summaryrefslogtreecommitdiffstats
path: root/docs/txt
diff options
context:
space:
mode:
Diffstat (limited to 'docs/txt')
-rw-r--r--docs/txt/Bugzilla-Guide.txt282
1 files changed, 217 insertions, 65 deletions
diff --git a/docs/txt/Bugzilla-Guide.txt b/docs/txt/Bugzilla-Guide.txt
index b31a112e6..2c2ed648e 100644
--- a/docs/txt/Bugzilla-Guide.txt
+++ b/docs/txt/Bugzilla-Guide.txt
@@ -64,7 +64,7 @@ Matthew P. Barnson
2.1.2.13. Installing the Bugzilla Files
2.1.2.14. Setting Up the MySQL Database
2.1.2.15. Tweaking "localconfig"
- 2.1.2.16. Setting Up Maintainers Manuall (Optional)
+ 2.1.2.16. Setting Up Maintainers Manually (Optional)
2.1.2.17. The Whining Cron (Optional)
2.1.2.18. Bug Graphs (Optional)
2.1.2.19. Securing MySQL
@@ -179,7 +179,9 @@ Matthew P. Barnson
Glossary
List of Examples
- 2-1. Removing encrypt() for Windows NT installations
+ 2-1. Setting up bonsaitools symlink
+ 2-2. Running checksetup.pl as the web user
+ 2-3. Removing encrypt() for Windows NT installations
3-1. Creating some Components
3-2. Common Use of Versions
3-3. A Different Use of Versions
@@ -709,10 +711,10 @@ Chapter 2. Installing Bugzilla
Bugzilla) and make sure you can access the files in that directory
through your web server.
- Tip: HINT: If you symlink the bugzilla directory into your Apache's
- HTML heirarchy, you may receive "Forbidden" errors unless you add
- the "FollowSymLinks" directive to the <Directory> entry for the
- HTML root.
+ Tip: If you symlink the bugzilla directory into your Apache's HTML
+ heirarchy, you may receive "Forbidden" errors unless you add the
+ "FollowSymLinks" directive to the <Directory> entry for the HTML
+ root.
Once all the files are in a web accessible directory, make that
directory writable by your webserver's user (which may require just
@@ -720,11 +722,22 @@ Chapter 2. Installing Bugzilla
post-install "checksetup.pl" script, which locks down your
installation.
- Lastly, you'll need to set up a symbolic link from
- /usr/bonsaitools/bin to the correct location of your perl executable
- (probably /usr/bin/perl). Otherwise you must hack all the .cgi files
- to change where they look for perl. To make future upgrades easier,
- you should use the symlink approach.
+ Lastly, you'll need to set up a symbolic link to
+ /usr/bonsaitools/bin/perl for the correct location of your perl
+ executable (probably /usr/bin/perl). Otherwise you must hack all the
+ .cgi files to change where they look for perl. To make future upgrades
+ easier, you should use the symlink approach.
+
+ Example 2-1. Setting up bonsaitools symlink
+
+ Here's how you set up the Perl symlink on Linux to make Bugzilla work.
+ Your mileage may vary; if you are running on Solaris, you probably
+ need to subsitute "/usr/local/bin/perl" for "/usr/bin/perl" below; if
+ on certain other UNIX systems, Perl may live in weird places like
+ "/opt/perl". As root, run these commands:
+bash# mkdir /usr/bonsaitools
+bash# mkdir /usr/bonsaitools/bin
+bash# ln -s /usr/bin/perl /usr/bosaitools/bin/perl
Tip: If you don't have root access to set this symlink up, check
out the "setperl.csh" utility, listed in the Patches section of
@@ -813,19 +826,30 @@ Chapter 2. Installing Bugzilla
with multiple instances. If flock() is not fully supported, it will
stall at: Now regenerating the shadow database for all bugs.
- Note: The second time you run checksetup.pl, it is recommended you
- be the same user as your web server runs under, and that you be
- sure you have set the "webservergroup" parameter in localconfig to
- match the web server's group name, if any. Under some systems,
- otherwise, checksetup.pl will goof up your file permissions and
- make them unreadable to your web server.
+ Note: The second time you run checksetup.pl, you should become the
+ user your web server runs as, and that you ensure you have set the
+ "webservergroup" parameter in localconfig to match the web server's
+ group name, if any. I believe, for the next release of Bugzilla,
+ this will be fixed so that Bugzilla supports a "webserveruser"
+ parameter in localconfig as well.
+
+ Example 2-2. Running checksetup.pl as the web user
+
+ Assuming your web server runs as user "apache", and Bugzilla is
+ installed in "/usr/local/bugzilla", here's one way to run
+ checksetup.pl as the web server user. As root, for the second run of
+ checksetup.pl, do this:
+bash# chown -R apache:apache /usr/local/bugzilla
+bash# su - apache
+bash# cd /usr/local/bugzilla
+bash# ./checksetup.pl
Note: The checksetup.pl script is designed so that you can run it
at any time without causing harm. You should run it after any
upgrade to Bugzilla.
_________________________________________________________________
-2.1.2.16. Setting Up Maintainers Manuall (Optional)
+2.1.2.16. Setting Up Maintainers Manually (Optional)
If you want to add someone else to every group by hand, you can do it
by typing the appropriate MySQL commands. Run ' mysql -u root -p bugs'
@@ -1125,7 +1149,7 @@ my $webservergid = 'Administrators'
2. I then ran checksetup.pl
3. I removed all the encrypt()
- Example 2-1. Removing encrypt() for Windows NT installations
+ Example 2-3. Removing encrypt() for Windows NT installations
Replace this:
SendSQL("SELECT encrypt(" . SqlQuote($enteredpwd) . ", " .
@@ -1148,6 +1172,64 @@ log";
The quotes around the dir is for the spaces. mail.log is for the
output
+
+ Tip: This was some late breaking information from Jan Evert. Sorry
+ for the lack of formatting.
+
+ I'm busy installing bugzilla on a WinNT machine and I thought I'd n
+ otify you
+ at this moment of the commments I have to section 2.2.1 of the bugz
+ illa
+ guide (at http://www.trilobyte.net/barnsons/html/).
+ Step 1:
+ I've used apache, installation is really straightforward.
+ After reading the Unix installation instructions, I found that it i
+ s
+ necessary to add the ExecCGI option to the bugzilla directory. Also
+ the
+ 'AddHandler' line for .cgi is by default commented out.
+ Step 3: although just a detail, 'ppm install <module%gt;' will also
+ work
+ (wihtout .ppd). And, it can also download these automatically from
+ ActiveState.
+ Step 4: although I have cygwin installed, it seems that it is not n
+ ecessary.
+ On my machine cygwin is not in the PATH and everything seems to wor
+ k as
+ expected.
+ However, I've not used everything yet.
+ Step 6: the 'bugs_password' given in SQL command d needs to be edit
+ ed into
+ localconfig later on (Step 7) if the password is not empty. I've al
+ so edited
+ it into globals.pl, but I'm not sure that is needed. In both places
+ , the
+ variable is named db_pass.
+ Step 8: all the sendmail replacements mentioned are not as simple a
+ s
+ described there. Since I am not familiar (yet) with perl, I don't h
+ ave any
+ mail working yet.
+ Step 9: in globals.pl the encrypt() call can be replaced by just th
+ e
+ unencrypted password. In CGI.pl, the complete SQL command can be re
+ moved.
+ Step 11: I've only changed the #! lines in *.cgi. I haven't noticed
+ problems
+ with the system() call yet.
+ There seem to be only four system() called programs: processmail.pl
+ (handled
+ by step 10), syncshadowdb (which should probably get the same treat
+ ment as
+ processmail.pl), diff and mysqldump. The last one is only needed wi
+ th the
+ shadowdb feature (which I don't use).
+ There seems to be one step missing: copying the bugzilla files some
+ hwere
+ that apache can serve them.
+ Just noticed the updated guide... Brian's comment is new. His first
+ comment
+ will work, but opens up a huge security hole.
_________________________________________________________________
Chapter 3. Administering Bugzilla
@@ -1789,14 +1871,33 @@ Chapter 3. Administering Bugzilla
user with a name, set via your httpd.conf file.
5. Ensure you have adequate access controls for the
$BUGZILLA_HOME/data/ and $BUGZILLA_HOME/shadow/ directories, as
- well as the $BUGZILLA_HOME/localconfig file. The localconfig file
- stores your "bugs" user password, which would be terrible to have
- in the hands of a criminal. Also some files under
- $BUGZILLA_HOME/data/ store sensitive information, and
- $BUGZILLA_HOME/shadow/ stores bug information for faster
- retrieval. If you fail to secure these directories and this file,
- you will expose bug information to those who may not be allowed to
- see it.
+ well as the $BUGZILLA_HOME/localconfig and
+ $BUGZILLA_HOME/globals.pl files. The localconfig file stores your
+ "bugs" user password, which would be terrible to have in the hands
+ of a criminal, while the "globals.pl" stores some default
+ information regarding your installation which could aid a system
+ cracker. In addition, some files under $BUGZILLA_HOME/data/ store
+ sensitive information, and $BUGZILLA_HOME/shadow/ stores bug
+ information for faster retrieval. If you fail to secure these
+ directories and this file, you will expose bug information to
+ those who may not be allowed to see it.
+
+ Note: Bugzilla provides default .htaccess files to protect the most
+ common Apache installations. However, you should verify these are
+ adequate according to the site-wide security policy of your web
+ server, and ensure that the .htaccess files are allowed to
+ "override" default permissions set in your Apache configuration
+ files. Covering Apache security is beyond the scope of this Guide;
+ please consult the Apache documentation for details.
+ If you are using a web server that does not support the .htaccess
+ control method, you are at risk! After installing, check to see if
+ you can view the file "localconfig" in your web browser (ergo:
+ http://bugzilla.mozilla.org/localconfig. If you can read the
+ contents of this file, your web server has not secured your
+ bugzilla directory properly and you must fix this problem before
+ deploying Bugzilla. If, however, it gives you a "Forbidden" error,
+ then it probably respects the .htaccess conventions and you are
+ good to go.
On Apache, you can use .htaccess files to protect access to these
directories, as outlined in Bug 57161 for the localconfig file,
and Bug 65572 for adequate protection in your data/ and shadow/
@@ -2790,76 +2891,81 @@ Appendix A. The Bugzilla FAQ
of fields and format of them, and the choice of
acceptable values?
- A.4.7. Does Bugzilla provide any reporting features, metrics,
+ A.4.7. The index.html page doesn't show the footer. It's really
+ annoying to have to go to the querypage just to check my
+ "my bugs" link. How do I get a footer on static HTML
+ pages?
+
+ A.4.8. Does Bugzilla provide any reporting features, metrics,
graphs, etc? You know, the type of stuff that management
likes to see. :)
- A.4.8. Is there email notification and if so, what do you see
+ A.4.9. Is there email notification and if so, what do you see
when you get an email? Do you see bug number and title or
is it only the number?
- A.4.9. Can email notification be set up to send to multiple
+ A.4.10. Can email notification be set up to send to multiple
people, some on the To List, CC List, BCC List etc?
- A.4.10. If there is email notification, do users have to have any
+ A.4.11. If there is email notification, do users have to have any
particular type of email application?
- A.4.11. If I just wanted to track certain bugs, as they go
+ A.4.12. If I just wanted to track certain bugs, as they go
through life, can I set it up to alert me via email
whenever that bug changes, whether it be owner, status or
description etc.?
- A.4.12. Does Bugzilla allow data to be imported and exported? If
+ A.4.13. Does Bugzilla allow data to be imported and exported? If
I had outsiders write up a bug report using a MS Word bug
template, could that template be imported into "matching"
fields? If I wanted to take the results of a query and
export that data to MS Excel, could I do that?
- A.4.13. Does Bugzilla allow fields to be added, changed or
+ A.4.14. Does Bugzilla allow fields to be added, changed or
deleted? If I want to customize the bug submission form
to meet our needs, can I do that using our terminology?
- A.4.14. Has anyone converted Bugzilla to another language to be
+ A.4.15. Has anyone converted Bugzilla to another language to be
used in other countries? Is it localizable?
- A.4.15. Can a user create and save reports? Can they do this in
+ A.4.16. Can a user create and save reports? Can they do this in
Word format? Excel format?
- A.4.16. Can a user re-run a report with a new project, same
+ A.4.17. Can a user re-run a report with a new project, same
query?
- A.4.17. Can a user modify an existing report and then save it
+ A.4.18. Can a user modify an existing report and then save it
into another name?
- A.4.18. Does Bugzilla have the ability to search by word, phrase,
+ A.4.19. Does Bugzilla have the ability to search by word, phrase,
compound search?
- A.4.19. Can the admin person establish separate group and
+ A.4.20. Can the admin person establish separate group and
individual user privileges?
- A.4.20. Does Bugzilla provide record locking when there is
+ A.4.21. Does Bugzilla provide record locking when there is
simultaneous access to the same bug? Does the second
person get a notice that the bug is in use or how are
they notified?
- A.4.21. Are there any backup features provided?
- A.4.22. Can users be on the system while a backup is in progress?
+ A.4.22. Are there any backup features provided?
+ A.4.23. Can users be on the system while a backup is in progress?
- A.4.23. What type of human resources are needed to be on staff to
+ A.4.24. What type of human resources are needed to be on staff to
install and maintain Bugzilla? Specifically, what type of
skills does the person need to have? I need to find out
if we were to go with Bugzilla, what types of individuals
would we need to hire and how much would that cost vs
buying an "Out-of-the-Box" solution.
- A.4.24. What time frame are we looking at if we decide to hire
+ A.4.25. What time frame are we looking at if we decide to hire
people to install and maintain the Bugzilla? Is this
something that takes hours or weeks to install and a
couple of hours per week to maintain and customize or is
this a multi-week install process, plus a full time job
for 1 person, 2 people, etc?
- A.4.25. Is there any licensing fee or other fees for using
+ A.4.26. Is there any licensing fee or other fees for using
Bugzilla? Any out-of-pocket cost other than the bodies
needed as identified above?
@@ -3356,7 +3462,53 @@ Appendix A. The Bugzilla FAQ
progression states, also require adjusting the program logic to
compensate for the change.
- A.4.7. Does Bugzilla provide any reporting features, metrics, graphs,
+ A.4.7. The index.html page doesn't show the footer. It's really
+ annoying to have to go to the querypage just to check my "my bugs"
+ link. How do I get a footer on static HTML pages?
+
+ This was a late-breaking question for the Guide, so I just have to
+ quote the relevant newsgroup thread on it.
+
+ > AFAIK, most sites (even if they have SSI enabled) won't have #exec c
+ md
+ > enabled. Perhaps what would be better is a #include virtual and a
+ > footer.cgi the basically has the "require 'CGI.pl' and PutFooter com
+ mand.
+ >
+ > Please note that under most configurations, this also requires namin
+ g
+ > the file from index.html to index.shtml (and making sure that it wil
+ l
+ > still be reconized as an index). Personally, I think this is better
+ on
+ > a per-installation basis (perhaps add something to the FAQ that says
+ how
+ > to do this).
+ Good point. Yeah, easy enough to do, that it shouldn't be a big deal
+ for
+ someone to take it on if they want it. FAQ is a good place for it.
+ > Dave Miller wrote:
+ >
+ >> I did a little experimenting with getting the command menu and foot
+ er on
+ >> the end of the index page while leaving it as an HTML file...
+ >>
+ >> I was successful. :)
+ >>
+ >> I added this line:
+ >>
+ >>
+ >>
+ >> Just before the </BODY> </HTML> at the end of the file. And it wor
+ ked.
+ >>
+ >> Thought I'd toss that out there. Should I check this in? For thos
+ e that
+ >> have SSI disabled, it'll act like a comment, so I wouldn't think it
+ would
+ >> break anything.
+
+ A.4.8. Does Bugzilla provide any reporting features, metrics, graphs,
etc? You know, the type of stuff that management likes to see. :)
Yes. Look at http://bugzilla.mozilla.org/reports.cgi for basic
@@ -3371,7 +3523,7 @@ Appendix A. The Bugzilla FAQ
Advanced Reporting is a Bugzilla 3.X proposed feature.
- A.4.8. Is there email notification and if so, what do you see when you
+ A.4.9. Is there email notification and if so, what do you see when you
get an email? Do you see bug number and title or is it only the
number?
@@ -3379,12 +3531,12 @@ Appendix A. The Bugzilla FAQ
bug report accompany each email notification, along with a list of the
changes made.
- A.4.9. Can email notification be set up to send to multiple people,
+ A.4.10. Can email notification be set up to send to multiple people,
some on the To List, CC List, BCC List etc?
Yes.
- A.4.10. If there is email notification, do users have to have any
+ A.4.11. If there is email notification, do users have to have any
particular type of email application?
Bugzilla email is sent in plain text, the most compatible mail format
@@ -3398,7 +3550,7 @@ Appendix A. The Bugzilla FAQ
user sends HTML-based email into Bugzilla the resulting comment
looks downright awful.
- A.4.11. If I just wanted to track certain bugs, as they go through
+ A.4.12. If I just wanted to track certain bugs, as they go through
life, can I set it up to alert me via email whenever that bug changes,
whether it be owner, status or description etc.?
@@ -3407,7 +3559,7 @@ Appendix A. The Bugzilla FAQ
tab of the User Preferences screen in Bugzilla to the "Only those bugs
which I am listed on the CC line" option.
- A.4.12. Does Bugzilla allow data to be imported and exported? If I had
+ A.4.13. Does Bugzilla allow data to be imported and exported? If I had
outsiders write up a bug report using a MS Word bug template, could
that template be imported into "matching" fields? If I wanted to take
the results of a query and export that data to MS Excel, could I do
@@ -3429,46 +3581,46 @@ Appendix A. The Bugzilla FAQ
find an excellent example at
http://www.mozilla.org/quality/help/bugzilla-helper.html
- A.4.13. Does Bugzilla allow fields to be added, changed or deleted? If
+ A.4.14. Does Bugzilla allow fields to be added, changed or deleted? If
I want to customize the bug submission form to meet our needs, can I
do that using our terminology?
Yes.
- A.4.14. Has anyone converted Bugzilla to another language to be used
+ A.4.15. Has anyone converted Bugzilla to another language to be used
in other countries? Is it localizable?
Currently, no. Internationalization support for Perl did not exist in
a robust fashion until the recent release of version 5.6.0; Bugzilla
is, and likely will remain (until 3.X) completely non-localized.
- A.4.15. Can a user create and save reports? Can they do this in Word
+ A.4.16. Can a user create and save reports? Can they do this in Word
format? Excel format?
Yes. No. No.
- A.4.16. Can a user re-run a report with a new project, same query?
+ A.4.17. Can a user re-run a report with a new project, same query?
Yes.
- A.4.17. Can a user modify an existing report and then save it into
+ A.4.18. Can a user modify an existing report and then save it into
another name?
You can save an unlimited number of queries in Bugzilla. You are free
to modify them and rename them to your heart's desire.
- A.4.18. Does Bugzilla have the ability to search by word, phrase,
+ A.4.19. Does Bugzilla have the ability to search by word, phrase,
compound search?
You have no idea. Bugzilla's query interface, particularly with the
advanced Boolean operators, is incredibly versatile.
- A.4.19. Can the admin person establish separate group and individual
+ A.4.20. Can the admin person establish separate group and individual
user privileges?
Yes.
- A.4.20. Does Bugzilla provide record locking when there is
+ A.4.21. Does Bugzilla provide record locking when there is
simultaneous access to the same bug? Does the second person get a
notice that the bug is in use or how are they notified?
@@ -3476,19 +3628,19 @@ Appendix A. The Bugzilla FAQ
detection, and offers the offending user a choice of options to deal
with the conflict.
- A.4.21. Are there any backup features provided?
+ A.4.22. Are there any backup features provided?
MySQL, the database back-end for Bugzilla, allows hot-backup of data.
You can find strategies for dealing with backup considerations at
http://www.mysql.com/doc/B/a/Backup.html
- A.4.22. Can users be on the system while a backup is in progress?
+ A.4.23. Can users be on the system while a backup is in progress?
Yes. However, commits to the database must wait until the tables are
unlocked. Bugzilla databases are typically very small, and backups
routinely take less than a minute.
- A.4.23. What type of human resources are needed to be on staff to
+ A.4.24. What type of human resources are needed to be on staff to
install and maintain Bugzilla? Specifically, what type of skills does
the person need to have? I need to find out if we were to go with
Bugzilla, what types of individuals would we need to hire and how much
@@ -3507,7 +3659,7 @@ Appendix A. The Bugzilla FAQ
me three to five hours to make Bugzilla happy on a Development
installation of Linux-Mandrake.
- A.4.24. What time frame are we looking at if we decide to hire people
+ A.4.25. What time frame are we looking at if we decide to hire people
to install and maintain the Bugzilla? Is this something that takes
hours or weeks to install and a couple of hours per week to maintain
and customize or is this a multi-week install process, plus a full
@@ -3520,7 +3672,7 @@ Appendix A. The Bugzilla FAQ
UNIX or Perl skills to handle your process management and bug-tracking
maintenance & customization.
- A.4.25. Is there any licensing fee or other fees for using Bugzilla?
+ A.4.26. Is there any licensing fee or other fees for using Bugzilla?
Any out-of-pocket cost other than the bodies needed as identified
above?