From 98be5699b669fc561c2949b8d17879b39d16f272 Mon Sep 17 00:00:00 2001 From: "gerv%gerv.net" <> Date: Fri, 4 Apr 2008 11:46:49 +0000 Subject: Massive rearrangement of the installation section. Hopefully it makes sense now. --- docs/en/xml/Bugzilla-Guide.xml | 22 +- docs/en/xml/about.xml | 43 +- docs/en/xml/customization.xml | 960 +++++++++++-------- docs/en/xml/gfdl.xml | 22 +- docs/en/xml/installation.xml | 2046 ++++++++++++++++++---------------------- 5 files changed, 1536 insertions(+), 1557 deletions(-) diff --git a/docs/en/xml/Bugzilla-Guide.xml b/docs/en/xml/Bugzilla-Guide.xml index 1ed018678..0175caec1 100644 --- a/docs/en/xml/Bugzilla-Guide.xml +++ b/docs/en/xml/Bugzilla-Guide.xml @@ -11,13 +11,11 @@ - - - + - + - + @@ -54,7 +52,7 @@ - + @@ -136,12 +134,6 @@ &about; - -&introduction; - - -&using; - &installation; @@ -151,12 +143,18 @@ &customization; + +&using; + &faq; &patches; + +&modules; + &gfdl; diff --git a/docs/en/xml/about.xml b/docs/en/xml/about.xml index 1d48fde19..b594ce163 100644 --- a/docs/en/xml/about.xml +++ b/docs/en/xml/about.xml @@ -6,8 +6,11 @@ @@ -113,7 +136,7 @@ - Last but not least, all the members of the + Also, thanks are due to the members of the netscape.public.mozilla.webtools newsgroup. Without your discussions, insight, suggestions, and patches, diff --git a/docs/en/xml/customization.xml b/docs/en/xml/customization.xml index bb89cb12b..67877f9ca 100644 --- a/docs/en/xml/customization.xml +++ b/docs/en/xml/customization.xml @@ -1,43 +1,7 @@ - Customizing Bugzilla + Customising Bugzilla -
- Custom Skins - - - Bugzilla allows you to have multiple skins. These are custom CSS and possibly - also custom images for Bugzilla. To create a new custom skin, you have two - choices: - - - - Make a single CSS file, and put it in the - skins/contrib directory. - - - - - Make a directory that contains all the same CSS file - names as skins/standard/, and put - your directory in skins/contrib/. - - - - - - - After you put the file or the directory there, make sure to run checksetup.pl - so that it can reset the file permissions correctly. - - - After you have installed the new skin, it will show up as an option in the - user's General Preferences. If you would like to force a particular skin on all - users, just select it in the Default Preferences and then uncheck "Enabled" on - the preference. - -
-
Template Customization @@ -54,78 +18,45 @@ . -
- Template Directory Structure - - The template directory structure starts with top level directory - named template, which contains a directory - for each installed localization. The next level defines the - language used in the templates. Bugzilla comes with English - templates, so the directory name is en, - and we will discuss template/en throughout - the documentation. Below template/en is the - default directory, which contains all the - standard templates shipped with Bugzilla. +
+ What to Edit + + The template directory structure is that there's a top level directory, + template, which contains a directory for + each installed localization. The default English templates are + therefore in en. Underneath that, there + is the default directory and optionally the + custom directory. The default + directory contains all the templates shipped with Bugzilla, whereas + the custom directory does not exist at first and + must be created if you want to use it. - - - A directory data/templates also exists; - this is where Template Toolkit puts the compiled versions of - the templates from either the default or custom directories. - Do not directly edit the files in this - directory, or all your changes will be lost the next time - Template Toolkit recompiles the templates. - - -
- -
- Choosing a Customization Method - - If you want to edit Bugzilla's templates, the first decision - you must make is how you want to go about doing so. There are two - choices, and which you use depends mainly on the scope of your - modifications, and the method you plan to use to upgrade Bugzilla. - - + There are two different ways of editing Bugzilla's templates, + and which you use depends mainly on the method you plan to use to + upgrade Bugzilla. The first method of making customizations is to directly edit the - templates found in template/en/default. - This is probably the best way to go about it if you are going to - be upgrading Bugzilla through CVS, because if you then execute - a cvs update, any changes you have made will - be merged automagically with the updated versions. + templates in template/en/default. This is + probably the best method for small changes if you are going to use + the CVS method of upgrading, because if you then execute a + cvs update, any template fixes will get + automagically merged into your modified versions. - - - If you use this method, and CVS conflicts occur during an - update, the conflicted templates (and possibly other parts - of your installation) will not work until they are resolved. - - - - The second method is to copy the templates to be modified - into a mirrored directory structure under - template/en/custom. Templates in this - directory structure automatically override any identically-named - and identically-located templates in the - default directory. + If you use this method, your installation will break if CVS conflicts + occur. - - - The custom directory does not exist - at first and must be created if you want to use it. - - - - The second method of customization should be used if you - use the overwriting method of upgrade, because otherwise - your changes will be lost. This method may also be better if + The other method is to copy the templates to be modified into a + mirrored directory + structure under template/en/custom. The templates + in this directory automatically override those in default. + This is the technique you + need to use if you use the overwriting method of upgrade, because + otherwise your changes will be lost. This method is also better if you are using the CVS method of upgrading and are going to make major changes, because it is guaranteed that the contents of this directory will not be touched during an upgrade, and you can then decide whether @@ -134,9 +65,9 @@ - Using this method, your installation may break if incompatible - changes are made to the template interface. Such changes should - be documented in the release notes, provided you are using a + If you use this method, your installation may break if incompatible + changes are made to the template interface. If such changes are made + they will be documented in the release notes, provided you are using a stable release of Bugzilla. If you use using unstable code, you will need to deal with this one yourself, although if possible the changes will be mentioned before they occur in the deprecations section of the @@ -145,25 +76,21 @@ - Regardless of which method you choose, it is recommended that - you run ./checksetup.pl after creating or - editing any templates in the template/en/default - directory, and after editing any templates in the - custom directory. + Don't directly edit the compiled templates in + data/template/* - your + changes will be lost when Template Toolkit recompiles them. - - - It is required that you run - ./checksetup.pl after creating a new - template in the custom directory. Failure - to do so will raise an incomprehensible error message. + + It is recommended that you run ./checksetup.pl + after any template edits, especially if you've created a new file in + the custom directory. - +
-
+
How To Edit Templates @@ -171,7 +98,7 @@ If you are making template changes that you intend on submitting back for inclusion in standard Bugzilla, you should read the relevant sections of the - Developers' + Developers' Guide. @@ -189,7 +116,7 @@ to properly HTML filter data that has been passed into the template. This means that if the data can possibly contain special HTML characters such as <, and the data was not intended to be HTML, they need to be - converted to entity form, i.e. &lt;. You use the 'html' filter in the + converted to entity form, ie &lt;. You use the 'html' filter in the Template Toolkit to do this. If you forget, you may open up your installation to cross-site scripting attacks. @@ -198,18 +125,16 @@ Also note that Bugzilla adds a few filters of its own, that are not in standard Template Toolkit. In particular, the 'url_quote' filter can convert characters that are illegal or have special meaning in URLs, - such as &, to the encoded form, i.e. %26. This actually encodes most + such as &, to the encoded form, ie %26. This actually encodes most characters (but not the common ones such as letters and numbers and so on), including the HTML-special characters, so there's never a need to HTML filter afterwards. - Editing templates is a good way of doing a poor man's custom - fields. + Editing templates is a good way of doing a "poor man's custom fields". For example, if you don't use the Status Whiteboard, but want to have - a free-form text entry box for Build Identifier, - then you can just + a free-form text entry box for "Build Identifier", then you can just edit the templates to change the field labels. It's still be called status_whiteboard internally, but your users don't need to know that. @@ -217,29 +142,22 @@
-
- Template Formats and Types +
+ Template Formats - Some CGI's have the ability to use more than one template. For example, - buglist.cgi can output itself as RDF, or as two - formats of HTML (complex and simple). The mechanism that provides this - feature is extensible. - - - - Bugzilla can support different types of output, which again can have - multiple formats. In order to request a certain type, you can append - the &ctype=<contenttype> (such as rdf or html) to the - <cginame>.cgi URL. If you would like to - retrieve a certain format, you can use the &format=<format> - (such as simple or complex) in the URL. + Some CGIs have the ability to use more than one template. For + example, buglist.cgi can output bug lists as RDF or two + different forms of HTML (complex and simple). (Try this out + by appending &format=simple to a buglist.cgi + URL on your Bugzilla installation.) This + mechanism, called template 'formats', is extensible. - To see if a CGI supports multiple output formats and types, grep the - CGI for get_format. If it's not present, adding - multiple format/type support isn't too hard - see how it's done in + To see if a CGI supports multiple output formats, grep the + CGI for "GetFormat". If it's not present, adding + multiple format support isn't too hard - see how it's done in other CGIs, e.g. config.cgi. @@ -258,32 +176,22 @@ You now need to decide what content type you want your template - served as. The content types are defined in the - Bugzilla/Constants.pm file in the - contenttypes - constant. If your content type is not there, add it. Remember - the three- or four-letter tag assigned to your content type. + served as. Open up the localconfig file and find the + $contenttypes + variable. If your content type is not there, add it. Remember + the three- or four-letter tag assigned to you content type. This tag will be part of the template filename. - - - - After adding or changing a content type, it's suitable to edit - Bugzilla/Constants.pm in order to reflect - the changes. Also, the file should be kept up to date after an - upgrade if content types have been customized in the past. - - Save the template as <stubname>-<formatname>.<contenttypetag>.tmpl. Try out the template by calling the CGI as - <cginame>.cgi?format=<formatname>&ctype=<type> . + <cginame>.cgi?format=<formatname> .
-
+
Particular Templates @@ -307,8 +215,7 @@ global/banner.html.tmpl: - This contains the banner, the part of the header - that appears + This contains the "banner", the part of the header that appears at the top of all Bugzilla pages. The default banner is reasonably barren, so you'll probably want to customize this to give your installation a distinctive look and feel. It is recommended you @@ -323,26 +230,6 @@ your Bugzilla installation. - - global/variables.none.tmpl: - This defines a list of terms that may be changed in order to - brand the Bugzilla instance In this way, terms - like bugs can be replaced with issues - across the whole Bugzilla installation. The name - Bugzilla and other words can be customized as well. - - - - list/table.html.tmpl: - This template controls the appearance of the bug lists created - by Bugzilla. Editing this template allows per-column control of - the width and title of a column, the maximum display length of - each entry, and the wrap behaviour of long entries. - For long bug lists, Bugzilla inserts a 'break' every 100 bugs by - default; this behaviour is also controlled by this template, and - that value can be modified here. - - bug/create/user-message.html.tmpl: This is a message that appears near the top of the bug reporting page. @@ -350,79 +237,51 @@ bugs. - - bug/process/midair.html.tmpl: - This is the page used if two people submit simultaneous changes to the - same bug. The second person to submit their changes will get this page - to tell them what the first person did, and ask if they wish to - overwrite those changes or go back and revisit the bug. The default - title and header on this page read "Mid-air collision detected!" If - you work in the aviation industry, or other environment where this - might be found offensive (yes, we have true stories of this happening) - you'll want to change this to something more appropriate for your - environment. - - bug/create/create.html.tmpl and bug/create/comment.txt.tmpl: - You may not wish to go to the effort of creating custom fields in - Bugzilla, yet you want to make sure that each bug report contains - a number of pieces of important information for which there is not - a special field. The bug entry system has been designed in an - extensible fashion to enable you to add arbitrary HTML widgets, - such as drop-down lists or textboxes, to the bug entry page - and have their values appear formatted in the initial comment. - A hidden field that indicates the format should be added inside - the form in order to make the template functional. Its value should - be the suffix of the template filename. For example, if the file - is called create-cust.html.tmpl, then - <input type="hidden" name="format" value="cust"> - should be used inside the form. + You may wish to get bug submitters to give certain bits of structured + information, each in a separate input widget, for which there is not a + field in the database. The bug entry system has been designed in an + extensible fashion to enable you to define arbitrary fields and widgets, + and have their values appear formatted in the initial + Description, rather than in database fields. An example of this + is the mozilla.org + guided + bug submission form. - - An example of this is the mozilla.org - guided - bug submission form. The code for this comes with the Bugzilla - distribution as an example for you to copy. It can be found in the - files - create-guided.html.tmpl and - comment-guided.html.tmpl. - - - So to use this feature, create a custom template for - enter_bug.cgi. The default template, on which you - could base it, is - custom/bug/create/create.html.tmpl. - Call it create-<formatname>.html.tmpl, and - in it, add widgets for each piece of information you'd like + To make this work, create a custom template for + enter_bug.cgi (the default template, on which you + could base it, is create.html.tmpl), + and either call it create.html.tmpl or use a format and + call it create-<formatname>.html.tmpl. + Put it in the custom/bug/create + directory. In it, add widgets for each piece of information you'd like collected - such as a build number, or set of steps to reproduce. Then, create a template like - custom/bug/create/comment.txt.tmpl, and call it - comment-<formatname>.txt.tmpl. This - template should reference the form fields you have created using - the syntax [% form.<fieldname> %]. When a - bug report is + custom/bug/create/comment.txt.tmpl, also named + after your format if you are using one, which + references the form fields you have created. When a bug report is submitted, the initial comment attached to the bug report will be formatted according to the layout of this template. - For example, if your custom enter_bug template had a field + For example, if your enter_bug template had a field <input type="text" name="buildid" size="30"> and then your comment.txt.tmpl had BuildID: [% form.buildid %] - then something like + then BuildID: 20020303 - would appear in the initial comment. - + would appear in the initial checkin comment. +
- +
Configuring Bugzilla to Detect the User's Language @@ -434,99 +293,78 @@ url="http://www.bugzilla.org/download.html#localizations"/>. Instructions for submitting new languages are also available from that location. + + After untarring the localizations (or creating your own) in the + BUGZILLA_ROOT/template directory, + you must update the parameter to contain any + localizations you'd like to permit. You may also wish to set the + parameter to something other than + en if you don't want Engish to be the default language. +
- The Bugzilla Extension Mechanism + Template Hooks - - - Custom extensions require Template Toolkit version 2.12 or - above, or the application of a patch. See bug - 239112 for details. - - - - Extensions are a way for extensions to Bugzilla to insert code - into the standard Bugzilla templates and source files - without modifying these files themselves. The extension mechanism - defines a consistent API for extending the standard templates and source files - in a way that cleanly separates standard code from extension code. - Hooks reduce merge conflicts and make it easier to write extensions that work - across multiple versions of Bugzilla, making upgrading a Bugzilla installation - with installed extensions easier. Furthermore, they make it easy to install - and remove extensions as each extension is nothing more than a - simple directory structure. - - - - There are two main types of hooks: code hooks and template hooks. Code - hooks allow extensions to invoke code at specific points in various - source files, while template hooks allow extensions to add elements to - the Bugzilla user interface. + Template hooks are a way for extensions to Bugzilla to insert code + into the standard Bugzilla templates without modifying the template files + themselves. The hooks mechanism defines a consistent API for extending + the standard templates in a way that cleanly separates standard code + from extension code. Hooks reduce merge conflicts and make it easier + to write extensions that work across multiple versions of Bugzilla, + making upgrading a Bugzilla installation with installed extensions easier. - A hook is just a named place in a standard source or template file - where extension source code or template files for that hook get processed. - Each extension has a corresponding directory in the Bugzilla directory - tree (BUGZILLA_ROOT/extensions/extension_name). Hooking - an extension source file or template to a hook is as simple as putting - the extension file into extension's template or code directory. - When Bugzilla processes the source file or template and reaches the hook, - it will process all extension files in the hook's directory. - The hooks themselves can be added into any source file or standard template - upon request by extension authors. - - - - To use hooks to extend Bugzilla, first make sure there is - a hook at the appropriate place within the source file or template you - want to extend. The exact appearance of a hook depends on if the hook - is a code hook or a template hook. + A template hook is just a named place in a standard template file + where extension template files for that hook get processed. Each hook + has a corresponding directory in the Bugzilla directory tree. Hooking an + extension template to a hook is as simple as putting the extension file + into the hook's directory. When Bugzilla processes the standard template + and reaches the hook, it will process all extension templates in the + hook's directory. The hooks themselves can be added into any standard + template upon request by extension authors. - Code hooks appear in Bugzilla source files as a single method call - in the format Bugzilla::Hook->process("name");. - For instance, enter_bug.cgi may invoke the hook - "enter_bug-entrydefaultvars". Thus, a source file at - BUGZILLA_ROOT/extensions/EXTENSION_NAME/code/enter_bug-entrydefaultvars.pl - will be automatically invoked when the code hook is reached. - - - - Template hooks appear in the standard Bugzilla templates as a - single directive in the format + To use hooks to extend a Bugzilla template, first make sure there is + a hook at the appropriate place within the template you want to extend. + Hooks appear in the standard Bugzilla templates as a single directive + in the format [% Hook.process("name") %], - where name is the unique name of the hook. + where name is the unique (within that template) + name of the hook. - If you aren't sure what you want to extend or just want to browse the - available hooks, either use your favorite multi-file search + If you aren't sure which template you want to extend or just want + to browse the available hooks, either use your favorite multi-file search tool (e.g. grep) to search the standard templates - for occurrences of Hook.process or the source - files for occurrences of Bugzilla::Hook::process. + for occurrences of Hook.process or browse + the directory tree in + BUGZILLA_ROOT/template/en/extension/hook/, + which contains a directory for each hook in the following location: + + + + BUGZILLA_ROOT/template/en/extension/hook/PATH_TO_STANDARD_TEMPLATE/STANDARD_TEMPLATE_NAME/HOOK_NAME/ - If there is no hook at the appropriate place within the Bugzilla - source file or template you want to extend, + If there is no hook at the appropriate place within the Bugzilla template + you want to extend, file a bug requesting one, specifying: - the source or template file for which you are - requesting a hook; + the template for which you are requesting a hook; - where in the file you would like the hook to be placed - (line number/position for latest version of the file in CVS + where in the template you would like the hook to be placed + (line number/position for latest version of template in CVS or description of location); the purpose of the hook; @@ -535,8 +373,9 @@ The Bugzilla reviewers will promptly review each hook request, - name the hook, add it to the template or source file, and check - the new version of the template into CVS. + name the hook, add it to the template, check the new version + of the template into CVS, and create the corresponding directory in + BUGZILLA_ROOT/template/en/extension/hook/. @@ -552,13 +391,13 @@ After making sure the hook you need exists (or getting it added if not), - add your extension to the directory within the Bugzilla - extensions tree corresponding to the hook. + add your extension template to the directory within the Bugzilla + directory tree corresponding to the hook. - That's it! Now, when the source file or template containing the hook - is processed, your extension file will be processed at the point + That's it! Now, when the standard template containing the hook + is processed, your extension template will be processed at the point where the hook appears. @@ -589,9 +428,14 @@ ...]]> - The corresponding extension file for this hook is - BUGZILLA_ROOT/extensions/projman/template/en/hook/global/useful-links-edit.html.tmpl. - You then create that template file and add the following constant: + The corresponding directory for this hook is + BUGZILLA_ROOT/template/en/extension/hook/global/useful-links.html.tmpl/edit/. + + + + You put a template named + projman-edit-projects.html.tmpl + into that directory with the following content: projects' IF user.groups.projman_admins %]]]> @@ -600,76 +444,69 @@ Voila! The link now appears after the other administration links in the navigation bar for users in the projman_admins group. - - - Now, let us say your extension adds a custom "project_manager" field - to enter_bug.cgi. You want to modify the CGI script to set the default - project manager to be productname@company.com. Looking at - enter_bug.cgi, you see the enter_bug-entrydefaultvars - hook near the bottom of the file before the default form values are set. - The corresponding extension source file for this hook is located at - BUGZILLA_ROOT/extensions/projman/code/enter_bug-entrydefaultvars.pl. - You then create that file and add the following: - - - $default{'project_manager'} = $product.'@company.com'; - - - This code will be invoked whenever enter_bug.cgi is executed. - Assuming that the rest of the customization was completed (e.g. the - custom field was added to the enter_bug template and the required hooks - were used in process_bug.cgi), the new field will now have this - default value. - - + Notes: + + + You may want to prefix your extension template names + with the name of your extension, e.g. + projman-foo.html.tmpl, + so they do not conflict with the names of templates installed by + other extensions. + + + If your extension includes entirely new templates in addition to - extensions of standard templates, it should store those new - templates in its - BUGZILLA_ROOT/extensions/template/en/ - directory. Extension template directories, like the + extensions of standard templates, it should install those new + templates into an extension-specific subdirectory of the + BUGZILLA_ROOT/template/en/extension/ + directory. The extension/ directory, like the default/ and custom/ - directories, are part of the template search path, so putting templates + directories, is part of the template search path, so putting templates there enables them to be found by the template processor. The template processor looks for templates first in the custom/ directory (i.e. templates added by the - specific installation), then in the extensions/ - directory (i.e. templates added by extensions), and finally in the + specific installation), then in the extension/ + directory (i.e. templates added by extensions), and finally in the default/ directory (i.e. the standard Bugzilla - templates). Thus, installation-specific templates override both - default and extension templates. + templates). Thus extension templates can override standard templates, + but installation-specific templates override both. + + + + Note that overriding standard templates with extension templates + gives you great power but also makes upgrading an installation harder. + As with custom templates, we recommend using this functionality + sparingly and only when absolutely necessary. - If you are looking to customize Bugzilla, you can also take advantage - of template hooks. To do so, create a directory in + Installation customizers can also take advantage of hooks when adding + code to a Bugzilla template. To do so, create directories in BUGZILLA_ROOT/template/en/custom/hook/ - that corresponds to the hook you wish to use, then place your - customization templates into those directories. For example, - if you wanted to use the hook "end" in - global/useful-links.html.tmpl, you would - create the directory BUGZILLA_ROOT/template/en/custom/hook/ - global/useful-links.html.tmpl/end/ and add your customization - template to this directory. + equivalent to the directories in + BUGZILLA_ROOT/template/en/extension/hook/ + for the hooks you want to use, then place your customization templates + into those directories. Obviously this method of customizing Bugzilla only lets you add code - to the standard source files and templates; you cannot change the - existing code. Nevertheless, for those customizations that only add - code, this method can reduce conflicts when merging changes, - making upgrading your customized Bugzilla installation easier. + to the standard templates; you cannot change the existing code. + Nevertheless, for those customizations that only add code, this method + can reduce conflicts when merging changes, making upgrading + your customized Bugzilla installation easier. @@ -688,7 +525,7 @@ versions, and you upgrade. - + Companies often have rules about which employees, or classes of employees, are allowed to change certain things in the bug system. For example, @@ -697,34 +534,24 @@ designed to make it easy for you to write your own custom rules to define who is allowed to make what sorts of value transition. - - - By default, assignees, QA owners and users - with editbugs privileges can edit all fields of bugs, - except group restrictions (unless they are members of the groups they - are trying to change). Bug reporters also have the ability to edit some - fields, but in a more restrictive manner. Other users, without - editbugs privileges, can not edit - bugs, except to comment and add themselves to the CC list. - For maximum flexibility, customizing this means editing Bugzilla's Perl code. This gives the administrator complete control over exactly who is - allowed to do what. The relevant method is called - check_can_change_field(), - and is found in Bug.pm in your - Bugzilla/ directory. If you open that file and search for - sub check_can_change_field, you'll find it. + allowed to do what. The relevant function is called + CheckCanChangeField(), + and is found in process_bug.cgi in your + Bugzilla directory. If you open that file and grep for + "sub CheckCanChangeField", you'll find it. This function has been carefully commented to allow you to see exactly - how it works, and give you an idea of how to make changes to it. - Certain marked sections should not be changed - these are - the plumbing which makes the rest of the function work. - In between those sections, you'll find snippets of code like: - # Allow the assignee to change anything. + how it works, and give you an idea of how to make changes to it. Certain + marked sections should not be changed - these are the "plumbing" which + makes the rest of the function work. In between those sections, you'll + find snippets of code like: + # Allow the owner to change anything. if ($ownerid eq $whoid) { return 1; } @@ -733,11 +560,11 @@ So, how does one go about changing this function? Well, simple changes - can be made just by removing pieces - for example, if you wanted to + can be made just be removing pieces - for example, if you wanted to prevent any user adding a comment to a bug, just remove the lines marked - Allow anyone to change comments. If you don't want the - Reporter to have any special rights on bugs they have filed, just - remove the entire section that deals with the Reporter. + "Allow anyone to change comments." And if you want the reporter to have + no special rights on bugs they have filed, just remove the entire section + which refers to him. @@ -756,12 +583,8 @@ } } This says that only users in the group "quality_assurance" can change - the QA Contact field of a bug. - - - - Getting more weird: - if (($field eq "priority") && (Bugzilla->user->email =~ /.*\@example\.com$/)) { if ($oldvalue eq "P1") { @@ -770,27 +593,378 @@ else { return 0; } - }]]> + } This says that if the user is trying to change the priority field, and their email address is @example.com, they can only do so if the old value of the field was "P1". Not very useful, but illustrative. - - - - If you are modifying process_bug.cgi in any - way, do not change the code that is bounded by DO_NOT_CHANGE blocks. - Doing so could compromise security, or cause your installation to - stop working entirely. - - - For a list of possible field names, look at the bugs table in the - database. If you need help writing custom rules for your organization, - ask in the newsgroup. + For a list of possible field names, look in + data/versioncache for the list called + @::log_columns. If you need help writing custom + rules for your organization, ask in the newsgroup.
+ +
+ Modifying Your Running System + + Bugzilla optimizes database lookups by storing all relatively + static information in the + versioncache file, located in the + data/ + subdirectory under your installation directory. + + If you make a change to the structural data in your database (the + versions table for example), or to the + constants + + encoded in defparams.pl, you will need to remove + the cached content from the data directory (by doing a + rm data/versioncache + + ), or your changes won't show up. + + versioncache + gets automatically regenerated whenever it's more than + an hour old, so Bugzilla will eventually notice your changes by itself, + but generally you want it to notice right away, so that you can test + things. +
+ +
+ MySQL Bugzilla Database Introduction + + This information comes straight from my life. I was forced to learn + how Bugzilla organizes database because of nitpicky requests from users + for tiny changes in wording, rather than having people re-educate + themselves or figure out how to work our procedures around the tool. It + sucks, but it can and will happen to you, so learn how the schema works + and deal with it when it comes. + + So, here you are with your brand-new installation of Bugzilla. + You've got MySQL set up, Apache working right, Perl DBI and DBD talking + to the database flawlessly. Maybe you've even entered a few test bugs to + make sure email's working; people seem to be notified of new bugs and + changes, and you can enter and edit bugs to your heart's content. Perhaps + you've gone through the trouble of setting up a gateway for people to + submit bugs to your database via email, have had a few people test it, + and received rave reviews from your beta testers. + + What's the next thing you do? Outline a training strategy for your + development team, of course, and bring them up to speed on the new tool + you've labored over for hours. + + Your first training session starts off very well! You have a + captive audience which seems enraptured by the efficiency embodied in + this thing called "Bugzilla". You are caught up describing the nifty + features, how people can save favorite queries in the database, set them + up as headers and footers on their pages, customize their layouts, + generate reports, track status with greater efficiency than ever before, + leap tall buildings with a single bound and rescue Jane from the clutches + of Certain Death! + + But Certain Death speaks up -- a tiny voice, from the dark corners + of the conference room. "I have a concern," the voice hisses from the + darkness, "about the use of the word 'verified'." + + The room, previously filled with happy chatter, lapses into + reverential silence as Certain Death (better known as the Vice President + of Software Engineering) continues. "You see, for two years we've used + the word 'verified' to indicate that a developer or quality assurance + engineer has confirmed that, in fact, a bug is valid. I don't want to + lose two years of training to a new software product. You need to change + the bug status of 'verified' to 'approved' as soon as possible. To avoid + confusion, of course." + + Oh no! Terror strikes your heart, as you find yourself mumbling + "yes, yes, I don't think that would be a problem," You review the changes + with Certain Death, and continue to jabber on, "no, it's not too big a + change. I mean, we have the source code, right? You know, 'Use the + Source, Luke' and all that... no problem," All the while you quiver + inside like a beached jellyfish bubbling, burbling, and boiling on a hot + Jamaican sand dune... + + Thus begins your adventure into the heart of Bugzilla. You've been + forced to learn about non-portable enum() fields, varchar columns, and + tinyint definitions. The Adventure Awaits You! + +
+ Bugzilla Database Basics + + If you were like me, at this point you're totally clueless about + the internals of MySQL, and if it weren't for this executive order from + the Vice President you couldn't care less about the difference between + a + bigint + + and a + tinyint + + entry in MySQL. I recommend you refer to the + MySQL documentation + . Below are the basics you need to know about the Bugzilla database. + Check the chart above for more details. + + + + + To connect to your database: + + + bash# + + mysql + + -u root + + + If this works without asking you for a password, + shame on you + + ! You should have locked your security down like the installation + instructions told you to. You can find details on locking down + your database in the Bugzilla FAQ in this directory (under + "Security"), or more robust security generalities in the + MySQL + searchable documentation. + + + + + You should now be at a prompt that looks like this: + + + mysql> + + + At the prompt, if + bugs + + is the name you chose in the + localconfig + + file for your Bugzilla database, type: + + + mysql + + use bugs; + + + + + + +
+ Bugzilla Database Tables + + Imagine your MySQL database as a series of spreadsheets, and + you won't be too far off. If you use this command: + + + mysql> + show tables from bugs; + + + you'll be able to see the names of all the + spreadsheets + (tables) in your database. + + From the command issued above, ou should have some + output that looks like this: + ++-------------------+ +| Tables in bugs | ++-------------------+ +| attachments | +| bugs | +| bugs_activity | +| cc | +| components | +| dependencies | +| fielddefs | +| groups | +| keyworddefs | +| keywords | +| logincookies | +| longdescs | +| milestones | +| namedqueries | +| products | +| profiles | +| profiles_activity | +| tokens | +| versions | +| votes | +| watch | ++-------------------+ + + + + + Here's an overview of what each table does. Most columns in each table have +descriptive names that make it fairly trivial to figure out their jobs. + +attachments: This table stores all attachments to bugs. It tends to be your +largest table, yet also generally has the fewest entries because file +attachments are so (relatively) large. + +bugs: This is the core of your system. The bugs table stores most of the +current information about a bug, with the exception of the info stored in the +other tables. + +bugs_activity: This stores information regarding what changes are made to bugs +when -- a history file. + +cc: This tiny table simply stores all the CC information for any bug which has +any entries in the CC field of the bug. Note that, like most other tables in +Bugzilla, it does not refer to users by their user names, but by their unique +userid, stored as a primary key in the profiles table. + +components: This stores the programs and components (or products and +components, in newer Bugzilla parlance) for Bugzilla. Curiously, the "program" +(product) field is the full name of the product, rather than some other unique +identifier, like bug_id and user_id are elsewhere in the database. + +dependencies: Stores data about those cool dependency trees. + +fielddefs: A nifty table that defines other tables. For instance, when you +submit a form that changes the value of "AssignedTo" this table allows +translation to the actual field name "assigned_to" for entry into MySQL. + +groups: defines bitmasks for groups. A bitmask is a number that can uniquely +identify group memberships. For instance, say the group that is allowed to +tweak parameters is assigned a value of "1", the group that is allowed to edit +users is assigned a "2", and the group that is allowed to create new groups is +assigned the bitmask of "4". By uniquely combining the group bitmasks (much +like the chmod command in UNIX,) you can identify a user is allowed to tweak +parameters and create groups, but not edit users, by giving him a bitmask of +"5", or a user allowed to edit users and create groups, but not tweak +parameters, by giving him a bitmask of "6" Simple, huh? + If this makes no sense to you, try this at the mysql prompt: +mysql> select * from groups; + You'll see the list, it makes much more sense that way. + +keyworddefs: Definitions of keywords to be used + +keywords: Unlike what you'd think, this table holds which keywords are +associated with which bug id's. + +logincookies: This stores every login cookie ever assigned to you for every +machine you've ever logged into Bugzilla from. Curiously, it never does any +housecleaning -- I see cookies in this file I've not used for months. However, +since Bugzilla never expires your cookie (for convenience' sake), it makes +sense. + +longdescs: The meat of bugzilla -- here is where all user comments are stored! +You've only got 2^24 bytes per comment (it's a mediumtext field), so speak +sparingly -- that's only the amount of space the Old Testament from the Bible +would take (uncompressed, 16 megabytes). Each comment is keyed to the +bug_id to which it's attached, so the order is necessarily chronological, for +comments are played back in the order in which they are received. + +milestones: Interesting that milestones are associated with a specific product +in this table, but Bugzilla does not yet support differing milestones by +product through the standard configuration interfaces. + +namedqueries: This is where everybody stores their "custom queries". Very +cool feature; it beats the tar out of having to bookmark each cool query you +construct. + +products: What products you have, whether new bug entries are allowed for the +product, what milestone you're working toward on that product, votes, etc. It +will be nice when the components table supports these same features, so you +could close a particular component for bug entry without having to close an +entire product... + +profiles: Ahh, so you were wondering where your precious user information was +stored? Here it is! With the passwords in plain text for all to see! (but +sshh... don't tell your users!) + +profiles_activity: Need to know who did what when to who's profile? This'll +tell you, it's a pretty complete history. + +versions: Version information for every product + +votes: Who voted for what when + +watch: Who (according to userid) is watching who's bugs (according to their +userid). + + +=== +THE DETAILS +=== + + Ahh, so you're wondering just what to do with the information above? At the +mysql prompt, you can view any information about the columns in a table with +this command (where "table" is the name of the table you wish to view): + +mysql> show columns from table; + + You can also view all the data in a table with this command: + +mysql> select * from table; + + -- note: this is a very bad idea to do on, for instance, the "bugs" table if +you have 50,000 bugs. You'll be sitting there a while until you ctrl-c or +50,000 bugs play across your screen. + + You can limit the display from above a little with the command, where +"column" is the name of the column for which you wish to restrict information: + +mysql> select * from table where (column = "some info"); + + -- or the reverse of this + +mysql> select * from table where (column != "some info"); + + Let's take our example from the introduction, and assume you need to change +the word "verified" to "approved" in the resolution field. We know from the +above information that the resolution is likely to be stored in the "bugs" +table. Note we'll need to change a little perl code as well as this database +change, but I won't plunge into that in this document. Let's verify the +information is stored in the "bugs" table: + +mysql> show columns from bugs + + (exceedingly long output truncated here) +| bug_status| enum('UNCONFIRMED','NEW','ASSIGNED','REOPENED','RESOLVED','VERIFIED','CLOSED')||MUL | UNCONFIRMED|| + + Sorry about that long line. We see from this that the "bug status" column is +an "enum field", which is a MySQL peculiarity where a string type field can +only have certain types of entries. While I think this is very cool, it's not +standard SQL. Anyway, we need to add the possible enum field entry +'APPROVED' by altering the "bugs" table. + +mysql> ALTER table bugs CHANGE bug_status bug_status + -> enum("UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED", "RESOLVED", + -> "VERIFIED", "APPROVED", "CLOSED") not null; + + (note we can take three lines or more -- whatever you put in before the +semicolon is evaluated as a single expression) + +Now if you do this: + +mysql> show columns from bugs; + + you'll see that the bug_status field has an extra "APPROVED" enum that's +available! Cool thing, too, is that this is reflected on your query page as +well -- you can query by the new status. But how's it fit into the existing +scheme of things? + Looks like you need to go back and look for instances of the word "verified" +in the perl code for Bugzilla -- wherever you find "verified", change it to +"approved" and you're in business (make sure that's a case-insensitive search). +Although you can query by the enum field, you can't give something a status +of "APPROVED" until you make the perl changes. Note that this change I +mentioned can also be done by editing checksetup.pl, which automates a lot of +this. But you need to know this stuff anyway, right? + +
+
+
&integration; diff --git a/docs/en/xml/gfdl.xml b/docs/en/xml/gfdl.xml index 93987caf6..1d84d1255 100644 --- a/docs/en/xml/gfdl.xml +++ b/docs/en/xml/gfdl.xml @@ -16,7 +16,7 @@
- PREAMBLE + Preamble The purpose of this License is to make a manual, textbook, or other written document "free" in the sense of freedom: to assure everyone the @@ -41,7 +41,7 @@
- APPLICABILITY AND DEFINITIONS + Applicability and Definition This License applies to any manual or other work that contains a notice placed by the copyright holder saying it can be distributed under @@ -101,7 +101,7 @@
- VERBATIM COPYING + Verbatim Copying You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the @@ -118,7 +118,7 @@
- COPYING IN QUANTITY + Copying in Quantity If you publish printed copies of the Document numbering more than 100, and the Document's license notice requires Cover Texts, you must @@ -157,7 +157,7 @@
- MODIFICATIONS + Modifications You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release @@ -287,7 +287,7 @@
- COMBINING DOCUMENTS + Combining Documents You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified @@ -313,7 +313,7 @@
- COLLECTIONS OF DOCUMENTS + Collections of Documents You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies @@ -329,7 +329,7 @@
- AGGREGATION WITH INDEPENDENT WORKS + Aggregation with Independent Works A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a @@ -348,7 +348,7 @@
- TRANSLATION + Translation Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. @@ -363,7 +363,7 @@
- TERMINATION + Termination You may not copy, modify, sublicense, or distribute the Document except as expressly provided for under this License. Any other attempt to @@ -375,7 +375,7 @@
- FUTURE REVISIONS OF THIS LICENSE + Future Revisions of this License The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions diff --git a/docs/en/xml/installation.xml b/docs/en/xml/installation.xml index c559e6a92..95e299ab1 100644 --- a/docs/en/xml/installation.xml +++ b/docs/en/xml/installation.xml @@ -1,106 +1,107 @@ - - - Installation - -
- Step-by-step Install - - Bugzilla has been successfully installed under many different - operating systems including almost all Unix clones and - Microsoft Windows. Many - operating systems have utilities that make installation easier or quirks - that make it harder. We have tried to collect that information in - , so unless you are on Linux, - be sure to check out that section before - you start your installation. - + + + Installing Bugzilla + +
+ Installation + + + If you just want to use Bugzilla, + you do not need to install it. None of this chapter is relevant to + you. Ask your Bugzilla administrator + for the URL to access it over the web. + + + + The Bugzilla server software is usually installed on Linux or + Solaris. + If you are installing on another OS, check + before you start your installation to see if there are any special + instructions. + - - Windows is one of those operating systems that has many quirks - and is not yet officially supported by the Bugzilla team. If you wish - to install Bugzilla on Windows, be sure to see - . - - + + As an alternative to following these instructions, you may wish to + try Arne Schirmacher's unofficial and unsupported + Bugzilla + Installer, which installs Bugzilla and all its prerequisites + on Linux or Solaris systems. + - - While installing Bugzilla, it is a good idea to ensure that there - is some kind of configurable firewall between you and the rest of the - Internet - as your machine may be insecure for periods during the install. Many - installation steps require an active Internet connection to complete, - but you must take care to ensure that at no point is your machine - vulnerable to an attack. - - - This guide assumes that you already have your operating system - installed, network configured, and have administrative access to the - machine onto which you are installing Bugzilla. It is possible to - install and run Bugzilla itself without administrative access, but you - have to - either make sure all the required software is installed or get somebody - with administrative access to install it for you. - + This guide assumes that you have administrative access to the + Bugzilla machine. It not possible to + install and run Bugzilla itself without administrative access except + in the very unlikely event that every single prerequisite is + already installed. + - - You are strongly recommended to make a backup of your system - before installing Bugzilla (and at regular intervals thereafter :-). - - - Here's a basic step-by-step list: + + The installation process may make your machine insecure for + short periods of time. Make sure there is a firewall between you + and the Internet. + - - - Install Perl - (&min-perl-ver; or above) - - - - Install MySQL - (&min-mysql-ver; or above) - - - - Install a Webserver - - - - Put Bugzilla in the Webspace - - - - Install Perl Modules - - - - Setup the MySQL Database - - - + + You are strongly recommended to make a backup of your system + before installing Bugzilla (and at regular intervals thereafter :-). + + + In outline, the installation proceeds as follows: + + + + + Install Perl + (&min-perl-ver; or above) + + + + Install MySQL + (&min-mysql-ver; or above) + + + + Install a Webserver + + + + Install Bugzilla + + + + Install Perl modules + + + + Configure all of the above. + + +
Perl + Installed Version Test: perl -v + Any machine that doesn't have Perl on it is a sad machine indeed. - If your OS doesn't come with it, Perl can be got in source form - from . - There are also binary versions available for many platforms, most of which - are linked to from perl.com. - Although Bugzilla runs with perl &min-perl-ver;, - it's a good idea to be up to the very latest version - if you can when running Bugzilla. As of this writing, that is Perl - version &newest-perl-ver;. + If you don't have it and your OS doesn't provide official packages, + visit . + Although Bugzilla runs with Perl &min-perl-ver;, + it's a good idea to be using the latest stable version. + As of this writing, that is Perl &newest-perl-ver;.
MySQL - If your OS doesn't come with it or provide official packages, - visit the MySQL homepage at - - to grab and install the latest stable release of the server. + Installed Version Test: mysql -V + + + If you don't have it and your OS doesn't provide official packages, + visit . You need MySQL version + &min-mysql-ver; or higher. @@ -108,278 +109,126 @@ versions of MySQL store their data files in /var. On some Unix systems, this is part of a smaller root partition, - and may not have room for your bug database. You can set the data - directory as an option to configure - if you build MySQL from source yourself. - - + and may not have room for your bug database. To change the data + directory, you have to build MySQL from source yourself, and + set it as an option to configure. + + If you install from something other than a packaging/installation - system (such as .rpm, .dep, .exe, or .msi) you will need to configure - your system so the MySQL server daemon will come back up whenever - your machine reboots. - - - If you wish to have attachments larger than 64K, you will have to - configure MySQL to accept large packets. This is done by adding the text - in to your - my.conf file. There is also a parameter in Bugzilla - for setting the maximum allowable attachment size. - - You should set this value to be slightly larger than that parameter. - + system (such as .rpm, .dep, .exe, or .msi) make sure the MySQL server + is started when the machine boots. + -
- Set Max Packet Size in MySQL - - -[mysqld] -# Allow packets up to 1M -set-variable = max_allowed_packet=1M - -
- - If you are running Bugzilla and MySQL on the same machine, you may - also wish to utilize the option as - mentioned in for the added security. - - -
- Adding a user to MySQL - - This first thing you'll want to do is make sure you've given the - root user a password as suggested in - . Then, you need to add a user for - Bugzilla to use. For clarity, these instructions will - assume that your MySQL user for Bugzilla will be bugs_user, - the database will be called bugs_db and the password for - the bugs_user user is bugs_password. You - should, of course, substitute the values you intend to use for your site. - - - - Most people use bugs for both the user and - database name. Don't use it for the password, though... - - - - We use an SQL GRANT command to create a - bugs_user - user. This also restricts the - bugs_user - user to operations within a database called - bugs_db, and only allows the account to connect from - localhost. - Modify it to reflect your setup if you will be connecting from - another machine or as a different user. - - - mysql> GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE, - DROP,REFERENCES ON bugs_db.* TO bugs_user@localhost - IDENTIFIED BY 'bugs_password'; - mysql> FLUSH PRIVILEGES; - - - - If you are using MySQL 4, the bugs user also needs to be granted - the LOCK TABLES and - CREATE TEMPORARY TABLES permissions, - so add them to the list in the - GRANT command. - - -
- +
- HTTP Server + Web Server + Installed Version Test: view the default welcome page at + http://<your-machine>/ + You have freedom of choice here, pretty much any web server that is capable of running CGI - scripts will work. has more information about - configuring web servers to work with Bugzilla. - - - - We strongly recommend Apache as the web server to use. The - Bugzilla Guide installation instructions, in general, assume you are - using Apache. If you have got Bugzilla working using another webserver, + scripts will work. + However, we strongly recommend using the Apache web server + (either 1.3.x or 2.x), and + the installation instructions usually assume you are + using it. If you have got Bugzilla working using another webserver, please share your experiences with us by filing a bug in &bzg-bugs;. - - + + + + If you don't have Apache and your OS doesn't provide official packages, + visit . +
Bugzilla - You should untar the Bugzilla files into a directory that you're - willing to make writable by the default web server user (probably - nobody). - You may decide to put the files in the main web space for your - web server or perhaps in - /usr/local - with a symbolic link in the web space that points to the Bugzilla - directory. - - - If you symlink the bugzilla directory into your Apache's - html - hierarchy, you may receive - Forbidden - errors unless you add the - FollowSymLinks - directive to the <Directory> entry for - the HTML root directory in httpd.conf. - + + Download a Bugzilla tarball (or check it out from CVS) and place + it in a suitable directory, writable by the default web server user + (probably nobody). + Good locations are either directly in the main web space for your + web server or perhaps in + /usr/local + with a symbolic link from the web space. + The default Bugzilla distribution is not designed to be placed - in a cgi-bin directory (this + in a cgi-bin directory. This includes any directory which is configured using the - directive of Apache). + directive of Apache. Once all the files are in a web accessible directory, make that directory writable by your webserver's user. This is a temporary step - until you run the post-install + until you run the checksetup.pl script, which locks down your installation. -
-
- - <filename>checksetup.pl</filename> - - - Next, run the magic checksetup.pl script. - This is designed to check whether you have all of the right - Perl modules in the correct - versions, and that Bugzilla is generally set up correctly. +
+ Perl Modules + + Bugzilla's installation process is based + on a script called checksetup.pl. + The first thing it checks is whether you have appropriate + versions of all the required + Perl modules. The aim of this section is to pass this check. + When it passes, + do not run it again, + but proceed to . - Eventually, - it will make sure Bugzilla files and directories have reasonable - permissions, set up the - data - directory, and create all the MySQL tables. But the first time you - run it, it's highly likely to tell you that you are missing a few - Perl modules. Make a note of which ones they are, and then proceed to - the next section to install them. + At this point, you need to su to root. You should + remain as root until the end of the install. Then run: - - -bash# ./checksetup.pl - - - - The first time you run it with all the correct modules installed, - it will create a file called - localconfig. - This file contains a variety of settings you may need to tweak - including how Bugzilla should connect to the MySQL database. - - The connection settings include: - - - server's host: just use - localhost - if the MySQL server is local - - - - database name: - bugs_db - if you're following these directions - - - - MySQL username: - bugs_user - if you're following these directions - + bash# ./checksetup.pl - - Password for the - bugs_user - MySQL account; (bugs_password above) - - + + + + + checksetup.pl will print out a list of the + required and optional Perl modules, together with the versions + (if any) installed on your machine. + The list of required modules is reasonably long; however, you + may already have several of them installed. - - Edit the file to change these. Once you are happy with the - settings, su to the user - your web server runs as, and re-run - checksetup.pl. (Note: on some security-conscious - systems, you may need to change the login shell for the webserver - account before you can do this.) - On this second run, it will create the database and an administrator - account for which you will be prompted to provide information. - - - The checksetup.pl script is designed so that you can run it at - any time without causing harm. You should run it after any upgrade to - Bugzilla. - -
- -
- Perl Modules - Don't be intimidated by this long list of modules. See - for a way of - installing all the ones you need with a single command. + + There is a meta-module called Bundle::Bugzilla, + which installs all the other + modules with a single command. You should use this if you are running + Perl 5.6.1 or above. - Perl modules can be found using - CPAN on Unix based systems or - PPM on Win32. - - - Good instuctions can be found for using each of these services on - their respective websites. The basics can be found in - for CPAN and - for PPM. - - - - Installing perl modules with CPAN - - The easy way: - -bash# perl -MCPAN -e 'install "<modulename>"' - - - - Or the hard way: - -bash# tar xzvf <module>.tar.gz -bash# cd <module> -bash# perl Makefile.PL -bash# make -bash# make test -bash# make install - - - - This assumes that you've already downloaded the - <module>.tar.gz to the current working - directory. - - - - The process of untarring the module as defined in - will create the - <module> directory. - - - - - + + The preferred way of installing Perl modules is via CPAN on Unix, + or PPM on Windows (see ). These + instructions assume you are using CPAN; if for some reason you need + to install the Perl modules manually, see + . + + + bash# perl -MCPAN -e 'install "<modulename>"' + + If you using Bundle::Bugzilla, invoke the magic CPAN command on it. + Otherwise, you need to work down the + list of modules that checksetup.pl says are + required, in the order given, invoking the command on each. + + Many people complain that Perl modules will not install for them. Most times, the error messages complain that they are missing a @@ -395,35 +244,41 @@ set-variable = max_allowed_packet=1M for further assistance or hire someone to help you out. + + Here is a complete list of modules and their minimum versions. + Some modules have special installation notes, which follow. + - Perl Modules (minimum version): + Required Perl modules: - Bundle::Bugzilla - (Will allow you to skip the rest) + AppConfig (&min-appconfig-ver;) - CGI - (&min-cgi-ver;) + CGI (&min-cgi-ver;) - Date::Format - (&min-date-format-ver;) + Data::Dumper (&min-data-dumper-ver;) + + + + + + Date::Format (&min-date-format-ver;) - DBI - (&min-dbi-ver;) + DBI (&min-dbi-ver;) @@ -436,34 +291,31 @@ set-variable = max_allowed_packet=1M - File::Spec - (&min-file-spec-ver;) + File::Spec (&min-file-spec-ver;) - File::Temp - (&min-file-temp-ver;) + File::Temp (&min-file-temp-ver;) - Template Toolkit + Template (&min-template-ver;) - Text::Wrap - (&min-text-wrap-ver;) + Text::Wrap (&min-text-wrap-ver;) - and, optionally: + Optional Perl modules: @@ -479,13 +331,6 @@ set-variable = max_allowed_packet=1M - - - XML::Parser - (&min-xml-parser-ver;) for the XML interface - - - GD::Graph @@ -502,8 +347,8 @@ set-variable = max_allowed_packet=1M - MIME::Parser - (&min-mime-parser-ver;) for the email interface + XML::Parser + (&min-xml-parser-ver;) for the XML interface @@ -513,472 +358,669 @@ set-variable = max_allowed_packet=1M (&min-patchreader-ver;) for pretty HTML view of patches + + + + MIME::Parser + (&min-mime-parser-ver;) for the optional email interface + + +
+ DBD::mysql -
- Bundle::Bugzilla - - If you are running at least perl 5.6.1, you can save yourself a lot - of time by using Bundle::Bugzilla. This bundle contains every module - required to get Bugzilla running. It does not include GD and friends, but - these are not required for a base install and can always be added later - if the need arises. - - - Assuming your perl was installed with CPAN (most unix installations - are), using Bundle::Bugzilla is really easy. Simply follow along with the - commands below. - + The installation process will ask you a few questions about the + desired compilation target and your MySQL installation. For most of the + questions the provided default will be adequate, but when asked if your + desired target is the MySQL or mSQL packages, you should + select the MySQL-related ones. Later you will be asked if you wish to + provide backwards compatibility with the older MySQL packages; you + should answer YES to this question. The default is NO. + A host of 'localhost' should be fine. A testing user of 'test', + with a null password, should have sufficient access to run + tests on the 'test' database which MySQL creates upon installation. + +
- -bash# perl -MCPAN -eshell -cpan shell -- CPAN exploration and modules installation (v1.63) -ReadLine support enabled +
+ Template Toolkit (&min-template-ver;) -cpan> + When you install Template Toolkit, you'll get asked various + questions about features to enable. The defaults are fine, except + that it is recommended you use the high speed XS Stash of the Template + Toolkit, in order to achieve best performance. + +
- +
+ GD (&min-gd-ver;) - - - At this point, unless you've used CPAN on this machine before, - you'll have to go through a series of configuration steps. - - - -
- -
- CGI (&min-cgi-ver;) + The GD module is only required if you want graphical reports. + - The CGI module parses form elements and cookies and does many - other usefule things. It come as a part of recent perl distributions, but - Bugzilla needs a fairly new version. - + + The Perl GD module requires some other libraries that may or + may not be installed on your system, including + libpng + and + libgd. + The full requirements are listed in the Perl GD module README. + If compiling GD fails, it's probably because you're + missing a required library. + - - CPAN Download Page: - PPM Download Link: - Documentation: - -
+ + The version of the GD module you need is very closely tied + to the libgd version installed on your system. + If you have a version 1.x of libgd the 2.x + versions of the GD module won't work for you. + + +
-
- TimeDate modules (&min-date-format-ver;) +
+ Chart::Base (&min-chart-base-ver;) - Many of the more common date/time/calendar related Perl modules - have been grouped into a bundle similar to the MySQL modules bundle. - This bundle is stored on the CPAN under the name TimeDate. - The component module we're most interested in is the Date::Format - module, but installing all of them is probably a good idea anyway. - + The Chart::Base module is only required if you want graphical + reports. + Note that earlier versions that 0.99c used GIFs, which are no longer + supported by the latest versions of GD. +
- - CPAN Download Page: - PPM Download Link: - Documentation: - -
+
+ GD::Graph (&min-gd-graph-ver;) -
- DBI (&min-dbi-ver;) - - The DBI module is a generic Perl module used the - MySQL-related modules. As long as your Perl installation was done - correctly the DBI module should be a breeze. It's a mixed Perl/C - module, but Perl's MakeMaker system simplifies the C compilation - greatly. - - - CPAN Download Page: - PPM Download Link: - Documentation: - -
+ The GD::Graph module is only required if you want graphical + reports. + +
-
- MySQL-related modules +
+ GD::Text::Align (&min-gd-text-align-ver;) - The Perl/MySQL interface requires a few mutually-dependent Perl - modules. These modules are grouped together into the the - Msql-Mysql-modules package. + The GD::Text::Align module is only required if you want graphical + reports. + +
- The MakeMaker process will ask you a few questions about the - desired compilation target and your MySQL installation. For most of the - questions the provided default will be adequate, but when asked if your - desired target is the MySQL or mSQL packages, you should - select the MySQL related ones. Later you will be asked if you wish to - provide backwards compatibility with the older MySQL packages; you - should answer YES to this question. The default is NO. +
+ XML::Parser (&min-xml-parser-ver;) - A host of 'localhost' should be fine and a testing user of 'test' - with a null password should find itself with sufficient access to run - tests on the 'test' database which MySQL created upon installation. - + The XML::Parser module is only required if you want to import + XML bugs using the importxml.pl + script. This is required to use Bugzilla's "move bugs" feature; + you may also want to use it for migrating from another bug database. + XML::Parser requires that the + expat library is already installed on your machine. + +
- - CPAN Download Page: - PPM Download Link: - Documentation: - -
+
+ MIME::Parser (&min-mime-parser-ver;) -
- File::Spec (&min-file-spec-ver;) + The MIME::Parser module is only required if you want to use the + email interface + located in the contrib directory. + +
- File::Spec is a perl module that allows file operations, such as - generating full path names, to work cross platform. - +
+ PatchReader (&min-patchreader-ver;) - - CPAN Download Page: - PPM Download Page: - Documentation: - -
+ The PatchReader module is only required if you want to use + Patch Viewer, a + Bugzilla feature to show code patches in your web browser in a more + readable form. + +
+
+
+ + +
+ Configuration -
- File::Temp (&min-file-temp-ver;) + + Poorly-configured MySQL and Bugzilla installations have + given attackers full access to systems in the past. Please take the + security parts of these guidelines seriously, even for Bugzilla + machines hidden away behind your firewall. + - File::Temp is used to generate a temporary filename that is - guaranteed to be unique. It comes as a standard part of perl +
+ localconfig + + + Once you run checksetup.pl with all the correct + modules installed, it displays a message about, and write out a + file called, + localconfig. This file contains the default + settings for a number of Bugzilla parameters. - - - CPAN Download Page: - PPM Download Link: - Documentation: - -
- -
- Template Toolkit (&min-template-ver;) - - When you install Template Toolkit, you'll get asked various - questions about features to enable. The defaults are fine, except - that it is recommended you use the high speed XS Stash of the Template - Toolkit, in order to achieve best performance. + + Load this file in your editor. The only value you + need to change is $db_pass, the password for + the user you will create for your database. + Pick a strong password (for simplicity, it should not contain + single quote characters) and put it here. - - - CPAN Download Page: - PPM Download Link: - Documentation: - -
- -
- Text::Wrap (&min-text-wrap-ver;) - - Text::Wrap is designed to proved intelligent text wrapping. + + + The other options in the localconfig file + are documented by their accompanying comments. If you have a slightly + non-standard MySQL setup, you may wish to change one or more of + the other "$db_*" parameters. - - - - CPAN Download Page: - Documentation: - -
- - -
- GD (&min-gd-ver;) [optional] - - You need the GD library if you want any of the graphing to work. + + + You may also wish to change the names of + the priorities, severities, operating systems and platforms for your + installation. However, you can always change these after installation + has finished; if you then re-run + checksetup.pl, the changes will get picked up. - - - The Perl GD library requires some other libraries that may or - may not be installed on your system, including - libpng - and - libgd. - The full requirements are listed in the Perl GD library README. - If compiling GD fails, it's probably because you're - missing a required library. - - - - The version of the GD perl module you need is very closely tied - to the libgd version installed on your system. - If you have a version 1.x of libgd the 2.x - versions of the GD perl module won't work for you. - - - - - CPAN Download Page: - PPM Download Link: - Documentation: - -
- -
- Chart::Base (&min-chart-base-ver;) [optional] - - The Chart module provides Bugzilla with on-the-fly charting - abilities. It can be installed in the usual fashion after it has been - fetched from CPAN. - Note that earlier versions that 0.99c used GIFs, which are no longer - supported by the latest versions of GD. - - - - CPAN Download Page: - PPM Download Link: -
+ +
+ MySQL -
- XML::Parser (&min-xml-parser-ver;) [optional] +
+ Security - XML::Parser is used by the importxml.pl - script. You only need it if you are going to be importing bugs (such as - for bug moving). XML::Parser requires that the - expat library is already installed on your machine. - + MySQL ships as insecure by default. + It allows anybody to on the local machine full administrative + capabilities without requiring a password; the special + MySQL root account (note: this is not the same as + the system root) also has no password. + Also, many installations default to running + mysqld as the system root. + - - - CPAN Download Page: - Documentation: - -
+ + + To disable the anonymous user account + and set a password for the root user, execute the following. The + root user password should be different to the bugs user password + you set in + localconfig in the previous section, + and also different to + the password for the system root account on your machine. + + bash$ mysql mysql + mysql> DELETE FROM user WHERE user = ''; + mysql> UPDATE user SET password = password('new_password') WHERE user = 'root'; + mysql> FLUSH PRIVILEGES; + + From this point forward, to run the + mysql command-line client, + you will need to type + mysql -u root -p and enter + new_password when prompted. + + -
- GD::Graph (&min-gd-graph-ver;) [optional] + + If you run MySQL on the same machine as your web server, you + should disable remote access to MySQL by adding + the following to your /etc/my.conf: + + [myslqd] + # Prevent network access to MySQL. + skip-networking + - In addition to GD listed above, the reporting interface of Bugzilla - needs to have the GD::Graph module installed. - + + Consult the documentation that came with your system for + information on making mysqld run as an + unprivileged user. + + - - CPAN Download Page: - PPM Download Link: - Documentation: - -
+ + For added security, you could also run MySQL, or even all + of Bugzilla + in a chroot jail; however, instructions for doing that are beyond + the scope of this document. + + -
- GD::Text::Align (&min-gd-text-align-ver;) [optional] + - GD::Text::Align, as the name implies, is used to draw aligned - strings of text. It is needed by the reporting interface. - +
+ +
+ Allow large attachments + + You need to configure MySQL to accept large packets, if you + want to have attachments larger than 64K. Add the text + below to your + /etc/my.conf. + There is also a parameter in Bugzilla + for setting the maximum allowable attachment size, (default 1MB). + Bugzilla will only accept attachments up to the lower of these two + sizes. + - - CPAN Download Page: - PPM Download Page: - Documentation: - -
+ [mysqld] + # Allow packets up to 1M + set-variable = max_allowed_packet=1M +
+ +
+ Add a user to MySQL + + You need to add a new MySQL user for + Bugzilla to use. (It's not safe to have Bugzilla use the MySQL root + account.) The following instructions assume the defaults in + localconfig; + if you changed those, you need to modify the + SQL command appropriately. You will need the + $db_pass password you set in + localconfig in + . + -
- MIME::Parser (&min-mime-parser-ver;) [optional] + We use an SQL GRANT command to create a + bugs + user. This also restricts the + bugs + user to operations within a database called + bugs, and only allows the account to connect from + localhost. + Modify it to reflect your setup if you will be connecting from + another machine or as a different user. + + Run the mysql command-line client and + enter: - MIME::Parser is only needed if you want to use the e-mail interface - located in the contrib directory. - + mysql> GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE, + DROP,REFERENCES ON bugs.* TO bugs@localhost + IDENTIFIED BY '$db_pass'; + mysql> FLUSH PRIVILEGES - - CPAN Download Page: - PPM Download Link: - Documentation: - + + If you are using MySQL 4, you need to add + the LOCK TABLES and + CREATE TEMPORARY TABLES permissions + to the list. + + +
-
- PatchReader (&min-patchreader-ver;) [optional] - - PatchReader is only needed if you want to use Patch Viewer, a - Bugzilla feature to format patches in a pretty HTML fashion. There are a - number of optional parameters you can configure Patch Viewer with as well, - including cvsroot, cvsroot_get, lxr_root, bonsai_url, lxr_url, and - lxr_root. Patch Viewer also optionally will use cvs, diff and interdiff - utilities if they exist on the system (interdiff can be found in the - patchutils package at . - These programs' locations can be configured in localconfig. - +
+ checksetup.pl - - CPAN Download Page: - Documentation: - -
-
- + + Next, rerun checksetup.pl. It reconfirms + that all the modules are present, and notices the altered + localconfig file, which it assumes you have edited to your + satisfaction. It compiles the UI templates, + connects to the database using the 'bugs' + user you created and the password you defined, and creates the + 'bugs' database and the tables therein. + -
- Configuring Bugzilla - Once checksetup.pl has run successfully, Bugzilla should start up. - Proceed to the correct URL and log in with the administrator account - you defined in the last checksetup.pl run. + After that, it asks for details of an administrator account. Bugzilla + can have multiple administrators - you can create more later - but + it needs one to start off with. + Enter the email address of an administrator, his or her full name, + and a suitable Bugzilla password. - You should run through the parameters on the Edit Parameters page - (link in the footer) and set them all to appropriate values. - They key parameters are documented in . + checksetup.pl will then finish. You may rerun + checksetup.pl at any time if you wish.
-
- -
- HTTP Server Configuration - - The Bugzilla Team recommends Apache when using Bugzilla, however, any web server - that can be configured to run CGI scripts - should be able to handle Bugzilla. No matter what web server you choose, but - especially if you choose something other than Apache, you should be sure to read - . - - - The plan for this section is to eventually document the specifics of how to lock - down permissions on individual web servers. - -
- Apache <productname>httpd</productname> - You will have to make sure that Apache is properly - configured to run the Bugzilla CGI scripts. You also need to make sure - that the .htaccess files created by - ./checksetup.pl are allowed to override Apache's normal access - permissions or else important password information may be exposed to the - Internet. +
+ Web server + Configure your web server according to the instructions in the + appropriate section. The Bugzilla Team recommends Apache. - You need to configure Apache to run .cgi files outside the - cgi-bin directory. - Open your - httpd.conf file and make sure the - following line exists and is uncommented: - -AddHandler cgi-script .cgi - +
+ Apache <productname>httpd</productname> + + Load httpd.conf in your editor. + + Uncomment (or add) the following line. + This configures Apache to run .cgi files outside the + cgi-bin directory. + + + AddHandler cgi-script .cgi + + Apache uses <Directory> + directives to permit fine-grained permission setting. + Add the following two lines to a + <Directory> directive that + applies either to the Bugzilla directory or one of its parents + (e.g. the <Directory /var/www/html> + directive). + This allows Bugzilla's .htaccess files to + override global permissions, and allows .cgi files to run in the + Bugzilla directory. + + + Options +ExecCGI +FollowSymLinks + AllowOverride Limit + + Add index.cgi to the end + of the DirectoryIndex + line. + + checksetup.pl can set tighter permissions + on Bugzilla's files and directories if it knows what user the + webserver runs as. Look for the User + line in httpd.conf, and place that value in + the $webservergroup variable in + localconfig. Then rerun + checksetup.pl. + +
+ +
+ Microsoft <productname>Internet Information Services</productname> + + If you need, or for some reason even want, to use Microsoft's + Internet Information Services or + Personal Web Server you should be able + to. You will need to configure them to know how to run CGI scripts. + This is described in Microsoft Knowledge Base article + Q245225 + for Internet Information Services and + Q231998 + for Personal Web Server. + + + Also, and this can't be stressed enough, make sure that files such as + localconfig and your data + directory are secured as described in . + + +
+ +
+ AOL Server + + Ben FrantzDale reported success using AOL Server with Bugzilla. He + reported his experience and what appears below is based on that. + + + AOL Server will have to be configured to run + CGI scripts, please consult + the documentation that came with your server for more information on + how to do this. + - To allow .htaccess files to override - permissions and .cgi files to run in the Bugzilla directory, make sure - the following two lines are in a Directory - directive that applies to the Bugzilla directory on your system - (either the Bugzilla directory or one of its parents). + Because AOL Server doesn't support .htaccess + files, you'll have to create a TCL + script. You should create an aolserver/modules/tcl/filter.tcl + file (the filename shouldn't matter) with the following contents (change + /bugzilla/ to the web-based path to + your Bugzilla installation): + -Options +ExecCGI -AllowOverride Limit + ns_register_filter preauth GET /bugzilla/localconfig filter_deny + ns_register_filter preauth GET /bugzilla/localconfig~ filter_deny + ns_register_filter preauth GET /bugzilla/\#localconfig\# filter_deny + ns_register_filter preauth GET /bugzilla/*.pl filter_deny + ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny + ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny + ns_register_filter preauth GET /bugzilla/data/* filter_deny + ns_register_filter preauth GET /bugzilla/template/* filter_deny + + proc filter_deny { why } { + ns_log Notice "filter_deny" + return "filter_return" + } - You should modify the <DirectoryIndex> parameter for - the Apache virtual host running your Bugzilla installation to - allow index.cgi as the index page for a - directory, as well as the usual index.html, - index.htm, and so forth. + + This probably doesn't account for all possible editor backup + files so you may wish to add some additional variations of + localconfig. For more information, see + + bug 186383 or Bugtraq ID 6501. + + - For more information on Apache and its directives, see the - glossary entry on . + If you are using webdot from research.att.com (the default + configuration for the paramater), you + will need to allow access to data/webdot/*.dot + for the reasearch.att.com machine. + + If you are using a local installation of GraphViz, you will need to allow + everybody to access *.png, + *.gif, *.jpg, and + *.map in the + data/webdot directory. -
+
+ +
+ Web Server Access Controls -
- Microsoft <productname>Internet Information Services</productname> - - If you need, or for some reason even want, to use Microsoft's - Internet Information Services or - Personal Web Server you should be able - to. You will need to configure them to know how to run CGI scripts, - however. This is described in Microsoft Knowledge Base article - Q245225 - for Internet Information Services and - Q231998 - for Personal Web Server. - + Users of Apache can skip this section because + Bugzilla ships with .htaccess files which + restrict access in the manner required. + Users of other webservers, read on. + - Also, and this can't be stressed enough, make sure that files such as - localconfig and your data - directory are secured as described in . - + There are several files in the Bugzilla directory + that should not be accessible from the web. You need to configure + your webserver so they they aren't. Not doing this may reveal + sensitive information such as database passwords. + -
+ + + In the main Bugzilla directory, you should: + + + Block: + + *.pl + *localconfig* + runtests.sh + + + + + But allow: + + localconfig.js + localconfig.rdf + + + + + -
- AOL Server + + In data: + + + Block everything + + + But allow: + + duplicates.rdf + + + + + - Ben FrantzDale reported success using AOL Server with Bugzilla. He - reported his experience and what appears below is based on that. - + + In data/webdot: + + + If you use a remote webdot server: + + + Block everything + + + But allow + + *.dot + + only for the remote webdot server + + + + + Otherwise, if you use a local GraphViz: + + + Block everything + + + But allow: + + *.png + *.gif + *.jpg + *.map + + + + + + + And if you don't use any dot: + + + Block everything + + + + + - AOL Server will have to be configured to run - CGI scripts, please consult - the documentation that came with your server for more information on - how to do this. - + + In Bugzilla: + + + Block everything + + + - Because AOL Server doesn't support .htaccess - files, you'll have to create a TCL - script. You should create an aolserver/modules/tcl/filter.tcl - file (the filename shouldn't matter) with the following contents (change - /bugzilla/ to the web-based path to - your Bugzilla installation): + + In template: + + + Block everything + + + + + + You should test to make sure that the files mentioned above are + not accessible from the Internet, especially your + localconfig file which contains your database + password. To test, simply point your web browser at the file; for + example, to test mozilla.org's installation, we'd try to access + . You should + get a 403 Forbidden + error. + +
+ +
+ +
+ Bugzilla + + + Your Bugzilla should now be working. Access + http://<your-bugzilla-server>/ - + you should see the Bugzilla + front page. If not, consult the Troubleshooting section, + . + + + + Log in with the administrator account you defined in the last + checksetup.pl run. You should go through + the parameters on the Edit Parameters page + (see link in the footer) and see if there are any you wish to + change. + They key parameters are documented in ; + you should certainly alter + maintainer and urlbase; + you may also want to alter + cookiepath or requirelogin. - -ns_register_filter preauth GET /bugzilla/localconfig filter_deny -ns_register_filter preauth GET /bugzilla/localconfig~ filter_deny -ns_register_filter preauth GET /bugzilla/\#localconfig\# filter_deny -ns_register_filter preauth GET /bugzilla/*.pl filter_deny -ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny -ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny -ns_register_filter preauth GET /bugzilla/data/* filter_deny -ns_register_filter preauth GET /bugzilla/template/* filter_deny - -proc filter_deny { why } { - ns_log Notice "filter_deny" - return "filter_return" -} - - - - This probably doesn't account for all possible editor backup - files so you may wish to add some additional variations of - localconfig. For more information, see - - bug 186383 or Bugtraq ID 6501. - - + + This would also be a good time to revisit the + localconfig file and make sure that the + names of the priorities, severities, platforms and operating systems + are those you wish to use when you start creating bugs. Remember + to rerun checksetup.pl if you change it. + - - If you are using webdot from research.att.com (the default - configuration for the paramater), you - will need to allow access to data/webdot/*.dot - for the reasearch.att.com machine. - - If you are using a local installation of GraphViz, you will need to allow - everybody to access *.png, - *.gif, *.jpg, and - *.map in the - data/webdot directory. - - -
+ + Bugzilla has several optional features which require extra + configuration. You can read about those in + . + +
+
Optional Additional Configuration + + Bugzilla has a number of optional features. This section describes how + to configure or enable them. + + +
+ Bug Graphs + + If you have installed the necessary Perl modules you + can start collecting statistics for the nifty Bugzilla + graphs. + + bash# crontab -e + + + This should bring up the crontab file in your editor. + Add a cron entry like this to run + collectstats.pl + daily at 5 after midnight: + + + 5 0 * * * cd <your-bugzilla-directory> ; ./collectstats.pl + + After two days have passed you'll be able to view bug graphs from + the Reports page. +
+
Dependency Charts - As well as the text-based dependency graphs, Bugzilla also - supports dependency graphing, using a package called 'dot'. + As well as the text-based dependency trees, Bugzilla also + supports a graphical view of dependency relationships, using a + package called 'dot'. Exactly how this works is controlled by the 'webdotbase' parameter, which can have one of three values: @@ -1006,80 +1048,66 @@ proc filter_deny { why } { - So, to get this working, install + The easiest way to get this working is to install GraphViz. If you do that, you need to enable server-side image maps in Apache. Alternatively, you could set up a webdot server, or use the AT&T - public webdot server (the - default for the webdotbase param). Note that AT&T's server won't work - if Bugzilla is only accessible using HARTS. + public webdot server. This is the default for the webdotbase param, + but it's often overloaded and slow. Note that AT&T's server + won't work + if Bugzilla is only accessible using HARTS. + Editor's note: What the heck is HARTS? Google doesn't know... +
-
- Bug Graphs - - As long as you installed the GD and Graph::Base Perl modules you - might as well turn on the nifty Bugzilla bug reporting graphs. - - Add a cron entry like this to run - collectstats.pl - daily at 5 after midnight: - - - - bash# - - crontab -e - - - - - 5 0 * * * cd <your-bugzilla-directory> ; - ./collectstats.pl - - - - - After two days have passed you'll be able to view bug graphs from - the Bug Reports page. -
-
The Whining Cron - By now you have a fully functional Bugzilla, but what good are - bugs if they're not annoying? To help make those bugs more annoying you + What good are + bugs if they're not annoying? To help make them more so you can set up Bugzilla's automatic whining system to complain at engineers which leave their bugs in the NEW or REOPENED state without triaging them. + This can be done by - adding the following command as a daily crontab entry (for help on that - see that crontab man page): - - - - cd <your-bugzilla-directory> ; - ./whineatnews.pl - - - + adding the following command as a daily crontab entry, in the same manner + as explained above for bug graphs. This example runs it at 12.55am. - - Depending on your system, crontab may have several manpages. - The following command should lead you to the most useful page for - this purpose: - -man 5 crontab - - - + 55 0 * * * cd <your-bugzilla-directory> ; ./whineatnews.pl +
+
+ Patch Viewer + + + Patch Viewer is the engine behind Bugzilla's graphical display of + code patches. You can integrate this with copies of the + cvs, lxr and + bonsai tools if you have them, by giving + the locations of your installation of these tools in + editparams.cgi. + + + + Patch Viewer also optionally will use the + cvs, diff and + interdiff + command-line utilities if they exist on the system. + Interdiff can be obtained from + . + If these programs are not in the system path, you can configure + their locations in localconfig. + + + +
+
LDAP Authentication @@ -1166,7 +1194,7 @@ man 5 crontab LDAPBaseDN The LDAPBaseDN parameter should be set to the location in - your LDAP tree that you would like to search for e-mail addresses. + your LDAP tree that you would like to search for email addresses. Your uids should be unique under the DN specified here. Ex. ou=People,o=Company @@ -1189,7 +1217,7 @@ man 5 crontab LDAPmailattribute The LDAPmailattribute parameter should be the name of the - attribute which contains the e-mail address your users will enter + attribute which contains the email address your users will enter into the Bugzilla login boxes. Ex. mail @@ -1201,75 +1229,78 @@ man 5 crontab
- Preventing untrusted Bugzilla content from executing malicious - Javascript code + Prevent users injecting malicious + Javascript - It is possible for a Bugzilla attachment to contain malicious - Javascript - code, which would be executed in the domain of your Bugzilla, thereby - making it possible for the attacker to e.g. steal your login cookies. + It is possible for a Bugzilla user to take advantage of character + set encoding ambiguities to inject HTML into Bugzilla comments. This + could include malicious scripts. Due to internationalization concerns, we are unable to - incorporate by default the code changes necessary to fulfill the CERT - advisory requirements mentioned in + incorporate by default the code changes suggested by . + url="http://www.cert.org/tech_tips/malicious_code_mitigation.html#3"> + the CERT advisory on this issue. If your installation is for an English speaking audience only, making the change below will prevent this problem. Simply locate the following line in Bugzilla/CGI.pm: - - $self->charset(''); - + $self->charset(''); and change it to: - - $self->charset('ISO-8859-1'); - + $self->charset('ISO-8859-1');
-
- - Bugzilla and <filename>mod_perl</filename> - - Bugzilla is unsupported under mod_perl. Effort is underway - to make it work cleanly in a mod_perl environment, but it is - slow going. - -
-
- <filename>mod_throttle</filename> - - and Security + mod_throttle It is possible for a user, by mistake or on purpose, to access the database many times in a row which can result in very slow access speeds for other users. If your Bugzilla installation is experiencing - this problem , you may install the Apache module + this problem, you may install the Apache module mod_throttle - - which can limit connections by ip-address. You may download this module + which can limit connections by IP address. You may download this module at . Follow the instructions to install into your Apache install. This module only functions with the Apache web server! - You may use the - ThrottleClientIP - - command provided by this module to accomplish this goal. See the - Module - Instructions + The command you need is + ThrottleClientIP. See the + documentation for more information.
+ +
+ TCP/IP Ports + + A single-box Bugzilla only requires port 80, plus port 25 if + you are using the optional email interface. You should firewall all + other ports and/or disable services listening on them. + +
+ +
+ Daemon Accounts + + Many daemons, such as Apache's httpd and MySQL's mysqld default to + running as either root or nobody. Running + as root introduces obvious security problems, but the + problems introduced by running everything as nobody may + not be so obvious. Basically, if you're running every daemon as + nobody and one of them gets compromised, they all get + compromised. For this reason it is recommended that you create a user + account for each daemon. + +
+
- OS Specific Installation Notes + OS-Specific Installation Notes Many aspects of the Bugzilla installation can be affected by the the operating system you choose to install it on. Sometimes it can be made @@ -1285,7 +1316,7 @@ man 5 crontab
Microsoft Windows - Making Bugzilla work on windows is still a painful processes. + Making Bugzilla work on Windows is still a painful processes. The Bugzilla Team is working to make it easier, but that goal is not considered a top priority. If you wish to run Bugzilla, we still recommend doing so on a Unix based system such as GNU/Linux. As of this @@ -1297,9 +1328,9 @@ man 5 crontab installing Bugzilla on Win32, here are some pointers. @@ -1334,20 +1365,14 @@ C:\perl> ppm <module name> url="http://openinteract.sourceforge.net/">OpenInteract's website. - - - A complete list of modules that can be installed using ppm can - be found at . - -
Code changes required to run on win32 As Bugzilla still doesn't run "out of the box" on - Windows, code has to be modified. This section is an attempt to - list the required changes. + Windows, code has to be modified. This section lists the required + changes.
@@ -1377,7 +1402,7 @@ my $webservergid = '8'
Changes to <filename>BugMail.pm</filename> - To make bug e-mail work on Win32 (until + To make bug email work on Win32 (until bug 84876 lands), the simplest way is to have the Net::SMTP Perl module installed and @@ -1409,7 +1434,7 @@ $smtp->quit; Don't forget to change the name of your SMTP server and the - domain of the sending e-mail address (after the '@') in the above + domain of the sending email address (after the '@') in the above lines of code.
@@ -1430,7 +1455,7 @@ $smtp->quit; If using Apache on windows, you can set the ScriptInterpreterSource - directive in your Apache config, if you don't do this, you'll have + directive in your Apache config to avoid having to modify the first line of every script to contain your path to perl instead of /usr/bin/perl. @@ -1443,24 +1468,22 @@ $smtp->quit;
<productname>Mac OS X</productname> - There are a lot of common libraries and utilities out there that - Apple did not include with Mac OS X, but which run perfectly well on it. - The GD library, which Bugzilla needs to do bug graphs, is one of - these. + Apple did not include the GD library with Mac OS X. Bugzilla + needs this for bug graphs. - The easiest way to get a lot of these is with a program called + You can install it using a program called Fink, which is similar in nature to the CPAN installer, but installs common GNU utilities. Fink is available from . Follow the instructions for setting up Fink. Once it's installed, - you'll want to use it to install the gd2 package. + you'll want to use it to install the gd2 package. It will prompt you for a number of dependencies, type 'y' and hit enter to install all of the dependencies and then watch it work. You will then be able to use CPAN to - install the GD perl module. + install the GD Perl module. @@ -1477,7 +1500,7 @@ $smtp->quit; - Also available via Fink is expat. Once running using fink to + Also available via Fink is expat. After using fink to install the expat package you will be able to install XML::Parser using CPAN. There is one caveat. Unlike recent versions of the GD module, XML::Parser doesn't prompt for the location of the @@ -1527,7 +1550,7 @@ $smtp->quit; - for Bugzilla e-mail integration + for Bugzilla email integration @@ -1535,278 +1558,52 @@ $smtp->quit;
-
- Bugzilla Security - - - Poorly-configured MySQL and Bugzilla installations have - given attackers full access to systems in the past. Please take these - guidelines seriously, even for Bugzilla machines hidden away behind - your firewall. 80% of all computer trespassers are insiders, not - anonymous crackers. - - This is not meant to be a comprehensive list of every possible - security issue pertaining to the software mentioned in this section. - There is - no subsitute for reading the information written by the authors of any - software running on your system. - - - -
- TCP/IP Ports - - - TCP/IP defines 65,000 some ports for trafic. Of those, Bugzilla - only needs 1, or 2 if you need to use features that require e-mail such - as bug moving or the e-mail interface from contrib. You should audit - your server and make sure that you aren't listening on any ports you - don't need to be. You may also wish to use some kind of firewall - software to be sure that trafic can only be recieved on ports you - specify. - -
- -
- MySQL - MySQL ships by default with many settings that should be changed. - By defaults it allows anybody to connect from localhost without a - password and have full administrative capabilities. It also defaults to - not have a root password (this is not the same as - the system root). Also, many installations default to running - mysqld as the system root. +
+ Troubleshooting + + This section gives solutions to common Bugzilla installation + problems. If none of the section headings seems to match your + problem, read the general advice. + + +
+ General Advice + + If you can't get checksetup.pl to run to + completion, it normally explains what's wrong and how to fix it. + If you can't work it out, or if it's being uncommunicative, post + the errors in the + netscape.public.mozilla.webtools + newsgroup. - - - Consult the documentation that came with your system for - information on making mysqld run as an - unprivleged user. - - - - - You should also be sure to disable the anonymous user account - and set a password for the root user. This is accomplished using the - following commands: - - -bash$ mysql mysql -mysql> DELETE FROM user WHERE user = ''; -mysql> UPDATE user SET password = password('new_password') WHERE user = 'root'; -mysql> FLUSH PRIVILEGES; - - From this point forward you will need to use - mysql -u root -p and enter - new_password when prompted when using the - mysql client. - - - - - If you run MySQL on the same machine as your httpd server, you - should consider disabling networking from within MySQL by adding - the following to your /etc/my.conf: - - -[myslqd] -# Prevent network access to MySQL. -skip-networking - - - - - You may also consider running MySQL, or even all of Bugzilla - in a chroot jail; however, instructions for doing that are beyond - the scope of this document. - - - - - -
- -
- Daemon Accounts - - Many daemons, such as Apache's httpd and MySQL's mysqld default to - running as either root or nobody. Running - as root introduces obvious security problems, but the - problems introduced by running everything as nobody may - not be so obvious. Basically, if you're running every daemon as - nobody and one of them gets compromised, they all get - compromised. For this reason it is recommended that you create a user - account for each daemon. + + If you have made it all the way through + (Installation) and + (Configuration) but + accessing the Bugzilla URL doesn't work, + the first thing to do is to check your webserver error log. For + Apache, this is often located at + /etc/logs/httpd/error_log. The error messages + you see may be self-explanatory enough to enable you to diagnose and + fix the problem. If not, see below for some commonly-encountered + errors. If that doesn't help, post the errors to the newsgroup. - - - You will need to set the webservergroup to - the group you created for your webserver to run as in - localconfig. This will allow - ./checksetup.pl to better adjust the file - permissions on your Bugzilla install so as to not require making - anything world-writable. - - -
- -
- Web Server Access Controls - - There are many files that are placed in the Bugzilla directory - area that should not be accessable from the web. Because of the way - Bugzilla is currently laid out, the list of what should and should - not be accessible is rather complicated. - + +
+ I installed a Perl module, but + <filename>checksetup.pl</filename> claims it's not installed! - Users of Apache don't need to worry about this, however, because - Bugzilla ships with .htaccess files which restrict access to all the - sensitive files in this section. Users of other webservers, read on. - - - - - In the main Bugzilla directory, you should: - - - Block: - - *.pl - *localconfig* - runtests.sh - - - - - But allow: - - localconfig.js - localconfig.rdf - - - - - - - - In data: - - - Block everything - - - But allow: - - duplicates.rdf - - - - - - - - In data/webdot: - - - If you use a remote webdot server: - - - Block everything - - - But allow - - *.dot - - only for the remote webdot server - - - - - Otherwise, if you use a local GraphViz: - - - Block everything - - - But allow: - - *.png - *.gif - *.jpg - *.map - - - - - - - And if you don't use any dot: - - - Block everything - - - - - - - - In Bugzilla: - - - Block everything - - - - - - In template: - - - Block everything - - - - - - You should test to make sure that the files mentioned above are - not accessible from the Internet, especially your - localconfig file which contains your database - password. To test, simply point your web browser at the file; for - example, to test mozilla.org's installation, we'd try to access - . You should - get a 403 Forbidden - error. + + You have two versions of Perl on your machine. You are installing + modules into one, and Bugzilla is using the other. Rerun the CPAN + commands (or manual compile) using the full path to Perl from the + top of checksetup.pl. This will make sure you + are installing the modules in the right place. - - - Not following the instructions in this section, including - testing, may result in sensitive information being globally - accessible. - - - - - You should check to see if instructions - have been included for your web server. You should also compare those - instructions with this list to make sure everything is properly - accounted for. - - -
- -
- -
- Troubleshooting - - This section gives solutions to common Bugzilla installation - problems. -
Bundle::Bugzilla makes me upgrade to Perl 5.6.1 @@ -1900,36 +1697,25 @@ skip-networking This is caused by a bug in the version of File::Temp that is distributed with perl - 5.6.0. Many minor variations of this error have been reported. Examples - can be found in . + 5.6.0. Many minor variations of this error have been reported: -
- Other File::Temp error messages - - -Your vendor has not defined Fcntl macro O_NOINHERIT, used + Your vendor has not defined Fcntl macro O_NOINHERIT, used at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 208. Your vendor has not defined Fcntl macro O_EXLOCK, used at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 210. Your vendor has not defined Fcntl macro O_TEMPORARY, used -at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 233. - -
+at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 233. Numerous people have reported that upgrading to version 5.6.1 or higher solved the problem for them. A less involved fix is to apply - the patch in . The patch is also + the following patch, which is also available as a patch file. -
- Patch for File::Temp in Perl 5.6.0 - - -
+ };]]>
-- cgit v1.2.3-24-g4f1b