 8.0, the author's test system, includes every required
+ and optional library for Bugzilla. The easiest way to install them is
+ by using the urpmi utility. If you follow these commands, you should
+ have everything you need for Bugzilla, and checksetup.pl should not
+ complain about any missing libraries. You may already have some of
+ these installed.
+
+ bash# urpmi perl-mysql
+ bash# urpmi perl-chart
+ bash# urpmi perl-gd
+ bash# urpmi perl-MailTools (for Bugzilla email integration)
+ bash# urpmi apache-modules
_________________________________________________________________
3.2.3. Installing MySQL Database
- Visit MySQL homepage at http://www.mysql.com/ and grab the latest
- stable release of the server. Both binaries and source are available
- and which you get shouldn't matter. Be aware that many of the binary
- versions of MySQL store their data files in /var which on many
- installations (particularly common with linux installations) is part
- of a smaller root partition. If you decide to build from sources you
- can easily set the dataDir as an option to configure.
-
- If you've installed from source or non-package (RPM, deb, etc.)
- binaries you'll want to make sure to add mysqld to your init scripts
- so the server daemon will come back up whenever your machine reboots.
- You also may want to edit those init scripts, to make sure that mysqld
- will accept large packets. By default, mysqld is set up to only accept
- packets up to 64K long. This limits the size of attachments you may
- put on bugs. If you add something like "-O max_allowed_packet=1M" to
- the command that starts mysqld (or safe_mysqld), then you will be able
- to have attachments up to about 1 megabyte.
+ Visit MySQL homepage at www.mysql.com and grab the latest stable
+ release of the server. Many of the binary versions of MySQL store
+ their data files in /var which is often part of a smaller root
+ partition. If you decide to build from sources you can easily set the
+ dataDir as an option to configure.
+
+ If you install from source or non-package (RPM, deb, etc.) binaries
+ you need to add mysqld to your init scripts so the server daemon will
+ come back up whenever your machine reboots. Further discussion of UNIX
+ init sequences are beyond the scope of this guide.
+
+ Note
+
+ You should have your init script start mysqld with the ability to
+ accept large packets. By default, mysqld only accepts packets up to
+ 64K long. This limits the size of attachments you may put on bugs. If
+ you add -O max_allowed_packet=1M to the command that starts mysqld (or
+ safe_mysqld), then you will be able to have attachments up to about 1
+ megabyte.
Note
If you plan on running Bugzilla and MySQL on the same machine,
- consider using the "--skip-networking" option in the init script. This
+ consider using the --skip-networking option in the init script. This
enhances security by preventing network access to MySQL.
_________________________________________________________________
@@ -1188,7 +1212,7 @@ Chapter 3. Installation
Tip
You can skip the following Perl module installation steps by
- installing "Bundle::Bugzilla" from CPAN, which includes them. All Perl
+ installing Bundle::Bugzilla from CPAN, which includes them. All Perl
module installation steps require you have an active Internet
connection. If you wish to use Bundle::Bugzilla, however, you must be
using the latest version of Perl (at this writing, version 5.6.1)
@@ -1212,8 +1236,7 @@ Chapter 3. Installation
Like almost all Perl modules DBI can be found on the Comprehensive
Perl Archive Network (CPAN) at http://www.cpan.org. The CPAN servers
have a real tendency to bog down, so please use mirrors. The current
- location at the time of this writing (02/17/99) can be found in
- Appendix A.
+ location at the time of this writing can be found in Appendix B.
Quality, general Perl module installation instructions can be found on
the CPAN website, but the easy thing to do is to just use the CPAN
@@ -1251,8 +1274,8 @@ Chapter 3. Installation
hurt anything.
Data::Dumper is used by the MySQL-related Perl modules. It can be
- found on CPAN (link in Appendix A) and can be installed by following
- the same four step make sequence used for the DBI module.
+ found on CPAN (see Appendix B) and can be installed by following the
+ same four step make sequence used for the DBI module.
_________________________________________________________________
3.2.7. MySQL related Perl Module Collection
@@ -1285,31 +1308,30 @@ Chapter 3. Installation
Many of the more common date/time/calendar related Perl modules have
been grouped into a bundle similar to the MySQL modules bundle. This
- bundle is stored on the CPAN under the name TimeDate. A link link may
- be found in Appendix B, Software Download Links. The component module
- we're most interested in is the Date::Format module, but installing
- all of them is probably a good idea anyway. The standard Perl module
- installation instructions should work perfectly for this simple
- package.
+ bundle is stored on the CPAN under the name TimeDate (see link:
+ Appendix B). The component module we're most interested in is the
+ Date::Format module, but installing all of them is probably a good
+ idea anyway. The standard Perl module installation instructions should
+ work perfectly for this simple package.
_________________________________________________________________
3.2.9. GD Perl Module (1.8.3)
The GD library was written by Thomas Boutell a long while ago to
- programatically generate images in C. Since then it's become almost a
+ programatically generate images in C. Since then it's become the
defacto standard for programatic image construction. The Perl bindings
- to it found in the GD library are used on a million web pages to
+ to it found in the GD library are used on millions of web pages to
generate graphs on the fly. That's what bugzilla will be using it for
- so you'd better install it if you want any of the graphing to work.
+ so you must install it if you want any of the graphing to work.
- Actually bugzilla uses the Graph module which relies on GD itself, but
- isn't that always the way with OOP. At any rate, you can find the GD
- library on CPAN (link in Appendix B, Software Download Links).
+ Actually bugzilla uses the Graph module which relies on GD itself.
+ Isn't that always the way with object-oriented programming? At any
+ rate, you can find the GD library on CPAN in Appendix B.
Note
The Perl GD library requires some other libraries that may or may not
- be installed on your system, including "libpng" and "libgd". The full
+ be installed on your system, including libpng and libgd. The full
requirements are listed in the Perl GD library README. Just realize
that if compiling GD fails, it's probably because you're missing a
required library.
@@ -1319,11 +1341,10 @@ Chapter 3. Installation
The Chart module provides bugzilla with on-the-fly charting abilities.
It can be installed in the usual fashion after it has been fetched
- from CPAN where it is found as the Chart-x.x... tarball in a directory
- to be listed in Appendix B, "Software Download Links". Note that as
- with the GD perl module, only the version listed above, or newer, will
- work. Earlier versions used GIF's, which are no longer supported by
- the latest versions of GD.
+ from CPAN where it is found as the Chart-x.x... tarball, linked in
+ Appendix B. Note that as with the GD perl module, only the version
+ listed above, or newer, will work. Earlier versions used GIF's, which
+ are no longer supported by the latest versions of GD.
_________________________________________________________________
3.2.11. DB_File Perl Module
@@ -1341,27 +1362,42 @@ Chapter 3. Installation
different machine than MySQL, but need to adjust the MySQL "bugs" user
permissions accordingly.
+ Note
+
+ I strongly recommend Apache as the web server to use. The Bugzilla
+ Guide installation instructions, in general, assume you are using
+ Apache. As more users use different webservers and send me information
+ on the peculiarities of installing using their favorite webserver, I
+ will provide notes for them.
+
You'll want to make sure that your web server will run any file with
the .cgi extension as a cgi and not just display it. If you're using
apache that means uncommenting the following line in the srm.conf
- file: AddHandler cgi-script .cgi
+ file:
+ AddHandler cgi-script .cgi
With apache you'll also want to make sure that within the access.conf
- file the line: Options ExecCGI is in the stanza that covers the
- directories you intend to put the bugzilla .html and .cgi files into.
+ file the line:
+ Options ExecCGI
- If you are using a newer version of Apache, both of the above lines
- will be (or will need to be) in the httpd.conf file, rather than
- srm.conf or access.conf.
+ is in the stanza that covers the directories into which you intend to
+ put the bugzilla .html and .cgi files.
+
+ Note
+
+ Users of newer versions of Apache will generally find both of the
+ above lines will be in the httpd.conf file, rather than srm.conf or
+ access.conf.
Warning
- There are two critical directories and a file that should not be a
- served by the HTTP server. These are the "data" and "shadow"
+ There are important files and directories that should not be a served
+ by the HTTP server. These are most files in the "data" and "shadow"
directories and the "localconfig" file. You should configure your HTTP
server to not serve content from these files. Failure to do so will
expose critical passwords and other data. Please see .htaccess files
- and security for details.
+ and security for details on how to do this for Apache. I appreciate
+ notes on how to get this same functionality using other webservers.
_________________________________________________________________
3.2.13. Installing the Bugzilla Files
@@ -1370,34 +1406,32 @@ Chapter 3. Installation
willing to make writable by the default web server user (probably
"nobody"). You may decide to put the files off of the main web space
for your web server or perhaps off of /usr/local with a symbolic link
- in the web space that points to the bugzilla directory. At any rate,
- just dump all the files in the same place (optionally omitting the CVS
- directories if they were accidentally tarred up with the rest of
- Bugzilla) and make sure you can access the files in that directory
- through your web server.
+ in the web space that points to the Bugzilla directory. At any rate,
+ just dump all the files in the same place, and make sure you can
+ access the files in that directory through your web server.
Tip
If you symlink the bugzilla directory into your Apache's HTML
- heirarchy, you may receive "Forbidden" errors unless you add the
+ heirarchy, you may receive Forbidden errors unless you add the
"FollowSymLinks" directive to the <Directory> entry for the HTML root.
Once all the files are in a web accessible directory, make that
- directory writable by your webserver's user (which may require just
- making it world writable). This is a temporary step until you run the
- post-install "checksetup.pl" script, which locks down your
- installation.
+ directory writable by your webserver's user. This is a temporary step
+ until you run the post-install checksetup.pl script, which locks down
+ your installation.
Lastly, you'll need to set up a symbolic link to
/usr/bonsaitools/bin/perl for the correct location of your perl
executable (probably /usr/bin/perl). Otherwise you must hack all the
- .cgi files to change where they look for perl. To make future upgrades
- easier, you should use the symlink approach.
+ .cgi files to change where they look for perl, or use The setperl.csh
+ Utility, found in Useful Patches and Utilities for Bugzilla. I suggest
+ using the symlink approach for future release compatability.
Example 3-1. Setting up bonsaitools symlink
Here's how you set up the Perl symlink on Linux to make Bugzilla work.
- Your mileage may vary; if you are running on Solaris, you probably
+ Your mileage may vary. For some UNIX operating systems, you probably
need to subsitute "/usr/local/bin/perl" for "/usr/bin/perl" below; if
on certain other UNIX systems, Perl may live in weird places like
"/opt/perl". As root, run these commands:
@@ -1440,7 +1474,7 @@ bash# ln -s /usr/bin/perl /usr/bosaitools/bin/perl
mysql> FLUSH PRIVILEGES;
From this point on, if you need to access MySQL as the MySQL root
- user, you will need to use "mysql -u root -p" and enter your
+ user, you will need to use mysql -u root -p and enter your
new_password. Remember that MySQL user names have nothing to do with
Unix user names (login names).
@@ -1461,14 +1495,14 @@ bash# ln -s /usr/bin/perl /usr/bosaitools/bin/perl
Next, run the magic checksetup.pl script. (Many thanks to Holger
Schurig <holgerschurig@nikocity.de> for writing this script!) It will
make sure Bugzilla files and directories have reasonable permissions,
- set up the "data" directory, and create all the MySQL tables.
+ set up the data directory, and create all the MySQL tables.
bash# ./checksetup.pl
- The first time you run it, it will create a file called "localconfig".
+ The first time you run it, it will create a file called localconfig.
_________________________________________________________________
-3.2.15. Tweaking "localconfig"
+3.2.15. Tweaking localconfig
This file contains a variety of settings you may need to tweak
including how Bugzilla should connect to the MySQL database.
@@ -1480,7 +1514,7 @@ bash# ln -s /usr/bin/perl /usr/bosaitools/bin/perl
3. MySQL username: "bugs" if you're following these directions
4. Password for the "bugs" MySQL account above
- You may also install .htaccess files that the Apache webserver will
+ You should also install .htaccess files that the Apache webserver will
use to restrict access to Bugzilla data files. See .htaccess files and
security.
@@ -1489,17 +1523,11 @@ bash# ln -s /usr/bin/perl /usr/bosaitools/bin/perl
for which you will be prompted to provide information.
When logged into an administrator account once Bugzilla is running, if
- you go to the query page (off of the bugzilla main menu), you'll find
- an 'edit parameters' option that is filled with editable treats.
+ you go to the query page (off of the Bugzilla main menu), you'll find
+ an "edit parameters" option that is filled with editable treats.
- Should everything work, you should have a nearly empty copy of the bug
- tracking setup.
-
- The second time around, checksetup.pl will stall if it is on a
- filesystem that does not fully support file locking via flock(), such
- as NFS mounts. This support is required for Bugzilla to operate safely
- with multiple instances. If flock() is not fully supported, it will
- stall at: Now regenerating the shadow database for all bugs.
+ Should everything work, you will have a nearly empty Bugzilla database
+ and a newly-created localconfig file in your Bugzilla root directory.
Note
@@ -1516,6 +1544,7 @@ bash# ln -s /usr/bin/perl /usr/bosaitools/bin/perl
installed in "/usr/local/bugzilla", here's one way to run
checksetup.pl as the web server user. As root, for the second run of
checksetup.pl, do this:
+
bash# chown -R apache:apache /usr/local/bugzilla
bash# su - apache
bash# cd /usr/local/bugzilla
@@ -1531,12 +1560,12 @@ bash# ./checksetup.pl
3.2.16. Setting Up Maintainers Manually (Optional)
If you want to add someone else to every group by hand, you can do it
- by typing the appropriate MySQL commands. Run ' mysql -u root -p bugs'
+ by typing the appropriate MySQL commands. Run mysql -u root -p bugs
You may need different parameters, depending on your security
settings. Then:
mysql> update profiles set groupset=0x7fffffffffffffff where
- login_name = 'XXX';
+ login_name = 'XXX'; (yes, that's fifteen"f"'s.
replacing XXX with the Bugzilla email address.
_________________________________________________________________
@@ -1774,7 +1803,48 @@ sr/local/lib);
by editing localconfig and setting the $create_htaccess variable to 0.
_________________________________________________________________
-3.5.4. UNIX Installation Instructions History
+3.5.4. mod_throttle and Security
+
+ It is possible for a user, by mistake or on purpose, to access the
+ database many times in a row which can result in very slow access
+ speeds for other users. If your Bugzilla installation is experiencing
+ this problem , you may install the Apache module mod_throttle which
+ can limit connections by ip-address. You may download this module at
+ http://www.snert.com/Software/Throttle/. Follow the instructions to
+ install into your Apache install. This module only functions with the
+ Apache web server!. You may use the ThrottleClientIP command provided
+ by this module to accomplish this goal. See the Module Instructions
+ for more information.
+ _________________________________________________________________
+
+3.5.5. Preventing untrusted Bugzilla content from executing malicious
+Javascript code
+
+ It is possible for a Bugzilla to execute malicious Javascript code.
+ Due to internationalization concerns, we are unable to incorporate the
+ code changes necessary to fulfill the CERT advisory requirements
+ mentioned in
+ http://www.cet.org/tech_tips/malicious_code_mitigation.html/#3.
+ Executing the following code snippet from a UNIX command shell will
+ rectify the problem if your Bugzilla installation is intended for an
+ English-speaking audience. As always, be sure your Bugzilla
+ installation has a good backup before making changes, and I recommend
+ you understand what the script is doing before executing it.
+
+bash# cd $BUGZILLA_HOME; for i in `ls *.cgi`; \
+ do cat $i | sed 's/Content-type\: text\/html/Content-Type: text\/html
+\; charset=ISO-8859-1/' >$i.tmp; \
+ mv $i.tmp $i; done
+
+ All this one-liner command does is search for all instances of
+ "Content-type: text/html" and replaces it with "Content-Type:
+ text/html; charset=ISO-8859-1". This specification prevents possible
+ Javascript attacks on the browser, and is suggested for all
+ English-speaking sites. For non-english-speaking Bugzilla sites, I
+ suggest changing "ISO-8859-1", above, to "UTF-8".
+ _________________________________________________________________
+
+3.5.6. UNIX Installation Instructions History
This document was originally adapted from the Bonsai installation
instructions by Terry Weissman <terry@mozilla.org>.
@@ -1821,24 +1891,29 @@ sr/local/lib);
Note
You should be familiar with, and cross-reference, the rest of the
- Chapter 3 section while performing your Win32 installation.
+ Bugzilla Installation section while performing your Win32
+ installation.
Making Bugzilla work on Microsoft Windows is no picnic. Support for
Win32 has improved dramatically in the last few releases, but, if you
choose to proceed, you should be a very skilled Windows Systems
- Administrator with both strong troubleshooting abilities and a high
- tolerance for pain. Bugzilla on NT requires hacking source code and
- implementing some advanced utilities. What follows is the recommended
- installation procedure for Win32; additional suggestions are provided
- in The Bugzilla FAQ.
- 1. Install Apache Web Server for Windows.
+ Administrator with strong troubleshooting abilities, a high tolerance
+ for pain, and moderate perl skills. Bugzilla on NT requires hacking
+ source code and implementing some advanced utilities. What follows is
+ the recommended installation procedure for Win32; additional
+ suggestions are provided in Appendix A.
+ 1. Install Apache Web Server for Windows, and copy the Bugzilla files
+ somewhere Apache can serve them. Please follow all the
+ instructions referenced in Bugzilla Installation regarding your
+ Apache configuration, particularly instructions regarding the
+ "AddHandler" parameter and "ExecCGI".
Note
You may also use Internet Information Server or Personal Web Server
- for this purpose. However, setup is slightly more difficult. If
- ActivePerl doesn't seem to handle your file associations correctly
- (for .cgi and .pl files), please consult The Bugzilla FAQ.
+ for this purpose. However, setup is quite different. If ActivePerl
+ doesn't seem to handle your file associations correctly (for .cgi and
+ .pl files), please consult Appendix A.
If you are going to use IIS, if on Windows NT you must be updated to
at least Service Pack 4. Windows 2000 ships with a sufficient version
of IIS.
@@ -1888,9 +1963,20 @@ sr/local/lib);
g. mysql> exit;
h. C:> C:\mysql\bin\mysqladmin -u root -p reload
6. Edit checksetup.pl in your Bugzilla directory. Change this line:
- "my $webservergid = getgrnam($my_webservergroup); "
+
+my $webservergid = getgrnam($my_webservergroup);
+
+
to
- "my $webservergid = $my_webservergroup; "
+
+my $webservergid = $my_webservergroup;
+
+
+ or the name of the group you wish to own the files explicitly:
+
+my $webservergid = 'Administrators'
+
+
7. Run checksetup.pl from the Bugzilla directory.
8. Edit localconfig to suit your requirements. Set $db_pass to your
"bugs_password" from step 5.d, and $webservergroup to "8".
@@ -1949,9 +2035,15 @@ my $to=$login;
my $subject=$urlbase;
$mail->send($from,$to,$subject,$msg);
- Note
+ Note
- The code above needs testing as well to make sure it is correct.
+ Some have found success using the commercial product, Windmail. You
+ could try replacing your sendmail calls with:
+open SENDMAIL, "|\"C:/General/Web/tools/Windmail 4.0 Beta/windmail\" -t > mail.
+log";
+
+
+ or something to that effect.
11. Change all references in all files from processmail to
processmail.pl, and rename processmail to processmail.pl.
@@ -1996,10 +2088,9 @@ exit;
Note
- This step is completely optional if you are using IIS or another web
- server which only decides on an interpreter based upon the file
- extension (.pl), rather than the "shebang" line
- (#/usr/bonsaitools/bin/perl)
+ This step is optional if you are using IIS or another web server which
+ only decides on an interpreter based upon the file extension (.pl),
+ rather than the "shebang" line (#/usr/bonsaitools/bin/perl)
Modify the path to perl on the first line (#!) of all files to
point to your Perl installation, and add "perl" to the beginning
of all Perl system calls that use a perl script as an argument.
@@ -2023,9 +2114,9 @@ system ("perl processmail.pl",@ARGLIST);
Tip
- If you are using IIS 5.0 or higher, you must add cgi relationships to
- Properties -> Home directory (tab) -> Application Settings (section)
- -> Configuration (button), such as:
+ If you are using IIS or Personal Web Server, you must add cgi
+ relationships to Properties -> Home directory (tab) -> Application
+ Settings (section) -> Configuration (button), such as:
.cgi to: <perl install directory>\perl.exe %s %s
.pl to: <perl install directory>\perl.exe %s %s
@@ -2040,7 +2131,7 @@ GET,HEAD,POST
From Andrew Pearson:
- "You can make Bugzilla work with Personal Web Server for Windows 98
+ You can make Bugzilla work with Personal Web Server for Windows 98
and higher, as well as for IIS 4.0. Microsoft has information
available at
http://support.microsoft.com/support/kb/articles/Q231/9/98.ASP
@@ -2059,106 +2150,24 @@ GET,HEAD,POST
Tip
- "Brian" had this to add, about upgrading to Bugzilla 2.12 from
- previous versions:
-
- Hi - I am updating bugzilla to 2.12 so I can tell you what I did
- (after I deleted the current dir and copied the files in).
-
- In checksetup.pl, I did the following...
-
- 1.
-
-my $webservergid = getgrnam($my_webservergroup);
-
-
- to
+ If attempting to run Bugzilla 2.12 or older, you will need to remove
+ encrypt() calls from the Perl source. This is not necessary for
+ Bugzilla 2.13 and later.
-my $webservergid = 'Administrators'
+ Example 3-4. Removing encrypt() for Windows NT Bugzilla version 2.12
+ or earlier
+ Replace this:
- 2. I then ran checksetup.pl
- 3. I removed all the encrypt()
- Example 3-4. Removing encrypt() for Windows NT installations
- Replace this:
-
-SendSQL("SELECT encrypt(" . SqlQuote($enteredpwd) . ", " .
- SqlQuote(substr($realcryptpwd, 0, 2)) . ")");
+SendSQL("SELECT encrypt(" . SqlQuote($enteredpwd) . ", " . SqlQuote(substr($rea
+lcryptpwd, 0, 2)) . ")");
my $enteredcryptpwd = FetchOneColumn();
-
- with this:
+ with this:
my $enteredcryptpwd = $enteredpwd
-
- in cgi.pl.
- 4. I renamed processmail to processmail.pl
- 5. I altered the sendmail statements to windmail:
-
-
-open SENDMAIL, "|\"C:/General/Web/tools/Windmail 4.0 Beta/windmail\" -t > mail.
-log";
-
- The quotes around the dir is for the spaces. mail.log is for the
- output
-
- Tip
-
- This was some late breaking information from Jan Evert. Sorry for the
- lack of formatting.
-
- I'm busy installing bugzilla on a WinNT machine and I thought I'd noti
- fy you
- at this moment of the commments I have to section 2.2.1 of the bugzill
- a
- guide (at http://www.trilobyte.net/barnsons/html/).
- Step 1:
- I've used apache, installation is really straightforward.
- After reading the Unix installation instructions, I found that it is
- necessary to add the ExecCGI option to the bugzilla directory. Also th
- e
- 'AddHandler' line for .cgi is by default commented out.
- Step 3: although just a detail, 'ppm install <module%gt;' will also wo
- rk
- (without .ppd). And, it can also download these automatically from
- ActiveState.
- Step 4: although I have cygwin installed, it seems that it is not nece
- ssary.
- On my machine cygwin is not in the PATH and everything seems to work a
- s
- expected.
- However, I've not used everything yet.
- Step 6: the 'bugs_password' given in SQL command d needs to be edited
- into
- localconfig later on (Step 7) if the password is not empty. I've also
- edited
- it into globals.pl, but I'm not sure that is needed. In both places, t
- he
- variable is named db_pass.
- Step 8: all the sendmail replacements mentioned are not as simple as
- described there. Since I am not familiar (yet) with perl, I don't have
- any
- mail working yet.
- Step 9: in globals.pl the encrypt() call can be replaced by just the
- unencrypted password. In CGI.pl, the complete SQL command can be remov
- ed.
- Step 11: I've only changed the #! lines in *.cgi. I haven't noticed pr
- oblems
- with the system() call yet.
- There seem to be only four system() called programs: processmail.pl (h
- andled
- by step 10), syncshadowdb (which should probably get the same treatmen
- t as
- processmail.pl), diff and mysqldump. The last one is only needed with
- the
- shadowdb feature (which I don't use).
- There seems to be one step missing: copying the bugzilla files somehwe
- re
- that apache can serve them.
- Just noticed the updated guide... Brian's comment is new. His first co
- mment
- will work, but opens up a huge security hole.
+ in cgi.pl.
_________________________________________________________________
Chapter 4. Administering Bugzilla
@@ -2166,38 +2175,66 @@ Chapter 4. Administering Bugzilla
Or, I just got this cool thing installed. Now what the heck do I do
with it?
- So you followed the installation instructions to the letter, and just
- logged into bugzilla with your super-duper god account and you are
- sitting at the query screen. Yet, you have nothing to query. Your
- first act of business needs to be to setup the operating parameters
- for bugzilla.
+ So you followed "Bugzilla Installation" to the letter, and logged into
+ Bugzilla for the very first time with your super-duper god account.
+ You sit, contentedly staring at the Bugzilla Query Screen, the worst
+ of the whole mad business of installing this terrific program behind
+ you. It seems, though, you have nothing yet to query! Your first act
+ of business should be to setup the operating parameters for Bugzilla
+ so you can get busy getting data into your bug tracker.
_________________________________________________________________
4.1. Post-Installation Checklist
- After installation, follow the checklist below to ensure that you have
- a successful installation. If you do not see a recommended setting for
- a parameter, consider leaving it at the default while you perform your
- initial tests on your Bugzilla setup.
- 1. Bring up "editparams.cgi" in your web browser. For instance, to
- edit parameters at mozilla.org, the URL would be
- http://bugzilla.mozilla.org/editparams.cgi, also available under
- the "edit parameters" link on your query page.
- 2. Set "maintainer" to your email address. This allows Bugzilla's
+ After installation, follow the checklist below to help ensure that you
+ have a successful installation. If you do not see a recommended
+ setting for a parameter, consider leaving it at the default while you
+ perform your initial tests on your Bugzilla setup.
+ 1. Bring up editparams.cgi in your web browser. This should be
+ available as the "edit parameters" link from any Bugzilla screen
+ once you have logged in.
+ 2. The "maintainer" is the email address of the person responsible
+ for maintaining this Bugzilla installation. The maintainer need
+ not be a valid Bugzilla user. Error pages, error emails, and
+ administrative mail will be sent with the maintainer as the return
+ email address.
+ Set "maintainer" to your email address. This allows Bugzilla's
error messages to display your email address and allow people to
contact you for help.
- 3. Set "urlbase" to the URL reference for your Bugzilla installation.
- If your bugzilla query page is at
- http://www.foo.com/bugzilla/query.cgi, your url base is
- http://www.foo.com/bugzilla/
- 4. Set "usebuggroups" to "on" only if you need to restrict access to
- products. I suggest leaving this parameter off while initially
+ 3. The "urlbase" parameter defines the fully qualified domain name
+ and web server path to your Bugzilla installation.
+ For example, if your bugzilla query page is
+ http://www.foo.com/bugzilla/query.cgi, set your "urlbase" is
+ http://www.foo.com/bugzilla/.
+ 4. "usebuggroups" dictates whether or not to implement group-based
+ security for Bugzilla. If set, Bugzilla bugs can have an
+ associated groupmask defining which groups of users are allowed to
+ see and edit the bug.
+ Set "usebuggroups" to "on" only if you may wish to restrict access
+ to products. I suggest leaving this parameter off while initially
testing your Bugzilla.
- 5. Set "usebuggroupsentry" to "on" if you want to restrict access to
- products. Once again, if you are simply testing your installation,
- I suggest against turning this parameter on; the strict security
- checking may stop you from being able to modify your new entries.
- 6. Set "shadowdb" to "bug_shadowdb" if you will be running a *very*
+ 5. "usebuggroupsentry", when set to "on", requires that all bugs have
+ an associated groupmask when submitted. This parameter is made for
+ those installations where product isolation is a necessity.
+ Set "usebuggroupsentry" to "on" if you absolutely need to restrict
+ access to bugs from the moment they are submitted through
+ resolution. Once again, if you are simply testing your
+ installation, I suggest against turning this parameter on; the
+ strict security checking may stop you from being able to modify
+ your new entries.
+ 6. You run into an interesting problem when Bugzilla reaches a high
+ level of continuous activity. MySQL supports only table-level
+ write locking. What this means is that if someone needs to make a
+ change to a bug, they will lock the entire table until the
+ operation is complete. Locking for write also blocks reads until
+ the write is complete. The "shadowdb" parameter was designed to
+ get around this limitation. While only a single user is allowed to
+ write to a table at a time, reads can continue unimpeded on a
+ read-only shadow copy of the database. Although your database size
+ will double, a shadow database can cause an enormous performance
+ improvement when implemented on extremely high-traffic Bugzilla
+ databases.
+ Set "shadowdb" to "bug_shadowdb" if you will be running a *very*
large installation of Bugzilla. The shadow database enables many
simultaneous users to read and write to the database without
interfering with one another.
@@ -2205,17 +2242,30 @@ Chapter 4. Administering Bugzilla
Note
Enabling "shadowdb" can adversely affect the stability of your
- installation of Bugzilla. You may frequently need to manually
- synchronize your databases, or schedule nightly syncs via "cron"
+ installation of Bugzilla. You should regularly check that your
+ database is in sync. It is often advisable to force a shadow database
+ sync nightly via "cron".
Once again, in testing you should avoid this option -- use it if
or when you need to use it, and have repeatedly run into the
problem it was designed to solve -- very long wait times while
- attempting to commit a change to the database.
+ attempting to commit a change to the database. Mozilla.org began
+ needing "shadowdb" when they reached around 40,000 Bugzilla users
+ with several hundred Bugzilla bug changes and comments per day.
If you use the "shadowdb" option, it is only natural that you
should turn the "queryagainstshadowdb" option "On" as well.
Otherwise you are replicating data into a shadow database for no
reason!
- 7. If you have custom logos or HTML you must put in place to fit
+ 7. "headerhtml", "footerhtml", "errorhtml", "bannerhtml", and
+ "blurbhtml" are all templates which control display of headers,
+ footers, errors, banners, and additional data. We could go into
+ some detail regarding the usage of these, but it is really best
+ just to monkey around with them a bit to see what they do. I
+ strongly recommend you copy your data/params file somewhere safe
+ before playing with these values, though. If they are changed
+ dramatically, it may make it impossible for you to display
+ Bugzilla pages to fix the problem until you have restored your
+ data/params file.
+ If you have custom logos or HTML you must put in place to fit
within your site design guidelines, place the code in the
"headerhtml", "footerhtml", "errorhtml", "bannerhtml", or
"blurbhtml" text boxes.
@@ -2223,28 +2273,52 @@ Chapter 4. Administering Bugzilla
Note
The "headerhtml" text box is the HTML printed out before any other
- code on the page. If you have a special banner, put the code for it in
+ code on the page, except the CONTENT-TYPE header sent by the Bugzilla
+ engine. If you have a special banner, put the code for it in
"bannerhtml". You may want to leave these settings at the defaults
initially.
- 8. Add any text you wish to the "passwordmail" parameter box. For
+ 8. "passwordmail" is rather simple. Every time a user creates an
+ account, the text of this parameter is read as the text to send to
+ the new user along with their password message.
+ Add any text you wish to the "passwordmail" parameter box. For
instance, many people choose to use this box to give a quick
training blurb about how to use Bugzilla at your site.
- 9. Ensure "newemailtech" is "on". Your users will thank you. This is
- the default in the post-2.12 world, and is only an issue if you
- are upgrading.
- 10. Do you want to use the QA Contact ("useqacontact") and status
+ 9. "useqacontact" allows you to define an email address for each
+ component, in addition to that of the default owner, who will be
+ sent carbon copies of incoming bugs. The critical difference
+ between a QA Contact and an Owner is that the QA Contact follows
+ the component. If you reassign a bug from component A to component
+ B, the QA Contact for that bug will change with the reassignment,
+ regardless of owner.
+ "usestatuswhiteboard" defines whether you wish to have a
+ free-form, overwritable field associated with each bug. The
+ advantage of the Status Whiteboard is that it can be deleted or
+ modified with ease, and provides an easily-searchable field for
+ indexing some bugs that have some trait in common. Many people
+ will put "help wanted", "stalled", or "waiting on reply from
+ somebody" messages into the Status Whiteboard field so those who
+ peruse the bugs are aware of their status even more than that
+ which can be indicated by the Resolution fields.
+ Do you want to use the QA Contact ("useqacontact") and status
whiteboard ("usestatuswhiteboard") fields? These fields are useful
because they allow for more flexibility, particularly when you
have an existing Quality Assurance and/or Release Engineering
- team, but they may not be needed for smaller installations.
- 11. Set "whinedays" to the amount of days you want to let bugs go in
+ team, but they may not be needed for many smaller installations.
+ 10. Set "whinedays" to the amount of days you want to let bugs go in
the "New" or "Reopened" state before notifying people they have
untouched new bugs. If you do not plan to use this feature, simply
do not set up the whining cron job described in the installation
- instructions, or set this value to "0".
- 12. Set the "commenton" options according to your site policy. It is a
+ instructions, or set this value to "0" (never whine).
+ 11. "commenton" fields allow you to dictate what changes can pass
+ without comment, and which must have a comment from the person who
+ changed them. Often, administrators will allow users to add
+ themselves to the CC list, accept bugs, or change the Status
+ Whiteboard without adding a comment as to their reasons for the
+ change, yet require that most other changes come with an
+ explanation.
+ Set the "commenton" options according to your site policy. It is a
wise idea to require comments when users resolve, reassign, or
- reopen bugs.
+ reopen bugs at the very least.
Note
@@ -2252,11 +2326,22 @@ Chapter 4. Administering Bugzilla
resolving bugs than not. Few things are more annoying to bug database
users than having a developer mark a bug "fixed" without any comment
as to what the fix was (or even that it was truly fixed!)
- 13. Set "supportwatchers" to "On". This feature is helpful for team
- leads to monitor progress in their respective areas, and can offer
- many other benefits, such as allowing a developer to pick up a
- former engineer's bugs without requiring her to change all the
- information in the bug.
+ 12. The "supportwatchers" option can be an exceptionally powerful tool
+ in the hands of a power Bugzilla user. By enabling this option,
+ you allow users to receive email updates whenever other users
+ receive email updates. This is, of course, subject to the groupset
+ restrictions on the bug; if the "watcher" would not normally be
+ allowed to view a bug, the watcher cannot get around the system by
+ setting herself up to watch the bugs of someone with bugs outside
+ her priveleges. She would still only receive email updates for
+ those bugs she could normally view.
+ For Bugzilla sites which require strong inter-Product security to
+ prevent snooping, watchers are not a good idea.
+ However, for most sites you should set "supportwatchers" to "On".
+ This feature is helpful for team leads to monitor progress in
+ their respective areas, and can offer many other benefits, such as
+ allowing a developer to pick up a former engineer's bugs without
+ requiring her to change all the information in the bug.
_________________________________________________________________
4.2. User Administration
@@ -2280,6 +2365,9 @@ Chapter 4. Administering Bugzilla
("mysql>" denotes the mysql prompt, not something you should type in):
mysql> use bugs; mysql> update profiles set groupset=0x7ffffffffffffff
where login_name = "(user's login name)";
+
+ Yes, that is fourteen "f"'s. A whole lot of f-ing going on if you want
+ to create a new administator.
_________________________________________________________________
4.2.2. Managing Other Users
@@ -2314,10 +2402,10 @@ Chapter 4. Administering Bugzilla
More functionality is available via the list on the right-hand side of
the text entry box. You can match what you type as a case-insensitive
substring (the default) of all users on your system, a case-sensitive
- regular expression (please see the "man regexp" manual page for
- details on regular expression syntax), or a reverse regular expression
- match, where every user name which does NOT match the regular
- expression is selected.
+ regular expression (please see the man regexp manual page for details
+ on regular expression syntax), or a reverse regular expression match,
+ where every user name which does NOT match the regular expression is
+ selected.
3. Click the "Add New User" link at the bottom of the user list
4. Fill out the form presented. This page is self-explanatory. When
done, click "submit".
@@ -2325,10 +2413,12 @@ Chapter 4. Administering Bugzilla
Note
Adding a user this way will not send an email informing them of their
- username and password. In general, it is preferable to log out and use
- the "New Account" button to create users, as it will pre-populate all
- the required fields and also notify the user of her account name and
- password.
+ username and password. While useful for creating dummy accounts
+ (watchers which shuttle mail to another system, for instance, or email
+ addresses which are a mailing list), in general it is preferable to
+ log out and use the "New Account" button to create users, as it will
+ pre-populate all the required fields and also notify the user of her
+ account name and password.
_________________________________________________________________
4.2.2.3. Disabling Users
@@ -2343,6 +2433,11 @@ Chapter 4. Administering Bugzilla
Warning
Don't disable your own administrative account, or you will hate life!
+
+ At this time, "Disabled Text" does not prevent a user from using the
+ email interface. If you have the email interface enabled, they can
+ still continue to submit bugs and comments that way. We need a patch
+ to fix this.
_________________________________________________________________
4.2.2.4. Modifying Users
@@ -2359,9 +2454,8 @@ Chapter 4. Administering Bugzilla
For compatability reasons, you should probably stick with email
addresses as user login names. It will make your life easier.
* Real Name: Duh!
- * Password: You will only see asterisks in versions of Bugzilla
- newer than 2.10 or early 2.11. You can change the user password
- here.
+ * Password: You can change the user password here. It is normal to
+ only see asterisks.
* Email Notification: You may choose from one of three options:
1. All qualifying bugs except those which I change: The user
will be notified of any change to any bug for which she is
@@ -2895,45 +2989,50 @@ Chapter 5. Integrating Bugzilla with Third-Party Tools
5.1. Bonsai
- We need Bonsai integration information.
+ Bonsai is a web-based tool for managing CVS, the Concurrent Versioning
+ System . Using Bonsai, administrators can control open/closed status
+ of trees, query a fast relational database back-end for change,
+ branch, and comment information, and view changes made since the last
+ time the tree was closed. These kinds of changes cause the engineer
+ responsible to be "on the hook" (include cool URL link here for Hook
+ policies at mozilla.org). Bonsai also includes gateways to Tinderbox,
+ the Mozilla automated build management system and Bugzilla
_________________________________________________________________
5.2. CVS
CVS integration is best accomplished, at this point, using the
- Bugzilla Email Gateway.
+ Bugzilla Email Gateway. There have been some files submitted to allow
+ greater CVS integration, but we need to make certain that Bugzilla is
+ not tied into one particular software management package.
+
+ Follow the instructions in the FAQ for enabling Bugzilla e-mail
+ integration. Ensure that your check-in script sends an email to your
+ Bugzilla e-mail gateway with the subject of "[Bug XXXX]", and you can
+ have CVS check-in comments append to your Bugzilla bug. If you have
+ your check-in script include an @resolution field, you can even change
+ the Bugzilla bug state.
_________________________________________________________________
5.3. Perforce SCM
You can find the project page for Bugzilla and Teamtrack Perforce
- integration at: http://www.ravenbrook.com/project/p4dti. "p4dti" is
- now an officially supported product from Perforce, and you can find
- the "Perforce Public Depot" p4dti page at
+ integration (p4dti) at: http://www.ravenbrook.com/project/p4dti .
+ "p4dti" is now an officially supported product from Perforce, and you
+ can find the "Perforce Public Depot" p4dti page at
http://public.perforce.com/public/perforce/p4dti/index.html.
Integration of Perforce with Bugzilla, once patches are applied, is
- fairly seamless. However, p4dti is a patch against the Bugzilla 2.10
- release, not the current 2.12 release. I anticipate patches for 2.12
- will be out shortly. Check the project page regularly for updates, or
- take the given patches and patch it manually. p4dti is designed to
+ seamless. Perforce replication information will appear below the
+ comments of each bug. Be certain you have a matching set of patches
+ for the Bugzilla version you are installing. p4dti is designed to
support multiple defect trackers, and maintains its own documentation
for it. Please consult the pages linked above for further information.
-
- Right now, there is no way to synchronize the Bug ID and the Perforce
- Transaction Number, or to change the Bug ID to read (PRODUCT).bugID
- unless you hack it in. Additionally, if you have synchronization
- problems, the easiest way to avoid them is to only put the bug
- information, comments, etc. into Bugzilla, and not into the Perforce
- change records. They will link anyway; merely reference the bug ID
- fixed in your change description, and put a comment into Bugzilla
- giving the change ID that fixed the Bugzilla bug. It's a process
- issue, not a technology question.
_________________________________________________________________
-5.4. Tinderbox
+5.4. Tinderbox/Tinderbox2
- We need Tinderbox integration information
+ We need Tinderbox integration information.
_________________________________________________________________
Chapter 6. The Future of Bugzilla
@@ -2978,9 +3077,7 @@ Appendix A. The Bugzilla FAQ
3. Loki Bugzilla (AKA Fenris)
- A.3.1. What about Loki Bugzilla?
- A.3.2. Who maintains Fenris (Loki Bugzilla) now?
- A.3.3.
+ A.3.1. What is Loki Bugzilla (Fenris)?
4. Pointy-Haired-Boss Questions
@@ -3242,14 +3339,8 @@ Appendix A. The Bugzilla FAQ
A.1.5. Who maintains Bugzilla?
- There are many, many contributors from around the world maintaining
- Bugzilla. The designated "Maintainer" is Tara Hernandez, with QA
- support by Matthew Tuck. Dan Mosedale and Dawn Endico are employees of
- Mozilla.org responsible for the installation of Bugzilla there, and
- are very frequent code contributors. Terry Weissman originally ported
- Bugzilla, but "these days, Terry just hangs around and heckles." The
- rest of us are mostly transient developers; Bugzilla suits our needs,
- and we contribute code as we have needs for updates.
+ Bugzilla maintenance has been in a state of flux recently. Please
+ check the Bugzilla Project Page for the latest details.
A.1.6. How does Bugzilla stack up against other bug-tracking
databases?
@@ -3262,10 +3353,10 @@ Appendix A. The Bugzilla FAQ
email integration, and platform independence), improved scalability,
open source code, greater flexibility, and superior ease-of-use.
- If you happen to be a commercial Bugzilla vendor, please step forward
- with a rebuttal so I can include it in the FAQ. We're not in pursuit
- of Bugzilla ueber alles; we simply love having a powerful, open-source
- tool to get our jobs done.
+ If you happen to be a commercial bug-tracker vendor, please step
+ forward with a rebuttal so I can include it in the FAQ. We're not in
+ pursuit of Bugzilla ueber alles; we simply love having a powerful,
+ open-source tool to get our jobs done.
A.1.7. How do I change my user name in Bugzilla?
@@ -3492,42 +3583,16 @@ Appendix A. The Bugzilla FAQ
3. Loki Bugzilla (AKA Fenris)
- Note
-
- Loki's "Fenris" Bugzilla is based upon the (now ancient) Bugzilla 2.8
- tree, and is no longer actively maintained. It works well enough for
- Loki. Additionally, the major differences in Fenris have now been
- integrated into the main source tree of Bugzilla, so there's not much
- reason to go grab the source. I leave this section of the FAQ
- principally for historical interest, but unless Loki has further input
- into Bugzilla's future, it will be deprecated in future versions of
- the Guide.
-
- A.3.1. What about Loki Bugzilla?
+ A.3.1. What is Loki Bugzilla (Fenris)?
Loki Games has a customized version of Bugzilla available at
- http://fenris.lokigames.com. From that page,
-
- You may have noticed that Fenris is a fork from Bugzilla-- our
- patches weren't suitable for integration --and a few people have
- expressed interest in the code. Fenris has one major improvement
- over Bugzilla, and that is individual comments are not appended
- onto a string blob, they are stored as a record in a separate
- table. This allows you to, for instance, separate comments out
- according to privilege levels in case your bug database could
- contain sensitive information not for public eyes. We also provide
- things like email hiding to protect user's privacy, additional
- fields such as 'user_affected' in case someone enters someone
- else's bug, comment editing and deletion, and more conditional
- system variables than Bugzilla does (turn off attachments,
- qacontact, etc.).
-
- A.3.2. Who maintains Fenris (Loki Bugzilla) now?
-
- Raphael Barrerro <raistlin@lokigames.com>. Michael Vance created the
- initial fork, but no longer maintains the project.
-
- A.3.3.
+ http://fenris.lokigames.com. There are some advantages to using
+ Fenris, chief being separation of comments based upon user privacy
+ level, data hiding, forced login for any data retrieval, and some
+ additional fields. Loki has mainted their code, originally a fork from
+ the Bugzilla 2.8 code base, and it is quite a bit different than stock
+ Bugzilla at this point. I recommend you stick with official Bugzilla
+ version 2.14 rather than using a fork, but it's up to you.
4. Pointy-Haired-Boss Questions
@@ -3547,10 +3612,7 @@ Appendix A. The Bugzilla FAQ
with Perforce (SCM software)?
Yes! You can find more information elsewhere in "The Bugzilla Guide"
- in the "Integration with Third-Party Products" section. The section on
- Perforce isn't very large, but as the maintainer of the Guide is
- charged with Perforce/Bugzilla integration by his company, you can
- expect this section to grow.
+ in the "Integration with Third-Party Products" section.
A.4.3. Does Bugzilla allow the user to track multiple projects?
@@ -3590,27 +3652,44 @@ Appendix A. The Bugzilla FAQ
This was a late-breaking question for the Guide, so I just have to
quote the relevant newsgroup thread on it.
- > AFAIK, most sites (even if they have SSI enabled) won't have #exec
- cmd > enabled. Perhaps what would be better is a #include
- virtual and a > footer.cgi the basically has the "require
- 'CGI.pl' and PutFooter command. > > Please note that under
- most configurations, this also requires naming > the file
- from index.html to index.shtml (and making sure that it
- will > still be reconized as an index). Personally, I
- think this is better on > a per-installation basis
- (perhaps add something to the FAQ that says how > to do
- this). Good point. Yeah, easy enough to do, that it
- shouldn't be a big deal for someone to take it on if they
- want it. FAQ is a good place for it. > Dave Miller wrote:
- > >> I did a little experimenting with getting the command
- menu and footer on >> the end of the index page while
- leaving it as an HTML file... >> >> I was successful. :)
- >> >> I added this line: >> >> >> >> Just before the
- </BODY> </HTML> at the end of the file. And
- it worked. >> >> Thought I'd toss that out there. Should
- I check this in? For those that >> have SSI disabled,
- it'll act like a comment, so I wouldn't think it would >>
- break anything.
+ > AFAIK, most sites (even if they have SSI enabled) won't have #exec c
+ md
+ > enabled. Perhaps what would be better is a #include virtual and a
+ > footer.cgi the basically has the "require 'CGI.pl' and PutFooter com
+ mand.
+ >
+ > Please note that under most configurations, this also requires namin
+ g
+ > the file from index.html to index.shtml (and making sure that it wil
+ l
+ > still be reconized as an index). Personally, I think this is better
+ on
+ > a per-installation basis (perhaps add something to the FAQ that says
+ how
+ > to do this).
+ Good point. Yeah, easy enough to do, that it shouldn't be a big deal
+ for
+ someone to take it on if they want it. FAQ is a good place for it.
+ > Dave Miller wrote:
+ >
+ >> I did a little experimenting with getting the command menu and foot
+ er on
+ >> the end of the index page while leaving it as an HTML file...
+ >>
+ >> I was successful. :)
+ >>
+ >> I added this line:
+ >>
+ >>
+ >>
+ >> Just before the </BODY> </HTML> at the end of the file. And it wor
+ ked.
+ >>
+ >> Thought I'd toss that out there. Should I check this in? For thos
+ e that
+ >> have SSI disabled, it'll act like a comment, so I wouldn't think it
+ would
+ >> break anything.
A.4.8. Does Bugzilla provide any reporting features, metrics, graphs,
etc? You know, the type of stuff that management likes to see. :)
@@ -4034,68 +4113,104 @@ Appendix A. The Bugzilla FAQ
"The Bugzilla Guide". However, they are provided here for historical
interest and insight.
- 1. #!C:/perl/bin/perl had to be
- added to every perl file. 2. Converted to Net::SMTP to
- handle mail messages instead of /usr/bin/sendmail. 3.
- The crypt function isn't available on Windows NT (at
- least none that I am aware), so I made encrypted
- passwords = plaintext passwords. 4. The system call to
- diff had to be changed to the Cygwin diff. 5. This was
- just to get a demo running under NT, it seems to be
- working good, and I have inserted almost 100 bugs from
- another bug tracking system. Since this work was done
- just to get an in-house demo, I am NOT planning on
- making a patch for submission to Bugzilla. If you would
- like a zip file, let me know. Q: Hmm, couldn't figure it
- out from the general instructions above. How about
- step-by-step? A: Sure! Here ya go! 1. Install IIS 4.0
- from the NT Option Pack #4. 2. Download and install
- Active Perl. 3. Install the Windows GNU tools from
- Cygwin. Make sure to add the bin directory to your
- system path. (Everyone should have these, whether they
- decide to use Bugzilla or not. :-) ) 4. Download
- relevant packages from ActiveState at
- http://www.activestate.com/packages/zips/. +
- DBD-Mysql.zip 5. Extract each zip file with WinZip, and
- install each ppd file using the notation: ppm install
- <module>.ppd 6. Install Mysql. *Note: If you move
- the default install from c:\mysql, you must add the
- appropriate startup parameters to the NT service. (ex.
- -b e:\\programs\\mysql) 7. Download any Mysql client.
- http://www.mysql.com/download_win.html 8. Setup MySql.
- (These are the commands that I used.) I. Cleanup default
- database settings. C:\mysql\bin\mysql -u root mysql
- mysql> DELETE FROM user WHERE Host='localhost' AND
- User=''; mysql> quit C:\mysql\bin\mysqladmin reload II.
- Set password for root. C:\mysql\bin\mysql -u root mysql
- mysql> UPDATE user SET Password=PASSWORD('new_password')
- WHERE user='root'; mysql> FLUSH PRIVILEGES; mysql> quit
- C:\mysql\bin\mysqladmin -u root reload III. Create bugs
- user. C:\mysql\bin\mysql -u root -p mysql> insert into
- user (host,user,password) values('localhost','bugs','');
- mysql> quit C:\mysql\bin\mysqladmin -u root reload IV.
- Create the bugs database. C:\mysql\bin\mysql -u root -p
- mysql> create database bugs; V. Give the bugs user
- access to the bugs database. mysql> insert into db
- (host,db,user,select_priv,insert_priv,update_priv,delete_priv,cr
- eate_priv,drop_priv) values('localhost','bugs','bugs','Y','Y','Y','Y',
- 'Y','N') mysql> quit C:\mysql\bin\mysqladmin -u root reload 9. Run the
- table scripts to setup the bugs database. 10. Change CGI.pm to use th
- e following regular expression because of differing backslashes in NT
- versus UNIX. o $0 =~ m:[^\\]*$:; 11. Had to make the crypt password =
- plain text password in the database. (Thanks to Andrew Lahser" <andrew
- _lahser@merck.com>" on this one.) The files that I changed were: o glo
- bals.pl o CGI.pl o alternately, you can try commenting all references
- to 'crypt' string and replace them with similar lines but without encr
- ypt() or crypr() functions insida all files. 12. Replaced sendmail wit
- h Windmail. Basically, you have to come up with a sendmail substitute
- for NT. Someone said that they used a Perl module (Net::SMTP), but I w
- as trying to save time and do as little Perl coding as possible. 13. A
- dded "perl" to the beginning of all Perl system calls that use a perl
- script as an argument and renamed processmail to processmail.pl. 14. I
- n processmail.pl, I added binmode(HANDLE) before all read() calls. I'm
- not sure about this one, but the read() under NT wasn't counting the
- EOLs without the binary read."
+ 1. #!C:/perl/bin/perl had to be added to every perl file.
+ 2. Converted to Net::SMTP to handle mail messages instead of
+ /usr/bin/sendmail.
+ 3. The crypt function isn't available on Windows NT (at least none t
+ hat I
+ am aware), so I made encrypted passwords = plaintext passwords.
+ 4. The system call to diff had to be changed to the Cygwin diff.
+ 5. This was just to get a demo running under NT, it seems to be work
+ ing
+ good, and I have inserted almost 100 bugs from another bug tracki
+ ng
+ system. Since this work was done just to get an in-house demo, I
+ am NOT
+ planning on making a patch for submission to Bugzilla. If you wou
+ ld
+ like a zip file, let me know.
+ Q: Hmm, couldn't figure it out from the general instructions above. H
+ ow
+ about step-by-step?
+ A: Sure! Here ya go!
+ 1. Install IIS 4.0 from the NT Option Pack #4.
+ 2. Download and install Active Perl.
+ 3. Install the Windows GNU tools from Cygwin. Make sure to add the b
+ in
+ directory to your system path. (Everyone should have these, wheth
+ er
+ they decide to use Bugzilla or not. :-) )
+ 4. Download relevant packages from ActiveState at
+ http://www.activestate.com/packages/zips/. + DBD-Mysql.zip
+ 5. Extract each zip file with WinZip, and install each ppd file usin
+ g the
+ notation: ppm install <module>.ppd
+ 6. Install Mysql. *Note: If you move the default install from c:\my
+ sql,
+ you must add the appropriate startup parameters to the NT service
+ . (ex.
+ -b e:\\programs\\mysql)
+ 7. Download any Mysql client. http://www.mysql.com/download_win.html
+ 8. Setup MySql. (These are the commands that I used.)
+ I. Cleanup default database settings.
+ C:\mysql\bin\mysql -u root mysql
+ mysql> DELETE FROM user WHERE Host='localhost' AND User='';
+ mysql> quit
+ C:\mysql\bin\mysqladmin reload
+ II. Set password for root.
+ C:\mysql\bin\mysql -u root mysql
+ mysql> UPDATE user SET Password=PASSWORD('new_password')
+ WHERE user='root';
+ mysql> FLUSH PRIVILEGES;
+ mysql> quit
+ C:\mysql\bin\mysqladmin -u root reload
+ III. Create bugs user.
+ C:\mysql\bin\mysql -u root -p
+ mysql> insert into user (host,user,password)
+ values('localhost','bugs','');
+ mysql> quit
+ C:\mysql\bin\mysqladmin -u root reload
+ IV. Create the bugs database.
+ C:\mysql\bin\mysql -u root -p
+ mysql> create database bugs;
+ V. Give the bugs user access to the bugs database.
+ mysql> insert into db
+ (host,db,user,select_priv,insert_priv,update_priv,delete_pri
+ v,create_priv,drop_priv)
+ values('localhost','bugs','bugs','Y','Y','Y','Y','Y','N')
+ mysql> quit
+ C:\mysql\bin\mysqladmin -u root reload
+ 9. Run the table scripts to setup the bugs database.
+ 10. Change CGI.pm to use the following regular expression because of
+ differing backslashes in NT versus UNIX.
+ o $0 =~ m:[^\\]*$:;
+ 11. Had to make the crypt password = plain text password in the datab
+ ase.
+ (Thanks to Andrew Lahser" <andrew_lahser@merck.com>" on this one.
+ ) The
+ files that I changed were:
+ o globals.pl
+ o CGI.pl
+ o alternately, you can try commenting all references to 'crypt
+ '
+ string and replace them with similar lines but without encry
+ pt()
+ or crypr() functions insida all files.
+ 12. Replaced sendmail with Windmail. Basically, you have to come up w
+ ith a
+ sendmail substitute for NT. Someone said that they used a Perl mo
+ dule
+ (Net::SMTP), but I was trying to save time and do as little Perl
+ coding
+ as possible.
+ 13. Added "perl" to the beginning of all Perl system calls that use a
+ perl
+ script as an argument and renamed processmail to processmail.pl.
+ 14. In processmail.pl, I added binmode(HANDLE) before all read() call
+ s. I'm
+ not sure about this one, but the read() under NT wasn't counting
+ the
+ EOLs without the binary read."
A.9.5. I'm having trouble with the perl modules for NT not being able
to talk to to the database.
@@ -4789,84 +4904,101 @@ C.3. MySQL Permissions & Grant Tables
http://www.mysql.com/Manual/manual.html.
_________________________________________________________________
-Chapter 7. Bugzilla Variants
+Chapter 7. Bugzilla Variants and Competitors
- Note
-
- I know there are more variants than just RedHat Bugzilla out there.
- Please help me get information about them, their project status, and
- benefits there might be in using them or in using their code in
- main-tree Bugzilla.
+ I created this section to answer questions about Bugzilla competitors
+ and variants, then found a wonderful site which covers an awful lot of
+ what I wanted to discuss. Rather than quote it in its entirety, I'll
+ simply refer you here: http://linas.org/linux/pm.html
_________________________________________________________________
7.1. Red Hat Bugzilla
- Red Hat Bugzilla is probably the most popular Bugzilla variant, aside
- from Mozilla Bugzilla, on the planet. One of the major benefits of Red
- Hat Bugzilla is the ability to work with Oracle as a database, as well
- as MySQL. Here's what Dave Lawrence had to say about the status of Red
- Hat Bugzilla,
-
- Hello. I apologize that I am getting back to you so late. It has
- been difficult to keep
- up with email this past week. I have checked out your updated docum
- entation and I will
- have to say very good work. A few notes and additions as follows.
- (ed: from the FAQ)
- >For the record, we are not using any template type implementation
- for the cosmetic changes
- >maded to Bugzilla. It is just alot of html changes in the code its
- elf. I admit I may have
- >gotten a little carried away with it but the corporate types asked
- for a more standardized
- >interface to match up with other projects relating to Red Hat web
- sites. A lot of other web
- >based internal tools I am working on also look like Bugzilla.
- This should probably be changed since we are now in fact using Text
- ::Template for most
- of the html rendering. You actually state this later in your number
- ed list.
- Also number 6 contradicts number 8 where number 6 would be the most
- up to date status
- on the Oracle port.
- Additional Information:
- -----------------------------
- 1. Comments are now stored in varchar fields of 4k in size each. If
- the comment is more
- than 4k it is broken up into chunks and given a sort number so each
- comment can be re
- assembled in the correct order. This was done because originally I
- was storing the comments
- in a long datatype which unfortunately cannot be indexed or joined
- with another table. This
- cause the search of text within the long description to be disabled
- for a long time. That
- is now working and is nto showing any noticeble performance hit tha
- t I can tell.
- 2. Work is being started on internationalizing the Bugzilla source
- we have to allow our
- Japanese customers to enter bug reports into a single bugzilla syst
- em. This will probably
- be done by using the nvarchar data types supported by Oracle which
- allows storage of
- double byte characters and also the use of the Accept-Language in t
- he http header for
- detection by Bugilla of which language to render.
- 3. Of course even more cosmetic changes. It is difficult to keep up
- with the ever
- changing faces of www.redhat.com.
- 4. Some convenience enhancements in the administration utilities. A
- nd more integration
- with other internal/external Red Hat web sites.
- I hope this information may prove helpful for your documentation. P
- lease contact
- me if you have any more question or I can do anything else.
- Regards
+ Red Hat Bugzilla is probably the most popular Bugzilla variant on the
+ planet. One of the major benefits of Red Hat Bugzilla is the ability
+ to work with Oracle, MySQL, and PostGreSQL databases serving as the
+ back-end, instead of just MySQL. Dave Lawrence has worked very hard to
+ keep Red Hat Bugzilla up-to-date, and many people prefer the
+ snappier-looking page layout of Red Hat Bugzilla to the default
+ Mozilla-standard formatting.
+
+ URL: http://bugzilla.redhat.com/bugzilla/
+ _________________________________________________________________
+
+7.2. Loki Bugzilla (Fenris)
+
+ Fenris can be found at http://fenris.lokigames.com. It is a fork from
+ Bugzilla.
+ _________________________________________________________________
+
+7.3. Issuezilla
+
+ Issuezilla is another fork from Bugzilla, and seems nearly as popular
+ as the Red Hat Bugzilla fork. Some Issuezilla team members are regular
+ contributors to the Bugzilla mailing list/newsgroup. Issuezilla is not
+ the primary focus of bug-tracking at tigris.org, however. Their
+ Java-based bug-tracker, Scarab, a newfangled Java-based issue tracker,
+ is under heavy development and looks promising!
+
+ URL: http://issuezilla.tigris.org/servlets/ProjectHome
+ _________________________________________________________________
+
+7.4. Scarab
+
+ Scarab is a promising new bug-tracking system built using Java Serlet
+ technology. As of this writing, no source code has been released as a
+ package, but you can obtain the code from CVS.
+
+ URL: http://scarab.tigris.org
+ _________________________________________________________________
+
+7.5. Perforce SCM
+
+ Although Perforce isn't really a bug tracker, it can be used as such
+ through the "jobs" functionality.
+
+ http://www.perforce.com/perforce/technotes/note052.htmlhttp://www.perf
+ orce.com/perforce/technotes/note052.html
+ _________________________________________________________________
+
+7.6. SourceForge
+
+ SourceForge is more of a way of coordinating geographically
+ distributed free software and open source projects over the Internet
+ than strictly a bug tracker, but if you're hunting for bug-tracking
+ for your open project, it may be just what the software engineer
+ ordered!
+
+ URL: http://www.sourceforge.net
_________________________________________________________________
Appendix D. Useful Patches and Utilities for Bugzilla
-D.1. The setperl.csh Utility
+ Are you looking for a way to put your Bugzilla into overdrive? Catch
+ some of the niftiest tricks here in this section.
+ _________________________________________________________________
+
+D.1. Apache mod_rewrite magic
+
+ Apache's mod_rewrite module lets you do some truly amazing things with
+ URL rewriting. Here are a couple of examples of what you can do.
+
+ 1. Make it so if someone types http://www.foo.com/12345, Bugzilla
+ spits back http://www.foo.com/show_bug.cgi?id=12345. Try setting
+ up your VirtualHost section for Bugzilla with a rule like this:
+
+<VirtualHost 12.34.56.78>
+RewriteEngine On
+RewriteRule ^/([0-9]+)$ http://foo.bar.com/show_bug.cgi?id=$1 [L,R]
+</VirtualHost>
+
+ 2. There are many, many more things you can do with mod_rewrite. As
+ time goes on, I will include many more in the Guide. For now,
+ though, please refer to the mod_rewrite documentation at
+ http://www.apache.org
+ _________________________________________________________________
+
+D.2. The setperl.csh Utility
You can use the "setperl.csh" utility to quickly and easily change the
path to perl on all your Bugzilla files. This is a C-shell script; if
@@ -4889,7 +5021,7 @@ D.1. The setperl.csh Utility
bash# ./setperl.csh /usr/bin/perl
_________________________________________________________________
-D.2. Command-line Bugzilla Queries
+D.3. Command-line Bugzilla Queries
Users can query Bugzilla from the command line using this suite of
utilities.
@@ -4932,7 +5064,7 @@ D.2. Command-line Bugzilla Queries
2. Make your utilities executable: bash$ chmod u+x buglist bugs
_________________________________________________________________
-D.3. The Quicksearch Utility
+D.4. The Quicksearch Utility
Quicksearch is a new, experimental feature of the 2.12 release. It
consist of two Javascript files, "quicksearch.js" and
@@ -5342,7 +5474,13 @@ Glossary
A
- There are no entries for A
+ Apache
+ In this context, Apache is the web server most commonly used
+ for serving up Bugzilla pages. Contrary to popular belief, the
+ apache web server has nothing to do with the ancient and noble
+ Native American tribe, but instead derived its name from the
+ fact that it was "a patchy" version of the original NCSA
+ world-wide-web server.
B
@@ -5364,11 +5502,53 @@ B
verification. The "Bug Life Cycle" is moderately flexible
according to the needs of the organization using it, though.
+ Bugzilla
+ Bugzilla is the industry-standard bug tracking system. It is
+ quite popular among Open Source enthusiasts.
+
+ Component
+ A Component is a subsection of a Product. It should be a narrow
+ category, tailored to your organization. All Products must
+ contain at least one Component (and, as a matter of fact,
+ creating a Product with no Components will create an error in
+ Bugzilla).
+
+ CPAN
+ CPAN stands for the "Comprehensive Perl Archive Network". CPAN
+ maintains a large number of extremely useful Perl modules. By
+ themselves, Perl modules generally do nothing, but when used as
+ part of a larger program, they provide much-needed algorithms
+ and functionality.
+
+D
+
+ daemon
+ A daemon is a computer program which runs in the background. In
+ general, most daemons are started at boot time via System V
+ init scripts, or through RC scripts on BSD-based systems.
+ mysqld, the MySQL server, and apache, a web server, are
+ generally run as daemons.
+
+ Groups
+ The word "Groups" has a very special meaning to Bugzilla.
+ Bugzilla's main security mechanism comes by lumping users into
+ groups, and assigning those groups certain privileges to
+ Products and Components in the Bugzilla database.
+
I
Infinite Loop
A loop of information that never ends; see recursion.
+M
+
+ mysqld
+ mysqld is the name of the daemon for the MySQL database. In
+ general, it is invoked automatically through the use of the
+ System V init scripts on GNU/Linux and AT&T System V-based
+ systems, such as Solaris and HP/UX, or through the RC scripts
+ on BSD-based systems.
+
P
Product
@@ -5387,6 +5567,13 @@ P
permissions so that only those people who are members of Group
"Z" can see components and bugs under Product "Z".
+ Perl
+ First written by Larry Wall, Perl is a remarkable program
+ language. It has the benefits of the flexibility of an
+ interpreted scripting language (such as shell script), combined
+ with the speed and power of a compiled language, such as C.
+ Bugzilla is maintained in Perl.
+
Q
QA
@@ -5405,6 +5592,29 @@ R
thus recursing upon itself for definition. For further clarity,
see Infinite Loop.
+S
+
+ SGML
+ SGML stands for "Standard Generalized Markup Language". Created
+ in the 1980's to provide an extensible means to maintain
+ documentation based upon content instead of presentation, SGML
+ has withstood the test of time as a robust, powerful language.
+ XML is the "baby brother" of SGML; any valid XML document it,
+ by definition, a valid SGML document. The document you are
+ reading is written and maintained in SGML, and is also valid
+ XML if you modify the Document Type Definition.
+
+T
+
+ Target Milestone
+ Target Milestones are Product goals. They are configurable on a
+ per-Product basis. Most software development houses have a
+ concept of "milestones" where the people funding a project
+ expect certain functionality on certain dates. Bugzilla
+ facilitates meeting these milestones by giving you the ability
+ to declare by which milestone a bug will be fixed, or an
+ enhancement will be implemented.
+
Z
Zarro Boogs Found