From 6c709dd097e65025038a0dc9c17fad6a88e99b6b Mon Sep 17 00:00:00 2001 From: "gerv%gerv.net" <> Date: Sun, 25 Jan 2004 02:30:57 +0000 Subject: Massive rearrangement of the installation section. Hopefully it makes sense now. --- docs/html/Bugzilla-Guide.html | 14409 ++++++++++----------- docs/html/about.html | 8 +- docs/html/administration.html | 28 +- docs/html/bug_page.html | 8 +- docs/html/bugreports.html | 8 +- docs/html/cmdline.html | 14 +- docs/html/components.html | 8 +- docs/html/configuration.html | 1245 ++ docs/html/conventions.html | 16 +- docs/html/copyright.html | 46 +- docs/html/credits.html | 6 +- docs/html/cust-change-permissions.html | 18 +- docs/html/cust-hooks.html | 454 + docs/html/cust-templates.html | 40 +- docs/html/customization.html | 47 +- docs/html/database.html | 224 - docs/html/dbdoc.html | 16 +- docs/html/dbmodify.html | 8 +- docs/html/disclaimer.html | 10 +- docs/html/extraconfig.html | 413 +- docs/html/faq.html | 52 +- docs/html/gfdl-0.html | 14 +- docs/html/gfdl-1.html | 18 +- docs/html/gfdl-10.html | 14 +- docs/html/gfdl-2.html | 18 +- docs/html/gfdl-3.html | 18 +- docs/html/gfdl-4.html | 18 +- docs/html/gfdl-5.html | 18 +- docs/html/gfdl-6.html | 18 +- docs/html/gfdl-7.html | 18 +- docs/html/gfdl-8.html | 18 +- docs/html/gfdl-9.html | 18 +- docs/html/gfdl-howto.html | 12 +- docs/html/gfdl.html | 44 +- docs/html/glossary.html | 16 +- docs/html/groups.html | 8 +- docs/html/hintsandtips.html | 18 +- docs/html/how.html | 826 -- docs/html/http.html | 535 - docs/html/index.html | 257 +- docs/html/install-perlmodules-manual.html | 157 + docs/html/installation.html | 1100 +- docs/html/installing-bugzilla.html | 343 + docs/html/integration.html | 26 +- docs/html/introduction.html | 162 - docs/html/list.html | 8 +- docs/html/milestones.html | 8 +- docs/html/modules-manual-download.html | 467 + docs/html/modules-manual-instructions.html | 193 + docs/html/myaccount.html | 8 +- docs/html/newversions.html | 72 +- docs/html/os-specific.html | 125 +- docs/html/parameters.html | 8 +- docs/html/patches.html | 4 +- docs/html/patchviewer.html | 22 +- docs/html/products.html | 8 +- docs/html/programadmin.html | 395 - docs/html/query.html | 8 +- docs/html/reporting.html | 18 +- docs/html/rewrite.html | 211 - docs/html/security.html | 686 - docs/html/stepbystep.html | 1993 --- docs/html/troubleshooting.html | 148 +- docs/html/upgrading.html | 22 +- docs/html/useradmin.html | 16 +- docs/html/userpreferences.html | 14 +- docs/html/using-intro.html | 8 +- docs/html/using.html | 66 +- docs/html/variant-fenris.html | 153 - docs/html/variant-issuezilla.html | 156 - docs/html/variant-perforce.html | 162 - docs/html/variant-redhat.html | 168 - docs/html/variant-scarab.html | 158 - docs/html/variant-sourceforge.html | 159 - docs/html/variants.html | 173 - docs/html/versions.html | 8 +- docs/html/voting.html | 8 +- docs/html/what-is-bugzilla.html | 155 - docs/html/whatis.html | 151 - docs/html/why-bugzilla.html | 227 - docs/html/why-tracking.html | 156 - docs/html/why.html | 227 - docs/html/win32.html | 11 - docs/pdf/Bugzilla-Guide.pdf | 18636 +++++++++++++-------------- docs/txt/Bugzilla-Guide.txt | 5016 +++---- docs/xml/Bugzilla-Guide.xml | 22 +- docs/xml/about.xml | 43 +- docs/xml/customization.xml | 20 +- docs/xml/faq.xml | 13 + docs/xml/gfdl.xml | 22 +- docs/xml/installation.xml | 2046 ++- docs/xml/modules.xml | 145 + 92 files changed, 24737 insertions(+), 28578 deletions(-) create mode 100644 docs/html/configuration.html create mode 100644 docs/html/cust-hooks.html delete mode 100644 docs/html/database.html delete mode 100644 docs/html/how.html delete mode 100644 docs/html/http.html create mode 100644 docs/html/install-perlmodules-manual.html create mode 100644 docs/html/installing-bugzilla.html delete mode 100644 docs/html/introduction.html create mode 100644 docs/html/modules-manual-download.html create mode 100644 docs/html/modules-manual-instructions.html delete mode 100644 docs/html/programadmin.html delete mode 100644 docs/html/rewrite.html delete mode 100644 docs/html/security.html delete mode 100644 docs/html/stepbystep.html delete mode 100644 docs/html/variant-fenris.html delete mode 100644 docs/html/variant-issuezilla.html delete mode 100644 docs/html/variant-perforce.html delete mode 100644 docs/html/variant-redhat.html delete mode 100644 docs/html/variant-scarab.html delete mode 100644 docs/html/variant-sourceforge.html delete mode 100644 docs/html/variants.html delete mode 100644 docs/html/what-is-bugzilla.html delete mode 100644 docs/html/whatis.html delete mode 100644 docs/html/why-bugzilla.html delete mode 100644 docs/html/why-tracking.html delete mode 100644 docs/html/why.html delete mode 100644 docs/html/win32.html create mode 100644 docs/xml/modules.xml (limited to 'docs') diff --git a/docs/html/Bugzilla-Guide.html b/docs/html/Bugzilla-Guide.html index b066c51d1..a593c3b31 100644 --- a/docs/html/Bugzilla-Guide.html +++ b/docs/html/Bugzilla-Guide.html @@ -1,7 +1,7 @@ The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development Release

The Bugzilla Team

2004-01-15

2004-01-24

2. IntroductionInstalling Bugzilla
2.1. What is Bugzilla?Installation
2.2. Why use a bug-tracking system?Configuration
2.3. Why use Bugzilla?Optional Additional Configuration
2.4. OS-Specific Installation Notes
2.5. Troubleshooting
3. Using BugzillaAdministering Bugzilla
3.1. IntroductionBugzilla Configuration
3.2. Create a Bugzilla AccountUser Administration
3.3. Anatomy of a BugProducts
3.4. Searching for BugsComponents
3.5. Bug ListsVersions
3.6. Filing BugsMilestones
3.7. Patch ViewerVoting
3.8. Hints and TipsGroups and Group Security
3.9. User Preferences
3.10. ReportsUpgrading to New Releases
4. InstallationCustomising Bugzilla
4.1. Step-by-step InstallTemplate Customization
4.2. HTTP Server ConfigurationTemplate Hooks
4.3. Optional Additional ConfigurationCustomizing Who Can Change What
4.4. OS Specific Installation NotesModifying Your Running System
4.5. Bugzilla SecurityMySQL Bugzilla Database Introduction
4.6. TroubleshootingIntegrating Bugzilla with Third-Party Tools
5. Administering BugzillaUsing Bugzilla
5.1. Bugzilla ConfigurationIntroduction
5.2. User AdministrationCreate a Bugzilla Account
5.3. ProductsAnatomy of a Bug
5.4. ComponentsSearching for Bugs
5.5. VersionsBug Lists
5.6. MilestonesFiling Bugs
5.7. VotingPatch Viewer
5.8. Groups and Group SecurityHints and Tips
5.9. Upgrading to New Releases
6. Customising Bugzilla
6.1. Template Customization
6.2. Customizing Who Can Change What
6.3. Modifying Your Running System
6.4. MySQL Bugzilla Database IntroductionUser Preferences
6.5. Integrating Bugzilla with Third-Party Tools5.10. Reports
C. Manual Installation of Perl Modules
C.1. Instructions
C.2. Download Locations
D. GNU Free Documentation License
0. PREAMBLEPreamble
1. APPLICABILITY AND DEFINITIONSApplicability and Definition
2. VERBATIM COPYINGVerbatim Copying
3. COPYING IN QUANTITYCopying in Quantity
4. MODIFICATIONSModifications
5. COMBINING DOCUMENTSCombining Documents
6. COLLECTIONS OF DOCUMENTSCollections of Documents
7. AGGREGATION WITH INDEPENDENT WORKSAggregation with Independent Works
8. TRANSLATIONTranslation
9. TERMINATIONTermination
10. FUTURE REVISIONS OF THIS LICENSEFuture Revisions of this License
List of Figures
4-1. Set Max Packet Size in MySQL
4-2. Other File::Temp error messages
4-3. Patch for File::Temp in Perl 5.6.0
List of Examples
4-1. Installing perl modules with CPAN
5-1. 3-1. Upgrading using CVS
5-2. 3-2. Upgrading using the tarball
5-3. 3-3. Upgrading using patches
1.1. Copyright Information

This document is copyright (c) 2000-2004 by the various + Bugzilla contributors who wrote it.

 

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation @@ -522,29 +478,10 @@ VALIGN="TOP" Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is included in Appendix CAppendix D.

 
--Copyright (c) 2000-2004 The Bugzilla Team 

If you have any questions regarding this document, its copyright, or publishing this document in non-electronic form, @@ -578,10 +515,10 @@ NAME="disclaimer"

Although the Bugzilla development team has taken great care to - ensure that all exploitable bugs or options have been - fixed, security holes surely exist. Great care should be taken both in + ensure that all exploitable bugs have been fixed, security holes surely + exist in any piece of code. Great care should be taken both in the installation and usage of this software. The Bugzilla development - team members assume no liability for your use of this software. You have + team members assume no liability for your use of Bugzilla. You have the source code, and are responsible for auditing it yourself to ensure your security needs are met.

1.3. New Versions

This is the 2.17.5 version of The Bugzilla Guide. It is so named +> This is the 2.17.7 version of The Bugzilla Guide. It is so named to match the current version of Bugzilla. This version of the guide, like its associated Bugzilla version, is a @@ -607,8 +544,8 @@ NAME="newversions" HREF="http://www.bugzilla.org" TARGET="_top" >http://www.bugzilla.org, or checked out via CVS. - (Please follow the , or checked out via CVS by + following the Mozilla @@ -618,12 +555,68 @@ TARGET="_top" CLASS="filename" >mozilla/webtools/bugzilla/docs/ - subtree.) However, you should read the version + subtree. However, you should read the version which came with the Bugzilla release you are using.

The Bugzilla Guide is currently only available in English. - If you would like to volunteer to translate it, please contact +> The Bugzilla Guide, or a section of it, is also available in + the following languages: + German. +

+ In addition, there are Bugzilla template localisation projects in + the following languages. They may have translated documentation + available: + Belarusian, + Brazilian Portuguese, + Chinese, + French, + German, + Korean, + Russian and + Spanish. +

+ If you would like to volunteer to translate the Guide into additional + languages, please contact Matthew P. Barnson, Kevin Brannen, Dawn Endico, Ben FrantzDale, Eric Hanson, Tara Hernandez, Dave Lawrence, Zach Lipton, Gervase Markham, Andrew Pearson, Joe Robins, Spencer Smith, Jacob Steenhagen, Ron Teitelbaum, Terry Weissman, Martin Wulffeld.

Last but not least, all the members of the +> Also, thanks are due to the members of the


Chapter 2. Introduction

Chapter 2. Installing Bugzilla

2.1. What is Bugzilla?

Bugzilla is a bug- or issue-tracking system. Bug-tracking - systems allow individual or groups of developers effectively to keep track - of outstanding problems with their products. -

Do we need more here?

2.1. Installation

2.2. Why use a bug-tracking system?

Those who do not use a bug-tracking system tend to rely on - shared lists, email, spreadsheets and/or Post-It notes to monitor the - status of defects. This procedure - is usually error-prone and tends to cause those bugs judged least - significant by developers to be dropped or ignored.

Integrated defect-tracking systems make sure that nothing gets - swept under the carpet; they provide a method of creating, storing, - arranging and processing defect reports and enhancement requests.

If you just want to use Bugzilla, + you do not need to install it. None of this chapter is relevant to + you. Ask your Bugzilla administrator + for the URL to access it over the web. +


2.3. Why use Bugzilla?

Bugzilla is the leading open-source/free software bug tracking - system. It boasts many advanced features, including: -

  • The Bugzilla server software is usually installed on Linux or + Solaris. + If you are installing on another OS, check Section 2.4 + before you start your installation to see if there are any special + instructions. +

    Powerful searching

  • As an alternative to following these instructions, you may wish to + try Arne Schirmacher's unofficial and unsupported + Bugzilla + Installer, which installs Bugzilla and all its prerequisites + on Linux or Solaris systems. +

    User-configurable email notifications of bug changes

  • This guide assumes that you have administrative access to the + Bugzilla machine. It not possible to + install and run Bugzilla itself without administrative access except + in the very unlikely event that every single prerequisite is + already installed. +

    Full change history

  • Inter-bug dependency tracking and graphing

  • The installation process may make your machine insecure for + short periods of time. Make sure there is a firewall between you + and the Internet. +

Excellent attachment management

  • You are strongly recommended to make a backup of your system + before installing Bugzilla (and at regular intervals thereafter :-). +

    Integrated, product-based, granular security schema

  • In outline, the installation proceeds as follows: +

    1. Fully security-audited, and runs under Perl's taint mode

      Install Perl + (5.6.0 or above) +

    2. A robust, stable RDBMS back-end

      Install MySQL + (3.23.41 or above) +

    3. Completely customisable and/or localisable web user - interface

      Install a Webserver +

    4. Additional XML, email and console interfaces

      Install Bugzilla +

    5. Extensive configurability

      Install Perl modules +

    6. Smooth upgrade pathway between versions

      Configure all of the above. +

    7. -

      Bugzilla is very adaptable to various situations. Known uses - currently include IT support queues, Systems Administration deployment - management, chip design and development problem tracking (both - pre-and-post fabrication), and software and hardware bug tracking for - luminaries such as Redhat, NASA, Linux-Mandrake, and VA Systems. - Combined with systems such as - CVS, - Bonsai, or - Perforce SCM, Bugzilla - provides a powerful, easy-to-use configuration management solution.


    Chapter 3. Using Bugzilla


    3.1. Introduction

    2.1.1. Perl

    This section contains information for end-users of Bugzilla. - There is a Bugzilla test installation, called - Installed Version Test: perl -v

    Any machine that doesn't have Perl on it is a sad machine indeed. + If you don't have it and your OS doesn't provide official packages, + visit Landfill, - which you are welcome to play with (if it's up.) - However, it does not necessarily - have all Bugzilla features enabled, and runs an up-to-the-minute version, - so some things may not quite work as this document describes.

    http://www.perl.com. + Although Bugzilla runs with Perl 5.6.0, + it's a good idea to be using the latest stable version. + As of this writing, that is Perl 5.8.2.



    3.2. Create a Bugzilla Account

    If you want to use Bugzilla, first you need to create an account. - Consult with the administrator responsible for your installation of - Bugzilla for the URL you should use to access it. If you're - test-driving Bugzilla, use this URL: - http://landfill.bugzilla.org/bugzilla-tip/. -

    2.1.2. MySQL

    Installed Version Test: mysql -V

    1. Click the - "Open a new Bugzilla account" - - link, enter your email address and, optionally, your name in the - spaces provided, then click - "Create Account" - - .

    2. If you don't have it and your OS doesn't provide official packages, + visit http://www.mysql.com. You need MySQL version + 3.23.41 or higher. +

      Within moments, you should receive an email to the address - you provided, which contains your login name (generally the - same as the email address), and a password. - This password is randomly generated, but can be - changed to something more memorable.

    3. Click the - "Log In" - link in the footer at the bottom of the page in your browser, - enter your email address and password into the spaces provided, and - click - "Login" Many of the binary + versions of MySQL store their data files in + /var. -

      configure.

    You are now logged in. Bugzilla uses cookies to remember you are - logged in so, unless you have cookies disabled or your IP address changes, - you should not have to log in again.

    If you install from something other than a packaging/installation + system (such as .rpm, .dep, .exe, or .msi) make sure the MySQL server + is started when the machine boots. +



    3.3. Anatomy of a Bug

    2.1.3. Web Server

    The core of Bugzilla is the screen which displays a particular - bug. It's a good place to explain some Bugzilla concepts. - Bug 1 on Landfill - - is a good example. Note that the labels for most fields are hyperlinks; - clicking them will take you to context-sensitive help on that - particular field. Fields marked * may not be present on every - installation of Bugzilla.

    Installed Version Test: view the default welcome page at + http://<your-machine>/

    1. You have freedom of choice here, pretty much any web server that + is capable of running CGI + scripts will work. + However, we strongly recommend using the Apache web server + (either 1.3.x or 2.x), and + the installation instructions usually assume you are + using it. If you have got Bugzilla working using another webserver, + please share your experiences with us by filing a bug in Bugzilla Documentation. +

      If you don't have Apache and your OS doesn't provide official packages, + visit http://httpd.apache.org/. +


    2.1.4. Bugzilla

    Download a Bugzilla tarball (or check it out from CVS) and place + it in a suitable directory, writable by the default web server user + (probably "nobody"). + Good locations are either directly in the main web space for your + web server or perhaps in + /usr/local + with a symbolic link from the web space. +

    Product and Component: - Bugs are divided up by Product and Component, with a Product - having one or more Components in it. For example, - bugzilla.mozilla.org's "Bugzilla" Product is composed of several - Components: -

    The default Bugzilla distribution is not designed to be placed + in a cgi-bin directory. This + includes any directory which is configured using the + ScriptAlias directive of Apache. +

    Administration: - Administration of a Bugzilla installation.
    Bugzilla-General: - Anything that doesn't fit in the other components, or spans - multiple components.
    Creating/Changing Bugs: - Creating, changing, and viewing bugs.
    Documentation: - The Bugzilla documentation, including The Bugzilla Guide.
    Email: - Anything to do with email sent by Bugzilla.
    Installation:

    Once all the files are in a web accessible directory, make that + directory writable by your webserver's user. This is a temporary step + until you run the + checksetup.pl - The installation process of Bugzilla.


    2.1.5. Perl Modules

    Bugzilla's installation process is based + on a script called checksetup.pl. + The first thing it checks is whether you have appropriate + versions of all the required + Perl modules. The aim of this section is to pass this check. + When it passes, + do not run it again, + but proceed to Section 2.2. +

    At this point, you need to su to root. You should + remain as root until the end of the install. Then run: +

    bash# ./checksetup.pl
    Query/Buglist: - Anything to do with searching for bugs and viewing the - buglists.

    checksetup.pl will print out a list of the + required and optional Perl modules, together with the versions + (if any) installed on your machine. + The list of required modules is reasonably long; however, you + may already have several of them installed. +

    There is a meta-module called Bundle::Bugzilla, + which installs all the other + modules with a single command. You should use this if you are running + Perl 5.6.1 or above. +

    The preferred way of installing Perl modules is via CPAN on Unix, + or PPM on Windows (see Section 2.4.1.2). These + instructions assume you are using CPAN; if for some reason you need + to install the Perl modules manually, see + Appendix C. +

    bash# perl -MCPAN -e 'install "<modulename>"'
    Reporting/Charting: - Getting reports from Bugzilla.

    If you using Bundle::Bugzilla, invoke the magic CPAN command on it. + Otherwise, you need to work down the + list of modules that checksetup.pl says are + required, in the order given, invoking the command on each. +

    User Accounts: - Anything about managing a user account from the user's perspective. - Saved queries, creating accounts, changing passwords, logging in, - etc.
    User Interface:

    Many people complain that Perl modules will not install for + them. Most times, the error messages complain that they are missing a + file in + "@INC". + Virtually every time, this error is due to permissions being set too + restrictively for you to compile Perl modules or not having the + necessary Perl development libraries installed on your system. + Consult your local UNIX systems administrator for help solving these + permissions issues; if you + are - General issues having to do with the user interface cosmetics (not - functionality) including cosmetic issues, HTML templates, - etc.

    Here is a complete list of modules and their minimum versions. + Some modules have special installation notes, which follow. +

    Required Perl modules: +

    -

    1. AppConfig (1.52) +

    2. Status and Resolution: - - These define exactly what state the bug is in - from not even - being confirmed as a bug, through to being fixed and the fix - confirmed by Quality Assurance. The different possible values for - Status and Resolution on your installation should be documented in the - context-sensitive help for those items.

      CGI (2.93) +

    3. Assigned To: - The person responsible for fixing the bug.

      Data::Dumper (any) +

    4. *URL: - A URL associated with the bug, if any.

      Date::Format (2.21) +

    5. Summary: - A one-sentence summary of the problem.

      DBI (1.32) +

    6. *Status Whiteboard: DBD::mysql - (a.k.a. Whiteboard) A free-form text area for adding short notes - and tags to a bug.

    7. *Keywords: - The administrator can define keywords which you can use to tag and - categorise bugs - e.g. The Mozilla Project has keywords like crash - and regression.

      File::Spec (0.82) +

    8. Platform and OS: - These indicate the computing environment where the bug was - found.

      File::Temp (any) +

    9. Version: Template - The "Version" field is usually used for versions of a product which - have been released, and is set to indicate which versions of a - Component have the particular problem the bug report is - about.

    10. Priority: - The bug assignee uses this field to prioritise his or her bugs. - It's a good idea not to change this on other people's bugs.

      Text::Wrap (2001.0131) +

    11. Severity:

    - This indicates how severe the problem is - from blocker - ("application unusable") to trivial ("minor cosmetic issue"). You - can also use this field to indicate whether a bug is an enhancement - request.

    1. *Target: GD - (a.k.a. Target Milestone) A future version by which the bug is to - be fixed. e.g. The Bugzilla Project's milestones for future - Bugzilla versions are 2.18, 2.20, 3.0, etc. Milestones are not - restricted to numbers, thought - you can use any text strings, such - as dates.

    2. Reporter: Chart::Base - The person who filed the bug.

    3. CC list: GD::Graph - A list of people who get mail when the bug changes.

    4. Attachments: GD::Text::Align - You can attach files (e.g. testcases or patches) to bugs. If there - are any attachments, they are listed in this section.

    5. *Dependencies: XML::Parser - If this bug cannot be fixed unless other bugs are fixed (depends - on), or this bug stops other bugs being fixed (blocks), their - numbers are recorded here.

    6. *Votes: PatchReader - Whether this bug has any votes.

    7. Additional Comments: MIME::Parser - You can add your two cents to the bug discussion here, if you have - something worthwhile to say.

    +



    3.4. Searching for Bugs

    The Bugzilla Search page is is the interface where you can find - any bug report, comment, or patch currently in the Bugzilla system. You - can play with it here: - http://landfill.bugzilla.org/bugzilla-tip/query.cgi.

    2.1.5.1. DBD::mysql

    The Search page has controls for selecting different possible - values for all of the fields in a bug, as described above. For some - fields, multiple values can be selected. In those cases, Bugzilla - returns bugs where the content of the field matches any one of the selected - values. If none is selected, then the field can take any value.

    The installation process will ask you a few questions about the + desired compilation target and your MySQL installation. For most of the + questions the provided default will be adequate, but when asked if your + desired target is the MySQL or mSQL packages, you should + select the MySQL-related ones. Later you will be asked if you wish to + provide backwards compatibility with the older MySQL packages; you + should answer YES to this question. The default is NO.

    Once you've run a search, you can save it as a Saved Search, which - appears in the page footer.

    A host of 'localhost' should be fine. A testing user of 'test', + with a null password, should have sufficient access to run + tests on the 'test' database which MySQL creates upon installation. +


    2.1.5.2. Template Toolkit (2.08)

    Highly advanced querying is done using Boolean Charts. See the - Boolean Charts help link on the Search page for more information.

    When you install Template Toolkit, you'll get asked various + questions about features to enable. The defaults are fine, except + that it is recommended you use the high speed XS Stash of the Template + Toolkit, in order to achieve best performance. +



    3.5. Bug Lists

    2.1.5.3. GD (1.20)

    If you run a search, a list of matching bugs will be returned. -

    The GD module is only required if you want graphical reports. +

    The format of the list is configurable. For example, it can be - sorted by clicking the column headings. Other useful features can be - accessed using the links at the bottom of the list: -

    libgd. + The full requirements are listed in the Perl GD module README. + If compiling GD fails, it's probably because you're + missing a required library.

    Long Format: - - this gives you a large page with a non-editable summary of the fields - of each bug.
    CSV: - - get the buglist as comma-separated values, for import into e.g. - a spreadsheet.
    Change Columns:

    The Perl GD module requires some other libraries that may or + may not be installed on your system, including + libpng - - change the bug attributes which appear in the list.

    The version of the GD module you need is very closely tied + to the libgd version installed on your system. + If you have a version 1.x of libgd the 2.x + versions of the GD module won't work for you. +

    Change several bugs at once: - - If your account is sufficiently empowered, you can make the same - change to all the bugs in the list - for example, changing their - owner.
    Send mail to bug owners: - - Sends mail to the owners of all bugs on the list.
    Edit Search: - - If you didn't get exactly the results you were looking for, you can - return to the Query page through this link and make small revisions - to the query you just made so you get more accurate results.
    Remember Search As: - - You can give a search a name and remember it; a link will appear - in your page footer giving you quick access to run it again later. -

    -



    3.6. Filing Bugs

    Years of bug writing experience has been distilled for your - reading pleasure into the - Bug Writing Guidelines. - While some of the advice is Mozilla-specific, the basic principles of - reporting Reproducible, Specific bugs, isolating the Product you are - using, the Version of the Product, the Component which failed, the - Hardware Platform, and Operating System you were using at the time of - the failure go a long way toward ensuring accurate, responsible fixes - for the bug that bit you.

    The procedure for filing a test bug is as follows:

    1. Go to - Landfill - in your browser and click - Enter a new bug report. -

    2. Select a product - any one will do.

    3. Fill in the fields. Bugzilla should have made reasonable - guesses, based upon your browser, for the "Platform" and "OS" - drop-down boxes. If they are wrong, change them.

    4. Select "Commit" and send in your bug report.

    Try to make sure that everything said in the summary is also - said in the first comment. Summaries are often updated and this will - ensure your original information is easily accessible. -

    You do not need to put "any" or similar strings in the URL field. - If there is no specific URL associated with the bug, leave this - field blank. -

    2.1.5.4. Chart::Base (0.99c)

    If you feel a bug you filed was incorrectly marked as a - DUPLICATE of another, please question it in your bug, not - the bug it was duped to. Feel free to CC the person who duped it - if they are not already CCed. -

    The Chart::Base module is only required if you want graphical + reports. + Note that earlier versions that 0.99c used GIFs, which are no longer + supported by the latest versions of GD.



    3.7. Patch Viewer

    Viewing and reviewing patches in Bugzilla is often difficult due to - lack of context, improper format and the inherent readability issues that - raw patches present. Patch Viewer is an enhancement to Bugzilla designed - to fix that by offering increased context, linking to sections, and - integrating with Bonsai, LXR and CVS.

    Patch viewer allows you to:

    View patches in color, with side-by-side view rather than trying - to interpret the contents of the patch.
    See the difference between two patches.
    Get more context in a patch.
    Collapse and expand sections of a patch for easy - reading.
    Link to a particular section of a patch for discussion or - review
    Go to Bonsai or LXR to see more context, blame, and - cross-references for the part of the patch you are looking at
    Create a rawtext unified format diff out of any patch, no - matter what format it came from
    2.1.5.5. GD::Graph (any)

    The GD::Graph module is only required if you want graphical + reports. +



    3.7.1. Viewing Patches in Patch Viewer

    2.1.5.6. GD::Text::Align (any)

    The main way to view a patch in patch viewer is to click on the - "Diff" link next to a patch in the Attachments list on a bug. You may - also do this within the edit window by clicking the "View Attachment As - Diff" button in the Edit Attachment screen.

    The GD::Text::Align module is only required if you want graphical + reports. +



    3.7.2. Seeing the Difference Between Two Patches

    2.1.5.7. XML::Parser (any)

    To see the difference between two patches, you must first view the - newer patch in Patch Viewer. Then select the older patch from the - dropdown at the top of the page ("Differences between [dropdown] and - this patch") and click the "Diff" button. This will show you what - is new or changed in the newer patch.

    The XML::Parser module is only required if you want to import + XML bugs using the importxml.pl + script. This is required to use Bugzilla's "move bugs" feature; + you may also want to use it for migrating from another bug database. + XML::Parser requires that the + expat library is already installed on your machine. +



    3.7.3. Getting More Context in a Patch

    2.1.5.8. MIME::Parser (any)

    To get more context in a patch, you put a number in the textbox at - the top of Patch Viewer ("Patch / File / [textbox]") and hit enter. - This will give you that many lines of context before and after each - change. Alternatively, you can click on the "File" link there and it - will show each change in the full context of the file. This feature only - works against files that were diffed using "cvs diff".

    The MIME::Parser module is only required if you want to use the + email interface + located in the contrib directory. +



    3.7.4. Collapsing and Expanding Sections of a Patch

    2.1.5.9. PatchReader (0.9.1)

    To view only a certain set of files in a patch (for example, if a - patch is absolutely huge and you want to only review part of it at a - time), you can click the "(+)" and "(-)" links next to each file (to - expand it or collapse it). If you want to collapse all files or expand - all files, you can click the "Collapse All" and "Expand All" links at the - top of the page.

    The PatchReader module is only required if you want to use + Patch Viewer, a + Bugzilla feature to show code patches in your web browser in a more + readable form. +



    3.7.5. Linking to a Section of a Patch

    2.2. Configuration

    To link to a section of a patch (for example, if you want to be - able to give someone a URL to show them which part you are talking - about) you simply click the "Link Here" link on the section header. The - resulting URL can be copied and used in discussion. (Copy Link - Location in Mozilla works as well.)

    Poorly-configured MySQL and Bugzilla installations have + given attackers full access to systems in the past. Please take the + security parts of these guidelines seriously, even for Bugzilla + machines hidden away behind your firewall.


    3.7.6. Going to Bonsai and LXR

    To go to Bonsai to get blame for the lines you are interested in, - you can click the "Lines XX-YY" link on the section header you are - interested in. This works even if the patch is against an old - version of the file, since Bonsai stores all versions of the file.

    2.2.1. localconfig

    To go to LXR, you click on the filename on the file header - (unfortunately, since LXR only does the most recent version, line - numbers are likely to rot).

    Once you run checksetup.pl with all the correct + modules installed, it displays a message about, and write out a + file called, + localconfig. This file contains the default + settings for a number of Bugzilla parameters. +

    Load this file in your editor. The only value you + need to change is $db_pass, the password for + the user you will create for your database. + Pick a strong password (for simplicity, it should not contain + single quote characters) and put it here. +

    The other options in the localconfig file + are documented by their accompanying comments. If you have a slightly + non-standard MySQL setup, you may wish to change one or more of + the other "$db_*" parameters. +

    You may also wish to change the names of + the priorities, severities, operating systems and platforms for your + installation. However, you can always change these after installation + has finished; if you then re-run + checksetup.pl, the changes will get picked up. +


    3.7.7. Creating a Unified Diff

    If the patch is not in a format that you like, you can turn it - into a unified diff format by clicking the "Raw Unified" link at the top - of the page.

    2.2.2. MySQL

    3.8. Hints and Tips

    2.2.2.1. Security

    This section distills some Bugzilla tips and best practices - that have been developed.


    3.8.1. Autolinkification

    MySQL ships as insecure by default. + It allows anybody to on the local machine full administrative + capabilities without requiring a password; the special + MySQL root account (note: this is not the same as + the system root) also has no password. + Also, many installations default to running + mysqld as the system root. +

    Bugzilla comments are plain text - so typing <U> will - produce less-than, U, greater-than rather than underlined text. - However, Bugzilla will automatically make hyperlinks out of certain - sorts of text in comments. For example, the text - "http://www.bugzilla.org" will be turned into a link: - http://www.bugzilla.org. - Other strings which get linkified in the obvious manner are: -

    1. To disable the anonymous user account + and set a password for the root user, execute the following. The + root user password should be different to the bugs user password + you set in + localconfig in the previous section, + and also different to + the password for the system root account on your machine. +

        bash$ mysql mysql
      +  mysql> DELETE FROM user WHERE user = '';
      +  mysql> UPDATE user SET password = password('new_password') WHERE user = 'root';
      +  mysql> FLUSH PRIVILEGES;
      bug 12345
      comment 7
      bug 23456, comment 53
      attachment 4321
      mailto:george@example.com
      george@example.com
      ftp://ftp.mozilla.org

      From this point forward, to run the + mysql command-line client, + you will need to type + mysql -u root -p and enter + new_password when prompted. +

    2. If you run MySQL on the same machine as your web server, you + should disable remote access to MySQL by adding + the following to your /etc/my.conf: +

        [myslqd]
      +  # Prevent network access to MySQL.
      +  skip-networking
      Most other sorts of URL
    3. -

      Consult the documentation that came with your system for + information on making mysqld run as an + unprivileged user. +

    4. A corollary here is that if you type a bug number in a comment, - you should put the word "bug" before it, so it gets autolinkified - for the convenience of others. -

      For added security, you could also run MySQL, or even all + of Bugzilla + in a chroot jail; however, instructions for doing that are beyond + the scope of this document. +



    3.8.2. Quicksearch

    2.2.2.2. Allow large attachments

    Quicksearch is a single-text-box query tool which uses - metacharacters to indicate what is to be searched. For example, typing - "foo|bar" - into Quicksearch would search for "foo" or "bar" in the - summary and status whiteboard of a bug; adding - "You need to configure MySQL to accept large packets, if you + want to have attachments larger than 64K. Add the text + below to your + :BazProduct" would - search only in that product. -

    You'll find the Quicksearch box on Bugzilla's - front page, along with a - Help - link which details how to use it.

    /etc/my.conf. + There is also a parameter in Bugzilla + for setting the maximum allowable attachment size, (default 1MB). + Bugzilla will only accept attachments up to the lower of these two + sizes. +

      [mysqld]
    +  # Allow packets up to 1M
    +  set-variable = max_allowed_packet=1M


    3.8.3. Comments

    If you are changing the fields on a bug, only comment if - either you have something pertinent to say, or Bugzilla requires it. - Otherwise, you may spam people unnecessarily with bug mail. - To take an example: a user can set up their account to filter out messages - where someone just adds themselves to the CC field of a bug - (which happens a lot.) If you come along, add yourself to the CC field, - and add a comment saying "Adding self to CC", then that person - gets a pointless piece of mail they would otherwise have avoided. -

    2.2.2.3. Add a user to MySQL

    Don't use sigs in comments. Signing your name ("Bill") is acceptable, - if you do it out of habit, but full mail/news-style - four line ASCII art creations are not. -


    3.8.4. Attachments

    You need to add a new MySQL user for + Bugzilla to use. (It's not safe to have Bugzilla use the MySQL root + account.) The following instructions assume the defaults in + localconfig; + if you changed those, you need to modify the + SQL command appropriately. You will need the + $db_pass password you set in + localconfig in + Section 2.2.1. +

    Use attachments, rather than comments, for large chunks of ASCII data, - such as trace, debugging output files, or log files. That way, it doesn't - bloat the bug for everyone who wants to read it, and cause people to - receive fat, useless mails. -

    Trim screenshots. There's no need to show the whole screen if - you are pointing out a single-pixel problem. -

    Don't attach simple test cases (e.g. one HTML file, one - CSS file and an image) as a ZIP file. Instead, upload them in - reverse order and edit the referring file so that they point to the - attached files. This way, the test case works immediately - out of the bug. -


    3.9. User Preferences

    Once you have logged in, you can customise various aspects of - Bugzilla via the "Edit prefs" link in the page footer. - The preferences are split into three tabs:


    3.9.1. Account Settings

    On this tab, you can change your basic account information, - including your password, email address and real name. For security - reasons, in order to change anything on this page you must type your - currentWe use an SQL GRANT command to create a + "bugs" - password into the - "Password""bugs" - field at the top of the page. - If you attempt to change your email address, a confirmation - email is sent to both the old and new addresses, with a link to use to - confirm the change. This helps to prevent account hijacking.


    3.9.2. Email Settings

    On this tab you can reduce or increase the amount of email sent - you from Bugzilla, opting in our out depending on your relationship to - the bug and the change that was made to it. -

    You can also do further filtering on the client side by - using the X-Bugzilla-Reason mail header which Bugzilla - adds to all bugmail. This tells you what relationship you have to the - bug in question, - and can be any of Owner, Reporter, QAcontact, CClist, Voter and - WatchingComponent.

    "bugs", and only allows the account to connect from + "localhost". + Modify it to reflect your setup if you will be connecting from + another machine or as a different user.

    By entering user email names, delineated by commas, into the - "Users to watch" text entry box you can receive a copy of all the - bugmail of other users (security settings permitting.) This powerful - functionality enables seamless transitions as developers change - projects or users go on holiday.

    Run the mysql command-line client and + enter:

      mysql> GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE,
    +         DROP,REFERENCES ON bugs.* TO bugs@localhost
    +         IDENTIFIED BY '$db_pass';
    +  mysql> FLUSH PRIVILEGES

    The ability to watch other users may not be available in all - Bugzilla installations. If you can't see it, ask your - administrator.

    If you are using MySQL 4, you need to add + the LOCK TABLES and + CREATE TEMPORARY TABLES permissions + to the list. +


    3.9.3. Permissions

    2.2.3. checksetup.pl

    This is a purely informative page which outlines your current - permissions on this installation of Bugzilla - what product groups you - are in, and whether you can edit bugs or perform various administration - functions.

    Next, rerun checksetup.pl. It reconfirms + that all the modules are present, and notices the altered + localconfig file, which it assumes you have edited to your + satisfaction. It compiles the UI templates, + connects to the database using the 'bugs' + user you created and the password you defined, and creates the + 'bugs' database and the tables therein. +

    After that, it asks for details of an administrator account. Bugzilla + can have multiple administrators - you can create more later - but + it needs one to start off with. + Enter the email address of an administrator, his or her full name, + and a suitable Bugzilla password. +

    checksetup.pl will then finish. You may rerun + checksetup.pl at any time if you wish. +



    3.10. Reports

    2.2.4. Web server

    To be written


    Chapter 4. Installation

    Configure your web server according to the instructions in the + appropriate section. The Bugzilla Team recommends Apache. +


    4.1. Step-by-step Install

    Bugzilla has been successfully installed under many different - operating systems including almost all Unix clones and - 2.2.4.1. Apache Microsoft Windows. Many - operating systems have utilities that make installation easier or quirks - that make it harder. We have tried to collect that information in - Section 4.4, so unless you are on Linux, - be sure to check out that section before - you start your installation. -

    httpd

    Load httpd.conf in your editor.

    Uncomment (or add) the following line. + This configures Apache to run .cgi files outside the + cgi-bin directory. +

    Windows is one of those operating systems that has many quirks - and is not yet officially supported by the Bugzilla team. If you wish - to install Bugzilla on Windows, be sure to see - Section 4.4.1. -

      AddHandler cgi-script .cgi

    Apache uses <Directory> + directives to permit fine-grained permission setting. + Add the following two lines to a + <Directory> directive that + applies either to the Bugzilla directory or one of its parents + (e.g. the <Directory /var/www/html> + directive). + This allows Bugzilla's .htaccess files to + override global permissions, and allows .cgi files to run in the + Bugzilla directory. +

    While installing Bugzilla, it is a good idea to ensure that there - is some kind of configurable firewall between you and the rest of the - Internet - as your machine may be insecure for periods during the install. Many - installation steps require an active Internet connection to complete, - but you must take care to ensure that at no point is your machine - vulnerable to an attack.

      Options +ExecCGI +FollowSymLinks
    +  AllowOverride Limit

    This guide assumes that you already have your operating system - installed, network configured, and have administrative access to the - machine onto which you are installing Bugzilla. It is possible to - install and run Bugzilla itself without administrative access, but you - have to - either make sure all the required software is installed or get somebody - with administrative access to install it for you. -

    You are strongly recommended to make a backup of your system - before installing Bugzilla (and at regular intervals thereafter :-). -

    Add index.cgi to the end + of the DirectoryIndex + line.

    Here's a basic step-by-step list: -

    1. Install Perl - (5.6.0 or above) -

    2. Install MySQL - (3.23.41 or above) -

    3. Install a Webserver -

    4. Put Bugzilla in the Webspace -

    5. Install Perl Modules -

    6. Setup the MySQL Databasechecksetup.pl can set tighter permissions + on Bugzilla's files and directories if it knows what user the + webserver runs as. Look for the User + line in httpd.conf, and place that value in + the $webservergroup variable in + localconfig. Then rerun + checksetup.pl.



    4.1.1. Perl

    2.2.4.2. Microsoft Internet Information Services

    Any machine that doesn't have Perl on it is a sad machine indeed. - If your OS doesn't come with it, Perl can be got in source form - from If you need, or for some reason even want, to use Microsoft's + Internet Information Services or + Personal Web Server you should be able + to. You will need to configure them to know how to run CGI scripts. + This is described in Microsoft Knowledge Base article + http://www.perl.comQ245225 + for Internet Information Services and + Q231998 + for Personal Web Server. +

    Also, and this can't be stressed enough, make sure that files such as + localconfig and your data + directory are secured as described in Section 2.2.4.4. - There are also binary versions available for many platforms, most of which - are linked to from perl.com. - Although Bugzilla runs with perl 5.6.0, - it's a good idea to be up to the very latest version - if you can when running Bugzilla. As of this writing, that is Perl - version 5.8.2.



    4.1.2. MySQL

    2.2.4.3. AOL Server

    If your OS doesn't come with it or provide official packages, - visit the MySQL homepage at - http://www.mysql.comBen FrantzDale reported success using AOL Server with Bugzilla. He + reported his experience and what appears below is based on that. +

    AOL Server will have to be configured to run + CGI scripts, please consult + the documentation that came with your server for more information on + how to do this. +

    Because AOL Server doesn't support .htaccess - to grab and install the latest stable release of the server. -

    TCL + script. You should create an aolserver/modules/tcl/filter.tcl + file (the filename shouldn't matter) with the following contents (change + /bugzilla/ to the web-based path to + your Bugzilla installation): +

    
  ns_register_filter preauth GET /bugzilla/localconfig filter_deny
    +  ns_register_filter preauth GET /bugzilla/localconfig~ filter_deny
    +  ns_register_filter preauth GET /bugzilla/\#localconfig\# filter_deny
    +  ns_register_filter preauth GET /bugzilla/*.pl filter_deny
    +  ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny
    +  ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny
    +  ns_register_filter preauth GET /bugzilla/data/* filter_deny
    +  ns_register_filter preauth GET /bugzilla/template/* filter_deny
    +
    +  proc filter_deny { why } {
    +      ns_log Notice "filter_deny"
    +      return "filter_return"
    +  }
    +        

    Many of the binary - versions of MySQL store their data files in - This probably doesn't account for all possible editor backup + files so you may wish to add some additional variations of + /varlocalconfig. For more information, see + bug 186383 or Bugtraq ID 6501. - On some Unix systems, this is part of a smaller root partition, - and may not have room for your bug database. You can set the data - directory as an option to configure - if you build MySQL from source yourself.

    If you install from something other than a packaging/installation - system (such as .rpm, .dep, .exe, or .msi) you will need to configure - your system so the MySQL server daemon will come back up whenever - your machine reboots. -

    If you wish to have attachments larger than 64K, you will have to - configure MySQL to accept large packets. This is done by adding the text - in Figure 4-1 to your - my.conf file. There is also a parameter in Bugzilla - for setting the maximum allowable attachment size. - - You should set this value to be slightly larger than that parameter. -

    Figure 4-1. Set Max Packet Size in MySQL

    
[mysqld]
    -# Allow packets up to 1M
    -set-variable = max_allowed_packet=1M
    -        

    If you are running Bugzilla and MySQL on the same machine, you may - also wish to utilize the --skip-networking option as - mentioned in Section 4.5.2 for the added security. -


    4.1.2.1. Adding a user to MySQL

    This first thing you'll want to do is make sure you've given the - "root" user a password as suggested in - Section 4.5.2. Then, you need to add a user for - Bugzilla to use. For clarity, these instructions will - assume that your MySQL user for Bugzilla will be "bugs_user", - the database will be called "bugs_db" and the password for - the "bugs_user" user is "bugs_password". You - should, of course, substitute the values you intend to use for your site. -

    Most people use "bugs" for both the user and - database name. Don't use it for the password, though... +>If you are using webdot from research.att.com (the default + configuration for the webdotbase paramater), you + will need to allow access to data/webdot/*.dot + for the reasearch.att.com machine.

    We use an SQL GRANT command to create a - "bugs_user" - user. This also restricts the - "bugs_user" - user to operations within a database called - "bugs_db", and only allows the account to connect from - "localhost". - Modify it to reflect your setup if you will be connecting from - another machine or as a different user.

    
  mysql> GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE,
    -         DROP,REFERENCES ON bugs_db.* TO bugs_user@localhost
    -         IDENTIFIED BY 'bugs_password';
    -  mysql> FLUSH PRIVILEGES;
    -        

    If you are using MySQL 4, the bugs user also needs to be granted - the LOCK TABLES and +>If you are using a local installation of GraphViz, you will need to allow + everybody to access *.png, CREATE TEMPORARY TABLES permissions, - so add them to the list in the +CLASS="filename" +>*.gif, *.jpg, and GRANT command. +CLASS="filename" +>*.map in the + data/webdot directory.



    4.1.3. HTTP Server

    You have freedom of choice here, pretty much any web server that - is capable of running CGI - scripts will work. Section 4.2 has more information about - configuring web servers to work with Bugzilla. -

    2.2.4.4. Web Server Access Controls

    Users of Apache can skip this section because + Bugzilla ships with .htaccess files which + restrict access in the manner required. + Users of other webservers, read on. +

    We strongly recommend Apache as the web server to use. The - Bugzilla Guide installation instructions, in general, assume you are - using Apache. If you have got Bugzilla working using another webserver, - please share your experiences with us by filing a bug in Bugzilla Documentation. +>There are several files in the Bugzilla directory + that should not be accessible from the web. You need to configure + your webserver so they they aren't. Not doing this may reveal + sensitive information such as database passwords.


    4.1.4. Bugzilla

    You should untar the Bugzilla files into a directory that you're - willing to make writable by the default web server user (probably - "nobody"). - You may decide to put the files in the main web space for your - web server or perhaps in - /usr/local - with a symbolic link in the web space that points to the Bugzilla - directory.

    • In the main Bugzilla directory, you should:

      • If you symlink the bugzilla directory into your Apache's - Block: + html - hierarchy, you may receive - Forbidden*.pl, *localconfig*, runtests.sh - errors unless you add the -

      • But allow: + localconfig.js, FollowSymLinkslocalconfig.rdf - directive to the

    • In <Directory> entry for - the HTML root directory in httpd.conf.

    data:

    • The default Bugzilla distribution is not designed to be placed - in a cgi-bin directory (this - includes any directory which is configured using the - ScriptAlias directive of Apache). -

    Block everything

  • Once all the files are in a web accessible directory, make that - directory writable by your webserver's user. This is a temporary step - until you run the post-install - But allow: + checksetup.plduplicates.rdf - script, which locks down your installation.


  • 4.1.5. checksetup.pl

    Next, run the magic checksetup.pl script. - This is designed to check whether you have all of the right - Perl modules in the correct - versions, and that Bugzilla is generally set up correctly. -

  • Eventually, - it will make sure Bugzilla files and directories have reasonable - permissions, set up the - In data - directory, and create all the MySQL tables. But the first time you - run it, it's highly likely to tell you that you are missing a few - Perl modules. Make a note of which ones they are, and then proceed to - the next section to install them. -

    
bash# ./checksetup.pl
    -      
    data/webdot:

    The first time you run it with all the correct modules installed, - it will create a file called - localconfig.

    • This file contains a variety of settings you may need to tweak - including how Bugzilla should connect to the MySQL database.

      If you use a remote webdot server:

      The connection settings include: -

        • server's host: just use - "localhost" - if the MySQL server is local

          Block everything

        • database name: - "bugs_db"But allow + *.dot - if you're following these directions

      1. MySQL username: - "bugs_user" - if you're following these directions

        Otherwise, if you use a local GraphViz:

        • Block everything

        • Password for the - "bugs_user"But allow: + *.png, *.gif, *.jpg, *.map - MySQL account; ("bugs_password" above)

      -

  • And if you don't use any dot:

    • Block everything

  • Edit the file to change these. Once you are happy with the - settings, In su to the user - your web server runs as, and re-run - Bugzilla:

    • Block everything

  • In checksetup.pl. (Note: on some security-conscious - systems, you may need to change the login shell for the webserver - account before you can do this.) - On this second run, it will create the database and an administrator - account for which you will be prompted to provide information.

    template:

    • The checksetup.pl script is designed so that you can run it at - any time without causing harm. You should run it after any upgrade to - Bugzilla.

    Block everything

  • You should test to make sure that the files mentioned above are + not accessible from the Internet, especially your + localconfig file which contains your database + password. To test, simply point your web browser at the file; for + example, to test mozilla.org's installation, we'd try to access + http://bugzilla.mozilla.org/localconfig. You should + get a 403 Forbidden + error. +


    4.1.6. Perl Modules

    2.2.5. Bugzilla

    Don't be intimidated by this long list of modules. See - Section 4.1.6.1 for a way of - installing all the ones you need with a single command. +> Your Bugzilla should now be working. Access + http://<your-bugzilla-server>/ - + you should see the Bugzilla + front page. If not, consult the Troubleshooting section, + Section 2.5.

    Perl modules can be found using - CPAN on Unix based systems or - PPM on Win32. +> Log in with the administrator account you defined in the last + checksetup.pl run. You should go through + the parameters on the Edit Parameters page + (see link in the footer) and see if there are any you wish to + change. + They key parameters are documented in Section 3.1; + you should certainly alter + maintainer and urlbase; + you may also want to alter + cookiepath or requirelogin.

    Good instuctions can be found for using each of these services on - their respective websites. The basics can be found in - Example 4-1 for CPAN and - Section 4.4.1.2 for PPM. +> This would also be a good time to revisit the + localconfig file and make sure that the + names of the priorities, severities, platforms and operating systems + are those you wish to use when you start creating bugs. Remember + to rerun checksetup.pl if you change it. +

    Bugzilla has several optional features which require extra + configuration. You can read about those in + Section 2.3.


    2.3. Optional Additional Configuration

    Example 4-1. Installing perl modules with CPAN

    Bugzilla has a number of optional features. This section describes how + to configure or enable them. +


    2.3.1. Bug Graphs

    The easy way: - If you have installed the necessary Perl modules you + can start collecting statistics for the nifty Bugzilla + graphs.

    
bash# perl -MCPAN -e 'install "<modulename>"'
    -          
    crontab -e
    -

    Or the hard way: - This should bring up the crontab file in your editor. + Add a cron entry like this to run + collectstats.pl + daily at 5 after midnight: +

    
bash# tar xzvf <module>.tar.gz     
    -bash# cd <module>                  
    -bash# perl Makefile.PL
    -bash# make
    -bash# make test
    -bash# make install
    -          
    5 0 * * * cd <your-bugzilla-directory> ; ./collectstats.pl
    -

    After two days have passed you'll be able to view bug graphs from + the Reports page.


    This assumes that you've already downloaded the - <module>.tar.gz to the current working - directory. -
    2.3.2. Dependency Charts

    As well as the text-based dependency trees, Bugzilla also + supports a graphical view of dependency relationships, using a + package called 'dot'. + Exactly how this works is controlled by the 'webdotbase' parameter, + which can have one of three values: +

    1. A complete file path to the command 'dot' (part of + GraphViz) + will generate the graphs locally +

    2. A URL prefix pointing to an installation of the webdot package will + generate the graphs remotely +

    3. A blank value will disable dependency graphing. +

    +

    The easiest way to get this working is to install + GraphViz. If you + do that, you need to + enable + server-side image maps in Apache. + Alternatively, you could set up a webdot server, or use the AT&T + public webdot server. This is the default for the webdotbase param, + but it's often overloaded and slow. Note that AT&T's server + won't work + if Bugzilla is only accessible using HARTS. + Editor's note: What the heck is HARTS? Google doesn't know... + +


    2.3.3. The Whining Cron

    What good are + bugs if they're not annoying? To help make them more so you + can set up Bugzilla's automatic whining system to complain at engineers + which leave their bugs in the NEW or REOPENED state without triaging them. +

    + This can be done by + adding the following command as a daily crontab entry, in the same manner + as explained above for bug graphs. This example runs it at 12.55am. +

    The process of untarring the module as defined in -
    55 0 * * * cd <your-bugzilla-directory> ; ./whineatnews.pl

    will create the - 2.3.4. Patch Viewer

    Patch Viewer is the engine behind Bugzilla's graphical display of + code patches. You can integrate this with copies of the + <module> directory. -

    cvs, lxr and + bonsai tools if you have them, by giving + the locations of your installation of these tools in + editparams.cgi. +

    Patch Viewer also optionally will use the + cvs, diff and + interdiff -

    http://cyberelk.net/tim/patchutils/. + If these programs are not in the system path, you can configure + their locations in localconfig. +


    2.3.5. LDAP Authentication

    LDAP authentication is a module for Bugzilla's plugin + authentication architecture. +

    The existing authentication + scheme for Bugzilla uses email addresses as the primary user ID, and a + password to authenticate that user. All places within Bugzilla where + you need to deal with user ID (e.g assigning a bug) use the email + address. The LDAP authentication builds on top of this scheme, rather + than replacing it. The initial log in is done with a username and + password for the LDAP directory. This then fetches the email address + from LDAP and authenticates seamlessly in the standard Bugzilla + authentication scheme using this email address. If an account for this + address already exists in your Bugzilla system, it will log in to that + account. If no account for that email address exists, one is created at + the time of login. (In this case, Bugzilla will attempt to use the + "displayName" or "cn" attribute to determine the user's full name.) + After authentication, all other user-related tasks are still handled by + email address, not LDAP username. You still assign bugs by email + address, query on users by email address, etc. +

    Because the Bugzilla account is not created until the first time + a user logs in, a user who has not yet logged is unknown to Bugzilla. + This means they cannot be used as an assignee or QA contact (default or + otherwise), added to any cc list, or any other such operation. One + possible workaround is the bugzilla_ldapsync.rb + script in the + contrib directory. Another possible solution is fixing + bug + 201069. +

    Many people complain that Perl modules will not install for - them. Most times, the error messages complain that they are missing a - file in - "@INC". - Virtually every time, this error is due to permissions being set too - restrictively for you to compile Perl modules or not having the - necessary Perl development libraries installed on your system. - Consult your local UNIX systems administrator for help solving these - permissions issues; if you - are - the local UNIX sysadmin, please consult the newsgroup/mailing list - for further assistance or hire someone to help you out.

    Perl Modules (minimum version): -

    Parameters required to use LDAP Authentication:

    1. loginmethod

      Bundle::BugzillaThis parameter should be set to "LDAP" - (Will allow you to skip the rest) -

    2. only if you will be using an LDAP directory + for authentication. If you set this param to "LDAP" but + fail to set up the other parameters listed below you will not be + able to log back in to Bugzilla one you log out. If this happens + to you, you will need to manually edit + data/params and set loginmethod to + "DB". +

      LDAPserver

      CGI - (2.88) -

    3. This parameter should be set to the name (and optionally the + port) of your LDAP server. If no port is specified, it assumes + the default LDAP port of 389. +

      Date::FormatEx. "ldap.company.com" - (2.21) -

    4. DBI - (1.32) -

    5. DBD::mysql"ldap.company.com:3268" - (2.1010) -

    6. LDAPbinddn [Optional]

      File::Spec - (0.82) -

    7. Some LDAP servers will not allow an anonymous bind to search + the directory. If this is the case with your configuration you + should set the LDAPbinddn parameter to the user account Bugzilla + should use instead of the anonymous bind. +

      File::Temp - (any) -

    8. Ex. "cn=default,cn=user:password"

      LDAPBaseDN

      Template Toolkit - (2.08) -

    9. The LDAPBaseDN parameter should be set to the location in + your LDAP tree that you would like to search for email addresses. + Your uids should be unique under the DN specified here. +

      Text::Wrap - (2001.0131) -

    - - and, optionally: -

    Ex. "ou=People,o=Company"

    1. LDAPuidattribute

      GD - (1.20) for bug charting -

    2. The LDAPuidattribute parameter should be set to the attribute + which contains the unique UID of your users. The value retrieved + from this attribute will be used when attempting to bind as the + user to confirm their password. +

      Chart::Base - (0.99c) for bug charting -

    3. Ex. "uid"

      LDAPmailattribute

      XML::Parser - (any) for the XML interface -

    4. The LDAPmailattribute parameter should be the name of the + attribute which contains the email address your users will enter + into the Bugzilla login boxes. +

      GD::Graph - (any) for bug charting -

    5. Ex. "mail"


    2.3.6. Prevent users injecting malicious + Javascript

    GD::Text::Align - (any) for bug charting -

  • It is possible for a Bugzilla user to take advantage of character + set encoding ambiguities to inject HTML into Bugzilla comments. This + could include malicious scripts. + Due to internationalization concerns, we are unable to + incorporate by default the code changes suggested by + the CERT advisory on this issue. + If your installation is for an English speaking audience only, making the + change below will prevent this problem. +

    MIME::Parser - (any) for the email interface -

  • PatchReader - (0.9.1) for pretty HTML view of patches -

  • -


    4.1.6.1. Bundle::Bugzilla

    If you are running at least perl 5.6.1, you can save yourself a lot - of time by using Bundle::Bugzilla. This bundle contains every module - required to get Bugzilla running. It does not include GD and friends, but - these are not required for a base install and can always be added later - if the need arises. -

    Assuming your perl was installed with CPAN (most unix installations - are), using Bundle::Bugzilla is really easy. Simply follow along with the - commands below. -

    Simply locate the following line in + Bugzilla/CGI.pm: +
    
bash# perl -MCPAN -eshell              
    -cpan shell -- CPAN exploration and modules installation (v1.63)
    -ReadLine support enabled
    -
    -cpan>
    -
    -        
    $self->charset('');
    + and change it to: +
    At this point, unless you've used CPAN on this machine before, - you'll have to go through a series of configuration steps. -
    $self->charset('ISO-8859-1');
    +



    4.1.6.2. CGI (2.88)

    The CGI module parses form elements and cookies and does many - other usefule things. It come as a part of recent perl distributions, but - Bugzilla needs a fairly new version. -

    2.3.7. mod_throttle


    -        CPAN Download Page: http://search.cpan.org/dist/CGI.pm/
    -        PPM Download Link: It is possible for a user, by mistake or on purpose, to access + the database many times in a row which can result in very slow access + speeds for other users. If your Bugzilla installation is experiencing + this problem, you may install the Apache module + mod_throttle + which can limit connections by IP address. You may download this module + at + http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/CGI.zip
    -        Documentation: http://www.snert.com/Software/mod_throttle/. + Follow the instructions to install into your Apache install. + This module only functions with the Apache web + server! + The command you need is + ThrottleClientIP. See the + http://www.perldoc.com/perl5.8.0/lib/CGI.html
    -      

    documentation + for more information.



    4.1.6.3. TimeDate modules (2.21)

    2.3.8. TCP/IP Ports

    Many of the more common date/time/calendar related Perl modules - have been grouped into a bundle similar to the MySQL modules bundle. - This bundle is stored on the CPAN under the name TimeDate. - The component module we're most interested in is the Date::Format - module, but installing all of them is probably a good idea anyway. +>A single-box Bugzilla only requires port 80, plus port 25 if + you are using the optional email interface. You should firewall all + other ports and/or disable services listening on them.


    -        CPAN Download Page: http://search.cpan.org/dist/TimeDate/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/TimeDate.zip
    -        Documentation: http://search.cpan.org/dist/TimeDate/lib/Date/Format.pm
    -      



    4.1.6.4. DBI (1.32)

    2.3.9. Daemon Accounts

    The DBI module is a generic Perl module used the - MySQL-related modules. As long as your Perl installation was done - correctly the DBI module should be a breeze. It's a mixed Perl/C - module, but Perl's MakeMaker system simplifies the C compilation - greatly.


    -        CPAN Download Page: http://search.cpan.org/dist/DBI/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/DBI.zip
    -        Documentation: http://dbi.perl.org/doc/
    -      

    Many daemons, such as Apache's httpd and MySQL's mysqld default to + running as either "root" or "nobody". Running + as "root" introduces obvious security problems, but the + problems introduced by running everything as "nobody" may + not be so obvious. Basically, if you're running every daemon as + "nobody" and one of them gets compromised, they all get + compromised. For this reason it is recommended that you create a user + account for each daemon. +



    4.1.6.5. MySQL-related modules

    2.4. OS-Specific Installation Notes

    The Perl/MySQL interface requires a few mutually-dependent Perl - modules. These modules are grouped together into the the - Msql-Mysql-modules package.

    Many aspects of the Bugzilla installation can be affected by the + the operating system you choose to install it on. Sometimes it can be made + easier and others more difficult. This section will attempt to help you + understand both the difficulties of running on specific operating systems + and the utilities available to make it easier. +

    The MakeMaker process will ask you a few questions about the - desired compilation target and your MySQL installation. For most of the - questions the provided default will be adequate, but when asked if your - desired target is the MySQL or mSQL packages, you should - select the MySQL related ones. Later you will be asked if you wish to - provide backwards compatibility with the older MySQL packages; you - should answer YES to this question. The default is NO.

    If you have anything to add or notes for an operating system not + covered, please file a bug in Bugzilla Documentation. +


    2.4.1. Microsoft Windows

    A host of 'localhost' should be fine and a testing user of 'test' - with a null password should find itself with sufficient access to run - tests on the 'test' database which MySQL created upon installation. +>Making Bugzilla work on Windows is still a painful processes. + The Bugzilla Team is working to make it easier, but that goal is not + considered a top priority. If you wish to run Bugzilla, we still + recommend doing so on a Unix based system such as GNU/Linux. As of this + writing, all members of the Bugzilla team and all known large installations + run on Unix based systems.


    -        CPAN Download Page: http://search.cpan.org/dist/DBD-mysql/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/DBD-Mysql.zip
    -        Documentation: http://search.cpan.org/dist/DBD-mysql/lib/DBD/mysql.pod
    -      

    If after hearing all that, you have enough pain tolerance to attempt + installing Bugzilla on Win32, here are some pointers. + + Because this is a development version of the guide, these instructions + are subject to change without notice. In fact, the Bugzilla Team hopes + to have Bugzilla reasonably close to "out of + the box" compatibility with Windows by the 2.18 release. + +


    4.1.6.6. File::Spec (0.82)

    File::Spec is a perl module that allows file operations, such as - generating full path names, to work cross platform. -

    2.4.1.1. Win32 Perl


    -        CPAN Download Page: http://search.cpan.org/dist/File-Spec/
    -        PPM Download Page: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/File-Spec.zip
    -        Documentation: http://www.perldoc.com/perl5.8.0/lib/File/Spec.html
    -      


    4.1.6.7. File::Temp (any)

    File::Temp is used to generate a temporary filename that is - guaranteed to be unique. It comes as a standard part of perl -


    -        CPAN Download Page: http://search.cpan.org/dist/File-Spec/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/File-Spec.zip
    -        Documentation: http://www.perldoc.com/perl5.8.0/lib/File/Temp.html
    -      


    4.1.6.8. Template Toolkit (2.08)

    When you install Template Toolkit, you'll get asked various - questions about features to enable. The defaults are fine, except - that it is recommended you use the high speed XS Stash of the Template - Toolkit, in order to achieve best performance. -


    -        CPAN Download Page: http://search.cpan.org/dist/Template-Toolkit/
    -        PPM Download Link: Perl for Windows can be obtained from http://openinteract.sourceforge.net/ppmpackages/5.6/Template-Toolkit.tar.gz
    -        Documentation: ActiveState. You should be + able to find a compiled binary at http://www.template-toolkit.org/docs.html
    -      

    http://aspn.activestate.com/ASPN/Downloads/ActivePerl/. +


    4.1.6.9. Text::Wrap (2001.0131)

    Text::Wrap is designed to proved intelligent text wrapping. -

    2.4.1.2. Perl Modules on Win32


    -        CPAN Download Page: http://search.cpan.org/dist/Text-Tabs+Wrap/
    -        Documentation: http://www.perldoc.com/perl5.8.0/lib/Text/Wrap.html
    -      


    Bugzilla on Windows requires the same perl modules found in + Section 2.1.5. The main difference is that + windows uses PPM4.1.6.10. GD (1.20) [optional]

    You need the GD library if you want any of the graphing to work. -

    instead of + CPAN. +

    The Perl GD library requires some other libraries that may or - may not be installed on your system, including - libpng

    
C:\perl> ppm <module name>
    -        and 
    -        libgd. 
    -        The full requirements are listed in the Perl GD library README.
    -        If compiling GD fails, it's probably because you're
    -        missing a required library.

    The version of the GD perl module you need is very closely tied - to the libgd version installed on your system. - If you have a version 1.x of libgd the 2.x - versions of the GD perl module won't work for you. -

    The above syntax should work for all modules with the exception + of Template Toolkit. The Template Toolkit website + suggests using the instructions on OpenInteract's website. +


    -        CPAN Download Page: http://search.cpan.org/dist/GD/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/GD.zip
    -        Documentation: http://stein.cshl.org/WWW/software/GD/
    -      


    4.1.6.11. Chart::Base (0.99c) [optional]

    2.4.1.3. Code changes required to run on win32

    The Chart module provides Bugzilla with on-the-fly charting - abilities. It can be installed in the usual fashion after it has been - fetched from CPAN. - Note that earlier versions that 0.99c used GIFs, which are no longer - supported by the latest versions of GD.


    -        CPAN Download Page: http://search.cpan.org/dist/Chart/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/Chart.zip
    -      

    As Bugzilla still doesn't run "out of the box" on + Windows, code has to be modified. This section lists the required + changes. +



    4.1.6.12. XML::Parser (any) [optional]

    2.4.1.3.1. Changes to checksetup.pl

    XML::Parser is used by the In importxml.pl - script. You only need it if you are going to be importing bugs (such as - for bug moving). XML::Parser requires that the - expat library is already installed on your machine. -

    checksetup.pl, the line reading:

    
my $mysql_binaries = `which mysql`;
    +          


    -        CPAN Download Page: http://search.cpan.org/dist/XML-Parser/
    -        Documentation: http://www.perldoc.com/perl5.6.1/lib/XML/Parser.html
    -      


    4.1.6.13. GD::Graph (any) [optional]

    In addition to GD listed above, the reporting interface of Bugzilla - needs to have the GD::Graph module installed. -


    -        CPAN Download Page: http://search.cpan.org/dist/GDGraph/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/GDGraph.zip
    -        Documentation: http://search.cpan.org/dist/GDGraph/Graph.pm
    -      


    4.1.6.14. GD::Text::Align (any) [optional]

    GD::Text::Align, as the name implies, is used to draw aligned - strings of text. It is needed by the reporting interface. -


    -        CPAN Download Page: http://search.cpan.org/dist/GDTextUtil/
    -        PPM Download Page: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/GDTextUtil.zip
    -        Documentation: http://search.cpan.org/dist/GDTextUtil/Text/Align.pm
    -      


    4.1.6.15. MIME::Parser (any) [optional]

    MIME::Parser is only needed if you want to use the e-mail interface - located in the contrib directory. -


    -        CPAN Download Page: http://search.cpan.org/dist/MIME-tools/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/MIME-tools.zip
    -        Documentation: http://search.cpan.org/dist/MIME-tools/lib/MIME/Parser.pm
    -      


    4.1.6.16. PatchReader (0.9.1) [optional]

    PatchReader is only needed if you want to use Patch Viewer, a - Bugzilla feature to format patches in a pretty HTML fashion. There are a - number of optional parameters you can configure Patch Viewer with as well, - including cvsroot, cvsroot_get, lxr_root, bonsai_url, lxr_url, and - lxr_root. Patch Viewer also optionally will use cvs, diff and interdiff - utilities if they exist on the system (interdiff can be found in the - patchutils package at http://cyberelk.net/tim/patchutils/. - These programs' locations can be configured in localconfig. -


    -        CPAN Download Page: http://search.cpan.org/author/JKEISER/PatchReader/
    -        Documentation: http://www.johnkeiser.com/mozilla/Patch_Viewer.html
    -      


    4.1.7. Configuring Bugzilla

    Once checksetup.pl has run successfully, Bugzilla should start up. - Proceed to the correct URL and log in with the administrator account - you defined in the last checksetup.pl run. -

    You should run through the parameters on the Edit Parameters page - (link in the footer) and set them all to appropriate values. - They key parameters are documented in Section 5.1. -


    4.2. HTTP Server Configuration

    The Bugzilla Team recommends Apache when using Bugzilla, however, any web server - that can be configured to run CGI scripts - should be able to handle Bugzilla. No matter what web server you choose, but - especially if you choose something other than Apache, you should be sure to read - Section 4.5.4. -

    The plan for this section is to eventually document the specifics of how to lock - down permissions on individual web servers. -


    4.2.1. Apache httpd

    You will have to make sure that Apache is properly - configured to run the Bugzilla CGI scripts. You also need to make sure - that the .htaccess files created by - ./checksetup.pl are allowed to override Apache's normal access - permissions or else important password information may be exposed to the - Internet. -

    You need to configure Apache to run .cgi files outside the - cgi-bin directory. - Open your - httpd.conf file and make sure the - following line exists and is uncommented:

    to

    
AddHandler cgi-script .cgi
    -        
    my $mysql_binaries = "D:\\mysql\\bin\\mysql"; +

    To allow .htaccess files to override - permissions and .cgi files to run in the Bugzilla directory, make sure - the following two lines are in a Directory - directive that applies to the Bugzilla directory on your system - (either the Bugzilla directory or one of its parents). -

    And you'll also need to change:

    
Options +ExecCGI
    -AllowOverride Limit
    -        
    my $webservergid = getgrnam($my_webservergroup) +

    You should modify the <DirectoryIndex> parameter for - the Apache virtual host running your Bugzilla installation to - allow index.cgi as the index page for a - directory, as well as the usual index.html, - index.htm, and so forth.

    to

    For more information on Apache and its directives, see the - glossary entry on Apache. -

    
my $webservergid = '8'
    +          


    4.2.2. Microsoft Internet Information Services

    2.4.1.3.2. Changes to BugMail.pm

    If you need, or for some reason even want, to use Microsoft's - Internet Information Services or - Personal Web Server you should be able - to. You will need to configure them to know how to run CGI scripts, - however. This is described in Microsoft Knowledge Base article - Q245225 - for Internet Information Services and - To make bug email work on Win32 (until + Q231998 - for Personal Web Server. -

    Also, and this can't be stressed enough, make sure that files such as - localconfig and your data - directory are secured as described in Section 4.5.4. -


    4.2.3. AOL Server

    Ben FrantzDale reported success using AOL Server with Bugzilla. He - reported his experience and what appears below is based on that. -

    AOL Server will have to be configured to run - CGI scripts, please consult - the documentation that came with your server for more information on - how to do this. -

    bug + 84876 lands), the + simplest way is to have the Net::SMTP Perl module installed and + change this:

    
open(SENDMAIL, "|/usr/lib/sendmail $sendmailparam -t -i") ||
    +  die "Can't open sendmail";
    +
    +print SENDMAIL trim($msg) . "\n";
    +close SENDMAIL;
    +          

    Because AOL Server doesn't support .htaccess - files, you'll have to create a TCL - script. You should create an aolserver/modules/tcl/filter.tcl - file (the filename shouldn't matter) with the following contents (change - /bugzilla/ to the web-based path to - your Bugzilla installation): -

    to

    
ns_register_filter preauth GET /bugzilla/localconfig filter_deny
    -ns_register_filter preauth GET /bugzilla/localconfig~ filter_deny
    -ns_register_filter preauth GET /bugzilla/\#localconfig\# filter_deny
    -ns_register_filter preauth GET /bugzilla/*.pl filter_deny
    -ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny
    -ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny
    -ns_register_filter preauth GET /bugzilla/data/* filter_deny
    -ns_register_filter preauth GET /bugzilla/template/* filter_deny
    -                                                                                
    -proc filter_deny { why } {
    -    ns_log Notice "filter_deny"
    -    return "filter_return"
    -}
    -      
    use Net::SMTP; +my $smtp_server = 'smtp.mycompany.com'; # change this + +# Use die on error, so that the mail will be in the 'unsent mails' and +# can be sent from the sanity check page. +my $smtp = Net::SMTP->new($smtp_server) || + die 'Cannot connect to server \'$smtp_server\''; + +$smtp->mail('bugzilla-daemon@mycompany.com'); # change this +$smtp->to($person); +$smtp->data(); +$smtp->datasend($msg); +$smtp->dataend(); +$smtp->quit; +

    Don't forget to change the name of your SMTP server and the + domain of the sending email address (after the '@') in the above + lines of code.


    2.4.1.4. Serving the web pages

    As is the case on Unix based systems, any web server should be + able to handle Bugzilla; however, the Bugzilla Team still recommends + Apache whenever asked. No matter what web server you choose, be sure + to pay attention to the security notes in Section 2.2.4.4. + More information on configuring specific web servers can be found in + Section 2.2.4. +

    This probably doesn't account for all possible editor backup - files so you may wish to add some additional variations of - localconfig. For more information, see - bug 186383 or If using Apache on windows, you can set the Bugtraq ID 6501ScriptInterpreterSource + directive in your Apache config to avoid having + to modify the first line of every script to contain your path to + perl instead of /usr/bin/perl. -


    2.4.2. Mac OS X

    Apple did not include the GD library with Mac OS X. Bugzilla + needs this for bug graphs.

    You can install it using a program called + Fink, which is similar in nature to the CPAN installer, but installs + common GNU utilities. Fink is available from + http://sourceforge.net/projects/fink/.

    Follow the instructions for setting up Fink. Once it's installed, + you'll want to use it to install the gd2 package. +

    It will prompt you for a number of dependencies, type 'y' and hit + enter to install all of the dependencies and then watch it work. You will + then be able to use CPAN to + install the GD Perl module. +

    If you are using webdot from research.att.com (the default - configuration for the webdotbase paramater), you - will need to allow access to To prevent creating conflicts with the software that Apple + installs by default, Fink creates its own directory tree at + data/webdot/*.dot - for the reasearch.att.com machine. -

    If you are using a local installation of GraphViz, you will need to allow - everybody to access /sw where it installs most of + the software that it installs. This means your libraries and headers be + at *.png, +>/sw/lib and *.gif, /sw/include instead of + *.jpg, and +>/usr/lib and *.map in the +>/usr/local/include. When the + Perl module config script asks where your libgd is, be sure to tell it data/webdot directory. +>/sw/lib.


    4.3. Optional Additional Configuration

    4.3.1. Dependency Charts

    As well as the text-based dependency graphs, Bugzilla also - supports dependency graphing, using a package called 'dot'. - Exactly how this works is controlled by the 'webdotbase' parameter, - which can have one of three values: +>Also available via Fink is expat. After using fink to + install the expat package you will be able to install + XML::Parser using CPAN. There is one caveat. Unlike recent versions of + the GD module, XML::Parser doesn't prompt for the location of the + required libraries. When using CPAN, you will need to use the following + command sequence:

    1. A complete file path to the command 'dot' (part of - GraphViz) - will generate the graphs locally -

    2. A URL prefix pointing to an installation of the webdot package will - generate the graphs remotely -

    3. A blank value will disable dependency graphing. -

    
# perl -MCPAN -e'look XML::Parser'        
    -      

    So, to get this working, install - GraphViz. If you - do that, you need to - enable - server-side image maps in Apache. - Alternatively, you could set up a webdot server, or use the AT&T - public webdot server (the - default for the webdotbase param). Note that AT&T's server won't work - if Bugzilla is only accessible using HARTS. -

    +# exit +
    The look command will download the module and spawn a + new shell with the extracted files as the current working directory. + The exit command will return you to your original shell. +
    You should watch the output from these make commands, + especially "make test" as errors may prevent XML::Parser + from functioning correctly with Bugzilla. +

    4.3.2. Bug Graphs

    As long as you installed the GD and Graph::Base Perl modules you - might as well turn on the nifty Bugzilla bug reporting graphs.

    2.4.3. Linux-Mandrake 8.0

    Add a cron entry like this to run - collectstats.pl - daily at 5 after midnight: -

    Linux-Mandrake 8.0 includes every required and optional library + for Bugzilla. The easiest way to install them is by using the + urpmi utility. If you follow these commands, you + should have everything you need for Bugzilla, and + ./checksetup.pl should not complain about any + missing libraries. You may already have some of these installed. +

    
bash# urpmi perl-mysql
    -
    -            bash# crontab -eurpmi perl-chart
    -          bash# urpmi perl-gd
    -        
    5 0 * * * cd <your-bugzilla-directory> ; - ./collectstats.plbash# urpmi perl-MailTools +bash# urpmi apache-modules -

    -

    After two days have passed you'll be able to view bug graphs from - the Bug Reports page.

    for Bugzilla email integration

    2.5. Troubleshooting

    This section gives solutions to common Bugzilla installation + problems. If none of the section headings seems to match your + problem, read the general advice. +


    4.3.3. The Whining Cron

    2.5.1. General Advice

    By now you have a fully functional Bugzilla, but what good are - bugs if they're not annoying? To help make those bugs more annoying you - can set up Bugzilla's automatic whining system to complain at engineers - which leave their bugs in the NEW or REOPENED state without triaging them. +> If you can't get checksetup.pl to run to + completion, it normally explains what's wrong and how to fix it. + If you can't work it out, or if it's being uncommunicative, post + the errors in the + netscape.public.mozilla.webtools + newsgroup.

    This can be done by - adding the following command as a daily crontab entry (for help on that - see that crontab man page): -

    If you have made it all the way through + Section 2.1 (Installation) and + Section 2.2 (Configuration) but + accessing the Bugzilla URL doesn't work, + the first thing to do is to check your webserver error log. For + Apache, this is often located at + /etc/logs/httpd/error_log. The error messages + you see may be self-explanatory enough to enable you to diagnose and + fix the problem. If not, see below for some commonly-encountered + errors. If that doesn't help, post the errors to the newsgroup. +


    2.5.2. I installed a Perl module, but + checksetup.pl claims it's not installed!

    You have two versions of Perl on your machine. You are installing + modules into one, and Bugzilla is using the other. Rerun the CPAN + commands (or manual compile) using the full path to Perl from the + top of checksetup.pl. This will make sure you + are installing the modules in the right place. +


    2.5.3. Bundle::Bugzilla makes me upgrade to Perl 5.6.1

    Try executing cd <your-bugzilla-directory> ; - ./whineatnews.pl - perl -MCPAN -e 'install CPAN' -

    +> Certain older versions of the CPAN toolset were somewhat naive about how + to upgrade Perl modules. When a couple of modules got rolled into the core + Perl distribution for 5.6.1, CPAN thought that the best way to get those + modules up to date was to haul down the Perl distribution itself and + build it. Needless to say, this has caused headaches for just about + everybody. Upgrading to a newer version of CPAN with the + commandline above should fix things.


    2.5.4. DBD::Sponge::db prepare failed

    The following error message may appear due to a bug in DBD::mysql + (over which the Bugzilla team have no control): +

     DBD::Sponge::db prepare failed: Cannot determine NUM_OF_FIELDS at D:/Perl/site/lib/DBD/mysql.pm line 248.
    +  SV = NULL(0x0) at 0x20fc444
    +  REFCNT = 1
    +  FLAGS = (PADBUSY,PADMY)
    +

    Depending on your system, crontab may have several manpages. - The following command should lead you to the most useful page for - this purpose: - To fix this, go to + <path-to-perl>/lib/DBD/sponge.pm + in your Perl installation and replace +

    
man 5 crontab
    -	
    my $numFields; + if ($attribs->{'NUM_OF_FIELDS'}) { + $numFields = $attribs->{'NUM_OF_FIELDS'}; + } elsif ($attribs->{'NAME'}) { + $numFields = @{$attribs->{NAME}}; +
    -

    by +

     my $numFields;
    + if ($attribs->{'NUM_OF_FIELDS'}) {
    +     $numFields = $attribs->{'NUM_OF_FIELDS'};
    + } elsif ($attribs->{'NAMES'}) {
    +     $numFields = @{$attribs->{NAMES}};
    +

    (note the S added to NAME.) +


    4.3.4. LDAP Authentication

    2.5.5. cannot chdir(/var/spool/mqueue)

    LDAP authentication is a module for Bugzilla's plugin - authentication architecture. +>If you are installing Bugzilla on SuSE Linux, or some other + distributions with + "paranoid" + security options, it is possible that the checksetup.pl script may fail + with the error: +
    cannot chdir(/var/spool/mqueue): Permission denied
    +

    The existing authentication - scheme for Bugzilla uses email addresses as the primary user ID, and a - password to authenticate that user. All places within Bugzilla where - you need to deal with user ID (e.g assigning a bug) use the email - address. The LDAP authentication builds on top of this scheme, rather - than replacing it. The initial log in is done with a username and - password for the LDAP directory. This then fetches the email address - from LDAP and authenticates seamlessly in the standard Bugzilla - authentication scheme using this email address. If an account for this - address already exists in your Bugzilla system, it will log in to that - account. If no account for that email address exists, one is created at - the time of login. (In this case, Bugzilla will attempt to use the - "displayName" or "cn" attribute to determine the user's full name.) - After authentication, all other user-related tasks are still handled by - email address, not LDAP username. You still assign bugs by email - address, query on users by email address, etc. +> This is because your + /var/spool/mqueue + directory has a mode of + "drwx------". Type + chmod 755 + /var/spool/mqueue + + as root to fix this problem.


    2.5.6. Your vendor has not defined Fcntl macro O_NOINHERIT

    This is caused by a bug in the version of + File::Temp that is distributed with perl + 5.6.0. Many minor variations of this error have been reported: +

    Your vendor has not defined Fcntl macro O_NOINHERIT, used 
    +at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 208.
    +
    +Your vendor has not defined Fcntl macro O_EXLOCK, used 
    +at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 210.
    +
    +Your vendor has not defined Fcntl macro O_TEMPORARY, used 
    +at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 233.

    Because the Bugzilla account is not created until the first time - a user logs in, a user who has not yet logged is unknown to Bugzilla. - This means they cannot be used as an assignee or QA contact (default or - otherwise), added to any cc list, or any other such operation. One - possible workaround is the bugzilla_ldapsync.rb - script in the - contrib directory. Another possible solution is fixing - bug - 201069. -

    Parameters required to use LDAP Authentication:

    loginmethod

    This parameter should be set to "LDAP" - only if you will be using an LDAP directory - for authentication. If you set this param to "LDAP" but - fail to set up the other parameters listed below you will not be - able to log back in to Bugzilla one you log out. If this happens - to you, you will need to manually edit - data/params and set loginmethod to - "DB". -

    LDAPserver

    This parameter should be set to the name (and optionally the - port) of your LDAP server. If no port is specified, it assumes - the default LDAP port of 389. -

    Ex. "ldap.company.com" - or "ldap.company.com:3268" -

    LDAPbinddn [Optional]

    Some LDAP servers will not allow an anonymous bind to search - the directory. If this is the case with your configuration you - should set the LDAPbinddn parameter to the user account Bugzilla - should use instead of the anonymous bind. -

    Ex. "cn=default,cn=user:password"

    LDAPBaseDN

    The LDAPBaseDN parameter should be set to the location in - your LDAP tree that you would like to search for e-mail addresses. - Your uids should be unique under the DN specified here. -

    Ex. "ou=People,o=Company"

    LDAPuidattribute

    The LDAPuidattribute parameter should be set to the attribute - which contains the unique UID of your users. The value retrieved - from this attribute will be used when attempting to bind as the - user to confirm their password. -

    Ex. "uid"

    LDAPmailattribute

    The LDAPmailattribute parameter should be the name of the - attribute which contains the e-mail address your users will enter - into the Bugzilla login boxes. -

    Ex. "mail"


    4.3.5. Preventing untrusted Bugzilla content from executing malicious - Javascript code

    It is possible for a Bugzilla attachment to contain malicious - Javascript - code, which would be executed in the domain of your Bugzilla, thereby - making it possible for the attacker to e.g. steal your login cookies. - Due to internationalization concerns, we are unable to - incorporate by default the code changes necessary to fulfill the CERT - advisory requirements mentioned in - Numerous people have reported that upgrading to version 5.6.1 + or higher solved the problem for them. A less involved fix is to apply + the following patch, which is also + available as a http://www.cert.org/tech_tips/malicious_code_mitigation.html/#3patch file. - If your installation is for an English speaking audience only, making the - change below will prevent this problem.

    Simply locate the following line in - Bugzilla/CGI.pm: -
    
    $self->charset('');
    -      
    - and change it to: -
    
    $self->charset('ISO-8859-1');
    -      
    --- File/Temp.pm.orig Thu Feb 6 16:26:00 2003 ++++ File/Temp.pm Thu Feb 6 16:26:23 2003 +@@ -205,6 +205,7 @@ + # eg CGI::Carp + local $SIG{__DIE__} = sub {}; + local $SIG{__WARN__} = sub {}; ++ local *CORE::GLOBAL::die = sub {}; + $bit = &$func(); + 1; + }; +@@ -226,6 +227,7 @@ + # eg CGI::Carp + local $SIG{__DIE__} = sub {}; + local $SIG{__WARN__} = sub {}; ++ local *CORE::GLOBAL::die = sub {}; + $bit = &$func(); + 1; + };
    -



    4.3.6. Bugzilla and mod_perl

    Bugzilla is unsupported under mod_perl. Effort is underway - to make it work cleanly in a mod_perl environment, but it is - slow going. -

    Chapter 3. Administering Bugzilla

    4.3.7. mod_throttle - - and Security

    3.1. Bugzilla Configuration

    It is possible for a user, by mistake or on purpose, to access - the database many times in a row which can result in very slow access - speeds for other users. If your Bugzilla installation is experiencing - this problem , you may install the Apache module - mod_throttle - - which can limit connections by ip-address. You may download this module - at - http://www.snert.com/Software/mod_throttle/. - Follow the instructions to install into your Apache install. - This module only functions with the Apache web - server! - You may use the - ThrottleClientIP - - command provided by this module to accomplish this goal. See the - Module - Instructions - for more information.

    Bugzilla is configured by changing various parameters, accessed + from the "Edit parameters" link in the page footer. Here are + some of the key parameters on that page. You should run down this + list and set them appropriately after installing Bugzilla.


    4.4. OS Specific Installation Notes

    Many aspects of the Bugzilla installation can be affected by the - the operating system you choose to install it on. Sometimes it can be made - easier and others more difficult. This section will attempt to help you - understand both the difficulties of running on specific operating systems - and the utilities available to make it easier. -

    1. If you have anything to add or notes for an operating system not - covered, please file a bug in Bugzilla Documentation. -


      4.4.1. Microsoft Windows

      + maintainer: + The maintainer parameter is the email address of the person + responsible for maintaining this + Bugzilla installation. The address need not be that of a valid Bugzilla + account.

    2. Making Bugzilla work on windows is still a painful processes. - The Bugzilla Team is working to make it easier, but that goal is not - considered a top priority. If you wish to run Bugzilla, we still - recommend doing so on a Unix based system such as GNU/Linux. As of this - writing, all members of the Bugzilla team and all known large installations - run on Unix based systems. -

      urlbase: + This parameter defines the fully qualified domain name and web + server path to your Bugzilla installation.

      If after hearing all that, you have enough pain tolerance to attempt - installing Bugzilla on Win32, here are some pointers. - - Because this is a development version of the guide, these instructions - are subject to change without notice. In fact, the Bugzilla Team hopes - they do as we would like to have Bugzilla resonabally close to "out of - the box" compatibility by the 2.18 release. - -


      4.4.1.1. Win32 Perl

      For example, if your Bugzilla query page is + http://www.foo.com/bugzilla/query.cgi, + set your "urlbase" + to http://www.foo.com/bugzilla/.

    3. Perl for Windows can be obtained from ActiveState. You should be - able to find a compiled binary at http://aspn.activestate.com/ASPN/Downloads/ActivePerl/. +> makeproductgroups: + This dictates whether or not to automatically create groups + when new products are created.


    4.4.1.2. Perl Modules on Win32

  • Bugzilla on Windows requires the same perl modules found in - Section 4.1.6. The main difference is that - windows uses PPM instead of - CPAN. -

    
C:\perl> 
        ppm <module name>
    -        
    useentrygroupdefault: + Bugzilla products can have a group associated with them, so that + certain users can only see bugs in certain products. When this + parameter is set to "on", this + causes the initial group controls on newly created products + to place all newly-created bugs in the group + having the same name as the product immediately. + After a product is initially created, the group controls + can be further adjusted without interference by + this mechanism.

  • shadowdb: + You run into an interesting problem when Bugzilla reaches a + high level of continuous activity. MySQL supports only table-level + write locking. What this means is that if someone needs to make a + change to a bug, they will lock the entire table until the operation + is complete. Locking for write also blocks reads until the write is + complete. Note that more recent versions of mysql support row level + locking using different table types. These types are slower than the + standard type, and Bugzilla does not yet take advantage of features + such as transactions which would justify this speed decrease. The + Bugzilla team are, however, happy to hear about any experiences with + row level locking and Bugzilla.

    The above syntax should work for all modules with the exception - of Template Toolkit. The Template Toolkit websiteThe "shadowdb" - suggests using the instructions on OpenInteract's website. -

  • If using Apache on windows, you can set the ScriptInterpreterSourceThe user can still submit bugs via + the e-mail gateway, if you set it up, even if the disabled text + field is filled in. The e-mail gateway should + not - directive in your Apache config, if you don't do this, you'll have - to modify the first line of every script to contain your path to - perl instead of /usr/bin/perl. -

    As a guide, on reasonably old hardware, mozilla.org began needing + "shadowdb" + when they reached around 40,000 Bugzilla users with several hundred + Bugzilla bug changes and comments per day.

    A complete list of modules that can be installed using ppm can - be found at http://www.activestate.com/PPMPackages/5.6plus. -

    The value of the parameter defines the name of the + shadow bug database. You will need to set the host and port settings + from the params page, and set up replication in your database server + so that updates reach this readonly mirror. Consult your database + documentation for more detail.

  • shutdownhtml: + + If you need to shut down Bugzilla to perform administration, enter + some descriptive HTML here and anyone who tries to use Bugzilla will + receive a page to that effect. Obviously, editparams.cgi will + still be accessible so you can remove the HTML and re-enable Bugzilla. + :-) +

  • passwordmail: + + Every time a user creates an account, the text of + this parameter (with substitutions) is sent to the new user along with + their password message.

    Add any text you wish to the "passwordmail" parameter box. For + instance, many people choose to use this box to give a quick training + blurb about how to use Bugzilla at your site.

  • movebugs: + + This option is an undocumented feature to allow moving bugs + between separate Bugzilla installations. You will need to understand + the source code in order to use this feature. Please consult + movebugs.pl in your Bugzilla source tree for + further documentation, such as it is. +

  • useqacontact: + + This allows you to define an email address for each component, in + addition + to that of the default owner, who will be sent carbon copies of + incoming bugs.

  • usestatuswhiteboard: + This defines whether you wish to have a free-form, overwritable field + associated with each bug. The advantage of the Status Whiteboard is + that it can be deleted or modified with ease, and provides an + easily-searchable field for indexing some bugs that have some trait + in common. +

  • whinedays: + Set this to the number of days you want to let bugs go + in the NEW or REOPENED state before notifying people they have + untouched new bugs. If you do not plan to use this feature, simply do + not set up the whining cron job described in the installation + instructions, or set this value to "0" (never whine).

  • commenton*: + All these + fields allow you to dictate what changes can pass without comment, + and which must have a comment from the person who changed them. + Often, administrators will allow users to add themselves to the CC + list, accept bugs, or change the Status Whiteboard without adding a + comment as to their reasons for the change, yet require that most + other changes come with an explanation.

    Set the "commenton" options according to your site policy. It + is a wise idea to require comments when users resolve, reassign, or + reopen bugs at the very least. +

    It is generally far better to require a developer comment + when resolving bugs than not. Few things are more annoying to bug + database users than having a developer mark a bug "fixed" without + any comment as to what the fix was (or even that it was truly + fixed!)

    +

  • supportwatchers: + + Turning on this option allows users to ask to receive copies of + all a particular other user's bug email. This is, of + course, subject to the groupset restrictions on the bug; if the + "watcher" + would not normally be allowed to view a bug, the watcher cannot get + around the system by setting herself up to watch the bugs of someone + with bugs outside her privileges. They would still only receive email + updates for those bugs she could normally view.



  • 4.4.1.3. Code changes required to run on win32

    As Bugzilla still doesn't run "out of the box" on - Windows, code has to be modified. This section is an attempt to - list the required changes. -

    3.2. User Administration

    4.4.1.3.1. Changes to checksetup.pl

    3.2.1. Creating the Default User

    In checksetup.pl, the line reading:

    When you first run checksetup.pl after installing Bugzilla, it + will prompt you for the administrative username (email address) and + password for this "super user". If for some reason you delete + the "super user" account, re-running checksetup.pl will again prompt + you for this username and password.

    
my $mysql_binaries = `which mysql`;
    -          

    If you wish to add more administrative users, add them to + the "admin" group and, optionally, add edit the tweakparams, editusers, + creategroups, editcomponents, and editkeywords groups to add the + entire admin group to those groups. +


    3.2.2. Managing Other Users

    3.2.2.1. Creating new users

    to

    Your users can create their own user accounts by clicking the + "New Account" link at the bottom of each page (assuming they + aren't logged in as someone else already.) However, should you + desire to create user accounts ahead of time, here is how you do + it.

    1. After logging in, click the "Users" link at the footer of + the query page, and then click "Add a new user".

    2. Fill out the form presented. This page is self-explanatory. + When done, click "Submit".

      
my $mysql_binaries = "D:\\mysql\\bin\\mysql";
      -          

      And you'll also need to change:

      
my $webservergid = getgrnam($my_webservergroup)
      -          

      to

      
my $webservergid = '8'
      -          
      Adding a user this way will + not + + send an email informing them of their username and password. + While useful for creating dummy accounts (watchers which + shuttle mail to another system, for instance, or email + addresses which are a mailing list), in general it is + preferable to log out and use the + "New Account" + + button to create users, as it will pre-populate all the + required fields and also notify the user of her account name + and password.



    4.4.1.3.2. Changes to BugMail.pm

    3.2.2.2. Modifying Users

    To make bug e-mail work on Win32 (until - bug - 84876 lands), the - simplest way is to have the Net::SMTP Perl module installed and - change this:

    
open(SENDMAIL, "|/usr/lib/sendmail $sendmailparam -t -i") ||
    -  die "Can't open sendmail";
    -
    -print SENDMAIL trim($msg) . "\n";
    -close SENDMAIL;
    -          
    To see a specific user, search for their login name + in the box provided on the "Edit Users" page. To see all users, + leave the box blank.

    to

    You can search in different ways the listbox to the right + of the text entry box. You can match by + case-insensitive substring (the default), + regular expression, or a + reverse + regular expression match, which finds every user name which does NOT + match the regular expression. (Please see + the man regexp + manual page for details on regular expression syntax.) +

    Once you have found your user, you can change the following + fields:

    • Login Name: + This is generally the user's full email address. However, if you + have are using the emailsuffix Param, this may just be the user's + login name. Note that users can now change their login names + themselves (to any valid email address.) +

    • Real Name: The user's real name. Note that + Bugzilla does not require this to create an account.

    • Password: + You can change the user's password here. Users can automatically + request a new password, so you shouldn't need to do this often. + If you want to disable an account, see Disable Text below. +

    • Disable Text: + If you type anything in this box, including just a space, the + user is prevented from logging in, or making any changes to + bugs via the web interface. + The HTML you type in this box is presented to the user when + they attempt to perform these actions, and should explain + why the account was disabled. +

      
use Net::SMTP;
      -my $smtp_server = 'smtp.mycompany.com';  # change this
      -
      -# Use die on error, so that the mail will be in the 'unsent mails' and
      -# can be sent from the sanity check page.
      -my $smtp = Net::SMTP->new($smtp_server) ||
      -  die 'Cannot connect to server \'$smtp_server\'';
      -
      -$smtp->mail('bugzilla-daemon@mycompany.com');  # change this
      -$smtp->to($person);
      -$smtp->data();
      -$smtp->datasend($msg);
      -$smtp->dataend();
      -$smtp->quit;
      -          

      Don't disable all the administrator accounts!

      Don't forget to change the name of your SMTP server and the - domain of the sending e-mail address (after the '@') in the above - lines of code.


    4.4.1.4. Serving the web pages

    As is the case on Unix based systems, any web server should be - able to handle Bugzilla; however, the Bugzilla Team still recommends - Apache whenever asked. No matter what web server you choose, be sure - to pay attention to the security notes in Section 4.5.4. - More information on configuring specific web servers can be found in - Section 4.2. -

    + +

    +

  • <groupname>: + If you have created some groups, e.g. "securitysensitive", then + checkboxes will appear here to allow you to add users to, or + remove them from, these groups. +

  • canconfirm: + This field is only used if you have enabled the "unconfirmed" + status. If you enable this for a user, + that user can then move bugs from "Unconfirmed" to a "Confirmed" + status (e.g.: "New" status).

  • creategroups: + This option will allow a user to create and destroy groups in + Bugzilla.

  • editbugs: + Unless a user has this bit set, they can only edit those bugs + for which they are the assignee or the reporter. Even if this + option is unchecked, users can still add comments to bugs. +

  • editcomponents: + This flag allows a user to create new products and components, + as well as modify and destroy those that have no bugs associated + with them. If a product or component has bugs associated with it, + those bugs must be moved to a different product or component + before Bugzilla will allow them to be destroyed. +

  • editkeywords: + If you use Bugzilla's keyword functionality, enabling this + feature allows a user to create and destroy keywords. As always, + the keywords for existing bugs containing the keyword the user + wishes to destroy must be changed before Bugzilla will allow it + to die.

  • editusers: + This flag allows a user to do what you're doing right now: edit + other users. This will allow those with the right to do so to + remove administrator privileges from other users or grant them to + themselves. Enable with care.

  • tweakparams: + This flag allows a user to change Bugzilla's Params + (using editparams.cgi.)

  • <productname>: + This allows an administrator to specify the products in which + a user can see bugs. The user must still have the + "editbugs" privilege to edit bugs in these products.



  • 4.4.2. Mac OS X

    There are a lot of common libraries and utilities out there that - Apple did not include with Mac OS X, but which run perfectly well on it. - The GD library, which Bugzilla needs to do bug graphs, is one of - these.

    The easiest way to get a lot of these is with a program called - Fink, which is similar in nature to the CPAN installer, but installs - common GNU utilities. Fink is available from - http://sourceforge.net/projects/fink/.

    Follow the instructions for setting up Fink. Once it's installed, - you'll want to use it to install the gd2 package. -

    3.3. Products

    It will prompt you for a number of dependencies, type 'y' and hit - enter to install all of the dependencies and then watch it work. You will - then be able to use CPAN Products to - install the GD perl module. -

    + + are the broadest category in Bugzilla, and tend to represent real-world + shipping products. E.g. if your company makes computer games, + you should have one product per game, perhaps a "Common" product for + units of technology used in multiple games, and maybe a few special + products (Website, Administration...)

    Many of Bugzilla's settings are configurable on a per-product + basis. The number of "votes" available to users is set per-product, + as is the number of votes + required to move a bug automatically from the UNCONFIRMED status to the + NEW status.

    To create a new product:

    1. To prevent creating conflicts with the software that Apple - installs by default, Fink creates its own directory tree at - /sw where it installs most of - the software that it installs. This means your libraries and headers be - at /sw/lib and - /sw/include instead of - /usr/lib and - /usr/local/include. When the - Perl module config script asks where your libgd is, be sure to tell it - /sw/lib. -

    Select "products" from the footer

  • Select the "Add" link in the bottom right

  • Enter the name of the product and a description. The + Description field may contain HTML.

  • Don't worry about the "Closed for bug entry", "Maximum Votes + per person", "Maximum votes a person can put on a single bug", + "Number of votes a bug in this Product needs to automatically get out + of the UNCOMFIRMED state", and "Version" options yet. We'll cover + those in a few moments. +


    3.4. Components

    Also available via Fink is expat. Once running using fink to - install the expat package you will be able to install - XML::Parser using CPAN. There is one caveat. Unlike recent versions of - the GD module, XML::Parser doesn't prompt for the location of the - required libraries. When using CPAN, you will need to use the following - command sequence: -

    
# perl -MCPAN -e'look XML::Parser'        
    -# perl Makefile.PL EXPATLIBPATH=/sw/lib EXPATINCPATH=/sw/include
    -# make; make test; make install           
    -# exit                                    
    -      
    The look command will download the module and spawn a - new shell with the extracted files as the current working directory. - The exit command will return you to your original shell. -
    You should watch the output from these make commands, - especially "make test" as errors may prevent XML::Parser - from functioning correctly with Bugzilla. -
    Components are subsections of a Product. E.g. the computer game + you are designing may have a "UI" + component, an "API" component, a "Sound System" component, and a + "Plugins" component, each overseen by a different programmer. It + often makes sense to divide Components in Bugzilla according to the + natural divisions of responsibility within your Product or + company.

    Each component has a owner and (if you turned it on in the parameters), + a QA Contact. The owner should be the primary person who fixes bugs in + that component. The QA Contact should be the person who will ensure + these bugs are completely fixed. The Owner, QA Contact, and Reporter + will get email when new bugs are created in this Component and when + these bugs change. Default Owner and Default QA Contact fields only + dictate the + default assignments; + these can be changed on bug submission, or at any later point in + a bug's life.

    To create a new Component:

    1. Select the "Edit components" link from the "Edit product" + page

    2. Select the "Add" link in the bottom right.

    3. Fill out the "Component" field, a short "Description", + the "Initial Owner" and "Initial QA Contact" (if enabled.) + The Component and Description fields may contain HTML; + the "Initial Owner" field must be a login name + already existing in the database. +



    4.4.3. Linux-Mandrake 8.0

    3.5. Versions

    Linux-Mandrake 8.0 includes every required and optional library - for Bugzilla. The easiest way to install them is by using the - urpmi utility. If you follow these commands, you - should have everything you need for Bugzilla, and - ./checksetup.pl should not complain about any - missing libraries. You may already have some of these installed. -

    
bash# urpmi perl-mysql
    -bash# urpmi perl-chart
    -bash# urpmi perl-gd
    -bash# urpmi perl-MailTools             
    -bash# urpmi apache-modules
    -      
    for Bugzilla e-mail integration
    Versions are the revisions of the product, such as "Flinders + 3.1", "Flinders 95", and "Flinders 2000". Version is not a multi-select + field; the usual practice is to select the earliest version known to have + the bug. +

    To create and edit Versions:

    1. From the "Edit product" screen, select "Edit Versions"

    2. You will notice that the product already has the default + version "undefined". Click the "Add" link in the bottom right.

    3. Enter the name of the Version. This field takes text only. + Then click the "Add" button.


    4.5. Bugzilla Security

    3.6. Milestones

    Milestones are "targets" that you plan to get a bug fixed by. For + example, you have a bug that you plan to fix for your 3.0 release, it + would be assigned the milestone of 3.0.

    Poorly-configured MySQL and Bugzilla installations have - given attackers full access to systems in the past. Please take these - guidelines seriously, even for Bugzilla machines hidden away behind - your firewall. 80% of all computer trespassers are insiders, not - anonymous crackers.

    This is not meant to be a comprehensive list of every possible - security issue pertaining to the software mentioned in this section. - There is - no subsitute for reading the information written by the authors of any - software running on your system. +>Milestone options will only appear for a Product if you turned + on the "usetargetmilestone" Param in the "Edit Parameters" screen.


    4.5.1. TCP/IP Ports

    TCP/IP defines 65,000 some ports for trafic. Of those, Bugzilla - only needs 1, or 2 if you need to use features that require e-mail such - as bug moving or the e-mail interface from contrib. You should audit - your server and make sure that you aren't listening on any ports you - don't need to be. You may also wish to use some kind of firewall - software to be sure that trafic can only be recieved on ports you - specify. -


    4.5.2. MySQL

    MySQL ships by default with many settings that should be changed. - By defaults it allows anybody to connect from localhost without a - password and have full administrative capabilities. It also defaults to - not have a root password (this is not the same as - the system root). Also, many installations default to running - mysqld as the system root. -

    To create new Milestones, set Default Milestones, and set + Milestone URL:

    1. Consult the documentation that came with your system for - information on making mysqld run as an - unprivleged user. -

      Select "Edit milestones" from the "Edit product" page.

    2. You should also be sure to disable the anonymous user account - and set a password for the root user. This is accomplished using the - following commands: -

      
bash$ mysql mysql
      -mysql> DELETE FROM user WHERE user = '';
      -mysql> UPDATE user SET password = password('new_password') WHERE user = 'root';
      -mysql> FLUSH PRIVILEGES;
      -          

      From this point forward you will need to use - mysql -u root -p and enter - new_password when prompted when using the - mysql client. -

      Select "Add" in the bottom right corner. + text

    3. If you run MySQL on the same machine as your httpd server, you - should consider disabling networking from within MySQL by adding - the following to your /etc/my.conf: -

      
[myslqd]
      -# Prevent network access to MySQL.
      -skip-networking
      -          
      Enter the name of the Milestone in the "Milestone" field. You + can optionally set the "sortkey", which is a positive or negative + number (-255 to 255) that defines where in the list this particular + milestone appears. This is because milestones often do not + occur in alphanumeric order For example, "Future" might be + after "Release 1.2". Select "Add".

    4. You may also consider running MySQL, or even all of Bugzilla - in a chroot jail; however, instructions for doing that are beyond - the scope of this document. -

      From the Edit product screen, you can enter the URL of a + page which gives information about your milestones and what + they mean.



    4.5.3. Daemon Accounts

    3.7. Voting

    Many daemons, such as Apache's httpd and MySQL's mysqld default to - running as either "root" or "nobody". Running - as "root" introduces obvious security problems, but the - problems introduced by running everything as "nobody" may - not be so obvious. Basically, if you're running every daemon as - "nobody" and one of them gets compromised, they all get - compromised. For this reason it is recommended that you create a user - account for each daemon. -

    Voting allows users to be given a pot of votes which they can allocate + to bugs, to indicate that they'd like them fixed. + This allows developers to gauge + user need for a particular enhancement or bugfix. By allowing bugs with + a certain number of votes to automatically move from "UNCONFIRMED" to + "NEW", users of the bug system can help high-priority bugs garner + attention so they don't sit for a long time awaiting triage.

    To modify Voting settings:

    1. You will need to set the webservergroup to - the group you created for your webserver to run as in - localconfig. This will allow - ./checksetup.pl to better adjust the file - permissions on your Bugzilla install so as to not require making - anything world-writable. +>Navigate to the "Edit product" screen for the Product you + wish to modify

    2. Maximum Votes per person: + Setting this field to "0" disables voting.

    3. Maximum Votes a person can put on a single + bug: + It should probably be some number lower than the + "Maximum votes per person". Don't set this field to "0" if + "Maximum votes per person" is non-zero; that doesn't make + any sense.

    4. Number of votes a bug in this product needs to + automatically get out of the UNCONFIRMED state: + Setting this field to "0" disables the automatic move of + bugs from UNCONFIRMED to NEW.

  • Once you have adjusted the values to your preference, click + "Update".



  • 4.5.4. Web Server Access Controls

    3.8. Groups and Group Security

    There are many files that are placed in the Bugzilla directory - area that should not be accessable from the web. Because of the way - Bugzilla is currently laid out, the list of what should and should - not be accessible is rather complicated. -

    Groups allow the administrator + to isolate bugs or products that should only be seen by certain people. + The association between products and groups is controlled from + the product edit page under "Edit Group Controls." +

    Users of Apache don't need to worry about this, however, because - Bugzilla ships with .htaccess files which restrict access to all the - sensitive files in this section. Users of other webservers, read on. -

    If the makeproductgroups param is on, a new group will be automatically + created for every new product. +

    You should test to make sure that the files mentioned above are - not accessible from the Internet, especially your - localconfig file which contains your database - password. To test, simply point your web browser at the file; for - example, to test mozilla.org's installation, we'd try to access - http://bugzilla.mozilla.org/localconfig. You should - get a 403 Forbidden - error. -

    Fill out the "Group", "Description", + and "User RegExp" fields. + "User RegExp" allows you to automatically + place all users who fulfill the Regular Expression into the new group. + When you have finished, click "Add".

    Not following the instructions in this section, including - testing, may result in sensitive information being globally - accessible. -

    If specifying a domain in the regexp, make sure you end + the regexp with a $. Otherwise, when granting access to + "@mycompany\.com", you will allow access to + 'badperson@mycompany.com.cracker.net'. You need to use + '@mycompany\.com$' as the regexp.

  • After you add your new group, edit the new group. On the + edit page, you can specify other groups that should be included + in this group and which groups should be permitted to add and delete + users from this group.

  • Note that group permissions are such that you need to be a member + of all the groups a bug is in, for whatever + reason, to see that bug. Similarly, you must be a member + of all of the entry groups for a product + to add bugs to a product and you must be a member + of all of the canedit groups for a product + in order to make any change to bugs in that + product. +


    3.9. Upgrading to New Releases

    You should check Section 4.2 to see if instructions - have been included for your web server. You should also compare those - instructions with this list to make sure everything is properly - accounted for. -

    Upgrading is a one-way process. You should backup your database + and current Bugzilla directory before attempting the upgrade. If you wish + to revert to the old Bugzilla version for any reason, you will have to + restore from these backups. +


    4.6. Troubleshooting

    This section gives solutions to common Bugzilla installation - problems. +>Upgrading Bugzilla is something we all want to do from time to time, + be it to get new features or pick up the latest security fix. How easy + it is to update depends on a few factors.


    4.6.1. Bundle::Bugzilla makes me upgrade to Perl 5.6.1

    Try executing perl -MCPAN -e 'install CPAN' - and then continuing. -

    If the new version is a revision or a new point release

  • How many, if any, local changes have been made

  • There are also three different methods to upgrade your installation. +

    1. Using CVS (Example 3-1)

    2. Downloading a new tarball (Example 3-2)

    3. Applying the relevant patches (Example 3-3)

    Which options are available to you may depend on how large a jump + you are making and/or your network configuration. +

    Revisions are normally released to fix security vulnerabilities + and are distinguished by an increase in the third number. For example, + when 2.16.2 was released, it was a revision to 2.16.1. +

    Point releases are normally released when the Bugzilla team feels + that there has been a significant amount of progress made between the + last point release and the current time. These are often proceeded by a + stabilization period and release candidates, however the use of + development versions or release candidates is beyond the scope of this + document. Point releases can be distinguished by an increase in the + second number, or minor version. For example, 2.16.2 is a newer point + release than 2.14.5. +

    The examples in this section are written as if you were updating + to version 2.16.2. The procedures are the same regardless if you are + updating to a new point release or a new revision. However, the chance + of running into trouble increases when upgrading to a new point release, + escpecially if you've made local changes. +

    These examples also assume that your Bugzilla installation is at + /var/www/html/bugzilla. If that is not the case, + simply substitute the proper paths where appropriate. +


    4.6.2. DBD::Sponge::db prepare failed

    The following error message may appear due to a bug in DBD::mysql - (over which the Bugzilla team have no control): -

    Example 3-1. Upgrading using CVS

    Every release of Bugzilla, whether it is a revision or a point + release, is tagged in CVS. Also, every tarball we have distributed + since version 2.12 has been primed for using CVS. This does, however, + require that you are able to access cvs-mirror.mozilla.org on port + 2401. + +

     DBD::Sponge::db prepare failed: Cannot determine NUM_OF_FIELDS at D:/Perl/site/lib/DBD/mysql.pm line 248.
    -  SV = NULL(0x0) at 0x20fc444
    -  REFCNT = 1
    -  FLAGS = (PADBUSY,PADMY)
    -

    If you can do this, updating using CVS is probably the most + painless method, especially if you have a lot of local changes. +

    To fix this, go to - <path-to-perl>/lib/DBD/sponge.pm - in your Perl installation and replace +>

     my $numFields;
    - if ($attribs->{'NUM_OF_FIELDS'}) {
    -     $numFields = $attribs->{'NUM_OF_FIELDS'};
    - } elsif ($attribs->{'NAME'}) {
    -     $numFields = @{$attribs->{NAME}};
    -
    bash$ cd /var/www/html/bugzilla +bash$ cvs login +Logging in to :pserver:anonymous@cvs-mirror.mozilla.org:2401/cvsroot +CVS password: anonymous +bash$ cvs -q update -r BUGZILLA-2_16_2 -dP +P checksetup.pl +P collectstats.pl +P globals.pl +P docs/rel_notes.txt +P template/en/default/list/quips.html.tmpl +

    by -

     my $numFields;
    - if ($attribs->{'NUM_OF_FIELDS'}) {
    -     $numFields = $attribs->{'NUM_OF_FIELDS'};
    - } elsif ($attribs->{'NAMES'}) {
    -     $numFields = @{$attribs->{NAMES}};
    -

    If a line in the output from cvs update + begins with a C that represents a + file with local changes that CVS was unable to properly merge. You + need to resolve these conflicts manually before Bugzilla (or at + least the portion using that file) will be usable. +

    (note the S added to NAME.) -


    4.6.3. cannot chdir(/var/spool/mqueue)

    + +

    If you are installing Bugzilla on SuSE Linux, or some other - distributions with - "paranoid" - security options, it is possible that the checksetup.pl script may fail - with the error: -

    cannot chdir(/var/spool/mqueue): Permission denied
    -
    -

    This is because your - /var/spool/mqueue - directory has a mode of - "drwx------". Type - You also need to run chmod 755 - /var/spool/mqueue./checksetup.pl -

    - as root to fix this problem.


    4.6.4. Your vendor has not defined Fcntl macro O_NOINHERIT

    This is caused by a bug in the version of - File::Temp that is distributed with perl - 5.6.0. Many minor variations of this error have been reported. Examples - can be found in Figure 4-2. -

    Figure 4-2. Other File::Temp error messagesExample 3-2. Upgrading using the tarball

    If you are unable or unwilling to use CVS, another option that's + always available is to download the latest tarball. This is the most + difficult option to use, especially if you have local changes. +

    
Your vendor has not defined Fcntl macro O_NOINHERIT, used 
    -at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 208.
    -
    -Your vendor has not defined Fcntl macro O_EXLOCK, used 
    -at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 210.
    -
    -Your vendor has not defined Fcntl macro O_TEMPORARY, used 
    -at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 233.
    -        
    bash$ cd /var/www/html +bash$ wget ftp://ftp.mozilla.org/pub/webtools/bugzilla-2.16.2.tar.gz +Output omitted +bash$ tar xzvf bugzilla-2.16.2.tar.gz +bugzilla-2.16.2/ +bugzilla-2.16.2/.cvsignore +bugzilla-2.16.2/1x1.gif +Output truncated +bash$ cd bugzilla-2.16.2 +bash$ cp ../bugzilla/localconfig* . +bash$ cp -r ../bugzilla/data . +bash$ cd .. +bash$ mv bugzilla bugzilla.old +bash$ mv bugzilla-2.16.2 bugzilla +bash$ cd bugzilla +bash$ ./checksetup.pl +Output omitted +

    The cp commands both end with periods which + is a very important detail, it tells the shell that the destination + directory is the current working directory. Also, the period at the + beginning of the ./checksetup.pl is important and + can not be omitted. +

    + +

    Numerous people have reported that upgrading to version 5.6.1 - or higher solved the problem for them. A less involved fix is to apply - the patch in Figure 4-3. The patch is also - available as a patch file. +>

    You will now have to reapply any changes you have made to your + local installation manually. +

    Figure 4-3. Patch for File::Temp in Perl 5.6.0Example 3-3. Upgrading using patches

    The Bugzilla team will normally make a patch file available for + revisions to go from the most recent revision to the new one. You could + also read the release notes and grab the patches attached to the + mentioned bug, but it is safer to use the released patch file as + sometimes patches get changed before they get checked in. + It is also theoretically possible to + scour the fixed bug list and pick and choose which patches to apply + from a point release, but this is not recommended either as what you'll + end up with is a hodge podge Bugzilla that isn't really any version. + This would also make it more difficult to upgrade in the future. +

    
--- File/Temp.pm.orig   Thu Feb  6 16:26:00 2003
    -+++ File/Temp.pm        Thu Feb  6 16:26:23 2003
    -@@ -205,6 +205,7 @@
    -     # eg CGI::Carp
    -     local $SIG{__DIE__} = sub {};
    -     local $SIG{__WARN__} = sub {};
    -+    local *CORE::GLOBAL::die = sub {};
    -     $bit = &$func();
    -     1;
    -   };
    -@@ -226,6 +227,7 @@
    -     # eg CGI::Carp
    -     local $SIG{__DIE__} = sub {};
    -     local $SIG{__WARN__} = sub {};
    -+    local *CORE::GLOBAL::die = sub {};
    -     $bit = &$func();
    -     1;
    -   };
    -        
    bash$ cd /var/www/html/bugzilla +bash$ wget ftp://ftp.mozilla.org/pub/webtools/bugzilla-2.16.1-to-2.16.2.diff.gz +Output omitted +bash$ gunzip bugzilla-2.16.1-to-2.16.2.diff.gz +bash$ patch -p1 < bugzilla-2.16.1-to-2.16.2.diff +patching file checksetup.pl +patching file collectstats.pl +patching file globals.pl +

    If you do this, beware that this doesn't change the entires in + your CVS directory so it may make + updates using CVS (Example 3-1) more difficult in the + future. +

    +


    Chapter 5. Administering Bugzilla

    Chapter 4. Customising Bugzilla

    5.1. Bugzilla Configuration

    Bugzilla is configured by changing various parameters, accessed - from the "Edit parameters" link in the page footer. Here are - some of the key parameters on that page. You should run down this - list and set them appropriately after installing Bugzilla.

    1. 4.1. Template Customization

      - maintainer: - The maintainer parameter is the email address of the person - responsible for maintaining this - Bugzilla installation. The address need not be that of a valid Bugzilla - account.

    2. Administrators can configure the look and feel of Bugzilla without + having to edit Perl files or face the nightmare of massive merge + conflicts when they upgrade to a newer version in the future. +

      urlbase: - This parameter defines the fully qualified domain name and web - server path to your Bugzilla installation.

      Templatization also makes localized versions of Bugzilla possible, + for the first time. It's possible to have Bugzilla's UI language + determined by the user's browser. More information is available in + Section 4.1.5. +


      4.1.1. What to Edit

      For example, if your Bugzilla query page is +> The template directory structure is that there's a top level directory, http://www.foo.com/bugzilla/query.cgi, - set your "urlbase"template, which contains a directory for + each installed localization. The default English templates are + therefore in en. Underneath that, there + is the default directory and optionally the + custom directory. The default - to http://www.foo.com/bugzilla/.

    3. makeproductgroups: - This dictates whether or not to automatically create groups - when new products are created. -

    4. useentrygroupdefault: - Bugzilla products can have a group associated with them, so that - certain users can only see bugs in certain products. When this - parameter is set to "on", this - causes the initial group controls on newly created products - to place all newly-created bugs in the group - having the same name as the product immediately. - After a product is initially created, the group controls - can be further adjusted without interference by - this mechanism.

    5. custom directory does not exist at first and + must be created if you want to use it. +

      There are two different ways of editing Bugzilla's templates, + and which you use depends mainly on the method you plan to use to + upgrade Bugzilla. + The first method of making customizations is to directly edit the + templates in template/en/default. This is + probably the best method for small changes if you are going to use + the CVS method of upgrading, because if you then execute a + shadowdb: - You run into an interesting problem when Bugzilla reaches a - high level of continuous activity. MySQL supports only table-level - write locking. What this means is that if someone needs to make a - change to a bug, they will lock the entire table until the operation - is complete. Locking for write also blocks reads until the write is - complete. Note that more recent versions of mysql support row level - locking using different table types. These types are slower than the - standard type, and Bugzilla does not yet take advantage of features - such as transactions which would justify this speed decrease. The - Bugzilla team are, however, happy to hear about any experiences with - row level locking and Bugzilla.

      cvs update, any template fixes will get + automagically merged into your modified versions. +

      The "shadowdb" - parameter was designed to get around this limitation. While only a - single user is allowed to write to a table at a time, reads can - continue unimpeded on a read-only shadow copy of the database. - Although your database size will double, a shadow database can cause - an enormous performance improvement when implemented on extremely - high-traffic Bugzilla databases.

      If you use this method, your installation will break if CVS conflicts + occur. +

      As a guide, on reasonably old hardware, mozilla.org began needing - "shadowdb" - when they reached around 40,000 Bugzilla users with several hundred - Bugzilla bug changes and comments per day.

      The other method is to copy the templates to be modified into a + mirrored directory + structure under template/en/custom. The templates + in this directory automatically override those in default. + This is the technique you + need to use if you use the overwriting method of upgrade, because + otherwise your changes will be lost. This method is also better if + you are using the CVS method of upgrading and are going to make major + changes, because it is guaranteed that the contents of this directory + will not be touched during an upgrade, and you can then decide whether + to continue using your own templates, or make the effort to merge your + changes into the new versions by hand. +

      The value of the parameter defines the name of the - shadow bug database. You will need to set the host and port settings - from the params page, and set up replication in your database server - so that updates reach this readonly mirror. Consult your database - documentation for more detail.

    6. shutdownhtml: - - If you need to shut down Bugzilla to perform administration, enter - some descriptive HTML here and anyone who tries to use Bugzilla will - receive a page to that effect. Obviously, editparams.cgi will - still be accessible so you can remove the HTML and re-enable Bugzilla. - :-) -

    7. passwordmail: - - Every time a user creates an account, the text of - this parameter (with substitutions) is sent to the new user along with - their password message.

      Add any text you wish to the "passwordmail" parameter box. For - instance, many people choose to use this box to give a quick training - blurb about how to use Bugzilla at your site.

    8. movebugs: - - This option is an undocumented feature to allow moving bugs - between separate Bugzilla installations. You will need to understand - the source code in order to use this feature. Please consult - movebugs.pl in your Bugzilla source tree for - further documentation, such as it is. -

    9. useqacontact: - - This allows you to define an email address for each component, in - addition - to that of the default owner, who will be sent carbon copies of - incoming bugs.

    10. usestatuswhiteboard: - This defines whether you wish to have a free-form, overwritable field - associated with each bug. The advantage of the Status Whiteboard is - that it can be deleted or modified with ease, and provides an - easily-searchable field for indexing some bugs that have some trait - in common. -

    11. whinedays: - Set this to the number of days you want to let bugs go - in the NEW or REOPENED state before notifying people they have - untouched new bugs. If you do not plan to use this feature, simply do - not set up the whining cron job described in the installation - instructions, or set this value to "0" (never whine).

    12. commenton*: - All these - fields allow you to dictate what changes can pass without comment, - and which must have a comment from the person who changed them. - Often, administrators will allow users to add themselves to the CC - list, accept bugs, or change the Status Whiteboard without adding a - comment as to their reasons for the change, yet require that most - other changes come with an explanation.

      Set the "commenton" options according to your site policy. It - is a wise idea to require comments when users resolve, reassign, or - reopen bugs at the very least. -

      If you use this method, your installation may break if incompatible + changes are made to the template interface. If such changes are made + they will be documented in the release notes, provided you are using a + stable release of Bugzilla. If you use using unstable code, you will + need to deal with this one yourself, although if possible the changes + will be mentioned before they occur in the deprecations section of the + previous stable release's release notes. +

      It is generally far better to require a developer comment - when resolving bugs than not. Few things are more annoying to bug - database users than having a developer mark a bug "fixed" without - any comment as to what the fix was (or even that it was truly - fixed!)

      Don't directly edit the compiled templates in + data/template/* - your + changes will be lost when Template Toolkit recompiles them. +

      -

    13. supportwatchers: - - Turning on this option allows users to ask to receive copies of - all a particular other user's bug email. This is, of - course, subject to the groupset restrictions on the bug; if the - "watcher" - would not normally be allowed to view a bug, the watcher cannot get - around the system by setting herself up to watch the bugs of someone - with bugs outside her privileges. They would still only receive email - updates for those bugs she could normally view.


    5.2. User Administration

    5.2.1. Creating the Default User

    When you first run checksetup.pl after installing Bugzilla, it - will prompt you for the administrative username (email address) and - password for this "super user". If for some reason you delete - the "super user" account, re-running checksetup.pl will again prompt - you for this username and password.


    5.2.2. Managing Other Users

    5.2.2.1. Creating new users

    Your users can create their own user accounts by clicking the - "New Account" link at the bottom of each page (assuming they - aren't logged in as someone else already.) However, should you - desire to create user accounts ahead of time, here is how you do - it.

    1. After logging in, click the "Users" link at the footer of - the query page, and then click "Add a new user".

    2. Fill out the form presented. This page is self-explanatory. - When done, click "Submit".

      4.1.2. How To Edit Templates

      Adding a user this way will - not - - send an email informing them of their username and password. - While useful for creating dummy accounts (watchers which - shuttle mail to another system, for instance, or email - addresses which are a mailing list), in general it is - preferable to log out and use the - "New Account" - - button to create users, as it will pre-populate all the - required fields and also notify the user of her account name - and password.

      If you are making template changes that you intend on submitting back + for inclusion in standard Bugzilla, you should read the relevant + sections of the + Developers' + Guide. +

    If you wish to add more administrative users, add them to - the "admin" group and, optionally, add edit the tweakparams, editusers, - creategroups, editcomponents, and editkeywords groups to add the - entire admin group to those groups. +>It is recommended that you run ./checksetup.pl + after any template edits, especially if you've created a new file in + the custom directory.


    5.2.2.2. Modifying Users

    To see a specific user, search for their login name - in the box provided on the "Edit Users" page. To see all users, - leave the box blank.

    The syntax of the Template Toolkit language is beyond the scope of + this guide. It's reasonably easy to pick up by looking at the current + templates; or, you can read the manual, available on the + Template Toolkit home + page. +

    You can search in different ways the listbox to the right - of the text entry box. You can match by - case-insensitive substring (the default), - regular expression, or a - reverse - regular expression match, which finds every user name which does NOT - match the regular expression. (Please see - the man regexp - manual page for details on regular expression syntax.) -

    Once you have found your user, you can change the following - fields:

    One thing you should take particular care about is the need + to properly HTML filter data that has been passed into the template. + This means that if the data can possibly contain special HTML characters + such as <, and the data was not intended to be HTML, they need to be + converted to entity form, ie &lt;. You use the 'html' filter in the + Template Toolkit to do this. If you forget, you may open up + your installation to cross-site scripting attacks. +

    • Also note that Bugzilla adds a few filters of its own, that are not + in standard Template Toolkit. In particular, the 'url_quote' filter + can convert characters that are illegal or have special meaning in URLs, + such as &, to the encoded form, ie %26. This actually encodes most + characters (but not the common ones such as letters and numbers and so + on), including the HTML-special characters, so there's never a need to + HTML filter afterwards. +

      Login Name: - This is generally the user's full email address. However, if you - have are using the emailsuffix Param, this may just be the user's - login name. Note that users can now change their login names - themselves (to any valid email address.) -

    • Editing templates is a good way of doing a "poor man's custom fields". + For example, if you don't use the Status Whiteboard, but want to have + a free-form text entry box for "Build Identifier", then you can just + edit the templates to change the field labels. It's still be called + status_whiteboard internally, but your users don't need to know that. +


    4.1.3. Template Formats

    Real Name: The user's real name. Note that - Bugzilla does not require this to create an account.

  • Some CGIs have the ability to use more than one template. For + example, buglist.cgi can output bug lists as RDF or two + different forms of HTML (complex and simple). (Try this out + by appending &format=simple to a buglist.cgi + URL on your Bugzilla installation.) This + mechanism, called template 'formats', is extensible. +

    Password: - You can change the user's password here. Users can automatically - request a new password, so you shouldn't need to do this often. - If you want to disable an account, see Disable Text below. -

  • To see if a CGI supports multiple output formats, grep the + CGI for "GetFormat". If it's not present, adding + multiple format support isn't too hard - see how it's done in + other CGIs, e.g. config.cgi. +

    Disable Text: - If you type anything in this box, including just a space, the - user is prevented from logging in, or making any changes to - bugs via the web interface. - The HTML you type in this box is presented to the user when - they attempt to perform these actions, and should explain - why the account was disabled. -

    To make a new format template for a CGI which supports this, + open a current template for + that CGI and take note of the INTERFACE comment (if present.) This + comment defines what variables are passed into this template. If + there isn't one, I'm afraid you'll have to read the template and + the code to find out what information you get. +

    Write your template in whatever markup or text style is appropriate. +

    Don't disable all the administrator accounts!

    You now need to decide what content type you want your template + served as. Open up the localconfig file and find the + $contenttypes - -

    The user can still submit bugs via - the e-mail gateway, if you set it up, even if the disabled text - field is filled in. The e-mail gateway should - not - be enabled for secure installations of Bugzilla.

    Save the template as <stubname>-<formatname>.<contenttypetag>.tmpl. + Try out the template by calling the CGI as + <cginame>.cgi?format=<formatname> . +

    -

  • <groupname>: - If you have created some groups, e.g. "securitysensitive", then - checkboxes will appear here to allow you to add users to, or - remove them from, these groups. -


  • 4.1.4. Particular Templates

    canconfirm: - This field is only used if you have enabled the "unconfirmed" - status. If you enable this for a user, - that user can then move bugs from "Unconfirmed" to a "Confirmed" - status (e.g.: "New" status).

  • There are a few templates you may be particularly interested in + customizing for your installation. +

    creategroups: - This option will allow a user to create and destroy groups in - Bugzilla.

  • index.html.tmpl: + This is the Bugzilla front page. +

    editbugs: - Unless a user has this bit set, they can only edit those bugs - for which they are the assignee or the reporter. Even if this - option is unchecked, users can still add comments to bugs. -

  • global/header.html.tmpl: + This defines the header that goes on all Bugzilla pages. + The header includes the banner, which is what appears to users + and is probably what you want to edit instead. However the + header also includes the HTML HEAD section, so you could for + example add a stylesheet or META tag by editing the header. +

    editcomponents: - This flag allows a user to create new products and components, - as well as modify and destroy those that have no bugs associated - with them. If a product or component has bugs associated with it, - those bugs must be moved to a different product or component - before Bugzilla will allow them to be destroyed. -

  • global/banner.html.tmpl: + This contains the "banner", the part of the header that appears + at the top of all Bugzilla pages. The default banner is reasonably + barren, so you'll probably want to customize this to give your + installation a distinctive look and feel. It is recommended you + preserve the Bugzilla version number in some form so the version + you are running can be determined, and users know what docs to read. +

    editkeywords: - If you use Bugzilla's keyword functionality, enabling this - feature allows a user to create and destroy keywords. As always, - the keywords for existing bugs containing the keyword the user - wishes to destroy must be changed before Bugzilla will allow it - to die.

  • global/footer.html.tmpl: + This defines the footer that goes on all Bugzilla pages. Editing + this is another way to quickly get a distinctive look and feel for + your Bugzilla installation. +

    editusers: - This flag allows a user to do what you're doing right now: edit - other users. This will allow those with the right to do so to - remove administrator privileges from other users or grant them to - themselves. Enable with care.

  • bug/create/user-message.html.tmpl: + This is a message that appears near the top of the bug reporting page. + By modifying this, you can tell your users how they should report + bugs. +

    tweakparams: - This flag allows a user to change Bugzilla's Params - (using bug/create/create.html.tmpl and + bug/create/comment.txt.tmpl: + You may wish to get bug submitters to give certain bits of structured + information, each in a separate input widget, for which there is not a + field in the database. The bug entry system has been designed in an + extensible fashion to enable you to define arbitrary fields and widgets, + and have their values appear formatted in the initial + Description, rather than in database fields. An example of this + is the mozilla.org + guided + bug submission form. +

    To make this work, create a custom template for + editparams.cgi.)

  • enter_bug.cgi (the default template, on which you + could base it, is create.html.tmpl), + and either call it create.html.tmpl or use a format and + call it create-<formatname>.html.tmpl. + Put it in the custom/bug/create + directory. In it, add widgets for each piece of information you'd like + collected - such as a build number, or set of steps to reproduce. +

    <productname>: - This allows an administrator to specify the products in which - a user can see bugs. The user must still have the - "editbugs" privilege to edit bugs in these products.

  • Then, create a template like + custom/bug/create/comment.txt.tmpl, also named + after your format if you are using one, which + references the form fields you have created. When a bug report is + submitted, the initial comment attached to the bug report will be + formatted according to the layout of this template. +

    For example, if your enter_bug template had a field +
    <input type="text" name="buildid" size="30">
    + and then your comment.txt.tmpl had +
    BuildID: [% form.buildid %]
    + then +
    BuildID: 20020303
    + would appear in the initial checkin comment. +


    4.1.5. Configuring Bugzilla to Detect the User's Language

    Bugzilla honours the user's Accept: HTTP header. You can install + templates in other languages, and Bugzilla will pick the most appropriate + according to a priority order defined by you. Many + language templates can be obtained from http://www.bugzilla.org/download.html#localizations. Instructions + for submitting new languages are also available from that location. +

    After untarring the localizations (or creating your own) in the + BUGZILLA_ROOT/template directory, + you must update the languages parameter to contain any + localizations you'd like to permit. You may also wish to set the + defaultlanguage parameter to something other than + "en" if you don't want Engish to be the default language. +


    5.3. Products

    Products - - are the broadest category in Bugzilla, and tend to represent real-world - shipping products. E.g. if your company makes computer games, - you should have one product per game, perhaps a "Common" product for - units of technology used in multiple games, and maybe a few special - products (Website, Administration...)

    4.2. Template Hooks

    Many of Bugzilla's settings are configurable on a per-product - basis. The number of "votes" available to users is set per-product, - as is the number of votes - required to move a bug automatically from the UNCONFIRMED status to the - NEW status.

    Template hooks are a way for extensions to Bugzilla to insert code + into the standard Bugzilla templates without modifying the template files + themselves. The hooks mechanism defines a consistent API for extending + the standard templates in a way that cleanly separates standard code + from extension code. Hooks reduce merge conflicts and make it easier + to write extensions that work across multiple versions of Bugzilla, + making upgrading a Bugzilla installation with installed extensions easier. +

    To create a new product:

    A template hook is just a named place in a standard template file + where extension template files for that hook get processed. Each hook + has a corresponding directory in the Bugzilla directory tree. Hooking an + extension template to a hook is as simple as putting the extension file + into the hook's directory. When Bugzilla processes the standard template + and reaches the hook, it will process all extension templates in the + hook's directory. The hooks themselves can be added into any standard + template upon request by extension authors. +

    1. To use hooks to extend a Bugzilla template, first make sure there is + a hook at the appropriate place within the template you want to extend. + Hooks appear in the standard Bugzilla templates as a single directive + in the format + [% Hook.process("name") %], + where name is the unique (within that template) + name of the hook. +

      Select "products" from the footer

    2. If you aren't sure which template you want to extend or just want + to browse the available hooks, either use your favorite multi-file search + tool (e.g. grep) to search the standard templates + for occurrences of Hook.process or browse + the directory tree in + BUGZILLA_ROOT/template/en/extension/hook/, + which contains a directory for each hook in the following location: +

      Select the "Add" link in the bottom right

    3. BUGZILLA_ROOT/template/en/extension/hook/PATH_TO_STANDARD_TEMPLATE/STANDARD_TEMPLATE_NAME/HOOK_NAME/ +

      Enter the name of the product and a description. The - Description field may contain HTML.

    If there is no hook at the appropriate place within the Bugzilla template + you want to extend, + file + a bug requesting one, specifying: +

    Don't worry about the "Closed for bug entry", "Maximum Votes - per person", "Maximum votes a person can put on a single bug", - "Number of votes a bug in this Product needs to automatically get out - of the UNCOMFIRMED state", and "Version" options yet. We'll cover - those in a few moments. +>

    the template for which you are requesting a hook;
    where in the template you would like the hook to be placed + (line number/position for latest version of template in CVS + or description of location); +
    the purpose of the hook;
    a link to information about your extension, if any.

    The Bugzilla reviewers will promptly review each hook request, + name the hook, add it to the template, check the new version + of the template into CVS, and create the corresponding directory in + BUGZILLA_ROOT/template/en/extension/hook/.


    5.4. Components

    Components are subsections of a Product. E.g. the computer game - you are designing may have a "UI" - component, an "API" component, a "Sound System" component, and a - "Plugins" component, each overseen by a different programmer. It - often makes sense to divide Components in Bugzilla according to the - natural divisions of responsibility within your Product or - company.

    You may optionally attach a patch to the bug which implements the hook + and check it in yourself after receiving approval from a Bugzilla + reviewer. The developers may suggest changes to the location of the + hook based on their analysis of your needs or so the hook can satisfy + the needs of multiple extensions, but the process of getting hooks + approved and checked in is not as stringent as the process for general + changes to Bugzilla, and any extension, whether released or still in + development, can have hooks added to meet their needs. +

    Each component has a owner and (if you turned it on in the parameters), - a QA Contact. The owner should be the primary person who fixes bugs in - that component. The QA Contact should be the person who will ensure - these bugs are completely fixed. The Owner, QA Contact, and Reporter - will get email when new bugs are created in this Component and when - these bugs change. Default Owner and Default QA Contact fields only - dictate the - default assignments; - these can be changed on bug submission, or at any later point in - a bug's life.

    After making sure the hook you need exists (or getting it added if not), + add your extension template to the directory within the Bugzilla + directory tree corresponding to the hook. +

    To create a new Component:

    That's it! Now, when the standard template containing the hook + is processed, your extension template will be processed at the point + where the hook appears. +

    1. For example, let's say you have an extension named Projman that adds + project management capabilities to Bugzilla. Projman has an + administration interface edit-projects.cgi, + and you want to add a link to it into the navigation bar at the bottom + of every Bugzilla page for those users who are authorized + to administer projects. +

      Select the "Edit components" link from the "Edit product" - page

    2. The navigation bar is generated by the template file + useful-links.html.tmpl, which is located in + the global/ subdirectory on the standard Bugzilla + template path + BUGZILLA_ROOT/template/en/default/. + Looking in useful-links.html.tmpl, you find + the following hook at the end of the list of standard Bugzilla + administration links: +

      ...
      +    [% ', <a href="editkeywords.cgi">keywords</a>' 
      +                                              IF user.groups.editkeywords %]
      +    [% Hook.process("edit") %]
      +...

      Select the "Add" link in the bottom right.

    3. The corresponding directory for this hook is + BUGZILLA_ROOT/template/en/extension/hook/global/useful-links.html.tmpl/edit/. +

      Fill out the "Component" field, a short "Description", - the "Initial Owner" and "Initial QA Contact" (if enabled.) - The Component and Description fields may contain HTML; - the "Initial Owner" field must be a login name - already existing in the database. -


    5.5. Versions

    You put a template named + projman-edit-projects.html.tmpl + into that directory with the following content: +

    ...[% ', <a href="edit-projects.cgi">projects</a>' IF user.groups.projman_admins %]

    Versions are the revisions of the product, such as "Flinders - 3.1", "Flinders 95", and "Flinders 2000". Version is not a multi-select - field; the usual practice is to select the earliest version known to have - the bug. +> Voila! The link now appears after the other administration links in the + navigation bar for users in the projman_admins group.

    To create and edit Versions:

    Notes: +

      • From the "Edit product" screen, select "Edit Versions"

        You may want to prefix your extension template names + with the name of your extension, e.g. + projman-foo.html.tmpl, + so they do not conflict with the names of templates installed by + other extensions. +

      • You will notice that the product already has the default - version "undefined". Click the "Add" link in the bottom right.

        If your extension includes entirely new templates in addition to + extensions of standard templates, it should install those new + templates into an extension-specific subdirectory of the + BUGZILLA_ROOT/template/en/extension/ + directory. The extension/ directory, like the + default/ and custom/ + directories, is part of the template search path, so putting templates + there enables them to be found by the template processor. +

        The template processor looks for templates first in the + custom/ directory (i.e. templates added by the + specific installation), then in the extension/ + directory (i.e. templates added by extensions), and finally in the + default/ directory (i.e. the standard Bugzilla + templates). Thus extension templates can override standard templates, + but installation-specific templates override both. +

        Note that overriding standard templates with extension templates + gives you great power but also makes upgrading an installation harder. + As with custom templates, we recommend using this functionality + sparingly and only when absolutely necessary. +

      • Enter the name of the Version. This field takes text only. - Then click the "Add" button.

        Installation customizers can also take advantage of hooks when adding + code to a Bugzilla template. To do so, create directories in + BUGZILLA_ROOT/template/en/custom/hook/ + equivalent to the directories in + BUGZILLA_ROOT/template/en/extension/hook/ + for the hooks you want to use, then place your customization templates + into those directories. +

        Obviously this method of customizing Bugzilla only lets you add code + to the standard templates; you cannot change the existing code. + Nevertheless, for those customizations that only add code, this method + can reduce conflicts when merging changes, making upgrading + your customized Bugzilla installation easier. +


    5.6. Milestones

    Milestones are "targets" that you plan to get a bug fixed by. For - example, you have a bug that you plan to fix for your 3.0 release, it - would be assigned the milestone of 3.0.

    4.3. Customizing Who Can Change What

    Milestone options will only appear for a Product if you turned - on the "usetargetmilestone" Param in the "Edit Parameters" screen. +> This feature should be considered experimental; the Bugzilla code you + will be changing is not stable, and could change or move between + versions. Be aware that if you make modifications as outlined here, + you may have + to re-make them or port them if Bugzilla changes internally between + versions, and you upgrade.

    To create new Milestones, set Default Milestones, and set - Milestone URL:

    1. Select "Edit milestones" from the "Edit product" page.

    2. Companies often have rules about which employees, or classes of employees, + are allowed to change certain things in the bug system. For example, + only the bug's designated QA Contact may be allowed to VERIFY the bug. + Bugzilla has been + designed to make it easy for you to write your own custom rules to define + who is allowed to make what sorts of value transition. +

      Select "Add" in the bottom right corner. - text

    3. For maximum flexibility, customizing this means editing Bugzilla's Perl + code. This gives the administrator complete control over exactly who is + allowed to do what. The relevant function is called + CheckCanChangeField(), + and is found in process_bug.cgi in your + Bugzilla directory. If you open that file and grep for + "sub CheckCanChangeField", you'll find it. +

      Enter the name of the Milestone in the "Milestone" field. You - can optionally set the "sortkey", which is a positive or negative - number (-255 to 255) that defines where in the list this particular - milestone appears. This is because milestones often do not - occur in alphanumeric order For example, "Future" might be - after "Release 1.2". Select "Add".

    4. This function has been carefully commented to allow you to see exactly + how it works, and give you an idea of how to make changes to it. Certain + marked sections should not be changed - these are the "plumbing" which + makes the rest of the function work. In between those sections, you'll + find snippets of code like: +
          # Allow the owner to change anything.
      +    if ($ownerid eq $whoid) {
      +        return 1;
      +    }
      + It's fairly obvious what this piece of code does. +

      From the Edit product screen, you can enter the URL of a - page which gives information about your milestones and what - they mean.

    So, how does one go about changing this function? Well, simple changes + can be made just be removing pieces - for example, if you wanted to + prevent any user adding a comment to a bug, just remove the lines marked + "Allow anyone to change comments." And if you want the reporter to have + no special rights on bugs they have filed, just remove the entire section + which refers to him. +

    More complex customizations are not much harder. Basically, you add + a check in the right place in the function, i.e. after all the variables + you are using have been set up. So, don't look at $ownerid before + $ownerid has been obtained from the database. You can either add a + positive check, which returns 1 (allow) if certain conditions are true, + or a negative check, which returns 0 (deny.) E.g.: +
        if ($field eq "qacontact") {
    +        if (Bugzilla->user->groups("quality_assurance")) {
    +            return 1;
    +        } 
    +        else {
    +            return 0;
    +        }
    +    }
    + This says that only users in the group "quality_assurance" can change + the QA Contact field of a bug. Getting more weird: +
        if (($field eq "priority") &&
    +        (Bugzilla->user->email =~ /.*\@example\.com$/))
    +    {
    +        if ($oldvalue eq "P1") {
    +            return 1;
    +        } 
    +        else {
    +            return 0;
    +        }
    +    }
    + This says that if the user is trying to change the priority field, + and their email address is @example.com, they can only do so if the + old value of the field was "P1". Not very useful, but illustrative. +

    For a list of possible field names, look in + data/versioncache for the list called + @::log_columns. If you need help writing custom + rules for your organization, ask in the newsgroup. +


    5.7. Voting

    Voting allows users to be given a pot of votes which they can allocate - to bugs, to indicate that they'd like them fixed. - This allows developers to gauge - user need for a particular enhancement or bugfix. By allowing bugs with - a certain number of votes to automatically move from "UNCONFIRMED" to - "NEW", users of the bug system can help high-priority bugs garner - attention so they don't sit for a long time awaiting triage.

    4.4. Modifying Your Running System

    To modify Voting settings:

    1. Navigate to the "Edit product" screen for the Product you - wish to modify

    2. Maximum Votes per person: - Setting this field to "0" disables voting.

    3. Maximum Votes a person can put on a single - bug: - It should probably be some number lower than the - "Maximum votes per person". Don't set this field to "0" if - "Maximum votes per person" is non-zero; that doesn't make - any sense.

    4. Bugzilla optimizes database lookups by storing all relatively + static information in the + versioncache file, located in the + data/ + subdirectory under your installation directory.

      Number of votes a bug in this product needs to - automatically get out of the UNCONFIRMED state: - Setting this field to "0" disables the automatic move of - bugs from UNCONFIRMED to NEW. -

    5. If you make a change to the structural data in your database (the + versions table for example), or to the + "constants" + + encoded in defparams.pl, you will need to remove + the cached content from the data directory (by doing a + "rm data/versioncache" + + ), or your changes won't show up.

      Once you have adjusted the values to your preference, click - "Update".

    versioncache + gets automatically regenerated whenever it's more than + an hour old, so Bugzilla will eventually notice your changes by itself, + but generally you want it to notice right away, so that you can test + things.


    5.8. Groups and Group Security

    Groups allow the administrator - to isolate bugs or products that should only be seen by certain people. - The association between products and groups is controlled from - the product edit page under "Edit Group Controls." -

    If the makeproductgroups param is on, a new group will be automatically - created for every new product. -

    4.5. MySQL Bugzilla Database Introduction

    On the product edit page, there is a page to edit the - "Group Controls" - for a product and determine which groups are applicable, default, - and mandatory for each product as well as controlling entry - for each product and being able to set bugs in a product to be - totally read-only unless some group restrictions are met. -

    This information comes straight from my life. I was forced to learn + how Bugzilla organizes database because of nitpicky requests from users + for tiny changes in wording, rather than having people re-educate + themselves or figure out how to work our procedures around the tool. It + sucks, but it can and will happen to you, so learn how the schema works + and deal with it when it comes.

    For each group, it is possible to specify if membership in that - group is... -

    So, here you are with your brand-new installation of Bugzilla. + You've got MySQL set up, Apache working right, Perl DBI and DBD talking + to the database flawlessly. Maybe you've even entered a few test bugs to + make sure email's working; people seem to be notified of new bugs and + changes, and you can enter and edit bugs to your heart's content. Perhaps + you've gone through the trouble of setting up a gateway for people to + submit bugs to your database via email, have had a few people test it, + and received rave reviews from your beta testers.

    1. What's the next thing you do? Outline a training strategy for your + development team, of course, and bring them up to speed on the new tool + you've labored over for hours.

      required for bug entry, -

    2. Your first training session starts off very well! You have a + captive audience which seems enraptured by the efficiency embodied in + this thing called "Bugzilla". You are caught up describing the nifty + features, how people can save favorite queries in the database, set them + up as headers and footers on their pages, customize their layouts, + generate reports, track status with greater efficiency than ever before, + leap tall buildings with a single bound and rescue Jane from the clutches + of Certain Death!

      Not applicable to this product(NA), - a possible restriction for a member of the - group to place on a bug in this product(Shown), - a default restriction for a member of the - group to place on a bug in this product(Default), - or a mandatory restriction to be placed on bugs - in this product(Mandatory). -

    3. But Certain Death speaks up -- a tiny voice, from the dark corners + of the conference room. "I have a concern," the voice hisses from the + darkness, "about the use of the word 'verified'."

      Not applicable by non-members to this product(NA), - a possible restriction for a non-member of the - group to place on a bug in this product(Shown), - a default restriction for a non-member of the - group to place on a bug in this product(Default), - or a mandatory restriction to be placed on bugs - in this product when entered by a non-member(Mandatory). -

    4. The room, previously filled with happy chatter, lapses into + reverential silence as Certain Death (better known as the Vice President + of Software Engineering) continues. "You see, for two years we've used + the word 'verified' to indicate that a developer or quality assurance + engineer has confirmed that, in fact, a bug is valid. I don't want to + lose two years of training to a new software product. You need to change + the bug status of 'verified' to 'approved' as soon as possible. To avoid + confusion, of course."

      required in order to make any change - to bugs in this product including comments. -

    Oh no! Terror strikes your heart, as you find yourself mumbling + "yes, yes, I don't think that would be a problem," You review the changes + with Certain Death, and continue to jabber on, "no, it's not too big a + change. I mean, we have the source code, right? You know, 'Use the + Source, Luke' and all that... no problem," All the while you quiver + inside like a beached jellyfish bubbling, burbling, and boiling on a hot + Jamaican sand dune...

    To create Groups:

    Thus begins your adventure into the heart of Bugzilla. You've been + forced to learn about non-portable enum() fields, varchar columns, and + tinyint definitions. The Adventure Awaits You!


    4.5.1. Bugzilla Database Basics

    If you were like me, at this point you're totally clueless about + the internals of MySQL, and if it weren't for this executive order from + the Vice President you couldn't care less about the difference between + a + "bigint" + + and a + "tinyint" + + entry in MySQL. I recommend you refer to the + MySQL documentation + . Below are the basics you need to know about the Bugzilla database. + Check the chart above for more details.

    1. Select the "groups"To connect to your database:

      bash# - link in the footer.

    2. mysql + + -u root +

      Take a moment to understand the instructions on the "Edit - Groups" screen, then select the "Add Group" link.

      If this works without asking you for a password, + shame on you + + ! You should have locked your security down like the installation + instructions told you to. You can find details on locking down + your database in the Bugzilla FAQ in this directory (under + "Security"), or more robust security generalities in the + MySQL + searchable documentation. +

    3. Fill out the "Group", "Description", - and "User RegExp" fields. - "User RegExp" allows you to automatically - place all users who fulfill the Regular Expression into the new group. - When you have finished, click "Add".

      You should now be at a prompt that looks like this:

      mysql> +

      If specifying a domain in the regexp, make sure you end - the regexp with a $. Otherwise, when granting access to - "@mycompany\.com", you will allow access to - 'badperson@mycompany.com.cracker.net'. You need to use - '@mycompany\.com$' as the regexp.

    4. At the prompt, if + "bugs" + + is the name you chose in the + localconfig + + file for your Bugzilla database, type:

      After you add your new group, edit the new group. On the - edit page, you can specify other groups that should be included - in this group and which groups should be permitted to add and delete - users from this group.

      mysql + + use bugs; +

    Note that group permissions are such that you need to be a member - of all the groups a bug is in, for whatever - reason, to see that bug. Similarly, you must be a member - of all of the entry groups for a product - to add bugs to a product and you must be a member - of all of the canedit groups for a product - in order to make any change to bugs in that - product. -

    +



    5.9. Upgrading to New Releases

    4.5.1.1. Bugzilla Database Tables

    Upgrading is a one-way process. You should backup your database - and current Bugzilla directory before attempting the upgrade. If you wish - to revert to the old Bugzilla version for any reason, you will have to - restore from these backups. -

    Upgrading Bugzilla is something we all want to do from time to time, - be it to get new features or pick up the latest security fix. How easy - it is to update depends on a few factors. -

    • If the new version is a revision or a new point release

    • How many, if any, local changes have been made

    There are also three different methods to upgrade your installation. -

    1. Using CVS (Example 5-1)

    2. Downloading a new tarball (Example 5-2)

    3. Applying the relevant patches (Example 5-3)

    Which options are available to you may depend on how large a jump - you are making and/or your network configuration. -

    Revisions are normally released to fix security vulnerabilities - and are distinguished by an increase in the third number. For example, - when 2.16.2 was released, it was a revision to 2.16.1. -

    Point releases are normally released when the Bugzilla team feels - that there has been a significant amount of progress made between the - last point release and the current time. These are often proceeded by a - stabilization period and release candidates, however the use of - development versions or release candidates is beyond the scope of this - document. Point releases can be distinguished by an increase in the - second number, or minor version. For example, 2.16.2 is a newer point - release than 2.14.5. -

    The examples in this section are written as if you were updating - to version 2.16.2. The procedures are the same regardless if you are - updating to a new point release or a new revision. However, the chance - of running into trouble increases when upgrading to a new point release, - escpecially if you've made local changes. -

    These examples also assume that your Bugzilla installation is at - /var/www/html/bugzilla. If that is not the case, - simply substitute the proper paths where appropriate. -

    Example 5-1. Upgrading using CVS

    Every release of Bugzilla, whether it is a revision or a point - release, is tagged in CVS. Also, every tarball we have distributed - since version 2.12 has been primed for using CVS. This does, however, - require that you are able to access cvs-mirror.mozilla.org on port - 2401. - -

    Imagine your MySQL database as a series of spreadsheets, and + you won't be too far off. If you use this command:

    mysql> + show tables from bugs; +

    If you can do this, updating using CVS is probably the most - painless method, especially if you have a lot of local changes. -

    you'll be able to see the names of all the + "spreadsheets" -

    From the command issued above, ou should have some + output that looks like this: +

    
bash$ cd /var/www/html/bugzilla
    -bash$ cvs login
    -Logging in to :pserver:anonymous@cvs-mirror.mozilla.org:2401/cvsroot
    -CVS password: anonymous
    -bash$ cvs -q update -r BUGZILLA-2_16_2 -dP
    -P checksetup.pl
    -P collectstats.pl
    -P globals.pl
    -P docs/rel_notes.txt
    -P template/en/default/list/quips.html.tmpl
    -      
    +-------------------+ +| Tables in bugs | ++-------------------+ +| attachments | +| bugs | +| bugs_activity | +| cc | +| components | +| dependencies | +| fielddefs | +| groups | +| keyworddefs | +| keywords | +| logincookies | +| longdescs | +| milestones | +| namedqueries | +| products | +| profiles | +| profiles_activity | +| tokens | +| versions | +| votes | +| watch | ++-------------------+ +

    If a line in the output from cvs update - begins with a C that represents a - file with local changes that CVS was unable to properly merge. You - need to resolve these conflicts manually before Bugzilla (or at - least the portion using that file) will be usable. -

    - -

    You also need to run ./checksetup.pl - before your Bugzilla upgrade will be complete. -


    +  Here's an overview of what each table does. Most columns in each table have
    +descriptive names that make it fairly trivial to figure out their jobs.
    +
    +attachments: This table stores all attachments to bugs. It tends to be your
    +largest table, yet also generally has the fewest entries because file
    +attachments are so (relatively) large.
    +
    +bugs:  This is the core of your system. The bugs table stores most of the
    +current information about a bug, with the exception of the info stored in the
    +other tables.
    +
    +bugs_activity:  This stores information regarding what changes are made to bugs
    +when -- a history file.
    +
    +cc:  This tiny table simply stores all the CC information for any bug which has
    +any entries in the CC field of the bug. Note that, like most other tables in
    +Bugzilla, it does not refer to users by their user names, but by their unique
    +userid, stored as a primary key in the profiles table.
    +
    +components: This stores the programs and components (or products and
    +components, in newer Bugzilla parlance) for Bugzilla. Curiously, the "program"
    +(product) field is the full name of the product, rather than some other unique
    +identifier, like bug_id and user_id are elsewhere in the database.
    +
    +dependencies: Stores data about those cool dependency trees.
    +
    +fielddefs:  A nifty table that defines other tables. For instance, when you
    +submit a form that changes the value of "AssignedTo" this table allows
    +translation to the actual field name "assigned_to" for entry into MySQL.
    +
    +groups:  defines bitmasks for groups. A bitmask is a number that can uniquely
    +identify group memberships. For instance, say the group that is allowed to
    +tweak parameters is assigned a value of "1", the group that is allowed to edit
    +users is assigned a "2", and the group that is allowed to create new groups is
    +assigned the bitmask of "4". By uniquely combining the group bitmasks (much
    +like the chmod command in UNIX,) you can identify a user is allowed to tweak
    +parameters and create groups, but not edit users, by giving him a bitmask of
    +"5", or a user allowed to edit users and create groups, but not tweak
    +parameters, by giving him a bitmask of "6" Simple, huh?
    +  If this makes no sense to you, try this at the mysql prompt:
    +mysql> select * from groups;
    +  You'll see the list, it makes much more sense that way.
    +
    +keyworddefs:  Definitions of keywords to be used
    +
    +keywords: Unlike what you'd think, this table holds which keywords are
    +associated with which bug id's.
    +
    +logincookies: This stores every login cookie ever assigned to you for every
    +machine you've ever logged into Bugzilla from. Curiously, it never does any
    +housecleaning -- I see cookies in this file I've not used for months. However,
    +since Bugzilla never expires your cookie (for convenience' sake), it makes
    +sense.
    +
    +longdescs:  The meat of bugzilla -- here is where all user comments are stored!
    +You've only got 2^24 bytes per comment (it's a mediumtext field), so speak
    +sparingly -- that's only the amount of space the Old Testament from the Bible
    +would take (uncompressed, 16 megabytes). Each comment is keyed to the
    +bug_id to which it's attached, so the order is necessarily chronological, for
    +comments are played back in the order in which they are received.
    +
    +milestones:  Interesting that milestones are associated with a specific product
    +in this table, but Bugzilla does not yet support differing milestones by
    +product through the standard configuration interfaces.
    +
    +namedqueries:  This is where everybody stores their "custom queries". Very
    +cool feature; it beats the tar out of having to bookmark each cool query you
    +construct.
    +
    +products:  What products you have, whether new bug entries are allowed for the
    +product, what milestone you're working toward on that product, votes, etc. It
    +will be nice when the components table supports these same features, so you
    +could close a particular component for bug entry without having to close an
    +entire product...
    +
    +profiles:  Ahh, so you were wondering where your precious user information was
    +stored?  Here it is!  With the passwords in plain text for all to see! (but
    +sshh... don't tell your users!)
    +
    +profiles_activity:  Need to know who did what when to who's profile?  This'll
    +tell you, it's a pretty complete history.
    +
    +versions:  Version information for every product
    +
    +votes:  Who voted for what when
    +
    +watch:  Who (according to userid) is watching who's bugs (according to their
    +userid).
    +
    +
    +===
    +THE DETAILS
    +===
    +
    +  Ahh, so you're wondering just what to do with the information above?  At the
    +mysql prompt, you can view any information about the columns in a table with
    +this command (where "table" is the name of the table you wish to view):
    +
    +mysql> show columns from table;
    +
    +  You can also view all the data in a table with this command:
    +
    +mysql> select * from table;
    +
    +  -- note: this is a very bad idea to do on, for instance, the "bugs" table if
    +you have 50,000 bugs. You'll be sitting there a while until you ctrl-c or
    +50,000 bugs play across your screen.
    +
    +  You can limit the display from above a little with the command, where
    +"column" is the name of the column for which you wish to restrict information:
    +
    +mysql> select * from table where (column = "some info");
    +
    +  -- or the reverse of this
    +
    +mysql> select * from table where (column != "some info");
    +
    +  Let's take our example from the introduction, and assume you need to change
    +the word "verified" to "approved" in the resolution field. We know from the
    +above information that the resolution is likely to be stored in the "bugs"
    +table. Note we'll need to change a little perl code as well as this database
    +change, but I won't plunge into that in this document. Let's verify the
    +information is stored in the "bugs" table:
    +
    +mysql> show columns from bugs
    +
    +  (exceedingly long output truncated here)
    +| bug_status| enum('UNCONFIRMED','NEW','ASSIGNED','REOPENED','RESOLVED','VERIFIED','CLOSED')||MUL | UNCONFIRMED||
    +
    +  Sorry about that long line. We see from this that the "bug status" column is
    +an "enum field", which is a MySQL peculiarity where a string type field can
    +only have certain types of entries. While I think this is very cool, it's not
    +standard SQL. Anyway, we need to add the possible enum field entry
    +'APPROVED' by altering the "bugs" table.
    +
    +mysql> ALTER table bugs CHANGE bug_status bug_status
    +    -> enum("UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED", "RESOLVED",
    +    -> "VERIFIED", "APPROVED", "CLOSED") not null;
    +
    +    (note we can take three lines or more -- whatever you put in before the
    +semicolon is evaluated as a single expression)
    +
    +Now if you do this:
    +
    +mysql> show columns from bugs;
    +
    +  you'll see that the bug_status field has an extra "APPROVED" enum that's
    +available!  Cool thing, too, is that this is reflected on your query page as
    +well -- you can query by the new status. But how's it fit into the existing
    +scheme of things?
    +  Looks like you need to go back and look for instances of the word "verified"
    +in the perl code for Bugzilla -- wherever you find "verified", change it to
    +"approved" and you're in business (make sure that's a case-insensitive search).
    +Although you can query by the enum field, you can't give something a status
    +of "APPROVED" until you make the perl changes. Note that this change I
    +mentioned can also be done by editing checksetup.pl, which automates a lot of
    +this. But you need to know this stuff anyway, right?
    +

    -


    4.6. Integrating Bugzilla with Third-Party Tools

    4.6.1. Bonsai

    Example 5-2. Upgrading using the tarball

    If you are unable or unwilling to use CVS, another option that's - always available is to download the latest tarball. This is the most - difficult option to use, especially if you have local changes. -

    
bash$ cd /var/www/html
    -bash$ wget ftp://ftp.mozilla.org/pub/webtools/bugzilla-2.16.2.tar.gz
    -Output omitted
    -bash$ tar xzvf bugzilla-2.16.2.tar.gz
    -bugzilla-2.16.2/
    -bugzilla-2.16.2/.cvsignore
    -bugzilla-2.16.2/1x1.gif
    -Output truncated
    -bash$ cd bugzilla-2.16.2
    -bash$ cp ../bugzilla/localconfig* .
    -bash$ cp -r ../bugzilla/data .
    -bash$ cd ..
    -bash$ mv bugzilla bugzilla.old
    -bash$ mv bugzilla-2.16.2 bugzilla
    -bash$ cd bugzilla
    -bash$ ./checksetup.pl
    -Output omitted
    -      

    The cp commands both end with periods which - is a very important detail, it tells the shell that the destination - directory is the current working directory. Also, the period at the - beginning of the ./checksetup.pl is important and - can not be omitted. -

    Bonsai is a web-based tool for managing + CVS, the Concurrent Versioning System -
    Tinderbox, the Mozilla automated build management system. +


    4.6.2. CVS

    CVS integration is best accomplished, at this point, using the + Bugzilla Email Gateway.

    You will now have to reapply any changes you have made to your - local installation manually. -

    -

    Follow the instructions in this Guide for enabling Bugzilla e-mail + integration. Ensure that your check-in script sends an email to your + Bugzilla e-mail gateway with the subject of + "[Bug XXXX]", + and you can have CVS check-in comments append to your Bugzilla bug. If + you want to have the bug be closed automatically, you'll have to modify + the contrib/bugzilla_email_append.pl script. +

    There is also a CVSZilla project, based upon somewhat dated + Bugzilla code, to integrate CVS and Bugzilla through CVS' ability to + email. Check it out at: http://homepages.kcbbs.gen.nz/~tonyg/. +


    4.6.3. Perforce SCM

    Example 5-3. Upgrading using patches

    The Bugzilla team will normally make a patch file available for - revisions to go from the most recent revision to the new one. You could - also read the release notes and grab the patches attached to the - mentioned bug, but it is safer to use the released patch file as - sometimes patches get changed before they get checked in. - It is also theoretically possible to - scour the fixed bug list and pick and choose which patches to apply - from a point release, but this is not recommended either as what you'll - end up with is a hodge podge Bugzilla that isn't really any version. - This would also make it more difficult to upgrade in the future. -

    
bash$ cd /var/www/html/bugzilla
    -bash$ wget ftp://ftp.mozilla.org/pub/webtools/bugzilla-2.16.1-to-2.16.2.diff.gz
    -Output omittedYou can find the project page for Bugzilla and Teamtrack Perforce
    +    integration (p4dti) at: 
    +    http://www.ravenbrook.com/project/p4dti/
    -bash$ gunzip bugzilla-2.16.1-to-2.16.2.diff.gz"p4dti"
    -bash$ patch -p1 < bugzilla-2.16.1-to-2.16.2.diffhttp://public.perforce.com/public/perforce/p4dti/index.html
    -patching file checksetup.pl
    -patching file collectstats.pl
    -patching file globals.pl
    -      

    If you do this, beware that this doesn't change the entires in - your CVS directory so it may make - updates using CVS (Example 5-1) more difficult in the - future. -

    Integration of Perforce with Bugzilla, once patches are applied, is + seamless. Perforce replication information will appear below the comments + of each bug. Be certain you have a matching set of patches for the + Bugzilla version you are installing. p4dti is designed to support + multiple defect trackers, and maintains its own documentation for it. + Please consult the pages linked above for further information.

    -


    4.6.4. Tinderbox/Tinderbox2

    Tinderbox is a continuous-build system which can integrate with + Bugzilla - see + http://www.mozilla.org/projects/tinderbox for details + of Tinderbox, and + http://tinderbox.mozilla.org/showbuilds.cgi to see it + in action.


    Chapter 6. Customising Bugzilla

    Chapter 5. Using Bugzilla

    5.1. Introduction

    This section contains information for end-users of Bugzilla. + There is a Bugzilla test installation, called + Landfill, + which you are welcome to play with (if it's up.) + However, it does not necessarily + have all Bugzilla features enabled, and runs an up-to-the-minute version, + so some things may not quite work as this document describes.


    6.1. Template Customization

    5.2. Create a Bugzilla Account

    If you want to use Bugzilla, first you need to create an account. + Consult with the administrator responsible for your installation of + Bugzilla for the URL you should use to access it. If you're + test-driving Bugzilla, use this URL: + http://landfill.bugzilla.org/bugzilla-tip/. +

    1. Click the + "Open a new Bugzilla account" + + link, enter your email address and, optionally, your name in the + spaces provided, then click + "Create Account" + + .

    2. Administrators can configure the look and feel of Bugzilla without - having to edit Perl files or face the nightmare of massive merge - conflicts when they upgrade to a newer version in the future. -

      Within moments, you should receive an email to the address + you provided, which contains your login name (generally the + same as the email address), and a password. + This password is randomly generated, but can be + changed to something more memorable.

    3. Templatization also makes localized versions of Bugzilla possible, - for the first time. It's possible to have Bugzilla's UI language - determined by the user's browser. More information is available in - Section 6.1.5Click the + "Log In" + link in the footer at the bottom of the page in your browser, + enter your email address and password into the spaces provided, and + click + "Login". -

    You are now logged in. Bugzilla uses cookies to remember you are + logged in so, unless you have cookies disabled or your IP address changes, + you should not have to log in again.



    6.1.1. What to Edit

    5.3. Anatomy of a Bug

    The template directory structure is that there's a top level directory, - template, which contains a directory for - each installed localization. The default English templates are - therefore in en. Underneath that, there - is the default directory and optionally the - custom directory. The defaultThe core of Bugzilla is the screen which displays a particular + bug. It's a good place to explain some Bugzilla concepts. + Bug 1 on Landfill - directory contains all the templates shipped with Bugzilla, whereas - the custom directory does not exist at first and - must be created if you want to use it. -

    There are two different ways of editing Bugzilla's templates, - and which you use depends mainly on the method you plan to use to - upgrade Bugzilla. - The first method of making customizations is to directly edit the - templates in template/en/default. This is - probably the best method for small changes if you are going to use - the CVS method of upgrading, because if you then execute a - cvs update, any template fixes will get - automagically merged into your modified versions. -

    If you use this method, your installation will break if CVS conflicts - occur. -

    The other method is to copy the templates to be modified into a - mirrored directory - structure under template/en/custom. The templates - in this directory automatically override those in default. - This is the technique you - need to use if you use the overwriting method of upgrade, because - otherwise your changes will be lost. This method is also better if - you are using the CVS method of upgrading and are going to make major - changes, because it is guaranteed that the contents of this directory - will not be touched during an upgrade, and you can then decide whether - to continue using your own templates, or make the effort to merge your - changes into the new versions by hand. -

    If you use this method, your installation may break if incompatible - changes are made to the template interface. If such changes are made - they will be documented in the release notes, provided you are using a - stable release of Bugzilla. If you use using unstable code, you will - need to deal with this one yourself, although if possible the changes - will be mentioned before they occur in the deprecations section of the - previous stable release's release notes. -

    1. Product and Component: + Bugs are divided up by Product and Component, with a Product + having one or more Components in it. For example, + bugzilla.mozilla.org's "Bugzilla" Product is composed of several + Components: +

      Administration: + Administration of a Bugzilla installation.Bugzilla-General: + Anything that doesn't fit in the other components, or spans + multiple components.

      Don't directly edit the compiled templates in - data/template/* - your - changes will be lost when Template Toolkit recompiles them. -

    Creating/Changing Bugs: + Creating, changing, and viewing bugs.

    It is recommended that you run ./checksetup.pl Documentation: + The Bugzilla documentation, including The Bugzilla Guide.

    Email: + Anything to do with email sent by Bugzilla.
    Installation: + The installation process of Bugzilla.
    Query/Buglist: + Anything to do with searching for bugs and viewing the + buglists.
    Reporting/Charting: + Getting reports from Bugzilla.
    User Accounts: + Anything about managing a user account from the user's perspective. + Saved queries, creating accounts, changing passwords, logging in, + etc.
    User Interface: - after any template edits, especially if you've created a new file in - the custom directory. -


    6.1.2. How To Edit Templates

    If you are making template changes that you intend on submitting back - for inclusion in standard Bugzilla, you should read the relevant - sections of the - Developers' - Guide. +>

  • The syntax of the Template Toolkit language is beyond the scope of - this guide. It's reasonably easy to pick up by looking at the current - templates; or, you can read the manual, available on the - Template Toolkit home - page. -

    Status and Resolution: + + These define exactly what state the bug is in - from not even + being confirmed as a bug, through to being fixed and the fix + confirmed by Quality Assurance. The different possible values for + Status and Resolution on your installation should be documented in the + context-sensitive help for those items.

  • One thing you should take particular care about is the need - to properly HTML filter data that has been passed into the template. - This means that if the data can possibly contain special HTML characters - such as <, and the data was not intended to be HTML, they need to be - converted to entity form, ie &lt;. You use the 'html' filter in the - Template Toolkit to do this. If you forget, you may open up - your installation to cross-site scripting attacks. -

    Assigned To: + The person responsible for fixing the bug.

  • Also note that Bugzilla adds a few filters of its own, that are not - in standard Template Toolkit. In particular, the 'url_quote' filter - can convert characters that are illegal or have special meaning in URLs, - such as &, to the encoded form, ie %26. This actually encodes most - characters (but not the common ones such as letters and numbers and so - on), including the HTML-special characters, so there's never a need to - HTML filter afterwards. -

    *URL: + A URL associated with the bug, if any.

  • Editing templates is a good way of doing a "poor man's custom fields". - For example, if you don't use the Status Whiteboard, but want to have - a free-form text entry box for "Build Identifier", then you can just - edit the templates to change the field labels. It's still be called - status_whiteboard internally, but your users don't need to know that. -


  • 6.1.3. Template Formats

    Summary: + A one-sentence summary of the problem.

  • Some CGIs have the ability to use more than one template. For - example, buglist.cgi can output bug lists as RDF or two - different forms of HTML (complex and simple). (Try this out - by appending &format=simple to a buglist.cgi - URL on your Bugzilla installation.) This - mechanism, called template 'formats', is extensible. -

    *Status Whiteboard: + (a.k.a. Whiteboard) A free-form text area for adding short notes + and tags to a bug.

  • To see if a CGI supports multiple output formats, grep the - CGI for "GetFormat". If it's not present, adding - multiple format support isn't too hard - see how it's done in - other CGIs, e.g. config.cgi. -

    *Keywords: + The administrator can define keywords which you can use to tag and + categorise bugs - e.g. The Mozilla Project has keywords like crash + and regression.

  • To make a new format template for a CGI which supports this, - open a current template for - that CGI and take note of the INTERFACE comment (if present.) This - comment defines what variables are passed into this template. If - there isn't one, I'm afraid you'll have to read the template and - the code to find out what information you get. -

    Platform and OS: + These indicate the computing environment where the bug was + found.

  • Write your template in whatever markup or text style is appropriate. -

    Version: + The "Version" field is usually used for versions of a product which + have been released, and is set to indicate which versions of a + Component have the particular problem the bug report is + about.

  • You now need to decide what content type you want your template - served as. Open up the localconfig file and find the - $contenttypes Priority: - variable. If your content type is not there, add it. Remember - the three- or four-letter tag assigned to you content type. - This tag will be part of the template filename. -

  • Save the template as <stubname>-<formatname>.<contenttypetag>.tmpl. - Try out the template by calling the CGI as - <cginame>.cgi?format=<formatname> . -

    Severity: + This indicates how severe the problem is - from blocker + ("application unusable") to trivial ("minor cosmetic issue"). You + can also use this field to indicate whether a bug is an enhancement + request.

  • *Target: + (a.k.a. Target Milestone) A future version by which the bug is to + be fixed. e.g. The Bugzilla Project's milestones for future + Bugzilla versions are 2.18, 2.20, 3.0, etc. Milestones are not + restricted to numbers, thought - you can use any text strings, such + as dates.

  • Reporter: + The person who filed the bug.

  • CC list: + A list of people who get mail when the bug changes.

  • Attachments: + You can attach files (e.g. testcases or patches) to bugs. If there + are any attachments, they are listed in this section.

  • *Dependencies: + If this bug cannot be fixed unless other bugs are fixed (depends + on), or this bug stops other bugs being fixed (blocks), their + numbers are recorded here.

  • *Votes: + Whether this bug has any votes.

  • Additional Comments: + You can add your two cents to the bug discussion here, if you have + something worthwhile to say.



  • 6.1.4. Particular Templates

    There are a few templates you may be particularly interested in - customizing for your installation. -

    index.html.tmpl: - This is the Bugzilla front page. -

    global/header.html.tmpl: - This defines the header that goes on all Bugzilla pages. - The header includes the banner, which is what appears to users - and is probably what you want to edit instead. However the - header also includes the HTML HEAD section, so you could for - example add a stylesheet or META tag by editing the header. -

    global/banner.html.tmpl: - This contains the "banner", the part of the header that appears - at the top of all Bugzilla pages. The default banner is reasonably - barren, so you'll probably want to customize this to give your - installation a distinctive look and feel. It is recommended you - preserve the Bugzilla version number in some form so the version - you are running can be determined, and users know what docs to read. -

    5.4. Searching for Bugs

    global/footer.html.tmpl: - This defines the footer that goes on all Bugzilla pages. Editing - this is another way to quickly get a distinctive look and feel for - your Bugzilla installation. -

    The Bugzilla Search page is is the interface where you can find + any bug report, comment, or patch currently in the Bugzilla system. You + can play with it here: + http://landfill.bugzilla.org/bugzilla-tip/query.cgi.

    bug/create/user-message.html.tmpl: - This is a message that appears near the top of the bug reporting page. - By modifying this, you can tell your users how they should report - bugs. -

    The Search page has controls for selecting different possible + values for all of the fields in a bug, as described above. For some + fields, multiple values can be selected. In those cases, Bugzilla + returns bugs where the content of the field matches any one of the selected + values. If none is selected, then the field can take any value.

    bug/create/create.html.tmpl and - bug/create/comment.txt.tmpl: - You may wish to get bug submitters to give certain bits of structured - information, each in a separate input widget, for which there is not a - field in the database. The bug entry system has been designed in an - extensible fashion to enable you to define arbitrary fields and widgets, - and have their values appear formatted in the initial - Description, rather than in database fields. An example of this - is the mozilla.org - guided - bug submission form. -

    Once you've run a search, you can save it as a Saved Search, which + appears in the page footer.

    To make this work, create a custom template for - enter_bug.cgi (the default template, on which you - could base it, is create.html.tmpl), - and either call it create.html.tmpl or use a format and - call it create-<formatname>.html.tmpl. - Put it in the custom/bug/create - directory. In it, add widgets for each piece of information you'd like - collected - such as a build number, or set of steps to reproduce. -

    Highly advanced querying is done using Boolean Charts. See the + Boolean Charts help link on the Search page for more information.


    5.5. Bug Lists

    Then, create a template like - custom/bug/create/comment.txt.tmpl, also named - after your format if you are using one, which - references the form fields you have created. When a bug report is - submitted, the initial comment attached to the bug report will be - formatted according to the layout of this template. -

    If you run a search, a list of matching bugs will be returned. +

    For example, if your enter_bug template had a field - The format of the list is configurable. For example, it can be + sorted by clicking the column headings. Other useful features can be + accessed using the links at the bottom of the list: +

    Long Format: + + this gives you a large page with a non-editable summary of the fields + of each bug.
    <input type="text" name="buildid" size="30">
    CSV: - and then your comment.txt.tmpl had - Change Columns: + + change the bug attributes which appear in the list.
    BuildID: [% form.buildid %]
    Change several bugs at once: - then - Send mail to bug owners: + + Sends mail to the owners of all bugs on the list.
    BuildID: 20020303
    Edit Search: + + If you didn't get exactly the results you were looking for, you can + return to the Query page through this link and make small revisions + to the query you just made so you get more accurate results.
    Remember Search As: + + You can give a search a name and remember it; a link will appear + in your page footer giving you quick access to run it again later. +

    - would appear in the initial checkin comment. -



    6.1.5. Configuring Bugzilla to Detect the User's Language

    5.6. Filing Bugs

    Bugzilla honours the user's Accept: HTTP header. You can install - templates in other languages, and Bugzilla will pick the most appropriate - according to a priority order defined by you. Many - language templates can be obtained from Years of bug writing experience has been distilled for your + reading pleasure into the + http://www.bugzilla.org/download.html#localizations. Instructions - for submitting new languages are also available from that location. +> Bug Writing Guidelines. + While some of the advice is Mozilla-specific, the basic principles of + reporting Reproducible, Specific bugs, isolating the Product you are + using, the Version of the Product, the Component which failed, the + Hardware Platform, and Operating System you were using at the time of + the failure go a long way toward ensuring accurate, responsible fixes + for the bug that bit you.

    The procedure for filing a test bug is as follows:

    1. Go to + Landfill + in your browser and click + Enter a new bug report. +

    2. Select a product - any one will do.

    3. Fill in the fields. Bugzilla should have made reasonable + guesses, based upon your browser, for the "Platform" and "OS" + drop-down boxes. If they are wrong, change them.

    4. Select "Commit" and send in your bug report.

    Try to make sure that everything said in the summary is also + said in the first comment. Summaries are often updated and this will + ensure your original information is easily accessible.

    After untarring the localizations (or creating your own) in the - $BUGZILLA_HOME/template directory, - you must update the languages parameter to contain any - localizations you'd like to permit. You may also wish to set the - defaultlanguage parameter to something other than - "en" if you don't want Engish to be the default language. +> You do not need to put "any" or similar strings in the URL field. + If there is no specific URL associated with the bug, leave this + field blank. +

    If you feel a bug you filed was incorrectly marked as a + DUPLICATE of another, please question it in your bug, not + the bug it was duped to. Feel free to CC the person who duped it + if they are not already CCed.


    6.2. Customizing Who Can Change What

    5.7. Patch Viewer

    Viewing and reviewing patches in Bugzilla is often difficult due to + lack of context, improper format and the inherent readability issues that + raw patches present. Patch Viewer is an enhancement to Bugzilla designed + to fix that by offering increased context, linking to sections, and + integrating with Bonsai, LXR and CVS.

    Patch viewer allows you to:

    View patches in color, with side-by-side view rather than trying + to interpret the contents of the patch.See the difference between two patches.

    This feature should be considered experimental; the Bugzilla code you - will be changing is not stable, and could change or move between - versions. Be aware that if you make modifications as outlined here, - you may have - to re-make them or port them if Bugzilla changes internally between - versions, and you upgrade. -

    Companies often have rules about which employees, or classes of employees, - are allowed to change certain things in the bug system. For example, - only the bug's designated QA Contact may be allowed to VERIFY the bug. - Bugzilla has been - designed to make it easy for you to write your own custom rules to define - who is allowed to make what sorts of value transition. -

    For maximum flexibility, customizing this means editing Bugzilla's Perl - code. This gives the administrator complete control over exactly who is - allowed to do what. The relevant function is called - CheckCanChangeField(), - and is found in process_bug.cgi in your - Bugzilla directory. If you open that file and grep for - "sub CheckCanChangeField", you'll find it. -

    This function has been carefully commented to allow you to see exactly - how it works, and give you an idea of how to make changes to it. Certain - marked sections should not be changed - these are the "plumbing" which - makes the rest of the function work. In between those sections, you'll - find snippets of code like: - Get more context in a patch.
        # Allow the owner to change anything.
    -    if ($ownerid eq $whoid) {
    -        return 1;
    -    }
    - It's fairly obvious what this piece of code does. -

    So, how does one go about changing this function? Well, simple changes - can be made just be removing pieces - for example, if you wanted to - prevent any user adding a comment to a bug, just remove the lines marked - "Allow anyone to change comments." And if you want the reporter to have - no special rights on bugs they have filed, just remove the entire section - which refers to him. -

    More complex customizations are not much harder. Basically, you add - a check in the right place in the function, i.e. after all the variables - you are using have been set up. So, don't look at $ownerid before - $ownerid has been obtained from the database. You can either add a - positive check, which returns 1 (allow) if certain conditions are true, - or a negative check, which returns 0 (deny.) E.g.: - Collapse and expand sections of a patch for easy + reading.
        if ($field eq "qacontact") {
    -        if (Bugzilla->user->groups("quality_assurance")) {
    -            return 1;
    -        } 
    -        else {
    -            return 0;
    -        }
    -    }
    - This says that only users in the group "quality_assurance" can change - the QA Contact field of a bug. Getting more weird: - Link to a particular section of a patch for discussion or + review
        if (($field eq "priority") &&
    -        (Bugzilla->user->email =~ /.*\@example\.com$/))
    -    {
    -        if ($oldvalue eq "P1") {
    -            return 1;
    -        } 
    -        else {
    -            return 0;
    -        }
    -    }
    Go to Bonsai or LXR to see more context, blame, and + cross-references for the part of the patch you are looking at
    Create a rawtext unified format diff out of any patch, no + matter what format it came from
    - This says that if the user is trying to change the priority field, - and their email address is @example.com, they can only do so if the - old value of the field was "P1". Not very useful, but illustrative. -

    For a list of possible field names, look in - data/versioncache for the list called - @::log_columns. If you need help writing custom - rules for your organization, ask in the newsgroup. -



    6.3. Modifying Your Running System

    Bugzilla optimizes database lookups by storing all relatively - static information in the - versioncache file, located in the - data/ - subdirectory under your installation directory.

    If you make a change to the structural data in your database (the - versions table for example), or to the - "constants" - - encoded in defparams.pl, you will need to remove - the cached content from the data directory (by doing a - "rm data/versioncache" - - ), or your changes won't show up.

    5.7.1. Viewing Patches in Patch Viewer

    versioncache - gets automatically regenerated whenever it's more than - an hour old, so Bugzilla will eventually notice your changes by itself, - but generally you want it to notice right away, so that you can test - things.

    The main way to view a patch in patch viewer is to click on the + "Diff" link next to a patch in the Attachments list on a bug. You may + also do this within the edit window by clicking the "View Attachment As + Diff" button in the Edit Attachment screen.



    6.4. MySQL Bugzilla Database Introduction

    5.7.2. Seeing the Difference Between Two Patches

    This information comes straight from my life. I was forced to learn - how Bugzilla organizes database because of nitpicky requests from users - for tiny changes in wording, rather than having people re-educate - themselves or figure out how to work our procedures around the tool. It - sucks, but it can and will happen to you, so learn how the schema works - and deal with it when it comes.

    So, here you are with your brand-new installation of Bugzilla. - You've got MySQL set up, Apache working right, Perl DBI and DBD talking - to the database flawlessly. Maybe you've even entered a few test bugs to - make sure email's working; people seem to be notified of new bugs and - changes, and you can enter and edit bugs to your heart's content. Perhaps - you've gone through the trouble of setting up a gateway for people to - submit bugs to your database via email, have had a few people test it, - and received rave reviews from your beta testers.

    What's the next thing you do? Outline a training strategy for your - development team, of course, and bring them up to speed on the new tool - you've labored over for hours.

    Your first training session starts off very well! You have a - captive audience which seems enraptured by the efficiency embodied in - this thing called "Bugzilla". You are caught up describing the nifty - features, how people can save favorite queries in the database, set them - up as headers and footers on their pages, customize their layouts, - generate reports, track status with greater efficiency than ever before, - leap tall buildings with a single bound and rescue Jane from the clutches - of Certain Death!

    But Certain Death speaks up -- a tiny voice, from the dark corners - of the conference room. "I have a concern," the voice hisses from the - darkness, "about the use of the word 'verified'."

    The room, previously filled with happy chatter, lapses into - reverential silence as Certain Death (better known as the Vice President - of Software Engineering) continues. "You see, for two years we've used - the word 'verified' to indicate that a developer or quality assurance - engineer has confirmed that, in fact, a bug is valid. I don't want to - lose two years of training to a new software product. You need to change - the bug status of 'verified' to 'approved' as soon as possible. To avoid - confusion, of course."

    Oh no! Terror strikes your heart, as you find yourself mumbling - "yes, yes, I don't think that would be a problem," You review the changes - with Certain Death, and continue to jabber on, "no, it's not too big a - change. I mean, we have the source code, right? You know, 'Use the - Source, Luke' and all that... no problem," All the while you quiver - inside like a beached jellyfish bubbling, burbling, and boiling on a hot - Jamaican sand dune...

    Thus begins your adventure into the heart of Bugzilla. You've been - forced to learn about non-portable enum() fields, varchar columns, and - tinyint definitions. The Adventure Awaits You!

    To see the difference between two patches, you must first view the + newer patch in Patch Viewer. Then select the older patch from the + dropdown at the top of the page ("Differences between [dropdown] and + this patch") and click the "Diff" button. This will show you what + is new or changed in the newer patch.


    6.4.1. Bugzilla Database Basics

    If you were like me, at this point you're totally clueless about - the internals of MySQL, and if it weren't for this executive order from - the Vice President you couldn't care less about the difference between - a - "bigint" - - and a - "tinyint" - - entry in MySQL. I recommend you refer to the - MySQL documentation - . Below are the basics you need to know about the Bugzilla database. - Check the chart above for more details.

    1. To connect to your database:

      bash# - - mysql - - -u root -

      If this works without asking you for a password, - shame on you - - ! You should have locked your security down like the installation - instructions told you to. You can find details on locking down - your database in the Bugzilla FAQ in this directory (under - "Security"), or more robust security generalities in the - MySQL - searchable documentation. -

    2. You should now be at a prompt that looks like this:

      mysql> -

      5.7.3. Getting More Context in a Patch

      At the prompt, if - "bugs" - - is the name you chose in the - localconfig - - file for your Bugzilla database, type:

      To get more context in a patch, you put a number in the textbox at + the top of Patch Viewer ("Patch / File / [textbox]") and hit enter. + This will give you that many lines of context before and after each + change. Alternatively, you can click on the "File" link there and it + will show each change in the full context of the file. This feature only + works against files that were diffed using "cvs diff".


    5.7.4. Collapsing and Expanding Sections of a Patch

    mysql - - use bugs; -

    -

    To view only a certain set of files in a patch (for example, if a + patch is absolutely huge and you want to only review part of it at a + time), you can click the "(+)" and "(-)" links next to each file (to + expand it or collapse it). If you want to collapse all files or expand + all files, you can click the "Collapse All" and "Expand All" links at the + top of the page.


    5.7.5. Linking to a Section of a Patch

    To link to a section of a patch (for example, if you want to be + able to give someone a URL to show them which part you are talking + about) you simply click the "Link Here" link on the section header. The + resulting URL can be copied and used in discussion. (Copy Link + Location in Mozilla works as well.)



    6.4.1.1. Bugzilla Database Tables

    Imagine your MySQL database as a series of spreadsheets, and - you won't be too far off. If you use this command:

    mysql> - show tables from bugs; -

    5.7.6. Going to Bonsai and LXR

    you'll be able to see the names of all the - "spreadsheets" - (tables) in your database.

    To go to Bonsai to get blame for the lines you are interested in, + you can click the "Lines XX-YY" link on the section header you are + interested in. This works even if the patch is against an old + version of the file, since Bonsai stores all versions of the file.

    From the command issued above, ou should have some - output that looks like this: -
    
+-------------------+
    -| Tables in bugs    |
    -+-------------------+
    -| attachments       |
    -| bugs              |
    -| bugs_activity     |
    -| cc                |
    -| components        |
    -| dependencies      |
    -| fielddefs         |
    -| groups            |
    -| keyworddefs       |
    -| keywords          |
    -| logincookies      |
    -| longdescs         |
    -| milestones        |
    -| namedqueries      |
    -| products          |
    -| profiles          |
    -| profiles_activity |
    -| tokens            |
    -| versions          |
    -| votes             |
    -| watch             |
    -+-------------------+
    -
    -

    To go to LXR, you click on the filename on the file header + (unfortunately, since LXR only does the most recent version, line + numbers are likely to rot).


    5.7.7. Creating a Unified Diff


    -  Here's an overview of what each table does. Most columns in each table have
    -descriptive names that make it fairly trivial to figure out their jobs.
    -
    -attachments: This table stores all attachments to bugs. It tends to be your
    -largest table, yet also generally has the fewest entries because file
    -attachments are so (relatively) large.
    -
    -bugs:  This is the core of your system. The bugs table stores most of the
    -current information about a bug, with the exception of the info stored in the
    -other tables.
    -
    -bugs_activity:  This stores information regarding what changes are made to bugs
    -when -- a history file.
    -
    -cc:  This tiny table simply stores all the CC information for any bug which has
    -any entries in the CC field of the bug. Note that, like most other tables in
    -Bugzilla, it does not refer to users by their user names, but by their unique
    -userid, stored as a primary key in the profiles table.
    -
    -components: This stores the programs and components (or products and
    -components, in newer Bugzilla parlance) for Bugzilla. Curiously, the "program"
    -(product) field is the full name of the product, rather than some other unique
    -identifier, like bug_id and user_id are elsewhere in the database.
    -
    -dependencies: Stores data about those cool dependency trees.
    -
    -fielddefs:  A nifty table that defines other tables. For instance, when you
    -submit a form that changes the value of "AssignedTo" this table allows
    -translation to the actual field name "assigned_to" for entry into MySQL.
    -
    -groups:  defines bitmasks for groups. A bitmask is a number that can uniquely
    -identify group memberships. For instance, say the group that is allowed to
    -tweak parameters is assigned a value of "1", the group that is allowed to edit
    -users is assigned a "2", and the group that is allowed to create new groups is
    -assigned the bitmask of "4". By uniquely combining the group bitmasks (much
    -like the chmod command in UNIX,) you can identify a user is allowed to tweak
    -parameters and create groups, but not edit users, by giving him a bitmask of
    -"5", or a user allowed to edit users and create groups, but not tweak
    -parameters, by giving him a bitmask of "6" Simple, huh?
    -  If this makes no sense to you, try this at the mysql prompt:
    -mysql> select * from groups;
    -  You'll see the list, it makes much more sense that way.
    -
    -keyworddefs:  Definitions of keywords to be used
    -
    -keywords: Unlike what you'd think, this table holds which keywords are
    -associated with which bug id's.
    -
    -logincookies: This stores every login cookie ever assigned to you for every
    -machine you've ever logged into Bugzilla from. Curiously, it never does any
    -housecleaning -- I see cookies in this file I've not used for months. However,
    -since Bugzilla never expires your cookie (for convenience' sake), it makes
    -sense.
    -
    -longdescs:  The meat of bugzilla -- here is where all user comments are stored!
    -You've only got 2^24 bytes per comment (it's a mediumtext field), so speak
    -sparingly -- that's only the amount of space the Old Testament from the Bible
    -would take (uncompressed, 16 megabytes). Each comment is keyed to the
    -bug_id to which it's attached, so the order is necessarily chronological, for
    -comments are played back in the order in which they are received.
    -
    -milestones:  Interesting that milestones are associated with a specific product
    -in this table, but Bugzilla does not yet support differing milestones by
    -product through the standard configuration interfaces.
    -
    -namedqueries:  This is where everybody stores their "custom queries". Very
    -cool feature; it beats the tar out of having to bookmark each cool query you
    -construct.
    -
    -products:  What products you have, whether new bug entries are allowed for the
    -product, what milestone you're working toward on that product, votes, etc. It
    -will be nice when the components table supports these same features, so you
    -could close a particular component for bug entry without having to close an
    -entire product...
    -
    -profiles:  Ahh, so you were wondering where your precious user information was
    -stored?  Here it is!  With the passwords in plain text for all to see! (but
    -sshh... don't tell your users!)
    -
    -profiles_activity:  Need to know who did what when to who's profile?  This'll
    -tell you, it's a pretty complete history.
    -
    -versions:  Version information for every product
    -
    -votes:  Who voted for what when
    -
    -watch:  Who (according to userid) is watching who's bugs (according to their
    -userid).
    -
    -
    -===
    -THE DETAILS
    -===
    -
    -  Ahh, so you're wondering just what to do with the information above?  At the
    -mysql prompt, you can view any information about the columns in a table with
    -this command (where "table" is the name of the table you wish to view):
    -
    -mysql> show columns from table;
    -
    -  You can also view all the data in a table with this command:
    -
    -mysql> select * from table;
    -
    -  -- note: this is a very bad idea to do on, for instance, the "bugs" table if
    -you have 50,000 bugs. You'll be sitting there a while until you ctrl-c or
    -50,000 bugs play across your screen.
    -
    -  You can limit the display from above a little with the command, where
    -"column" is the name of the column for which you wish to restrict information:
    -
    -mysql> select * from table where (column = "some info");
    -
    -  -- or the reverse of this
    -
    -mysql> select * from table where (column != "some info");
    -
    -  Let's take our example from the introduction, and assume you need to change
    -the word "verified" to "approved" in the resolution field. We know from the
    -above information that the resolution is likely to be stored in the "bugs"
    -table. Note we'll need to change a little perl code as well as this database
    -change, but I won't plunge into that in this document. Let's verify the
    -information is stored in the "bugs" table:
    -
    -mysql> show columns from bugs
    -
    -  (exceedingly long output truncated here)
    -| bug_status| enum('UNCONFIRMED','NEW','ASSIGNED','REOPENED','RESOLVED','VERIFIED','CLOSED')||MUL | UNCONFIRMED||
    -
    -  Sorry about that long line. We see from this that the "bug status" column is
    -an "enum field", which is a MySQL peculiarity where a string type field can
    -only have certain types of entries. While I think this is very cool, it's not
    -standard SQL. Anyway, we need to add the possible enum field entry
    -'APPROVED' by altering the "bugs" table.
    -
    -mysql> ALTER table bugs CHANGE bug_status bug_status
    -    -> enum("UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED", "RESOLVED",
    -    -> "VERIFIED", "APPROVED", "CLOSED") not null;
    -
    -    (note we can take three lines or more -- whatever you put in before the
    -semicolon is evaluated as a single expression)
    -
    -Now if you do this:
    -
    -mysql> show columns from bugs;
    -
    -  you'll see that the bug_status field has an extra "APPROVED" enum that's
    -available!  Cool thing, too, is that this is reflected on your query page as
    -well -- you can query by the new status. But how's it fit into the existing
    -scheme of things?
    -  Looks like you need to go back and look for instances of the word "verified"
    -in the perl code for Bugzilla -- wherever you find "verified", change it to
    -"approved" and you're in business (make sure that's a case-insensitive search).
    -Although you can query by the enum field, you can't give something a status
    -of "APPROVED" until you make the perl changes. Note that this change I
    -mentioned can also be done by editing checksetup.pl, which automates a lot of
    -this. But you need to know this stuff anyway, right?
    -

    If the patch is not in a format that you like, you can turn it + into a unified diff format by clicking the "Raw Unified" link at the top + of the page.


    5.8. Hints and Tips

    This section distills some Bugzilla tips and best practices + that have been developed.


    5.8.1. Autolinkification

    Bugzilla comments are plain text - so typing <U> will + produce less-than, U, greater-than rather than underlined text. + However, Bugzilla will automatically make hyperlinks out of certain + sorts of text in comments. For example, the text + "http://www.bugzilla.org" will be turned into a link: + http://www.bugzilla.org. + Other strings which get linkified in the obvious manner are: +

    bug 12345
    comment 7
    bug 23456, comment 53
    attachment 4321
    mailto:george@example.com
    george@example.com
    ftp://ftp.mozilla.org
    Most other sorts of URL

    +

    A corollary here is that if you type a bug number in a comment, + you should put the word "bug" before it, so it gets autolinkified + for the convenience of others. +


    5.8.2. Quicksearch

    Quicksearch is a single-text-box query tool which uses + metacharacters to indicate what is to be searched. For example, typing + "foo|bar" + into Quicksearch would search for "foo" or "bar" in the + summary and status whiteboard of a bug; adding + ":BazProduct" would + search only in that product. +

    You'll find the Quicksearch box on Bugzilla's + front page, along with a + Help + link which details how to use it.


    5.8.3. Comments

    If you are changing the fields on a bug, only comment if + either you have something pertinent to say, or Bugzilla requires it. + Otherwise, you may spam people unnecessarily with bug mail. + To take an example: a user can set up their account to filter out messages + where someone just adds themselves to the CC field of a bug + (which happens a lot.) If you come along, add yourself to the CC field, + and add a comment saying "Adding self to CC", then that person + gets a pointless piece of mail they would otherwise have avoided. +

    Don't use sigs in comments. Signing your name ("Bill") is acceptable, + if you do it out of habit, but full mail/news-style + four line ASCII art creations are not. +


    5.8.4. Attachments

    Use attachments, rather than comments, for large chunks of ASCII data, + such as trace, debugging output files, or log files. That way, it doesn't + bloat the bug for everyone who wants to read it, and cause people to + receive fat, useless mails. +

    Trim screenshots. There's no need to show the whole screen if + you are pointing out a single-pixel problem. +

    Don't attach simple test cases (e.g. one HTML file, one + CSS file and an image) as a ZIP file. Instead, upload them in + reverse order and edit the referring file so that they point to the + attached files. This way, the test case works immediately + out of the bug. +


    6.5. Integrating Bugzilla with Third-Party Tools

    5.9. User Preferences

    Once you have logged in, you can customise various aspects of + Bugzilla via the "Edit prefs" link in the page footer. + The preferences are split into three tabs:


    6.5.1. Bonsai

    5.9.1. Account Settings

    Bonsai is a web-based tool for managing - CVS, the Concurrent Versioning SystemOn this tab, you can change your basic account information, + including your password, email address and real name. For security + reasons, in order to change anything on this page you must type your + current - - . Using Bonsai, administrators can control open/closed status of trees, - query a fast relational database back-end for change, branch, and comment - information, and view changes made since the last time the tree was - closed. Bonsai - also integrates with - Tinderbox, the Mozilla automated build management system. -

    "Password" + field at the top of the page. + If you attempt to change your email address, a confirmation + email is sent to both the old and new addresses, with a link to use to + confirm the change. This helps to prevent account hijacking.


    6.5.2. CVS

    5.9.2. Email Settings

    CVS integration is best accomplished, at this point, using the - Bugzilla Email Gateway.

    On this tab you can reduce or increase the amount of email sent + you from Bugzilla, opting in our out depending on your relationship to + the bug and the change that was made to it. +

    Follow the instructions in this Guide for enabling Bugzilla e-mail - integration. Ensure that your check-in script sends an email to your - Bugzilla e-mail gateway with the subject of - "[Bug XXXX]", - and you can have CVS check-in comments append to your Bugzilla bug. If - you want to have the bug be closed automatically, you'll have to modify - the contrib/bugzilla_email_append.pl script. -

    You can also do further filtering on the client side by + using the X-Bugzilla-Reason mail header which Bugzilla + adds to all bugmail. This tells you what relationship you have to the + bug in question, + and can be any of Owner, Reporter, QAcontact, CClist, Voter and + WatchingComponent.

    There is also a CVSZilla project, based upon somewhat dated - Bugzilla code, to integrate CVS and Bugzilla through CVS' ability to - email. Check it out at: http://homepages.kcbbs.gen.nz/~tonyg/. -

    By entering user email names, delineated by commas, into the + "Users to watch" text entry box you can receive a copy of all the + bugmail of other users (security settings permitting.) This powerful + functionality enables seamless transitions as developers change + projects or users go on holiday.

    The ability to watch other users may not be available in all + Bugzilla installations. If you can't see it, ask your + administrator.


    6.5.3. Perforce SCM

    You can find the project page for Bugzilla and Teamtrack Perforce - integration (p4dti) at: - http://www.ravenbrook.com/project/p4dti/ - - . - "p4dti" - - is now an officially supported product from Perforce, and you can find - the "Perforce Public Depot" p4dti page at - http://public.perforce.com/public/perforce/p4dti/index.html - - .

    5.9.3. Permissions

    Integration of Perforce with Bugzilla, once patches are applied, is - seamless. Perforce replication information will appear below the comments - of each bug. Be certain you have a matching set of patches for the - Bugzilla version you are installing. p4dti is designed to support - multiple defect trackers, and maintains its own documentation for it. - Please consult the pages linked above for further information.

    This is a purely informative page which outlines your current + permissions on this installation of Bugzilla - what product groups you + are in, and whether you can edit bugs or perform various administration + functions.



    6.5.4. Tinderbox/Tinderbox2

    5.10. Reports

    Tinderbox is a continuous-build system which can integrate with - Bugzilla - see - http://www.mozilla.org/projects/tinderbox for details - of Tinderbox, and - http://tinderbox.mozilla.org/showbuilds.cgi to see it - in action.

    To be written

    Is there an easy way to change the Bugzilla cookie name?
    A.1.11. Does bugzilla run under mod_perl? +

    A.1.11. + Does bugzilla run under mod_perl? +

    + At present, no. This is being worked on. +

    Microsoft has some advice on this matter, as well:

    A.7.5. + How do I change a keyword in Bugzilla, once some bugs are using it? +

    + In the Bugzilla administrator UI, edit the keyword and it will let you + replace the old keyword name with a new one. This will cause a problem + with the keyword cache. Run sanitycheck.cgi to fix it. +

    A.7.6. + Why can't I close bugs from the "Change Several Bugs at Once" page? +

    + The logic flow currently used is RESOLVED, then VERIFIED, then CLOSED. + You can mass-CLOSE bugs from the change several + bugs at once page. but, every bug listed on the + page has to be in VERIFIED state before the control to do it will show + up on the form. You can also mass-VERIFY, but every bug listed has to be + RESOLVED in order for the control to show up on the form. The logic + behind this is that if you pick one of the bugs that's not VERIFIED and + try to CLOSE it, the bug change will fail miserably (thus killing any + changes in the list after it while doing the bulk change) so it doesn't + even give you the choice. +

    8. Bugzilla Hacking

    A.8.1. + What kind of style should I use for templatization? +

    + Gerv and Myk suggest a 2-space indent, with embedded code sections on + their own line, in line with outer tags. Like this:

    
<fred>
    +[% IF foo %]
    +  <bar>
    +  [% FOREACH x = barney %]
    +    <tr>
    +      <td>
    +        [% x %]
    +      </td>
    +    <tr>
    +  [% END %]
    +[% END %]
    +</fred>
    +

    Myk also recommends you turn on PRE_CHOMP in the template + initialization to prevent bloating of HTML with unnecessary whitespace. +

    Please note that many have differing opinions on this subject, + and the existing templates in Bugzilla espouse both this and a 4-space + style. Either is acceptable; the above is preferred.

    A.8.2. + What bugs are in Bugzilla right now? +

    + Try this link to view current bugs or requests for + enhancement for Bugzilla. +

    You can view bugs marked for 2.18 release + here. + This list includes bugs for the 2.18 release that have already + been fixed and checked into CVS. Please consult the + Bugzilla Project Page for details on how to + check current sources out of CVS so you can have these + bug fixes early! +

    A.7.5. A.8.3. - How do I change a keyword in Bugzilla, once some bugs are using it? + How can I change the default priority to a null value? For instance, have the default + priority be "---" instead of "P2"?

    - In the Bugzilla administrator UI, edit the keyword and it will let you - replace the old keyword name with a new one. This will cause a problem - with the keyword cache. Run sanitycheck.cgi to fix it. + This is well-documented in bug 49862. Ultimately, it's as easy as adding the "---" priority field to your + localconfig file in the appropriate area, re-running checksetup.pl, and then changing the + default priority in your browser using "editparams.cgi".

    A.7.6. A.8.4. - Why can't I close bugs from the "Change Several Bugs at Once" page? -

    1. Enter a bug into bugzilla.mozilla.org for the "Bugzilla" - The logic flow currently used is RESOLVED, then VERIFIED, then CLOSED. - You can mass-CLOSE bugs from the change several - bugs at once page. but, every bug listed on the - page has to be in VERIFIED state before the control to do it will show - up on the form. You can also mass-VERIFY, but every bug listed has to be - RESOLVED in order for the control to show up on the form. The logic - behind this is that if you pick one of the bugs that's not VERIFIED and - try to CLOSE it, the bug change will fail miserably (thus killing any - changes in the list after it while doing the bulk change) so it doesn't - even give you the choice. -

    2. Upload your patch as a unified diff (having used "diff -u" against + the current sources checked out of CVS), + or new source file by clicking + "Create a new attachment" link on the bug page you've just created, and + include any descriptions of database changes you may make, into the bug + ID you submitted in step #1. Be sure and click the "Patch" checkbox + to indicate the text you are sending is a patch! +

    3. Announce your patch and the associated URL + (http://bugzilla.mozilla.org/show_bug.cgi?id=XXXXXX) for discussion in + the newsgroup (netscape.public.mozilla.webtools). You'll get a really + good, fairly immediate reaction to the implications of your patch, + which will also give us an idea how well-received the change would + be. +

    4. If it passes muster with minimal modification, the person to whom + the bug is assigned in Bugzilla is responsible for seeing the patch + is checked into CVS. +

    5. Bask in the glory of the fact that you helped write the most successful + open-source bug-tracking software on the planet :) +


    8. Bugzilla Hacking

    Appendix B. Contrib

    There are a number of unofficial Bugzilla add-ons in the + $BUGZILLA_ROOT/contrib/ + directory. This section documents them.


    A.8.1. B.1. Command-line Search Interface

    There are a suite of Unix utilities for searching Bugzilla from the + command line. They live in the + contrib/cmdline + directory. However, they + have not yet been updated to work with 2.16 (post-templatisation.). + There are three files - query.conf, + buglist and bugs.

    query.conf + contains the mapping from options to field + names and comparison types. Quoted option names are "grepped" for, so it + should be easy to edit this file. Comments (#) have no effect; you must + make sure these lines do not contain any quoted "option".

    buglist - What kind of style should I use for templatization? -

    bugs is a simple shell script which calls + buglist and extracts the + bug numbers from the output. Adding the prefix + "http://bugzilla.mozilla.org/buglist.cgi?bug_id=" turns the bug list into + a working link if any bugs are found. Counting bugs is easy. Pipe the + results through + sed -e 's/,/ /g' | wc | awk '{printf $2 "\n"}' +

    Akkana Peck says she has good results piping + buglist output through + w3m -T text/html -dump +


    Appendix C. Manual Installation of Perl Modules

    C.1. Instructions

    - Gerv and Myk suggest a 2-space indent, with embedded code sections on - their own line, in line with outer tags. Like this:

    If you need to install Perl modules manually, here's how it's done. + Download the module using the link given in the next section, and then + apply this magic incantation, as root: +

    +

    
<fred>
    -[% IF foo %]
    -  <bar>
    -  [% FOREACH x = barney %]
    -    <tr>
    -      <td>
    -        [% x %]
    -      </td>
    -    <tr>
    -  [% END %]
    -[% END %]
    -</fred>
    -
    bash# tar -xzvf <module>.tar.gz +bash# cd <module> +bash# perl Makefile.PL +bash# make +bash# make test +bash# make install

    Myk also recommends you turn on PRE_CHOMP in the template - initialization to prevent bloating of HTML with unnecessary whitespace. -

    Please note that many have differing opinions on this subject, - and the existing templates in Bugzilla espouse both this and a 4-space - style. Either is acceptable; the above is preferred.

    +


    A.8.2. - What bugs are in Bugzilla right now? -

    C.2. Download Locations

    - Try this link to view current bugs or requests for - enhancement for Bugzilla. -

    Note: some modules are in the core distribution of + ActiveState Perl for Windows. Others are not available. + No PPM links have been provided in either of these two cases. +

    You can view bugs marked for 2.18 release - CGI: +


    +        CPAN Download Page: 
    here. - This list includes bugs for the 2.18 release that have already - been fixed and checked into CVS. Please consult the - http://search.cpan.org/dist/CGI.pm/
    +        PPM Download Link:  Bugzilla Project Page for details on how to - check current sources out of CVS so you can have these - bug fixes early! -

    http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/CGI.zip
    +        Documentation: http://www.perldoc.com/perl5.8.0/lib/CGI.html
    +      

    +

    A.8.3. TimeDate: +


    +        CPAN Download Page: http://search.cpan.org/dist/TimeDate/
    +        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/TimeDate.zip
    +        Documentation: http://search.cpan.org/dist/TimeDate/lib/Date/Format.pm
    +      

    - How can I change the default priority to a null value? For instance, have the default - priority be "---" instead of "P2"? -

    DBI: +


    +        CPAN Download Page: http://search.cpan.org/dist/DBI/
    +        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/DBI.zip
    +        Documentation: http://dbi.perl.org/docs/
    +      

    - This is well-documented in

    DBD::mysql: +


    +        CPAN Download Page: 
    bug 49862. Ultimately, it's as easy as adding the "---" priority field to your - localconfig file in the appropriate area, re-running checksetup.pl, and then changing the - default priority in your browser using "editparams.cgi". -

    http://search.cpan.org/dist/DBD-mysql/
    +        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/DBD-Mysql.zip
    +        Documentation: http://search.cpan.org/dist/DBD-mysql/lib/DBD/mysql.pm
    +      

    +

    A.8.4. File::Spec: +


    +        CPAN Download Page: http://search.cpan.org/dist/File-Spec/
    +        PPM Download Page: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/File-Spec.zip
    +        Documentation: http://www.perldoc.com/perl5.8.0/lib/File/Spec.html
    +      

    - What's the best way to submit patches? What guidelines should I follow? -

    File::Temp: +


    +        CPAN Download Page: http://search.cpan.org/dist/File-Temp/
    +        Documentation: http://www.perldoc.com/perl5.8.0/lib/File/Temp.html
    +      

    +

    1. Template Toolkit: +


      +        CPAN Download Page: http://search.cpan.org/dist/Template-Toolkit/
      +        PPM Download Link: http://openinteract.sourceforge.net/ppmpackages/5.6/Template-Toolkit.tar.gz
      +        Documentation: http://www.template-toolkit.org/docs.html
      +      

      +

      Enter a bug into bugzilla.mozilla.org for the "Text::Wrap: +


      +        CPAN Download Page: 
      http://search.cpan.org/dist/Text-Tabs+Wrap/
      +        Documentation: Bugzilla"http://www.perldoc.com/perl5.8.0/lib/Text/Wrap.html
      +      

      - product. -

    2. Upload your patch as a unified diff (having used "diff -u" against - the current sources checked out of CVS), - or new source file by clicking - "Create a new attachment" link on the bug page you've just created, and - include any descriptions of database changes you may make, into the bug - ID you submitted in step #1. Be sure and click the "Patch" checkbox - to indicate the text you are sending is a patch! -

    3. Announce your patch and the associated URL - (http://bugzilla.mozilla.org/show_bug.cgi?id=XXXXXX) for discussion in - the newsgroup (netscape.public.mozilla.webtools). You'll get a really - good, fairly immediate reaction to the implications of your patch, - which will also give us an idea how well-received the change would - be. -

    4. If it passes muster with minimal modification, the person to whom - the bug is assigned in Bugzilla is responsible for seeing the patch - is checked into CVS. -

    5. Bask in the glory of the fact that you helped write the most successful - open-source bug-tracking software on the planet :) -


    Appendix B. Contrib

    There are a number of unofficial Bugzilla add-ons in the - $BUGZILLA_ROOT/contrib/GD: +


    +        CPAN Download Page: http://search.cpan.org/dist/GD/
    +        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/GD.zip
    +        Documentation: http://stein.cshl.org/WWW/software/GD/
    +      

    - directory. This section documents them.


    B.1. Command-line Search Interface

    There are a suite of Unix utilities for searching Bugzilla from the - command line. They live in the - contrib/cmdline - directory. However, they - have not yet been updated to work with 2.16 (post-templatisation.). - There are three files - query.conf, - buglist and bugs.

    Chart::Base: + +


    +        CPAN Download Page: http://search.cpan.org/dist/Chart/
    +      

    +

    query.conf - contains the mapping from options to field - names and comparison types. Quoted option names are "grepped" for, so it - should be easy to edit this file. Comments (#) have no effect; you must - make sure these lines do not contain any quoted "option".

    GD::Graph: +


    +        CPAN Download Page: http://search.cpan.org/dist/GDGraph/
    +        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/GDGraph.zip
    +        Documentation: http://search.cpan.org/dist/GDGraph/Graph.pm
    +      

    +

    buglistGD::Text::Align: +


    +        CPAN Download Page: http://search.cpan.org/dist/GDTextUtil/
    +        PPM Download Page: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/GDTextUtil.zip
    +        Documentation: http://search.cpan.org/dist/GDTextUtil/Text/Align.pm
    +      

    - is a shell script which submits a Bugzilla query and writes - the resulting HTML page to stdout. It supports both short options, (such - as "-Afoo" or "-Rbar") and long options (such as "--assignedto=foo" or - "--reporter=bar"). If the first character of an option is not "-", it is - treated as if it were prefixed with "--default=".

    The column list is taken from the COLUMNLIST environment variable. - This is equivalent to the "Change Columns" option when you list bugs in - buglist.cgi. If you have already used Bugzilla, grep for COLUMNLIST - in your cookies file to see your current COLUMNLIST setting.

    MIME::Parser: +


    +        CPAN Download Page: http://search.cpan.org/dist/MIME-tools/
    +        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/MIME-tools.zip
    +        Documentation: http://search.cpan.org/dist/MIME-tools/lib/MIME/Parser.pm
    +      

    +

    bugs is a simple shell script which calls - buglist and extracts the - bug numbers from the output. Adding the prefix - "http://bugzilla.mozilla.org/buglist.cgi?bug_id=" turns the bug list into - a working link if any bugs are found. Counting bugs is easy. Pipe the - results through - sed -e 's/,/ /g' | wc | awk '{printf $2 "\n"}'XML::Parser: +


    +        CPAN Download Page: http://search.cpan.org/dist/XML-Parser/
    +        Documentation: http://www.perldoc.com/perl5.6.1/lib/XML/Parser.html
    +      

    Akkana Peck says she has good results piping - buglist output through - w3m -T text/html -dumpPatchReader: +


    +        CPAN Download Page: http://search.cpan.org/author/JKEISER/PatchReader/
    +        Documentation: http://www.johnkeiser.com/mozilla/Patch_Viewer.html
    +      

    Appendix C. GNU Free Documentation LicenseAppendix D. GNU Free Documentation License

    Version 1.1, March 2000

    0. PREAMBLE0. Preamble

    The purpose of this License is to make a manual, textbook, or other written document "free" in the sense of freedom: to assure everyone the @@ -12060,7 +11883,7 @@ CLASS="section" >1. APPLICABILITY AND DEFINITIONS1. Applicability and Definition

    This License applies to any manual or other work that contains a notice placed by the copyright holder saying it can be distributed under @@ -12125,7 +11948,7 @@ CLASS="section" >2. VERBATIM COPYING2. Verbatim Copying

    You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the @@ -12147,7 +11970,7 @@ CLASS="section" >3. COPYING IN QUANTITY3. Copying in Quantity

    If you publish printed copies of the Document numbering more than 100, and the Document's license notice requires Cover Texts, you must @@ -12191,7 +12014,7 @@ CLASS="section" >4. MODIFICATIONS4. Modifications

    You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release @@ -12329,7 +12152,7 @@ CLASS="section" >5. COMBINING DOCUMENTS5. Combining Documents

    You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified @@ -12360,7 +12183,7 @@ CLASS="section" >6. COLLECTIONS OF DOCUMENTS6. Collections of Documents

    You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies @@ -12381,7 +12204,7 @@ CLASS="section" >7. AGGREGATION WITH INDEPENDENT WORKS7. Aggregation with Independent Works

    A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a @@ -12405,7 +12228,7 @@ CLASS="section" >8. TRANSLATION8. Translation

    Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. @@ -12425,7 +12248,7 @@ CLASS="section" >9. TERMINATION9. Termination

    You may not copy, modify, sublicense, or distribute the Document except as expressly provided for under this License. Any other attempt to @@ -12442,7 +12265,7 @@ CLASS="section" >10. FUTURE REVISIONS OF THIS LICENSE10. Future Revisions of this License

    The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions @@ -12476,7 +12299,7 @@ NAME="gfdl-howto" of the License in the document and put the following copyright and license notices just after the title page:

    0-9, high ascii

    For more information about how to configure Apache for Bugzilla, see Section 4.2.1Section 2.2.4.1.

    Much more detailed information about the suggestions in Section 4.5.2Section 2.2.2.1.

    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseChapter 5. Administering BugzillaChapter 3. Administering BugzillaChapter 3. Using BugzillaChapter 5. Using BugzillaChapter 3. Using BugzillaChapter 5. Using BugzillaNextNextGNU Free Documentation LicenseManual Installation of Perl Modules
    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development Release
    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development Release
    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development Release
    3.3. Anatomy of a Bug5.3. Anatomy of a Bug

    The core of Bugzilla is the screen which displays a particular bug. It's a good place to explain some Bugzilla concepts. diff --git a/docs/html/bugreports.html b/docs/html/bugreports.html index 9dd3e335b..7b13680eb 100644 --- a/docs/html/bugreports.html +++ b/docs/html/bugreports.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">

    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development Release
    3.6. Filing Bugs5.6. Filing Bugs

    Years of bug writing experience has been distilled for your reading pleasure into the diff --git a/docs/html/cmdline.html b/docs/html/cmdline.html index be3ee0a5e..343aa58a0 100644 --- a/docs/html/cmdline.html +++ b/docs/html/cmdline.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">

    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development Release
    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseChapter 5. Administering BugzillaChapter 3. Administering Bugzilla5.4. Components3.4. Components

    Components are subsections of a Product. E.g. the computer game you are designing may have a "UI" diff --git a/docs/html/configuration.html b/docs/html/configuration.html new file mode 100644 index 000000000..295a76540 --- /dev/null +++ b/docs/html/configuration.html @@ -0,0 +1,1245 @@ +Configuration

    The Bugzilla Guide - 2.17.7 + Development Release
    PrevChapter 2. Installing BugzillaNext

    2.2. Configuration

    Poorly-configured MySQL and Bugzilla installations have + given attackers full access to systems in the past. Please take the + security parts of these guidelines seriously, even for Bugzilla + machines hidden away behind your firewall.

    2.2.1. localconfig

    Once you run checksetup.pl with all the correct + modules installed, it displays a message about, and write out a + file called, + localconfig. This file contains the default + settings for a number of Bugzilla parameters. +

    Load this file in your editor. The only value you + need to change is $db_pass, the password for + the user you will create for your database. + Pick a strong password (for simplicity, it should not contain + single quote characters) and put it here. +

    The other options in the localconfig file + are documented by their accompanying comments. If you have a slightly + non-standard MySQL setup, you may wish to change one or more of + the other "$db_*" parameters. +

    You may also wish to change the names of + the priorities, severities, operating systems and platforms for your + installation. However, you can always change these after installation + has finished; if you then re-run + checksetup.pl, the changes will get picked up. +

    2.2.2. MySQL

    2.2.2.1. Security

    MySQL ships as insecure by default. + It allows anybody to on the local machine full administrative + capabilities without requiring a password; the special + MySQL root account (note: this is not the same as + the system root) also has no password. + Also, many installations default to running + mysqld as the system root. +

    1. To disable the anonymous user account + and set a password for the root user, execute the following. The + root user password should be different to the bugs user password + you set in + localconfig in the previous section, + and also different to + the password for the system root account on your machine. +

        bash$ mysql mysql
      +  mysql> DELETE FROM user WHERE user = '';
      +  mysql> UPDATE user SET password = password('new_password') WHERE user = 'root';
      +  mysql> FLUSH PRIVILEGES;

      From this point forward, to run the + mysql command-line client, + you will need to type + mysql -u root -p and enter + new_password when prompted. +

    2. If you run MySQL on the same machine as your web server, you + should disable remote access to MySQL by adding + the following to your /etc/my.conf: +

        [myslqd]
      +  # Prevent network access to MySQL.
      +  skip-networking
    3. Consult the documentation that came with your system for + information on making mysqld run as an + unprivileged user. +

    4. For added security, you could also run MySQL, or even all + of Bugzilla + in a chroot jail; however, instructions for doing that are beyond + the scope of this document. +

    2.2.2.2. Allow large attachments

    You need to configure MySQL to accept large packets, if you + want to have attachments larger than 64K. Add the text + below to your + /etc/my.conf. + There is also a parameter in Bugzilla + for setting the maximum allowable attachment size, (default 1MB). + Bugzilla will only accept attachments up to the lower of these two + sizes. +

      [mysqld]
    +  # Allow packets up to 1M
    +  set-variable = max_allowed_packet=1M

    2.2.2.3. Add a user to MySQL

    You need to add a new MySQL user for + Bugzilla to use. (It's not safe to have Bugzilla use the MySQL root + account.) The following instructions assume the defaults in + localconfig; + if you changed those, you need to modify the + SQL command appropriately. You will need the + $db_pass password you set in + localconfig in + Section 2.2.1. +

    We use an SQL GRANT command to create a + "bugs" + user. This also restricts the + "bugs" + user to operations within a database called + "bugs", and only allows the account to connect from + "localhost". + Modify it to reflect your setup if you will be connecting from + another machine or as a different user.

    Run the mysql command-line client and + enter:

      mysql> GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE,
    +         DROP,REFERENCES ON bugs.* TO bugs@localhost
    +         IDENTIFIED BY '$db_pass';
    +  mysql> FLUSH PRIVILEGES

    If you are using MySQL 4, you need to add + the LOCK TABLES and + CREATE TEMPORARY TABLES permissions + to the list. +

    2.2.3. checksetup.pl

    Next, rerun checksetup.pl. It reconfirms + that all the modules are present, and notices the altered + localconfig file, which it assumes you have edited to your + satisfaction. It compiles the UI templates, + connects to the database using the 'bugs' + user you created and the password you defined, and creates the + 'bugs' database and the tables therein. +

    After that, it asks for details of an administrator account. Bugzilla + can have multiple administrators - you can create more later - but + it needs one to start off with. + Enter the email address of an administrator, his or her full name, + and a suitable Bugzilla password. +

    checksetup.pl will then finish. You may rerun + checksetup.pl at any time if you wish. +

    2.2.4. Web server

    Configure your web server according to the instructions in the + appropriate section. The Bugzilla Team recommends Apache. +

    2.2.4.1. Apache httpd

    Load httpd.conf in your editor.

    Uncomment (or add) the following line. + This configures Apache to run .cgi files outside the + cgi-bin directory. +

      AddHandler cgi-script .cgi

    Apache uses <Directory> + directives to permit fine-grained permission setting. + Add the following two lines to a + <Directory> directive that + applies either to the Bugzilla directory or one of its parents + (e.g. the <Directory /var/www/html> + directive). + This allows Bugzilla's .htaccess files to + override global permissions, and allows .cgi files to run in the + Bugzilla directory. +

      Options +ExecCGI +FollowSymLinks
    +  AllowOverride Limit

    Add index.cgi to the end + of the DirectoryIndex + line.

    checksetup.pl can set tighter permissions + on Bugzilla's files and directories if it knows what user the + webserver runs as. Look for the User + line in httpd.conf, and place that value in + the $webservergroup variable in + localconfig. Then rerun + checksetup.pl. +

    2.2.4.2. Microsoft Internet Information Services

    If you need, or for some reason even want, to use Microsoft's + Internet Information Services or + Personal Web Server you should be able + to. You will need to configure them to know how to run CGI scripts. + This is described in Microsoft Knowledge Base article + Q245225 + for Internet Information Services and + Q231998 + for Personal Web Server. +

    Also, and this can't be stressed enough, make sure that files such as + localconfig and your data + directory are secured as described in Section 2.2.4.4. +

    2.2.4.3. AOL Server

    Ben FrantzDale reported success using AOL Server with Bugzilla. He + reported his experience and what appears below is based on that. +

    AOL Server will have to be configured to run + CGI scripts, please consult + the documentation that came with your server for more information on + how to do this. +

    Because AOL Server doesn't support .htaccess + files, you'll have to create a TCL + script. You should create an aolserver/modules/tcl/filter.tcl + file (the filename shouldn't matter) with the following contents (change + /bugzilla/ to the web-based path to + your Bugzilla installation): +

    
  ns_register_filter preauth GET /bugzilla/localconfig filter_deny
    +  ns_register_filter preauth GET /bugzilla/localconfig~ filter_deny
    +  ns_register_filter preauth GET /bugzilla/\#localconfig\# filter_deny
    +  ns_register_filter preauth GET /bugzilla/*.pl filter_deny
    +  ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny
    +  ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny
    +  ns_register_filter preauth GET /bugzilla/data/* filter_deny
    +  ns_register_filter preauth GET /bugzilla/template/* filter_deny
    +
    +  proc filter_deny { why } {
    +      ns_log Notice "filter_deny"
    +      return "filter_return"
    +  }
    +        

    This probably doesn't account for all possible editor backup + files so you may wish to add some additional variations of + localconfig. For more information, see + bug 186383 or Bugtraq ID 6501. +

    If you are using webdot from research.att.com (the default + configuration for the webdotbase paramater), you + will need to allow access to data/webdot/*.dot + for the reasearch.att.com machine. +

    If you are using a local installation of GraphViz, you will need to allow + everybody to access *.png, + *.gif, *.jpg, and + *.map in the + data/webdot directory. +

    2.2.4.4. Web Server Access Controls

    Users of Apache can skip this section because + Bugzilla ships with .htaccess files which + restrict access in the manner required. + Users of other webservers, read on. +

    There are several files in the Bugzilla directory + that should not be accessible from the web. You need to configure + your webserver so they they aren't. Not doing this may reveal + sensitive information such as database passwords. +

    • In the main Bugzilla directory, you should:

      • Block: + *.pl, *localconfig*, runtests.sh +

      • But allow: + localconfig.js, localconfig.rdf +

    • In data:

      • Block everything

      • But allow: + duplicates.rdf +

    • In data/webdot:

      • If you use a remote webdot server:

        • Block everything

        • But allow + *.dot + only for the remote webdot server

      • Otherwise, if you use a local GraphViz:

        • Block everything

        • But allow: + *.png, *.gif, *.jpg, *.map +

      • And if you don't use any dot:

        • Block everything

    • In Bugzilla:

      • Block everything

    • In template:

      • Block everything

    You should test to make sure that the files mentioned above are + not accessible from the Internet, especially your + localconfig file which contains your database + password. To test, simply point your web browser at the file; for + example, to test mozilla.org's installation, we'd try to access + http://bugzilla.mozilla.org/localconfig. You should + get a 403 Forbidden + error. +

    2.2.5. Bugzilla

    Your Bugzilla should now be working. Access + http://<your-bugzilla-server>/ - + you should see the Bugzilla + front page. If not, consult the Troubleshooting section, + Section 2.5. +

    Log in with the administrator account you defined in the last + checksetup.pl run. You should go through + the parameters on the Edit Parameters page + (see link in the footer) and see if there are any you wish to + change. + They key parameters are documented in Section 3.1; + you should certainly alter + maintainer and urlbase; + you may also want to alter + cookiepath or requirelogin. +

    This would also be a good time to revisit the + localconfig file and make sure that the + names of the priorities, severities, platforms and operating systems + are those you wish to use when you start creating bugs. Remember + to rerun checksetup.pl if you change it. +

    Bugzilla has several optional features which require extra + configuration. You can read about those in + Section 2.3. +


    PrevHomeNext
    InstallationUpOptional Additional Configuration
    \ No newline at end of file diff --git a/docs/html/conventions.html b/docs/html/conventions.html index 25b7783a9..28f25bbb9 100644 --- a/docs/html/conventions.html +++ b/docs/html/conventions.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseNext

    NextIntroductionInstalling Bugzilla
    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development Release1.1. Copyright Information

    This document is copyright (c) 2000-2004 by the various + Bugzilla contributors who wrote it.

     

    Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation @@ -103,29 +94,10 @@ VALIGN="TOP" Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is included in Appendix CAppendix D.

     
    --Copyright (c) 2000-2004 The Bugzilla Team 

    If you have any questions regarding this document, its copyright, or publishing this document in non-electronic form, diff --git a/docs/html/credits.html b/docs/html/credits.html index 69cac7052..cc39bc7d3 100644 --- a/docs/html/credits.html +++ b/docs/html/credits.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development Release Matthew P. Barnson, Kevin Brannen, Dawn Endico, Ben FrantzDale, Eric Hanson, Tara Hernandez, Dave Lawrence, Zach Lipton, Gervase Markham, Andrew Pearson, Joe Robins, Spencer Smith, Jacob Steenhagen, Ron Teitelbaum, Terry Weissman, Martin Wulffeld.

    Last but not least, all the members of the +> Also, thanks are due to the members of the The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleasePrevChapter 6. Customising BugzillaChapter 4. Customising Bugzilla6.2. Customizing Who Can Change What4.3. Customizing Who Can Change What

    PrevTemplate CustomizationTemplate HooksTemplate Hooks

    The Bugzilla Guide - 2.17.7 + Development Release
    PrevChapter 4. Customising BugzillaNext

    4.2. Template Hooks

    Template hooks are a way for extensions to Bugzilla to insert code + into the standard Bugzilla templates without modifying the template files + themselves. The hooks mechanism defines a consistent API for extending + the standard templates in a way that cleanly separates standard code + from extension code. Hooks reduce merge conflicts and make it easier + to write extensions that work across multiple versions of Bugzilla, + making upgrading a Bugzilla installation with installed extensions easier. +

    A template hook is just a named place in a standard template file + where extension template files for that hook get processed. Each hook + has a corresponding directory in the Bugzilla directory tree. Hooking an + extension template to a hook is as simple as putting the extension file + into the hook's directory. When Bugzilla processes the standard template + and reaches the hook, it will process all extension templates in the + hook's directory. The hooks themselves can be added into any standard + template upon request by extension authors. +

    To use hooks to extend a Bugzilla template, first make sure there is + a hook at the appropriate place within the template you want to extend. + Hooks appear in the standard Bugzilla templates as a single directive + in the format + [% Hook.process("name") %], + where name is the unique (within that template) + name of the hook. +

    If you aren't sure which template you want to extend or just want + to browse the available hooks, either use your favorite multi-file search + tool (e.g. grep) to search the standard templates + for occurrences of Hook.process or browse + the directory tree in + BUGZILLA_ROOT/template/en/extension/hook/, + which contains a directory for each hook in the following location: +

    BUGZILLA_ROOT/template/en/extension/hook/PATH_TO_STANDARD_TEMPLATE/STANDARD_TEMPLATE_NAME/HOOK_NAME/ +

    If there is no hook at the appropriate place within the Bugzilla template + you want to extend, + file + a bug requesting one, specifying: +

    the template for which you are requesting a hook;
    where in the template you would like the hook to be placed + (line number/position for latest version of template in CVS + or description of location); +
    the purpose of the hook;
    a link to information about your extension, if any.

    The Bugzilla reviewers will promptly review each hook request, + name the hook, add it to the template, check the new version + of the template into CVS, and create the corresponding directory in + BUGZILLA_ROOT/template/en/extension/hook/. +

    You may optionally attach a patch to the bug which implements the hook + and check it in yourself after receiving approval from a Bugzilla + reviewer. The developers may suggest changes to the location of the + hook based on their analysis of your needs or so the hook can satisfy + the needs of multiple extensions, but the process of getting hooks + approved and checked in is not as stringent as the process for general + changes to Bugzilla, and any extension, whether released or still in + development, can have hooks added to meet their needs. +

    After making sure the hook you need exists (or getting it added if not), + add your extension template to the directory within the Bugzilla + directory tree corresponding to the hook. +

    That's it! Now, when the standard template containing the hook + is processed, your extension template will be processed at the point + where the hook appears. +

    For example, let's say you have an extension named Projman that adds + project management capabilities to Bugzilla. Projman has an + administration interface edit-projects.cgi, + and you want to add a link to it into the navigation bar at the bottom + of every Bugzilla page for those users who are authorized + to administer projects. +

    The navigation bar is generated by the template file + useful-links.html.tmpl, which is located in + the global/ subdirectory on the standard Bugzilla + template path + BUGZILLA_ROOT/template/en/default/. + Looking in useful-links.html.tmpl, you find + the following hook at the end of the list of standard Bugzilla + administration links: +

    ...
    +    [% ', <a href="editkeywords.cgi">keywords</a>' 
    +                                              IF user.groups.editkeywords %]
    +    [% Hook.process("edit") %]
    +...

    The corresponding directory for this hook is + BUGZILLA_ROOT/template/en/extension/hook/global/useful-links.html.tmpl/edit/. +

    You put a template named + projman-edit-projects.html.tmpl + into that directory with the following content: +

    ...[% ', <a href="edit-projects.cgi">projects</a>' IF user.groups.projman_admins %]

    Voila! The link now appears after the other administration links in the + navigation bar for users in the projman_admins group. +

    Notes: +


    PrevHomeNext
    Template CustomizationUpCustomizing Who Can Change What
    \ No newline at end of file diff --git a/docs/html/cust-templates.html b/docs/html/cust-templates.html index 19ac52100..90a800dc9 100644 --- a/docs/html/cust-templates.html +++ b/docs/html/cust-templates.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseChapter 6. Customising BugzillaChapter 4. Customising BugzillaNext6.1. Template Customization4.1. Template Customization

    Administrators can configure the look and feel of Bugzilla without having to edit Perl files or face the nightmare of massive merge @@ -89,7 +89,7 @@ NAME="cust-templates" determined by the user's browser. More information is available in Section 6.1.5Section 4.1.5.

    6.1.1. What to Edit

    4.1.1. What to Edit

    The template directory structure is that there's a top level directory,

    6.1.2. How To Edit Templates

    4.1.2. How To Edit Templates

    6.1.3. Template Formats

    4.1.3. Template Formats

    Some CGIs have the ability to use more than one template. For example, buglist.cgi can output bug lists as RDF or two @@ -391,9 +391,9 @@ CLASS="section" >

    6.1.4. Particular Templates

    4.1.4. Particular Templates

    There are a few templates you may be particularly interested in customizing for your installation. @@ -567,7 +567,7 @@ CLASS="section" >6.1.5. Configuring Bugzilla to Detect the User's Language4.1.5. Configuring Bugzilla to Detect the User's Language

    Bugzilla honours the user's Accept: HTTP header. You can install templates in other languages, and Bugzilla will pick the most appropriate @@ -583,7 +583,7 @@ TARGET="_top" >After untarring the localizations (or creating your own) in the $BUGZILLA_HOME/templateBUGZILLA_ROOT/template directory, you must update the NextCustomizing Who Can Change WhatTemplate Hooks

    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseChapter 6. Customising BugzillaChapter 4. Customising Bugzilla
    Table of Contents
    6.1. 4.1. Template Customization
    6.1.1. 4.1.1. What to Edit
    6.1.2. 4.1.2. How To Edit Templates
    6.1.3. 4.1.3. Template Formats
    6.1.4. 4.1.4. Particular Templates
    6.1.5. 4.1.5. Configuring Bugzilla to Detect the User's Language
    6.2. 4.2. Template Hooks
    4.3. Customizing Who Can Change What
    6.3. 4.4. Modifying Your Running System
    6.4. 4.5. MySQL Bugzilla Database Introduction
    6.5. 4.6. Integrating Bugzilla with Third-Party Tools
    6.5.1. 4.6.1. Bonsai
    6.5.2. 4.6.2. CVS
    6.5.3. 4.6.3. Perforce SCM
    6.5.4. 4.6.4. Tinderbox/Tinderbox2
    The Bugzilla Database
    The Bugzilla Guide - 2.17.5 - Development Release
    PrevNext

    Appendix A. The Bugzilla Database

    This document really needs to be updated with more fleshed out - information about primary keys, interrelationships, and maybe some nifty - tables to document dependencies. Any takers?


    PrevHomeNext
    Integrating Bugzilla with Third-Party Tools Template Customization
    \ No newline at end of file diff --git a/docs/html/dbdoc.html b/docs/html/dbdoc.html index 1bfa4b694..c8209df10 100644 --- a/docs/html/dbdoc.html +++ b/docs/html/dbdoc.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseChapter 6. Customising BugzillaChapter 4. Customising Bugzilla6.4. MySQL Bugzilla Database Introduction4.5. MySQL Bugzilla Database Introduction

    This information comes straight from my life. I was forced to learn how Bugzilla organizes database because of nitpicky requests from users @@ -137,9 +137,9 @@ CLASS="section" >

    6.4.1. Bugzilla Database Basics

    4.5.1. Bugzilla Database Basics

    If you were like me, at this point you're totally clueless about the internals of MySQL, and if it weren't for this executive order from @@ -251,9 +251,9 @@ CLASS="section" >

    6.4.1.1. Bugzilla Database Tables

    4.5.1.1. Bugzilla Database Tables

    Imagine your MySQL database as a series of spreadsheets, and you won't be too far off. If you use this command:

    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseChapter 6. Customising BugzillaChapter 4. Customising Bugzilla6.3. Modifying Your Running System4.4. Modifying Your Running System

    Bugzilla optimizes database lookups by storing all relatively static information in the diff --git a/docs/html/disclaimer.html b/docs/html/disclaimer.html index 2e0444066..b8061dbf1 100644 --- a/docs/html/disclaimer.html +++ b/docs/html/disclaimer.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development Release

    Although the Bugzilla development team has taken great care to - ensure that all exploitable bugs or options have been - fixed, security holes surely exist. Great care should be taken both in + ensure that all exploitable bugs have been fixed, security holes surely + exist in any piece of code. Great care should be taken both in the installation and usage of this software. The Bugzilla development - team members assume no liability for your use of this software. You have + team members assume no liability for your use of Bugzilla. You have the source code, and are responsible for auditing it yourself to ensure your security needs are met.

    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleasePrevChapter 4. InstallationChapter 2. Installing Bugzilla4.3. Optional Additional Configuration2.3. Optional Additional Configuration

    Bugzilla has a number of optional features. This section describes how + to configure or enable them. +

    4.3.1. Dependency Charts

    2.3.1. Bug Graphs

    If you have installed the necessary Perl modules you + can start collecting statistics for the nifty Bugzilla + graphs.

    bash# crontab -e

    This should bring up the crontab file in your editor. + Add a cron entry like this to run + collectstats.pl + daily at 5 after midnight: +

    5 0 * * * cd <your-bugzilla-directory> ; ./collectstats.pl

    As well as the text-based dependency graphs, Bugzilla also - supports dependency graphing, using a package called 'dot'. +>After two days have passed you'll be able to view bug graphs from + the Reports page.

    2.3.2. Dependency Charts

    As well as the text-based dependency trees, Bugzilla also + supports a graphical view of dependency relationships, using a + package called 'dot'. Exactly how this works is controlled by the 'webdotbase' parameter, which can have one of three values:

    So, to get this working, install +>The easiest way to get this working is to install in Apache. Alternatively, you could set up a webdot server, or use the AT&T - public webdot server (the - default for the webdotbase param). Note that AT&T's server won't work - if Bugzilla is only accessible using HARTS. -

    4.3.2. Bug Graphs

    As long as you installed the GD and Graph::Base Perl modules you - might as well turn on the nifty Bugzilla bug reporting graphs.

    Add a cron entry like this to run - collectstats.pl - daily at 5 after midnight: -

    bash# - - crontab -e - -
    5 0 * * * cd <your-bugzilla-directory> ; - ./collectstats.pl -

    Editor's note: What the heck is HARTS? Google doesn't know... +

    After two days have passed you'll be able to view bug graphs from - the Bug Reports page.

    4.3.3. The Whining Cron

    2.3.3. The Whining Cron

    By now you have a fully functional Bugzilla, but what good are - bugs if they're not annoying? To help make those bugs more annoying you +>What good are + bugs if they're not annoying? To help make them more so you can set up Bugzilla's automatic whining system to complain at engineers which leave their bugs in the NEW or REOPENED state without triaging them.

    This can be done by - adding the following command as a daily crontab entry (for help on that - see that crontab man page): -

    cd <your-bugzilla-directory> ; - ./whineatnews.pl - -

    +> + This can be done by + adding the following command as a daily crontab entry, in the same manner + as explained above for bug graphs. This example runs it at 12.55am.

    Depending on your system, crontab may have several manpages. - The following command should lead you to the most useful page for - this purpose: -
    
man 5 crontab
    -	
    55 0 * * * cd <your-bugzilla-directory> ; ./whineatnews.pl
    -

    2.3.4. Patch Viewer

    Patch Viewer is the engine behind Bugzilla's graphical display of + code patches. You can integrate this with copies of the + cvs, lxr and + bonsai tools if you have them, by giving + the locations of your installation of these tools in + editparams.cgi. +

    Patch Viewer also optionally will use the + cvs, diff and + interdiff + command-line utilities if they exist on the system. + Interdiff can be obtained from + http://cyberelk.net/tim/patchutils/. + If these programs are not in the system path, you can configure + their locations in localconfig. +

    4.3.4. LDAP Authentication2.3.5. LDAP Authentication

    LDAP authentication is a module for Bugzilla's plugin authentication architecture. @@ -457,7 +471,7 @@ NAME="param-LDAPBaseDN" >

    The LDAPBaseDN parameter should be set to the location in - your LDAP tree that you would like to search for e-mail addresses. + your LDAP tree that you would like to search for email addresses. Your uids should be unique under the DN specified here.

    The LDAPmailattribute parameter should be the name of the - attribute which contains the e-mail address your users will enter + attribute which contains the email address your users will enter into the Bugzilla login boxes.

    4.3.5. Preventing untrusted Bugzilla content from executing malicious - Javascript code2.3.6. Prevent users injecting malicious + Javascript

    It is possible for a Bugzilla attachment to contain malicious - Javascript - code, which would be executed in the domain of your Bugzilla, thereby - making it possible for the attacker to e.g. steal your login cookies. +>It is possible for a Bugzilla user to take advantage of character + set encoding ambiguities to inject HTML into Bugzilla comments. This + could include malicious scripts. Due to internationalization concerns, we are unable to - incorporate by default the code changes necessary to fulfill the CERT - advisory requirements mentioned in + incorporate by default the code changes suggested by http://www.cert.org/tech_tips/malicious_code_mitigation.html/#3. +> the CERT advisory on this issue. If your installation is for an English speaking audience only, making the change below will prevent this problem.

    
    $self->charset('');
    -      
    $self->charset('');
    
    $self->charset('ISO-8859-1');
    -      
    $self->charset('ISO-8859-1');

    4.3.6. Bugzilla and mod_perl

    Bugzilla is unsupported under mod_perl. Effort is underway - to make it work cleanly in a mod_perl environment, but it is - slow going. -

    4.3.7. 2.3.7. mod_throttle - - and Security

    It is possible for a user, by mistake or on purpose, to access the database many times in a row which can result in very slow access speeds for other users. If your Bugzilla installation is experiencing - this problem , you may install the Apache module + this problem, you may install the Apache module mod_throttle - - which can limit connections by ip-address. You may download this module + which can limit connections by IP address. You may download this module at This module only functions with the Apache web server! - You may use the + The command you need is ThrottleClientIP - - command provided by this module to accomplish this goal. See the +>. See the Module - Instructionsdocumentation for more information.

    2.3.8. TCP/IP Ports

    A single-box Bugzilla only requires port 80, plus port 25 if + you are using the optional email interface. You should firewall all + other ports and/or disable services listening on them. +

    2.3.9. Daemon Accounts

    Many daemons, such as Apache's httpd and MySQL's mysqld default to + running as either "root" or "nobody". Running + as "root" introduces obvious security problems, but the + problems introduced by running everything as "nobody" may + not be so obvious. Basically, if you're running every daemon as + "nobody" and one of them gets compromised, they all get + compromised. For this reason it is recommended that you create a user + account for each daemon. +

    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleasePrev Is there an easy way to change the Bugzilla cookie name?
    A.1.11. Does bugzilla run under mod_perl? +

    A.1.11. + Does bugzilla run under mod_perl? +

    + At present, no. This is being worked on. +

    Microsoft has some advice on this matter, as well:

    PrevIntegrating Bugzilla with Third-Party ToolsReportsPREAMBLEPreambleThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseAppendix C. GNU Free Documentation LicenseAppendix D. GNU Free Documentation License0. PREAMBLE0. Preamble

    The purpose of this License is to make a manual, textbook, or other written document "free" in the sense of freedom: to assure everyone the @@ -158,7 +158,7 @@ ACCESSKEY="U" WIDTH="33%" ALIGN="right" VALIGN="top" ->APPLICABILITY AND DEFINITIONSApplicability and Definition

    APPLICABILITY AND DEFINITIONSApplicability and DefinitionThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseAppendix C. GNU Free Documentation LicenseAppendix D. GNU Free Documentation License1. APPLICABILITY AND DEFINITIONS1. Applicability and Definition

    This License applies to any manual or other work that contains a notice placed by the copyright holder saying it can be distributed under @@ -179,7 +179,7 @@ ACCESSKEY="N" WIDTH="33%" ALIGN="left" VALIGN="top" ->PREAMBLEPreambleVERBATIM COPYINGVerbatim CopyingFUTURE REVISIONS OF THIS LICENSEFuture Revisions of this LicenseThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseAppendix C. GNU Free Documentation LicenseAppendix D. GNU Free Documentation License10. FUTURE REVISIONS OF THIS LICENSE10. Future Revisions of this License

    The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions @@ -142,7 +142,7 @@ ACCESSKEY="N" WIDTH="33%" ALIGN="left" VALIGN="top" ->TERMINATIONTerminationVERBATIM COPYINGVerbatim CopyingThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseAppendix C. GNU Free Documentation LicenseAppendix D. GNU Free Documentation License2. VERBATIM COPYING2. Verbatim Copying

    You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the @@ -136,7 +136,7 @@ ACCESSKEY="N" WIDTH="33%" ALIGN="left" VALIGN="top" ->APPLICABILITY AND DEFINITIONSApplicability and DefinitionCOPYING IN QUANTITYCopying in QuantityCOPYING IN QUANTITYCopying in QuantityThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseAppendix C. GNU Free Documentation LicenseAppendix D. GNU Free Documentation License3. COPYING IN QUANTITY3. Copying in Quantity

    If you publish printed copies of the Document numbering more than 100, and the Document's license notice requires Cover Texts, you must @@ -158,7 +158,7 @@ ACCESSKEY="N" WIDTH="33%" ALIGN="left" VALIGN="top" ->VERBATIM COPYINGVerbatim CopyingMODIFICATIONSModificationsMODIFICATIONSModificationsThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseAppendix C. GNU Free Documentation LicenseAppendix D. GNU Free Documentation License4. MODIFICATIONS4. Modifications

    You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release @@ -252,7 +252,7 @@ ACCESSKEY="N" WIDTH="33%" ALIGN="left" VALIGN="top" ->COPYING IN QUANTITYCopying in QuantityCOMBINING DOCUMENTSCombining DocumentsCOMBINING DOCUMENTSCombining DocumentsThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseAppendix C. GNU Free Documentation LicenseAppendix D. GNU Free Documentation License5. COMBINING DOCUMENTS5. Combining Documents

    You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified @@ -145,7 +145,7 @@ ACCESSKEY="N" WIDTH="33%" ALIGN="left" VALIGN="top" ->MODIFICATIONSModificationsCOLLECTIONS OF DOCUMENTSCollections of DocumentsCOLLECTIONS OF DOCUMENTSCollections of DocumentsThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseAppendix C. GNU Free Documentation LicenseAppendix D. GNU Free Documentation License6. COLLECTIONS OF DOCUMENTS6. Collections of Documents

    You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies @@ -135,7 +135,7 @@ ACCESSKEY="N" WIDTH="33%" ALIGN="left" VALIGN="top" ->COMBINING DOCUMENTSCombining DocumentsAGGREGATION WITH INDEPENDENT WORKSAggregation with Independent WorksAGGREGATION WITH INDEPENDENT WORKSAggregation with Independent WorksThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseAppendix C. GNU Free Documentation LicenseAppendix D. GNU Free Documentation License7. AGGREGATION WITH INDEPENDENT WORKS7. Aggregation with Independent Works

    A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a @@ -138,7 +138,7 @@ ACCESSKEY="N" WIDTH="33%" ALIGN="left" VALIGN="top" ->COLLECTIONS OF DOCUMENTSCollections of DocumentsTRANSLATIONTranslationTRANSLATIONTranslationThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseAppendix C. GNU Free Documentation LicenseAppendix D. GNU Free Documentation License8. TRANSLATION8. Translation

    Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. @@ -134,7 +134,7 @@ ACCESSKEY="N" WIDTH="33%" ALIGN="left" VALIGN="top" ->AGGREGATION WITH INDEPENDENT WORKSAggregation with Independent WorksTERMINATIONTerminationTERMINATIONTerminationThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseAppendix C. GNU Free Documentation LicenseAppendix D. GNU Free Documentation License9. TERMINATION9. Termination

    You may not copy, modify, sublicense, or distribute the Document except as expressly provided for under this License. Any other attempt to @@ -131,7 +131,7 @@ ACCESSKEY="N" WIDTH="33%" ALIGN="left" VALIGN="top" ->TRANSLATIONTranslationFUTURE REVISIONS OF THIS LICENSEFuture Revisions of this LicenseThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseAppendix C. GNU Free Documentation LicenseAppendix D. GNU Free Documentation License

    FUTURE REVISIONS OF THIS LICENSEFuture Revisions of this LicenseThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleasePrevAppendix C. GNU Free Documentation LicenseAppendix D. GNU Free Documentation License
    0. PREAMBLEPreamble
    1. APPLICABILITY AND DEFINITIONSApplicability and Definition
    2. VERBATIM COPYINGVerbatim Copying
    3. COPYING IN QUANTITYCopying in Quantity
    4. MODIFICATIONSModifications
    5. COMBINING DOCUMENTSCombining Documents
    6. COLLECTIONS OF DOCUMENTSCollections of Documents
    7. AGGREGATION WITH INDEPENDENT WORKSAggregation with Independent Works
    8. TRANSLATIONTranslation
    9. TERMINATIONTermination
    10. FUTURE REVISIONS OF THIS LICENSEFuture Revisions of this License

    Version 1.1, March 2000

    PrevCommand-line Search InterfaceDownload LocationsPREAMBLEPreamble
    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development Release

    0-9, high ascii

    For more information about how to configure Apache for Bugzilla, see Section 4.2.1Section 2.2.4.1.

    Much more detailed information about the suggestions in Section 4.5.2Section 2.2.2.1.

    Chapter 5. Administering BugzillaChapter 3. Administering BugzillaChapter 3. Using BugzillaChapter 5. Using BugzillaPrevChapter 2. Installing Bugzilla

    Chapter 4. Installation

    2.1. Installation
    Table of Contents
    4.1. Step-by-step Install
    4.1.1. Perl
    4.1.2. MySQL
    4.1.3. HTTP Server
    4.1.4. Bugzilla
    4.1.5.

    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development Release
    5.8. Groups and Group Security3.8. Groups and Group Security

    Groups allow the administrator to isolate bugs or products that should only be seen by certain people. diff --git a/docs/html/hintsandtips.html b/docs/html/hintsandtips.html index e2cb0d944..8961e133c 100644 --- a/docs/html/hintsandtips.html +++ b/docs/html/hintsandtips.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">

    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development Release
    3.8. Hints and Tips5.8. Hints and Tips

    This section distills some Bugzilla tips and best practices that have been developed.

    3.8.1. Autolinkification

    5.8.1. Autolinkification

    Bugzilla comments are plain text - so typing <U> will produce less-than, U, greater-than rather than underlined text. @@ -157,7 +157,7 @@ CLASS="section" >3.8.2. Quicksearch5.8.2. Quicksearch

    Quicksearch is a single-text-box query tool which uses metacharacters to indicate what is to be searched. For example, typing @@ -190,7 +190,7 @@ CLASS="section" >3.8.3. Comments5.8.3. Comments

    If you are changing the fields on a bug, only comment if either you have something pertinent to say, or Bugzilla requires it. @@ -214,7 +214,7 @@ CLASS="section" >3.8.4. Attachments5.8.4. Attachments

    Use attachments, rather than comments, for large chunks of ASCII data, such as trace, debugging output files, or log files. That way, it doesn't diff --git a/docs/html/how.html b/docs/html/how.html deleted file mode 100644 index 1b8a87910..000000000 --- a/docs/html/how.html +++ /dev/null @@ -1,826 +0,0 @@ -How do I use Bugzilla?

    The Bugzilla Guide - 2.17.5 - Development Release
    PrevChapter 3. Using BugzillaNext

    3.1. How do I use Bugzilla?

    This section contains information for end-users of Bugzilla. - There is a Bugzilla test installation, called - Landfill, - which you are welcome to play with (if it's up.) - However, it does not necessarily - have all Bugzilla features enabled, and often runs cutting-edge versions - of Bugzilla for testing, so some things may work slightly differently - than mentioned here.

    3.1.1. Create a Bugzilla Account

    If you want to use Bugzilla, first you need to create an account. - Consult with the administrator responsible for your installation of - Bugzilla for the URL you should use to access it. If you're - test-driving Bugzilla, use this URL: - http://landfill.bugzilla.org/bugzilla-tip/. -

    1. Click the - "Open a new Bugzilla account" - - link, enter your email address and, optionally, your name in the - spaces provided, then click - "Create Account" - - .

    2. Within moments, you should receive an email to the address - you provided above, which contains your login name (generally the - same as the email address), and a password you can use to access - your account. This password is randomly generated, and can be - changed to something more memorable.

    3. Click the - "Log In" - link in the yellow area at the bottom of the page in your browser, - enter your email address and password into the spaces provided, and - click - "Login". -

    You are now logged in. Bugzilla uses cookies for authentication - so, unless your IP address changes, you should not have to log in - again.

    3.1.2. Anatomy of a Bug

    The core of Bugzilla is the screen which displays a particular - bug. It's a good place to explain some Bugzilla concepts. - Bug 1 on Landfill - - is a good example. Note that the labels for most fields are hyperlinks; - clicking them will take you to context-sensitive help on that - particular field. Fields marked * may not be present on every - installation of Bugzilla.

    1. Product and Component: - Bugs are divided up by Product and Component, with a Product - having one or more Components in it. For example, - bugzilla.mozilla.org's "Bugzilla" Product is composed of several - Components: -

      Administration: - Administration of a Bugzilla installation.
      Bugzilla-General: - Anything that doesn't fit in the other components, or spans - multiple components.
      Creating/Changing Bugs: - Creating, changing, and viewing bugs.
      Documentation: - The Bugzilla documentation, including The Bugzilla Guide.
      Email: - Anything to do with email sent by Bugzilla.
      Installation: - The installation process of Bugzilla.
      Query/Buglist: - Anything to do with searching for bugs and viewing the - buglists.
      Reporting/Charting: - Getting reports from Bugzilla.
      User Accounts: - Anything about managing a user account from the user's perspective. - Saved queries, creating accounts, changing passwords, logging in, - etc.
      User Interface: - General issues having to do with the user interface cosmetics (not - functionality) including cosmetic issues, HTML templates, - etc.

      -

    2. Status and Resolution: - - These define exactly what state the bug is in - from not even - being confirmed as a bug, through to being fixed and the fix - confirmed by Quality Assurance. The different possible values for - Status and Resolution on your installation should be documented in the - context-sensitive help for those items.

    3. Assigned To: - The person responsible for fixing the bug.

    4. *URL: - A URL associated with the bug, if any.

    5. Summary: - A one-sentence summary of the problem.

    6. *Status Whiteboard: - (a.k.a. Whiteboard) A free-form text area for adding short notes - and tags to a bug.

    7. *Keywords: - The administrator can define keywords which you can use to tag and - categorise bugs - e.g. The Mozilla Project has keywords like crash - and regression.

    8. Platform and OS: - These indicate the computing environment where the bug was - found.

    9. Version: - The "Version" field is usually used for versions of a product which - have been released, and is set to indicate which versions of a - Component have the particular problem the bug report is - about.

    10. Priority: - The bug assignee uses this field to prioritise his or her bugs. - It's a good idea not to change this on other people's bugs.

    11. Severity: - This indicates how severe the problem is - from blocker - ("application unusable") to trivial ("minor cosmetic issue"). You - can also use this field to indicate whether a bug is an enhancement - request.

    12. *Target: - (a.k.a. Target Milestone) A future version by which the bug is to - be fixed. e.g. The Bugzilla Project's milestones for future - Bugzilla versions are 2.18, 2.20, 3.0, etc. Milestones are not - restricted to numbers, thought - you can use any text strings, such - as dates.

    13. Reporter: - The person who filed the bug.

    14. CC list: - A list of people who get mail when the bug changes.

    15. Attachments: - You can attach files (e.g. testcases or patches) to bugs. If there - are any attachments, they are listed in this section.

    16. *Dependencies: - If this bug cannot be fixed unless other bugs are fixed (depends - on), or this bug stops other bugs being fixed (blocks), their - numbers are recorded here.

    17. *Votes: - Whether this bug has any votes.

    18. Additional Comments: - You can add your two cents to the bug discussion here, if you have - something worthwhile to say.

    3.1.3. Searching for Bugs

    The Bugzilla Search page is is the interface where you can find - any bug report, comment, or patch currently in the Bugzilla system. You - can play with it here: - http://landfill.bugzilla.org/bugzilla-tip/query.cgi.

    The Search page has controls for selecting different possible - values for all of the fields in a bug, as described above. For some - fields, multiple values can be selected. In those cases, Bugzilla - returns bugs where the content of the field matches one of the selected - values. If none is selected, then the field can take any value.

    Once you've defined a search, you can either run it, or save it - as a Remembered Query, which can optionally appear in the footer of - your pages.

    Highly advanced querying is done using Boolean Charts.

    3.1.4. Bug Lists

    If you run a search, a list of matching bugs will be returned. - The default search is to return all open bugs on the system - don't try - running this search on a Bugzilla installation with a lot of - bugs!

    The format of the list is configurable. For example, it can be - sorted by clicking the column headings. Other useful features can be - accessed using the links at the bottom of the list: -

    Long Format: - - this gives you a large page with a non-editable summary of the fields - of each bug.
    Change Columns: - - change the bug attributes which appear in the list.
    Change several bugs at once: - - If your account is sufficiently empowered, you can make the same - change to all the bugs in the list - for example, changing their - owner.
    Send mail to bug owners: - - Sends mail to the owners of all bugs on the list.
    Edit this query: - - If you didn't get exactly the results you were looking for, you can - return to the Query page through this link and make small revisions - to the query you just made so you get more accurate results.

    -

    3.1.5. Filing Bugs

    Years of bug writing experience has been distilled for your - reading pleasure into the - Bug Writing Guidelines. - While some of the advice is Mozilla-specific, the basic principles of - reporting Reproducible, Specific bugs, isolating the Product you are - using, the Version of the Product, the Component which failed, the - Hardware Platform, and Operating System you were using at the time of - the failure go a long way toward ensuring accurate, responsible fixes - for the bug that bit you.

    The procedure for filing a test bug is as follows:

    1. Go to - Landfill - in your browser and click - Enter a new bug report. -

    2. Select a product - any one will do.

    3. Fill in the fields. Bugzilla should have made reasonable - guesses, based upon your browser, for the "Platform" and "OS" - drop-down boxes. If they are wrong, change them.

    4. Select "Commit" and send in your bug report.

    3.1.6. Patch Viewer

    Viewing and reviewing patches in Bugzilla is often difficult due to - lack of context, improper format and the inherent readability issues that - raw patches present. Patch Viewer is an enhancement to Bugzilla designed - to fix that by offering increased context, linking to sections, and - integrating with Bonsai, LXR and CVS.

    Patch viewer allows you to:

    View patches in color, with side-by-side view rather than trying - to interpret the contents of the patch.
    See the difference between two patches.
    Get more context in a patch.
    Collapse and expand sections of a patch for easy - reading.
    Link to a particular section of a patch for discussion or - review
    Go to Bonsai or LXR to see more context, blame, and - cross-references for the part of the patch you are looking at
    Create a rawtext unified format diff out of any patch, no - matter what format it came from

    3.1.6.1. Viewing Patches in Patch Viewer

    The main way to view a patch in patch viewer is to click on the - "Diff" link next to a patch in the Attachments list on a bug. You may - also do this within the edit window by clicking the "View Attachment As - Diff" button in the Edit Attachment screen.

    3.1.6.2. Seeing the Difference Between Two Patches

    To see the difference between two patches, you must first view the - newer patch in Patch Viewer. Then select the older patch from the - dropdown at the top of the page ("Differences between [dropdown] and - this patch") and click the "Diff" button. This will show you what - is new or changed in the newer patch.

    3.1.6.3. Getting More Context in a Patch

    To get more context in a patch, you put a number in the textbox at - the top of Patch Viewer ("Patch / File / [textbox]") and hit enter. - This will give you that many lines of context before and after each - change. Alternatively, you can click on the "File" link there and it - will show each change in the full context of the file. This feature only - works against files that were diffed using "cvs diff".

    3.1.6.4. Collapsing and Expanding Sections of a Patch

    To view only a certain set of files in a patch (for example, if a - patch is absolutely huge and you want to only review part of it at a - time), you can click the "(+)" and "(-)" links next to each file (to - expand it or collapse it). If you want to collapse all files or expand - all files, you can click the "Collapse All" and "Expand All" links at the - top of the page.

    3.1.6.5. Linking to a Section of a Patch

    To link to a section of a patch (for example, if you want to be - able to give someone a URL to show them which part you are talking - about) you simply click the "Link Here" link on the section header. The - resulting URL can be copied and used in discussion. (Copy Link - Location in Mozilla works as well.)

    3.1.6.6. Going to Bonsai and LXR

    To go to Bonsai to get blame for the lines you are interested in, - you can click the "Lines XX-YY" link on the section header you are - interested in. This works even if the patch is against an old - version of the file, since Bonsai stores all versions of the file.

    To go to LXR, you click on the filename on the file header - (unfortunately, since LXR only does the most recent version, line - numbers are likely to rot).

    3.1.6.7. Creating a Unified Diff

    If the patch is not in a format that you like, you can turn it - into a unified diff format by clicking the "Raw Unified" link at the top - of the page.


    PrevHomeNext
    Using BugzillaUpHints and Tips
    \ No newline at end of file diff --git a/docs/html/http.html b/docs/html/http.html deleted file mode 100644 index a950acce5..000000000 --- a/docs/html/http.html +++ /dev/null @@ -1,535 +0,0 @@ -HTTP Server Configuration
    The Bugzilla Guide - 2.17.5 - Development Release
    PrevChapter 4. InstallationNext

    4.2. HTTP Server Configuration

    The Bugzilla Team recommends Apache when using Bugzilla, however, any web server - that can be configured to run CGI scripts - should be able to handle Bugzilla. No matter what web server you choose, but - especially if you choose something other than Apache, you should be sure to read - Section 4.5.4. -

    The plan for this section is to eventually document the specifics of how to lock - down permissions on individual web servers. -

    4.2.1. Apache httpd

    You will have to make sure that Apache is properly - configured to run the Bugzilla CGI scripts. You also need to make sure - that the .htaccess files created by - ./checksetup.pl are allowed to override Apache's normal access - permissions or else important password information may be exposed to the - Internet. -

    You need to configure Apache to run .cgi files outside the - cgi-bin directory. - Open your - httpd.conf file and make sure the - following line exists and is uncommented:

    
AddHandler cgi-script .cgi
    -        

    To allow .htaccess files to override - permissions and .cgi files to run in the Bugzilla directory, make sure - the following two lines are in a Directory - directive that applies to the Bugzilla directory on your system - (either the Bugzilla directory or one of its parents). -

    
Options +ExecCGI
    -AllowOverride Limit
    -        

    You should modify the <DirectoryIndex> parameter for - the Apache virtual host running your Bugzilla installation to - allow index.cgi as the index page for a - directory, as well as the usual index.html, - index.htm, and so forth.

    For more information on Apache and its directives, see the - glossary entry on Apache. -

    4.2.2. Microsoft Internet Information Services

    If you need, or for some reason even want, to use Microsoft's - Internet Information Services or - Personal Web Server you should be able - to. You will need to configure them to know how to run CGI scripts, - however. This is described in Microsoft Knowledge Base article - Q245225 - for Internet Information Services and - Q231998 - for Personal Web Server. -

    Also, and this can't be stressed enough, make sure that files such as - localconfig and your data - directory are secured as described in Section 4.5.4. -

    4.2.3. AOL Server

    Ben FrantzDale reported success using AOL Server with Bugzilla. He - reported his experience and what appears below is based on that. -

    AOL Server will have to be configured to run - CGI scripts, please consult - the documentation that came with your server for more information on - how to do this. -

    Because AOL Server doesn't support .htaccess - files, you'll have to create a TCL - script. You should create an aolserver/modules/tcl/filter.tcl - file (the filename shouldn't matter) with the following contents (change - /bugzilla/ to the web-based path to - your Bugzilla installation): -

    
ns_register_filter preauth GET /bugzilla/localconfig filter_deny
    -ns_register_filter preauth GET /bugzilla/localconfig~ filter_deny
    -ns_register_filter preauth GET /bugzilla/\#localconfig\# filter_deny
    -ns_register_filter preauth GET /bugzilla/*.pl filter_deny
    -ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny
    -ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny
    -ns_register_filter preauth GET /bugzilla/data/* filter_deny
    -ns_register_filter preauth GET /bugzilla/template/* filter_deny
    -                                                                                
    -proc filter_deny { why } {
    -    ns_log Notice "filter_deny"
    -    return "filter_return"
    -}
    -      

    This probably doesn't account for all possible editor backup - files so you may wish to add some additional variations of - localconfig. For more information, see - bug 186383 or Bugtraq ID 6501. -

    If you are using webdot from research.att.com (the default - configuration for the webdotbase paramater), you - will need to allow access to data/webdot/*.dot - for the reasearch.att.com machine. -

    If you are using a local installation of GraphViz, you will need to allow - everybody to access *.png, - *.gif, *.jpg, and - *.map in the - data/webdot directory. -


    PrevHomeNext
    Step-by-step InstallUpOptional Additional Configuration
    \ No newline at end of file diff --git a/docs/html/index.html b/docs/html/index.html index 02b30cdde..a7831663d 100644 --- a/docs/html/index.html +++ b/docs/html/index.html @@ -1,7 +1,7 @@ The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development Release

    The Bugzilla Team

    2004-01-15

    2004-01-24

    2. IntroductionInstalling Bugzilla
    2.1. What is Bugzilla?Installation
    2.2. Why use a bug-tracking system?Configuration
    2.3. Why use Bugzilla?Optional Additional Configuration
    2.4. OS-Specific Installation Notes
    2.5. Troubleshooting
    3. Using BugzillaAdministering Bugzilla
    3.1. IntroductionBugzilla Configuration
    3.2. Create a Bugzilla AccountUser Administration
    3.3. Anatomy of a BugProducts
    3.4. Searching for BugsComponents
    3.5. Bug ListsVersions
    3.6. Filing BugsMilestones
    3.7. Patch ViewerVoting
    3.8. Hints and TipsGroups and Group Security
    3.9. User Preferences
    3.10. ReportsUpgrading to New Releases
    4. InstallationCustomising Bugzilla
    4.1. Step-by-step InstallTemplate Customization
    4.2. HTTP Server ConfigurationTemplate Hooks
    4.3. Optional Additional ConfigurationCustomizing Who Can Change What
    4.4. OS Specific Installation NotesModifying Your Running System
    4.5. Bugzilla SecurityMySQL Bugzilla Database Introduction
    4.6. TroubleshootingIntegrating Bugzilla with Third-Party Tools
    5. Administering BugzillaUsing Bugzilla
    5.1. Bugzilla ConfigurationIntroduction
    5.2. User AdministrationCreate a Bugzilla Account
    5.3. ProductsAnatomy of a Bug
    5.4. ComponentsSearching for Bugs
    5.5. VersionsBug Lists
    5.6. MilestonesFiling Bugs
    5.7. VotingPatch Viewer
    5.8. Groups and Group SecurityHints and Tips
    5.9. Upgrading to New Releases
    6. Customising Bugzilla
    6.1. Template Customization
    6.2. Customizing Who Can Change What
    6.3. Modifying Your Running System
    6.4. MySQL Bugzilla Database IntroductionUser Preferences
    6.5. Integrating Bugzilla with Third-Party Tools5.10. Reports
    C. Manual Installation of Perl Modules
    C.1. Instructions
    C.2. Download Locations
    D. GNU Free Documentation License
    0. PREAMBLEPreamble
    1. APPLICABILITY AND DEFINITIONSApplicability and Definition
    2. VERBATIM COPYINGVerbatim Copying
    3. COPYING IN QUANTITYCopying in Quantity
    4. MODIFICATIONSModifications
    5. COMBINING DOCUMENTSCombining Documents
    6. COLLECTIONS OF DOCUMENTSCollections of Documents
    7. AGGREGATION WITH INDEPENDENT WORKSAggregation with Independent Works
    8. TRANSLATIONTranslation
    9. TERMINATIONTermination
    10. FUTURE REVISIONS OF THIS LICENSEFuture Revisions of this License
    List of Figures
    4-1. Set Max Packet Size in MySQL
    4-2. Other File::Temp error messages
    4-3. Patch for File::Temp in Perl 5.6.0
    List of Examples
    4-1. Installing perl modules with CPAN
    5-1. 3-1. Upgrading using CVS
    5-2. 3-2. Upgrading using the tarball
    5-3. 3-3. Upgrading using patches
    Manual Installation of Perl Modules
    The Bugzilla Guide - 2.17.7 + Development Release
    PrevNext

    Appendix C. Manual Installation of Perl Modules

    Table of Contents
    C.1. Instructions
    C.2. Download Locations

    PrevHomeNext
    Command-line Search Interface Instructions
    \ No newline at end of file diff --git a/docs/html/installation.html b/docs/html/installation.html index a52e44193..59d76d5e5 100644 --- a/docs/html/installation.html +++ b/docs/html/installation.html @@ -7,17 +7,20 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">
    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development Release
    Next

    If you just want to use Bugzilla, + you do not need to install it. None of this chapter is relevant to + you. Ask your Bugzilla administrator + for the URL to access it over the web. +

    The Bugzilla server software is usually installed on Linux or + Solaris. + If you are installing on another OS, check Section 2.4 + before you start your installation to see if there are any special + instructions. +

    As an alternative to following these instructions, you may wish to + try Arne Schirmacher's unofficial and unsupported + Bugzilla + Installer, which installs Bugzilla and all its prerequisites + on Linux or Solaris systems. +

    This guide assumes that you have administrative access to the + Bugzilla machine. It not possible to + install and run Bugzilla itself without administrative access except + in the very unlikely event that every single prerequisite is + already installed. +

    The installation process may make your machine insecure for + short periods of time. Make sure there is a firewall between you + and the Internet. +

    You are strongly recommended to make a backup of your system + before installing Bugzilla (and at regular intervals thereafter :-). +

    In outline, the installation proceeds as follows: +

    1. Install Perl + (5.6.0 or above) +

    2. Install MySQL + (3.23.41 or above) +

    3. Install a Webserver +

    4. Install Bugzilla +

    5. Install Perl modules +

    6. Configure all of the above. +

    2.1.1. Perl

    Installed Version Test: checksetup.plperl -v

    Any machine that doesn't have Perl on it is a sad machine indeed. + If you don't have it and your OS doesn't provide official packages, + visit http://www.perl.com. + Although Bugzilla runs with Perl 5.6.0, + it's a good idea to be using the latest stable version. + As of this writing, that is Perl 5.8.2.

    2.1.2. MySQL

    Installed Version Test: mysql -V

    If you don't have it and your OS doesn't provide official packages, + visit http://www.mysql.com. You need MySQL version + 3.23.41 or higher. +

    Many of the binary + versions of MySQL store their data files in + /var. + On some Unix systems, this is part of a smaller root partition, + and may not have room for your bug database. To change the data + directory, you have to build MySQL from source yourself, and + set it as an option to configure.

    If you install from something other than a packaging/installation + system (such as .rpm, .dep, .exe, or .msi) make sure the MySQL server + is started when the machine boots. +

    4.1.6. Perl Modules
    4.1.7. Configuring Bugzilla

    4.2. HTTP Server Configuration
    4.2.1. Apache httpd2.1.3. Web Server

    Installed Version Test: view the default welcome page at + http://<your-machine>/

    You have freedom of choice here, pretty much any web server that + is capable of running CGI

    4.2.2. Microsoft Internet Information Services + scripts will work. + However, we strongly recommend using the Apache web server + (either 1.3.x or 2.x), and + the installation instructions usually assume you are + using it. If you have got Bugzilla working using another webserver, + please share your experiences with us by filing a bug in Bugzilla Documentation. +

    If you don't have Apache and your OS doesn't provide official packages, + visit http://httpd.apache.org/. +

    4.2.3. AOL Server
    4.3. Optional Additional Configuration
    4.3.1. Dependency Charts
    4.3.2. Bug Graphs
    4.3.3. The Whining Cron
    4.3.4. LDAP Authentication
    4.3.5. Preventing untrusted Bugzilla content from executing malicious - Javascript code
    4.3.6. Bugzilla and 2.1.4. Bugzilla

    Download a Bugzilla tarball (or check it out from CVS) and place + it in a suitable directory, writable by the default web server user + (probably "nobody"). + Good locations are either directly in the main web space for your + web server or perhaps in + /usr/local + with a symbolic link from the web space. +

    The default Bugzilla distribution is not designed to be placed + in a mod_perlcgi-bin directory. This + includes any directory which is configured using the + ScriptAlias directive of Apache. +

    Once all the files are in a web accessible directory, make that + directory writable by your webserver's user. This is a temporary step + until you run the + checksetup.pl + script, which locks down your installation.

    4.3.7. 2.1.5. Perl Modules

    Bugzilla's installation process is based + on a script called checksetup.pl. + The first thing it checks is whether you have appropriate + versions of all the required + Perl modules. The aim of this section is to pass this check. + When it passes, + do not run it again, + but proceed to Section 2.2. +

    At this point, you need to su to root. You should + remain as root until the end of the install. Then run: +

    bash# ./checksetup.pl

    checksetup.pl will print out a list of the + required and optional Perl modules, together with the versions + (if any) installed on your machine. + The list of required modules is reasonably long; however, you + may already have several of them installed. +

    There is a meta-module called Bundle::Bugzilla, + which installs all the other + modules with a single command. You should use this if you are running + Perl 5.6.1 or above. +

    The preferred way of installing Perl modules is via CPAN on Unix, + or PPM on Windows (see Section 2.4.1.2). These + instructions assume you are using CPAN; if for some reason you need + to install the Perl modules manually, see + Appendix C. +

    bash# perl -MCPAN -e 'install "<modulename>"'

    If you using Bundle::Bugzilla, invoke the magic CPAN command on it. + Otherwise, you need to work down the + list of modules that mod_throttlechecksetup.pl says are + required, in the order given, invoking the command on each. +

    Many people complain that Perl modules will not install for + them. Most times, the error messages complain that they are missing a + file in + "@INC". + Virtually every time, this error is due to permissions being set too + restrictively for you to compile Perl modules or not having the + necessary Perl development libraries installed on your system. + Consult your local UNIX systems administrator for help solving these + permissions issues; if you + are + the local UNIX sysadmin, please consult the newsgroup/mailing list + for further assistance or hire someone to help you out.

    Here is a complete list of modules and their minimum versions. + Some modules have special installation notes, which follow. +

    Required Perl modules: +

    1. AppConfig (1.52) +

    2. CGI (2.93) +

    3. Data::Dumper (any) +

    4. Date::Format (2.21) +

    5. DBI (1.32) +

    6. DBD::mysql + (2.1010) +

    7. File::Spec (0.82) +

    8. File::Temp (any) +

    9. Template + (2.08) +

    10. Text::Wrap (2001.0131) +

    - and Security
    4.4. OS Specific Installation Notes
    4.4.1. Microsoft Windows
    4.4.2. Mac OS X

    1. GD + (1.20) for bug charting +

    2. Chart::Base + (0.99c) for bug charting +

    3. GD::Graph + (any) for bug charting +

    4. GD::Text::Align + (any) for bug charting +

    5. XML::Parser + (any) for the XML interface +

    6. PatchReader + (0.9.1) for pretty HTML view of patches +

    7. MIME::Parser + (any) for the optional email interface +

    +

    2.1.5.1. DBD::mysql

    The installation process will ask you a few questions about the + desired compilation target and your MySQL installation. For most of the + questions the provided default will be adequate, but when asked if your + desired target is the MySQL or mSQL packages, you should + select the MySQL-related ones. Later you will be asked if you wish to + provide backwards compatibility with the older MySQL packages; you + should answer YES to this question. The default is NO.

    A host of 'localhost' should be fine. A testing user of 'test', + with a null password, should have sufficient access to run + tests on the 'test' database which MySQL creates upon installation. +

    2.1.5.2. Template Toolkit (2.08)

    When you install Template Toolkit, you'll get asked various + questions about features to enable. The defaults are fine, except + that it is recommended you use the high speed XS Stash of the Template + Toolkit, in order to achieve best performance. +

    2.1.5.3. GD (1.20)

    The GD module is only required if you want graphical reports. +

    The Perl GD module requires some other libraries that may or + may not be installed on your system, including + libpng + and + libgd. + The full requirements are listed in the Perl GD module README. + If compiling GD fails, it's probably because you're + missing a required library.

    The version of the GD module you need is very closely tied + to the libgd version installed on your system. + If you have a version 1.x of libgd the 2.x + versions of the GD module won't work for you. +

    2.1.5.4. Chart::Base (0.99c)

    The Chart::Base module is only required if you want graphical + reports. + Note that earlier versions that 0.99c used GIFs, which are no longer + supported by the latest versions of GD.

    4.4.3. Linux-Mandrake 8.0
    4.5. Bugzilla Security
    4.5.1. TCP/IP Ports
    4.5.2. MySQL
    4.5.3. Daemon Accounts
    4.5.4. Web Server Access Controls
    4.6. Troubleshooting
    4.6.1. Bundle::Bugzilla makes me upgrade to Perl 5.6.1
    4.6.2. DBD::Sponge::db prepare failed
    4.6.3. cannot chdir(/var/spool/mqueue)
    4.6.4. Your vendor has not defined Fcntl macro O_NOINHERIT
    2.1.5.5. GD::Graph (any)

    The GD::Graph module is only required if you want graphical + reports. +

    2.1.5.6. GD::Text::Align (any)

    The GD::Text::Align module is only required if you want graphical + reports. +

    2.1.5.7. XML::Parser (any)

    The XML::Parser module is only required if you want to import + XML bugs using the importxml.pl + script. This is required to use Bugzilla's "move bugs" feature; + you may also want to use it for migrating from another bug database. + XML::Parser requires that the + expat library is already installed on your machine. +

    2.1.5.8. MIME::Parser (any)

    The MIME::Parser module is only required if you want to use the + email interface + located in the contrib directory. +

    2.1.5.9. PatchReader (0.9.1)

    The PatchReader module is only required if you want to use + Patch Viewer, a + Bugzilla feature to show code patches in your web browser in a more + readable form. +

    PrevNextReportsInstalling Bugzilla UpStep-by-step InstallConfiguration
    Installing Bugzilla
    The Bugzilla Guide - 2.17.7 + Development Release
    PrevNext

    Chapter 2. Installing Bugzilla

    Table of Contents
    2.1. Installation
    2.1.1. Perl
    2.1.2. MySQL
    2.1.3. Web Server
    2.1.4. Bugzilla
    2.1.5. Perl Modules
    2.2. Configuration
    2.2.1. localconfig
    2.2.2. MySQL
    2.2.3. checksetup.pl
    2.2.4. Web server
    2.2.5. Bugzilla
    2.3. Optional Additional Configuration
    2.3.1. Bug Graphs
    2.3.2. Dependency Charts
    2.3.3. The Whining Cron
    2.3.4. Patch Viewer
    2.3.5. LDAP Authentication
    2.3.6. Prevent users injecting malicious + Javascript
    2.3.7. mod_throttle
    2.3.8. TCP/IP Ports
    2.3.9. Daemon Accounts
    2.4. OS-Specific Installation Notes
    2.4.1. Microsoft Windows
    2.4.2. Mac OS X
    2.4.3. Linux-Mandrake 8.0
    2.5. Troubleshooting
    2.5.1. General Advice
    2.5.2. I installed a Perl module, but + checksetup.pl claims it's not installed!
    2.5.3. Bundle::Bugzilla makes me upgrade to Perl 5.6.1
    2.5.4. DBD::Sponge::db prepare failed
    2.5.5. cannot chdir(/var/spool/mqueue)
    2.5.6. Your vendor has not defined Fcntl macro O_NOINHERIT

    PrevHomeNext
    Document Conventions Installation
    \ No newline at end of file diff --git a/docs/html/integration.html b/docs/html/integration.html index afa57d6c9..2e8d18ae3 100644 --- a/docs/html/integration.html +++ b/docs/html/integration.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseChapter 6. Customising BugzillaChapter 4. Customising BugzillaNext6.5. Integrating Bugzilla with Third-Party Tools4.6. Integrating Bugzilla with Third-Party Tools

    6.5.1. Bonsai

    4.6.1. Bonsai

    Bonsai is a web-based tool for managing 6.5.2. CVS4.6.2. CVS

    CVS integration is best accomplished, at this point, using the Bugzilla Email Gateway.

    6.5.3. Perforce SCM4.6.3. Perforce SCM

    You can find the project page for Bugzilla and Teamtrack Perforce integration (p4dti) at: @@ -187,7 +187,7 @@ CLASS="section" >6.5.4. Tinderbox/Tinderbox24.6.4. Tinderbox/Tinderbox2

    Tinderbox is a continuous-build system which can integrate with Bugzilla - see @@ -239,7 +239,7 @@ WIDTH="33%" ALIGN="right" VALIGN="top" >NextThe Bugzilla FAQUsing Bugzilla

    Introduction
    The Bugzilla Guide - 2.17.5 - Development Release
    PrevNext

    Chapter 2. Introduction

    Table of Contents
    2.1. What is Bugzilla?
    2.2. Why use a bug-tracking system?
    2.3. Why use Bugzilla?

    PrevHomeNext
    Document Conventions What is Bugzilla?
    \ No newline at end of file diff --git a/docs/html/list.html b/docs/html/list.html index a1ca441be..63c945b06 100644 --- a/docs/html/list.html +++ b/docs/html/list.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseChapter 3. Using BugzillaChapter 5. Using Bugzilla3.5. Bug Lists5.5. Bug Lists

    If you run a search, a list of matching bugs will be returned.

    The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseChapter 5. Administering BugzillaChapter 3. Administering Bugzilla5.6. Milestones3.6. Milestones

    Milestones are "targets" that you plan to get a bug fixed by. For example, you have a bug that you plan to fix for your 3.0 release, it diff --git a/docs/html/modules-manual-download.html b/docs/html/modules-manual-download.html new file mode 100644 index 000000000..931762d3b --- /dev/null +++ b/docs/html/modules-manual-download.html @@ -0,0 +1,467 @@ +Download Locations

    The Bugzilla Guide - 2.17.7 + Development Release
    PrevAppendix C. Manual Installation of Perl ModulesNext

    C.2. Download Locations

    Note: some modules are in the core distribution of + ActiveState Perl for Windows. Others are not available. + No PPM links have been provided in either of these two cases. +

    CGI: +


    +        CPAN Download Page: http://search.cpan.org/dist/CGI.pm/
    +        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/CGI.zip
    +        Documentation: http://www.perldoc.com/perl5.8.0/lib/CGI.html
    +      

    +

    TimeDate: +


    +        CPAN Download Page: http://search.cpan.org/dist/TimeDate/
    +        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/TimeDate.zip
    +        Documentation: http://search.cpan.org/dist/TimeDate/lib/Date/Format.pm
    +      

    +

    DBI: +


    +        CPAN Download Page: http://search.cpan.org/dist/DBI/
    +        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/DBI.zip
    +        Documentation: http://dbi.perl.org/docs/
    +      

    +

    DBD::mysql: +


    +        CPAN Download Page: http://search.cpan.org/dist/DBD-mysql/
    +        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/DBD-Mysql.zip
    +        Documentation: http://search.cpan.org/dist/DBD-mysql/lib/DBD/mysql.pm
    +      

    +

    File::Spec: +


    +        CPAN Download Page: http://search.cpan.org/dist/File-Spec/
    +        PPM Download Page: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/File-Spec.zip
    +        Documentation: http://www.perldoc.com/perl5.8.0/lib/File/Spec.html
    +      

    +

    File::Temp: +


    +        CPAN Download Page: http://search.cpan.org/dist/File-Temp/
    +        Documentation: http://www.perldoc.com/perl5.8.0/lib/File/Temp.html
    +      

    +

    Template Toolkit: +


    +        CPAN Download Page: http://search.cpan.org/dist/Template-Toolkit/
    +        PPM Download Link: http://openinteract.sourceforge.net/ppmpackages/5.6/Template-Toolkit.tar.gz
    +        Documentation: http://www.template-toolkit.org/docs.html
    +      

    +

    Text::Wrap: +


    +        CPAN Download Page: http://search.cpan.org/dist/Text-Tabs+Wrap/
    +        Documentation: http://www.perldoc.com/perl5.8.0/lib/Text/Wrap.html
    +      

    +

    GD: +


    +        CPAN Download Page: http://search.cpan.org/dist/GD/
    +        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/GD.zip
    +        Documentation: http://stein.cshl.org/WWW/software/GD/
    +      

    +

    Chart::Base: + +


    +        CPAN Download Page: http://search.cpan.org/dist/Chart/
    +      

    +

    GD::Graph: +


    +        CPAN Download Page: http://search.cpan.org/dist/GDGraph/
    +        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/GDGraph.zip
    +        Documentation: http://search.cpan.org/dist/GDGraph/Graph.pm
    +      

    +

    GD::Text::Align: +


    +        CPAN Download Page: http://search.cpan.org/dist/GDTextUtil/
    +        PPM Download Page: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/GDTextUtil.zip
    +        Documentation: http://search.cpan.org/dist/GDTextUtil/Text/Align.pm
    +      

    +

    MIME::Parser: +


    +        CPAN Download Page: http://search.cpan.org/dist/MIME-tools/
    +        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/MIME-tools.zip
    +        Documentation: http://search.cpan.org/dist/MIME-tools/lib/MIME/Parser.pm
    +      

    +

    XML::Parser: +


    +        CPAN Download Page: http://search.cpan.org/dist/XML-Parser/
    +        Documentation: http://www.perldoc.com/perl5.6.1/lib/XML/Parser.html
    +      

    +

    PatchReader: +


    +        CPAN Download Page: http://search.cpan.org/author/JKEISER/PatchReader/
    +        Documentation: http://www.johnkeiser.com/mozilla/Patch_Viewer.html
    +      

    +


    PrevHomeNext
    InstructionsUpGNU Free Documentation License
    \ No newline at end of file diff --git a/docs/html/modules-manual-instructions.html b/docs/html/modules-manual-instructions.html new file mode 100644 index 000000000..e8a880b48 --- /dev/null +++ b/docs/html/modules-manual-instructions.html @@ -0,0 +1,193 @@ +Instructions
    The Bugzilla Guide - 2.17.7 + Development Release
    PrevAppendix C. Manual Installation of Perl ModulesNext

    C.1. Instructions

    If you need to install Perl modules manually, here's how it's done. + Download the module using the link given in the next section, and then + apply this magic incantation, as root: +

    +
    bash# tar -xzvf <module>.tar.gz
    +bash# cd <module>
    +bash# perl Makefile.PL
    +bash# make
    +bash# make test
    +bash# make install
    +


    PrevHomeNext
    Manual Installation of Perl ModulesUpDownload Locations
    \ No newline at end of file diff --git a/docs/html/myaccount.html b/docs/html/myaccount.html index bbe6a250c..4164cffbb 100644 --- a/docs/html/myaccount.html +++ b/docs/html/myaccount.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseChapter 3. Using BugzillaChapter 5. Using Bugzilla3.2. Create a Bugzilla Account5.2. Create a Bugzilla Account

    If you want to use Bugzilla, first you need to create an account. Consult with the administrator responsible for your installation of diff --git a/docs/html/newversions.html b/docs/html/newversions.html index bc326ecb0..3212a5c51 100644 --- a/docs/html/newversions.html +++ b/docs/html/newversions.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development Release1.3. New Versions

    This is the 2.17.5 version of The Bugzilla Guide. It is so named +> This is the 2.17.7 version of The Bugzilla Guide. It is so named to match the current version of Bugzilla. This version of the guide, like its associated Bugzilla version, is a @@ -91,8 +91,8 @@ NAME="newversions" HREF="http://www.bugzilla.org" TARGET="_top" >http://www.bugzilla.org, or checked out via CVS. - (Please follow the , or checked out via CVS by + following the Mozilla @@ -102,12 +102,68 @@ TARGET="_top" CLASS="filename" >mozilla/webtools/bugzilla/docs/ - subtree.) However, you should read the version + subtree. However, you should read the version which came with the Bugzilla release you are using.

    The Bugzilla Guide is currently only available in English. - If you would like to volunteer to translate it, please contact +> The Bugzilla Guide, or a section of it, is also available in + the following languages: + German. +

    + In addition, there are Bugzilla template localisation projects in + the following languages. They may have translated documentation + available: + Belarusian, + Brazilian Portuguese, + Chinese, + French, + German, + Korean, + Russian and + Spanish. +

    + If you would like to volunteer to translate the Guide into additional + languages, please contact OS Specific Installation NotesOS-Specific Installation NotesThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseChapter 4. InstallationChapter 2. Installing BugzillaNext4.4. OS Specific Installation Notes2.4. OS-Specific Installation Notes

    Many aspects of the Bugzilla installation can be affected by the the operating system you choose to install it on. Sometimes it can be made @@ -100,9 +100,9 @@ CLASS="section" >4.4.1. Microsoft Windows2.4.1. Microsoft Windows

    Making Bugzilla work on windows is still a painful processes. +>Making Bugzilla work on Windows is still a painful processes. The Bugzilla Team is working to make it easier, but that goal is not considered a top priority. If you wish to run Bugzilla, we still recommend doing so on a Unix based system such as GNU/Linux. As of this @@ -114,9 +114,9 @@ NAME="os-win32" installing Bugzilla on Win32, here are some pointers. Because this is a development version of the guide, these instructions - are subject to change without notice. In fact, the Bugzilla Team hopes - they do as we would like to have Bugzilla resonabally close to "out of - the box" compatibility by the 2.18 release. + are subject to change without notice. In fact, the Bugzilla Team hopes + to have Bugzilla reasonably close to "out of + the box" compatibility with Windows by the 2.18 release.

    4.4.1.1. Win32 Perl2.4.1.1. Win32 Perl

    Perl for Windows can be obtained from 4.4.1.2. Perl Modules on Win322.4.1.2. Perl Modules on Win32

    Bugzilla on Windows requires the same perl modules found in Section 4.1.6Section 2.1.5. The main difference is that windows uses

    A complete list of modules that can be installed using ppm can - be found at http://www.activestate.com/PPMPackages/5.6plus. -

    4.4.1.3. Code changes required to run on win322.4.1.3. Code changes required to run on win32

    As Bugzilla still doesn't run "out of the box" on - Windows, code has to be modified. This section is an attempt to - list the required changes. + Windows, code has to be modified. This section lists the required + changes.

    4.4.1.3.1. Changes to 2.4.1.3.1. Changes to checksetup.pl4.4.1.3.2. Changes to 2.4.1.3.2. Changes to BugMail.pm

    To make bug e-mail work on Win32 (until +>To make bug email work on Win32 (until

    Don't forget to change the name of your SMTP server and the - domain of the sending e-mail address (after the '@') in the above + domain of the sending email address (after the '@') in the above lines of code.

    4.4.1.4. Serving the web pages2.4.1.4. Serving the web pages

    As is the case on Unix based systems, any web server should be able to handle Bugzilla; however, the Bugzilla Team still recommends Apache whenever asked. No matter what web server you choose, be sure to pay attention to the security notes in Section 4.5.4Section 2.2.4.4. More information on configuring specific web servers can be found in Section 4.2Section 2.2.4.

    ScriptInterpreterSource - directive in your Apache config, if you don't do this, you'll have + directive in your Apache config to avoid having to modify the first line of every script to contain your path to perl instead of 4.4.2. 2.4.2. Mac OS X

    There are a lot of common libraries and utilities out there that - Apple did not include with Mac OS X, but which run perfectly well on it. - The GD library, which Bugzilla needs to do bug graphs, is one of - these.

    Apple did not include the GD library with Mac OS X. Bugzilla + needs this for bug graphs.

    The easiest way to get a lot of these is with a program called +>You can install it using a program called Fink, which is similar in nature to the CPAN installer, but installs common GNU utilities. Fink is available from .

    Follow the instructions for setting up Fink. Once it's installed, - you'll want to use it to install the gd2 package. + you'll want to use it to install the gd2 package.

    It will prompt you for a number of dependencies, type 'y' and hit @@ -530,7 +499,7 @@ CLASS="glossterm" >CPAN to - install the GD perl module. + install the GD Perl module.

    Also available via Fink is expat. Once running using fink to +>Also available via Fink is expat. After using fink to install the expat package you will be able to install XML::Parser using CPAN. There is one caveat. Unlike recent versions of the GD module, XML::Parser doesn't prompt for the location of the @@ -692,7 +661,7 @@ CLASS="section" >4.4.3. Linux-Mandrake 8.02.4.3. Linux-Mandrake 8.0

    Linux-Mandrake 8.0 includes every required and optional library for Bugzilla. The easiest way to install them is by using the @@ -780,7 +749,7 @@ BORDER="0" ALT="(1)">

    for Bugzilla e-mail integration
    for Bugzilla email integration
    NextUpBugzilla SecurityTroubleshootingThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseChapter 5. Administering BugzillaChapter 3. Administering Bugzilla5.1. Bugzilla Configuration3.1. Bugzilla Configuration

    Bugzilla is configured by changing various parameters, accessed from the "Edit parameters" link in the page footer. Here are diff --git a/docs/html/patches.html b/docs/html/patches.html index 201d896ef..4c49e3efc 100644 --- a/docs/html/patches.html +++ b/docs/html/patches.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseThe Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseChapter 3. Using BugzillaChapter 5. Using Bugzilla3.7. Patch Viewer5.7. Patch Viewer

    Viewing and reviewing patches in Bugzilla is often difficult due to lack of context, improper format and the inherent readability issues that @@ -135,7 +135,7 @@ CLASS="section" >3.7.1. Viewing Patches in Patch Viewer5.7.1. Viewing Patches in Patch Viewer

    The main way to view a patch in patch viewer is to click on the "Diff" link next to a patch in the Attachments list on a bug. You may @@ -149,7 +149,7 @@ CLASS="section" >3.7.2. Seeing the Difference Between Two Patches5.7.2. Seeing the Difference Between Two Patches

    To see the difference between two patches, you must first view the newer patch in Patch Viewer. Then select the older patch from the @@ -164,7 +164,7 @@ CLASS="section" >3.7.3. Getting More Context in a Patch5.7.3. Getting More Context in a Patch

    To get more context in a patch, you put a number in the textbox at the top of Patch Viewer ("Patch / File / [textbox]") and hit enter. @@ -180,7 +180,7 @@ CLASS="section" >3.7.4. Collapsing and Expanding Sections of a Patch5.7.4. Collapsing and Expanding Sections of a Patch

    To view only a certain set of files in a patch (for example, if a patch is absolutely huge and you want to only review part of it at a @@ -196,7 +196,7 @@ CLASS="section" >3.7.5. Linking to a Section of a Patch5.7.5. Linking to a Section of a Patch

    To link to a section of a patch (for example, if you want to be able to give someone a URL to show them which part you are talking @@ -211,7 +211,7 @@ CLASS="section" >3.7.6. Going to Bonsai and LXR5.7.6. Going to Bonsai and LXR

    To go to Bonsai to get blame for the lines you are interested in, you can click the "Lines XX-YY" link on the section header you are @@ -229,7 +229,7 @@ CLASS="section" >3.7.7. Creating a Unified Diff5.7.7. Creating a Unified Diff

    If the patch is not in a format that you like, you can turn it into a unified diff format by clicking the "Raw Unified" link at the top diff --git a/docs/html/products.html b/docs/html/products.html index 7debc465f..ed877b018 100644 --- a/docs/html/products.html +++ b/docs/html/products.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseChapter 5. Administering BugzillaChapter 3. Administering Bugzilla5.3. Products3.3. Products

    Product, Component, Milestone, and Version Administration

    The Bugzilla Guide - 2.17.5 - Development Release
    PrevChapter 5. Administering BugzillaNext

    5.3. Product, Component, Milestone, and Version Administration

    5.3.1. Products

    Products - - are the broadest category in Bugzilla, and tend to represent real-world - shipping products. E.g. if your company makes computer games, - you should have one product per game, perhaps a "Common" product for - units of technology used in multiple games, and maybe a few special - products (Website, Administration...)

    Many of Bugzilla's settings are configurable on a per-product - basis. The number of "votes" available to users is set per-product, - as is the number of votes - required to move a bug automatically from the UNCONFIRMED status to the - NEW status.

    To create a new product:

    1. Select "products" from the footer

    2. Select the "Add" link in the bottom right

    3. Enter the name of the product and a description. The - Description field may contain HTML.

    Don't worry about the "Closed for bug entry", "Maximum Votes - per person", "Maximum votes a person can put on a single bug", - "Number of votes a bug in this Product needs to automatically get out - of the UNCOMFIRMED state", and "Version" options yet. We'll cover - those in a few moments. -

    5.3.2. Components

    Components are subsections of a Product. E.g. the computer game - you are designing may have a "UI" - component, an "API" component, a "Sound System" component, and a - "Plugins" component, each overseen by a different programmer. It - often makes sense to divide Components in Bugzilla according to the - natural divisions of responsibility within your Product or - company.

    Each component has a owner and (if you turned it on in the parameters), - a QA Contact. The owner should be the primary person who fixes bugs in - that component. The QA Contact should be the person who will ensure - these bugs are completely fixed. The Owner, QA Contact, and Reporter - will get email when new bugs are created in this Component and when - these bugs change. Default Owner and Default QA Contact fields only - dictate the - default assignments; - these can be changed on bug submission, or at any later point in - a bug's life.

    To create a new Component:

    1. Select the "Edit components" link from the "Edit product" - page

    2. Select the "Add" link in the bottom right.

    3. Fill out the "Component" field, a short "Description", - the "Initial Owner" and "Initial QA Contact" (if enabled.) - The Component and Description fields may contain HTML; - the "Initial Owner" field must be a login name - already existing in the database. -

    5.3.3. Versions

    Versions are the revisions of the product, such as "Flinders - 3.1", "Flinders 95", and "Flinders 2000". Version is not a multi-select - field; the usual practice is to select the most recent version with - the bug. -

    To create and edit Versions:

    1. From the "Edit product" screen, select "Edit Versions"

    2. You will notice that the product already has the default - version "undefined". Click the "Add" link in the bottom right.

    3. Enter the name of the Version. This field takes text only. - Then click the "Add" button.

    5.3.4. Milestones

    Milestones are "targets" that you plan to get a bug fixed by. For - example, you have a bug that you plan to fix for your 3.0 release, it - would be assigned the milestone of 3.0.

    Milestone options will only appear for a Product if you turned - on the "usetargetmilestone" Param in the "Edit Parameters" screen. -

    To create new Milestones, set Default Milestones, and set - Milestone URL:

    1. Select "Edit milestones" from the "Edit product" page.

    2. Select "Add" in the bottom right corner. - text

    3. Enter the name of the Milestone in the "Milestone" field. You - can optionally set the "sortkey", which is a positive or negative - number (-255 to 255) that defines where in the list this particular - milestone appears. This is because milestones often do not - occur in alphanumeric order For example, "Future" might be - after "Release 1.2". Select "Add".

    4. From the Edit product screen, you can enter the URL of a - page which gives information about your milestones and what - they mean.

      If you want your milestone document to be restricted so - that it can only be viewed by people in a particular Bugzilla - group, the best way is to attach the document to a bug in that - group, and make the URL the URL of that attachment.


    PrevHomeNext
    User AdministrationUpVoting
    \ No newline at end of file diff --git a/docs/html/query.html b/docs/html/query.html index 6382f3742..cda12246d 100644 --- a/docs/html/query.html +++ b/docs/html/query.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseChapter 3. Using BugzillaChapter 5. Using Bugzilla3.4. Searching for Bugs5.4. Searching for Bugs

    The Bugzilla Search page is is the interface where you can find any bug report, comment, or patch currently in the Bugzilla system. You diff --git a/docs/html/reporting.html b/docs/html/reporting.html index fffd92a02..64f739508 100644 --- a/docs/html/reporting.html +++ b/docs/html/reporting.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleaseChapter 3. Using BugzillaChapter 5. Using BugzillaNext3.10. Reports5.10. Reports

    To be writtenNextInstallationThe Bugzilla FAQApache - mod_rewrite - - magic

    The Bugzilla Guide - 2.17.5 - Development Release
    PrevAppendix B. Useful Patches and Utilities for BugzillaNext

    B.1. Apache - mod_rewrite - - magic

    Apache's - mod_rewrite - - module lets you do some truly amazing things with URL rewriting. Here are - a couple of examples of what you can do.

    1. Make it so if someone types - http://www.foo.com/12345 - - , Bugzilla spits back http://www.foo.com/show_bug.cgi?id=12345. Try - setting up your VirtualHost section for Bugzilla with a rule like - this:

      
<VirtualHost 12.34.56.78>
      -RewriteEngine On
      -RewriteRule ^/([0-9]+)$ http://foo.bar.com/show_bug.cgi?id=$1 [L,R]
      -</VirtualHost>
      -
    2. There are many, many more things you can do with mod_rewrite. - Please refer to the mod_rewrite documentation at - http://www.apache.org. -


    PrevHomeNext
    Useful Patches and Utilities for BugzillaUpCommand-line Bugzilla Queries
    \ No newline at end of file diff --git a/docs/html/security.html b/docs/html/security.html deleted file mode 100644 index 4bf56506e..000000000 --- a/docs/html/security.html +++ /dev/null @@ -1,686 +0,0 @@ -Bugzilla Security
    The Bugzilla Guide - 2.17.5 - Development Release
    PrevChapter 4. InstallationNext

    4.5. Bugzilla Security

    Poorly-configured MySQL and Bugzilla installations have - given attackers full access to systems in the past. Please take these - guidelines seriously, even for Bugzilla machines hidden away behind - your firewall. 80% of all computer trespassers are insiders, not - anonymous crackers.

    This is not meant to be a comprehensive list of every possible - security issue pertaining to the software mentioned in this section. - There is - no subsitute for reading the information written by the authors of any - software running on your system. -

    4.5.1. TCP/IP Ports

    TCP/IP defines 65,000 some ports for trafic. Of those, Bugzilla - only needs 1, or 2 if you need to use features that require e-mail such - as bug moving or the e-mail interface from contrib. You should audit - your server and make sure that you aren't listening on any ports you - don't need to be. You may also wish to use some kind of firewall - software to be sure that trafic can only be recieved on ports you - specify. -

    4.5.2. MySQL

    MySQL ships by default with many settings that should be changed. - By defaults it allows anybody to connect from localhost without a - password and have full administrative capabilities. It also defaults to - not have a root password (this is not the same as - the system root). Also, many installations default to running - mysqld as the system root. -

    1. Consult the documentation that came with your system for - information on making mysqld run as an - unprivleged user. -

    2. You should also be sure to disable the anonymous user account - and set a password for the root user. This is accomplished using the - following commands: -

      
bash$ mysql mysql
      -mysql> DELETE FROM user WHERE user = '';
      -mysql> UPDATE user SET password = password('new_password') WHERE user = 'root';
      -mysql> FLUSH PRIVILEGES;
      -          

      From this point forward you will need to use - mysql -u root -p and enter - new_password when prompted when using the - mysql client. -

    3. If you run MySQL on the same machine as your httpd server, you - should consider disabling networking from within MySQL by adding - the following to your /etc/my.conf: -

      
[myslqd]
      -# Prevent network access to MySQL.
      -skip-networking
      -          
    4. You may also consider running MySQL, or even all of Bugzilla - in a chroot jail; however, instructions for doing that are beyond - the scope of this document. -

    4.5.3. Daemon Accounts

    Many daemons, such as Apache's httpd and MySQL's mysqld default to - running as either "root" or "nobody". Running - as "root" introduces obvious security problems, but the - problems introduced by running everything as "nobody" may - not be so obvious. Basically, if you're running every daemon as - "nobody" and one of them gets compromised, they all get - compromised. For this reason it is recommended that you create a user - account for each daemon. -

    You will need to set the webservergroup to - the group you created for your webserver to run as in - localconfig. This will allow - ./checksetup.pl to better adjust the file - permissions on your Bugzilla install so as to not require making - anything world-writable. -

    4.5.4. Web Server Access Controls

    There are many files that are placed in the Bugzilla directory - area that should not be accessable from the web. Because of the way - Bugzilla is currently laid out, the list of what should and should - not be accessible is rather complicated. -

    Users of Apache don't need to worry about this, however, because - Bugzilla ships with .htaccess files which restrict access to all the - sensitive files in this section. Users of other webservers, read on. -

    • In the main Bugzilla directory, you should:

      • Block: - *.pl, *localconfig*, runtests.sh -

      • But allow: - localconfig.js, localconfig.rdf -

    • In data:

      • Block everything

      • But allow: - duplicates.rdf -

    • In data/webdot:

      • If you use a remote webdot server:

        • Block everything

        • But allow - *.dot - only for the remote webdot server

      • Otherwise, if you use a local GraphViz:

        • Block everything

        • But allow: - *.png, *.gif, *.jpg, *.map -

      • And if you don't use any dot:

        • Block everything

    • In Bugzilla:

      • Block everything

    • In template:

      • Block everything

    You should test to make sure that the files mentioned above are - not accessible from the Internet, especially your - localconfig file which contains your database - password. To test, simply point your web browser at the file; for - example, to test mozilla.org's installation, we'd try to access - http://bugzilla.mozilla.org/localconfig. You should - get a 403 Forbidden - error. -

    Not following the instructions in this section, including - testing, may result in sensitive information being globally - accessible. -

    You should check Section 4.2 to see if instructions - have been included for your web server. You should also compare those - instructions with this list to make sure everything is properly - accounted for. -


    PrevHomeNext
    OS Specific Installation NotesUpTroubleshooting
    \ No newline at end of file diff --git a/docs/html/stepbystep.html b/docs/html/stepbystep.html deleted file mode 100644 index d06ac7c09..000000000 --- a/docs/html/stepbystep.html +++ /dev/null @@ -1,1993 +0,0 @@ -Step-by-step Install
    The Bugzilla Guide - 2.17.5 - Development Release
    PrevChapter 4. InstallationNext

    4.1. Step-by-step Install

    Bugzilla has been successfully installed under many different - operating systems including almost all Unix clones and - Microsoft Windows. Many - operating systems have utilities that make installation easier or quirks - that make it harder. We have tried to collect that information in - Section 4.4, so unless you are on Linux, - be sure to check out that section before - you start your installation. -

    Windows is one of those operating systems that has many quirks - and is not yet officially supported by the Bugzilla team. If you wish - to install Bugzilla on Windows, be sure to see - Section 4.4.1. -

    While installing Bugzilla, it is a good idea to ensure that there - is some kind of configurable firewall between you and the rest of the - Internet - as your machine may be insecure for periods during the install. Many - installation steps require an active Internet connection to complete, - but you must take care to ensure that at no point is your machine - vulnerable to an attack.

    This guide assumes that you already have your operating system - installed, network configured, and have administrative access to the - machine onto which you are installing Bugzilla. It is possible to - install and run Bugzilla itself without administrative access, but you - have to - either make sure all the required software is installed or get somebody - with administrative access to install it for you. -

    You are strongly recommended to make a backup of your system - before installing Bugzilla (and at regular intervals thereafter :-). -

    Here's a basic step-by-step list: -

    4.1.1. Perl

    Any machine that doesn't have Perl on it is a sad machine indeed. - If your OS doesn't come with it, Perl can be got in source form - from http://www.perl.com. - There are also binary versions available for many platforms, most of which - are linked to from perl.com. - Although Bugzilla runs with perl 5.6.0, - it's a good idea to be up to the very latest version - if you can when running Bugzilla. As of this writing, that is Perl - version 5.8.2.

    4.1.2. MySQL

    If your OS doesn't come with it or provide official packages, - visit the MySQL homepage at - http://www.mysql.com - to grab and install the latest stable release of the server. -

    Many of the binary - versions of MySQL store their data files in - /var. - On some Unix systems, this is part of a smaller root partition, - and may not have room for your bug database. You can set the data - directory as an option to configure - if you build MySQL from source yourself.

    If you install from something other than a packaging/installation - system (such as .rpm, .dep, .exe, or .msi) you will need to configure - your system so the MySQL server daemon will come back up whenever - your machine reboots. -

    If you wish to have attachments larger than 64K, you will have to - configure MySQL to accept large packets. This is done by adding the text - in Figure 4-1 to your - my.conf file. There is also a parameter in Bugzilla - for setting the maximum allowable attachment size. - - You should set this value to be slightly larger than that parameter. -

    Figure 4-1. Set Max Packet Size in MySQL

    
[mysqld]
    -# Allow packets up to 1M
    -set-variable = max_allowed_packet=1M
    -        

    If you are running Bugzilla and MySQL on the same machine, you may - also wish to utilize the --skip-networking option as - mentioned in Section 4.5.2 for the added security. -

    4.1.2.1. Adding a user to MySQL

    This first thing you'll want to do is make sure you've given the - "root" user a password as suggested in - Section 4.5.2. Then, you need to add a user for - Bugzilla to use. For clarity, these instructions will - assume that your MySQL user for Bugzilla will be "bugs_user", - the database will be called "bugs_db" and the password for - the "bugs_user" user is "bugs_password". You - should, of course, substitute the values you intend to use for your site. -

    Most people use "bugs" for both the user and - database name. Don't use it for the password, though... -

    We use an SQL GRANT command to create a - "bugs_user" - user. This also restricts the - "bugs_user" - user to operations within a database called - "bugs_db", and only allows the account to connect from - "localhost". - Modify it to reflect your setup if you will be connecting from - another machine or as a different user.

    
  mysql> GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE,
    -         DROP,REFERENCES ON bugs_db.* TO bugs_user@localhost
    -         IDENTIFIED BY 'bugs_password';
    -  mysql> FLUSH PRIVILEGES;
    -        

    If you are using MySQL 4, the bugs user also needs to be granted - the LOCK TABLES and - CREATE TEMPORARY TABLES permissions, - so add them to the list in the - GRANT command. -

    4.1.3. HTTP Server

    You have freedom of choice here, pretty much any web server that - is capable of running CGI - scripts will work. Section 4.2 has more information about - configuring web servers to work with Bugzilla. -

    We strongly recommend Apache as the web server to use. The - Bugzilla Guide installation instructions, in general, assume you are - using Apache. If you have got Bugzilla working using another webserver, - please share your experiences with us by filing a bug in Bugzilla Documentation. -

    4.1.4. Bugzilla

    You should untar the Bugzilla files into a directory that you're - willing to make writable by the default web server user (probably - "nobody"). - You may decide to put the files in the main web space for your - web server or perhaps in - /usr/local - with a symbolic link in the web space that points to the Bugzilla - directory.

    If you symlink the bugzilla directory into your Apache's - html - hierarchy, you may receive - Forbidden - errors unless you add the - FollowSymLinks - directive to the <Directory> entry for - the HTML root directory in httpd.conf.

    The default Bugzilla distribution is not designed to be placed - in a cgi-bin directory (this - includes any directory which is configured using the - ScriptAlias directive of Apache). -

    Once all the files are in a web accessible directory, make that - directory writable by your webserver's user. This is a temporary step - until you run the post-install - checksetup.pl - script, which locks down your installation.

    4.1.5. checksetup.pl

    Next, run the magic checksetup.pl script. - This is designed to check whether you have all of the right - Perl modules in the correct - versions, and that Bugzilla is generally set up correctly. -

    Eventually, - it will make sure Bugzilla files and directories have reasonable - permissions, set up the - data - directory, and create all the MySQL tables. But the first time you - run it, it's highly likely to tell you that you are missing a few - Perl modules. Make a note of which ones they are, and then proceed to - the next section to install them. -

    
bash# ./checksetup.pl
    -      

    The first time you run it with all the correct modules installed, - it will create a file called - localconfig.

    This file contains a variety of settings you may need to tweak - including how Bugzilla should connect to the MySQL database.

    The connection settings include: -

    1. server's host: just use - "localhost" - if the MySQL server is local

    2. database name: - "bugs_db" - if you're following these directions

    3. MySQL username: - "bugs_user" - if you're following these directions

    4. Password for the - "bugs_user" - MySQL account; ("bugs_password" above)

    -

    Edit the file to change these. Once you are happy with the - settings, su to the user - your web server runs as, and re-run - checksetup.pl. (Note: on some security-conscious - systems, you may need to change the login shell for the webserver - account before you can do this.) - On this second run, it will create the database and an administrator - account for which you will be prompted to provide information.

    The checksetup.pl script is designed so that you can run it at - any time without causing harm. You should run it after any upgrade to - Bugzilla.

    4.1.6. Perl Modules

    Don't be intimidated by this long list of modules. See - Section 4.1.6.1 for a way of - installing all the ones you need with a single command. -

    Perl modules can be found using - CPAN on Unix based systems or - PPM on Win32. -

    Good instuctions can be found for using each of these services on - their respective websites. The basics can be found in - Example 4-1 for CPAN and - Section 4.4.1.2 for PPM. -

    Example 4-1. Installing perl modules with CPAN

    The easy way: -
    
bash# perl -MCPAN -e 'install "<modulename>"'
    -          
    -

    Or the hard way: -
    
bash# tar xzvf <module>.tar.gz     
    -bash# cd <module>                  
    -bash# perl Makefile.PL
    -bash# make
    -bash# make test
    -bash# make install
    -          
    -

    This assumes that you've already downloaded the - <module>.tar.gz to the current working - directory. -
    The process of untarring the module as defined in - will create the - <module> directory. -
    -

    Many people complain that Perl modules will not install for - them. Most times, the error messages complain that they are missing a - file in - "@INC". - Virtually every time, this error is due to permissions being set too - restrictively for you to compile Perl modules or not having the - necessary Perl development libraries installed on your system. - Consult your local UNIX systems administrator for help solving these - permissions issues; if you - are - the local UNIX sysadmin, please consult the newsgroup/mailing list - for further assistance or hire someone to help you out.

    Perl Modules (minimum version): -

    1. Bundle::Bugzilla - (Will allow you to skip the rest) -

    2. CGI - (2.88) -

    3. Date::Format - (2.21) -

    4. DBI - (1.32) -

    5. DBD::mysql - (2.1010) -

    6. File::Spec - (0.82) -

    7. File::Temp - (any) -

    8. Template Toolkit - (2.08) -

    9. Text::Wrap - (2001.0131) -

    - - and, optionally: -

    1. GD - (1.20) for bug charting -

    2. Chart::Base - (0.99c) for bug charting -

    3. XML::Parser - (any) for the XML interface -

    4. GD::Graph - (any) for bug charting -

    5. GD::Text::Align - (any) for bug charting -

    6. MIME::Parser - (any) for the email interface -

    7. PatchReader - (0.9.1) for pretty HTML view of patches -

    -

    4.1.6.1. Bundle::Bugzilla

    If you are running at least perl 5.6.1, you can save yourself a lot - of time by using Bundle::Bugzilla. This bundle contains every module - required to get Bugzilla running. It does not include GD and friends, but - these are not required for a base install and can always be added later - if the need arises. -

    Assuming your perl was installed with CPAN (most unix installations - are), using Bundle::Bugzilla is really easy. Simply follow along with the - commands below. -

    
bash# perl -MCPAN -eshell              
    -cpan shell -- CPAN exploration and modules installation (v1.63)
    -ReadLine support enabled
    -
    -cpan>
    -
    -        
    At this point, unless you've used CPAN on this machine before, - you'll have to go through a series of configuration steps. -

    4.1.6.2. CGI (2.88)

    The CGI module parses form elements and cookies and does many - other usefule things. It come as a part of recent perl distributions, but - Bugzilla needs a fairly new version. -


    -        CPAN Download Page: http://search.cpan.org/dist/CGI.pm/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/CGI.zip
    -        Documentation: http://www.perldoc.com/perl5.8.0/lib/CGI.html
    -      

    4.1.6.3. TimeDate modules (2.21)

    Many of the more common date/time/calendar related Perl modules - have been grouped into a bundle similar to the MySQL modules bundle. - This bundle is stored on the CPAN under the name TimeDate. - The component module we're most interested in is the Date::Format - module, but installing all of them is probably a good idea anyway. -


    -        CPAN Download Page: http://search.cpan.org/dist/TimeDate/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/TimeDate.zip
    -        Documentation: http://search.cpan.org/dist/TimeDate/lib/Date/Format.pm
    -      

    4.1.6.4. DBI (1.32)

    The DBI module is a generic Perl module used the - MySQL-related modules. As long as your Perl installation was done - correctly the DBI module should be a breeze. It's a mixed Perl/C - module, but Perl's MakeMaker system simplifies the C compilation - greatly.


    -        CPAN Download Page: http://search.cpan.org/dist/DBI/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/DBI.zip
    -        Documentation: http://dbi.perl.org/doc/
    -      

    4.1.6.5. MySQL-related modules

    The Perl/MySQL interface requires a few mutually-dependent Perl - modules. These modules are grouped together into the the - Msql-Mysql-modules package.

    The MakeMaker process will ask you a few questions about the - desired compilation target and your MySQL installation. For most of the - questions the provided default will be adequate, but when asked if your - desired target is the MySQL or mSQL packages, you should - select the MySQL related ones. Later you will be asked if you wish to - provide backwards compatibility with the older MySQL packages; you - should answer YES to this question. The default is NO.

    A host of 'localhost' should be fine and a testing user of 'test' - with a null password should find itself with sufficient access to run - tests on the 'test' database which MySQL created upon installation. -


    -        CPAN Download Page: http://search.cpan.org/dist/DBD-mysql/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/DBD-Mysql.zip
    -        Documentation: http://search.cpan.org/dist/DBD-mysql/lib/DBD/mysql.pod
    -      

    4.1.6.6. File::Spec (0.82)

    File::Spec is a perl module that allows file operations, such as - generating full path names, to work cross platform. -


    -        CPAN Download Page: http://search.cpan.org/dist/File-Spec/
    -        PPM Download Page: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/File-Spec.zip
    -        Documentation: http://www.perldoc.com/perl5.8.0/lib/File/Spec.html
    -      

    4.1.6.7. File::Temp (any)

    File::Temp is used to generate a temporary filename that is - guaranteed to be unique. It comes as a standard part of perl -


    -        CPAN Download Page: http://search.cpan.org/dist/File-Spec/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/File-Spec.zip
    -        Documentation: http://www.perldoc.com/perl5.8.0/lib/File/Temp.html
    -      

    4.1.6.8. Template Toolkit (2.08)

    When you install Template Toolkit, you'll get asked various - questions about features to enable. The defaults are fine, except - that it is recommended you use the high speed XS Stash of the Template - Toolkit, in order to achieve best performance. -


    -        CPAN Download Page: http://search.cpan.org/dist/Template-Toolkit/
    -        PPM Download Link: http://openinteract.sourceforge.net/ppmpackages/5.6/Template-Toolkit.tar.gz
    -        Documentation: http://www.template-toolkit.org/docs.html
    -      

    4.1.6.9. Text::Wrap (2001.0131)

    Text::Wrap is designed to proved intelligent text wrapping. -


    -        CPAN Download Page: http://search.cpan.org/dist/Text-Tabs+Wrap/
    -        Documentation: http://www.perldoc.com/perl5.8.0/lib/Text/Wrap.html
    -      

    4.1.6.10. GD (1.20) [optional]

    You need the GD library if you want any of the graphing to work. -

    The Perl GD library requires some other libraries that may or - may not be installed on your system, including - libpng - and - libgd. - The full requirements are listed in the Perl GD library README. - If compiling GD fails, it's probably because you're - missing a required library.

    The version of the GD perl module you need is very closely tied - to the libgd version installed on your system. - If you have a version 1.x of libgd the 2.x - versions of the GD perl module won't work for you. -


    -        CPAN Download Page: http://search.cpan.org/dist/GD/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/GD.zip
    -        Documentation: http://stein.cshl.org/WWW/software/GD/
    -      

    4.1.6.11. Chart::Base (0.99c) [optional]

    The Chart module provides Bugzilla with on-the-fly charting - abilities. It can be installed in the usual fashion after it has been - fetched from CPAN. - Note that earlier versions that 0.99c used GIFs, which are no longer - supported by the latest versions of GD.


    -        CPAN Download Page: http://search.cpan.org/dist/Chart/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/Chart.zip
    -      

    4.1.6.12. XML::Parser (any) [optional]

    XML::Parser is used by the importxml.pl - script. You only need it if you are going to be importing bugs (such as - for bug moving). XML::Parser requires that the - expat library is already installed on your machine. -


    -        CPAN Download Page: http://search.cpan.org/dist/XML-Parser/
    -        Documentation: http://www.perldoc.com/perl5.6.1/lib/XML/Parser.html
    -      

    4.1.6.13. GD::Graph (any) [optional]

    In addition to GD listed above, the reporting interface of Bugzilla - needs to have the GD::Graph module installed. -


    -        CPAN Download Page: http://search.cpan.org/dist/GDGraph/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/GDGraph.zip
    -        Documentation: http://search.cpan.org/dist/GDGraph/Graph.pm
    -      

    4.1.6.14. GD::Text::Align (any) [optional]

    GD::Text::Align, as the name implies, is used to draw aligned - strings of text. It is needed by the reporting interface. -


    -        CPAN Download Page: http://search.cpan.org/dist/GDTextUtil/
    -        PPM Download Page: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/GDTextUtil.zip
    -        Documentation: http://search.cpan.org/dist/GDTextUtil/Text/Align.pm
    -      

    4.1.6.15. MIME::Parser (any) [optional]

    MIME::Parser is only needed if you want to use the e-mail interface - located in the contrib directory. -


    -        CPAN Download Page: http://search.cpan.org/dist/MIME-tools/
    -        PPM Download Link: http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/MIME-tools.zip
    -        Documentation: http://search.cpan.org/dist/MIME-tools/lib/MIME/Parser.pm
    -      

    4.1.6.16. PatchReader (0.9.1) [optional]

    PatchReader is only needed if you want to use Patch Viewer, a - Bugzilla feature to format patches in a pretty HTML fashion. There are a - number of optional parameters you can configure Patch Viewer with as well, - including cvsroot, cvsroot_get, lxr_root, bonsai_url, lxr_url, and - lxr_root. Patch Viewer also optionally will use cvs, diff and interdiff - utilities if they exist on the system (interdiff can be found in the - patchutils package at http://cyberelk.net/tim/patchutils/. - These programs' locations can be configured in localconfig. -


    -        CPAN Download Page: http://search.cpan.org/author/JKEISER/PatchReader/
    -        Documentation: http://www.johnkeiser.com/mozilla/Patch_Viewer.html
    -      

    4.1.7. Configuring Bugzilla

    Once checksetup.pl has run successfully, Bugzilla should start up. - Proceed to the correct URL and log in with the administrator account - you defined in the last checksetup.pl run. -

    You should run through the parameters on the Edit Parameters page - (link in the footer) and set them all to appropriate values. - They key parameters are documented in Section 5.1. -


    PrevHomeNext
    InstallationUpHTTP Server Configuration
    \ No newline at end of file diff --git a/docs/html/troubleshooting.html b/docs/html/troubleshooting.html index 61a3624a7..5ea13534b 100644 --- a/docs/html/troubleshooting.html +++ b/docs/html/troubleshooting.html @@ -7,15 +7,15 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">The Bugzilla Guide - 2.17.5 +>The Bugzilla Guide - 2.17.7 Development ReleasePrevChapter 4. InstallationChapter 2. Installing Bugzilla4.6. Troubleshooting2.5. Troubleshooting

    This section gives solutions to common Bugzilla installation - problems. + problems. If none of the section headings seems to match your + problem, read the general advice.

    4.6.1. Bundle::Bugzilla makes me upgrade to Perl 5.6.1

    2.5.1. General Advice

    If you can't get checksetup.pl to run to + completion, it normally explains what's wrong and how to fix it. + If you can't work it out, or if it's being uncommunicative, post + the errors in the + netscape.public.mozilla.webtools + newsgroup. +

    If you have made it all the way through + Section 2.1 (Installation) and + Section 2.2 (Configuration) but + accessing the Bugzilla URL doesn't work, + the first thing to do is to check your webserver error log. For + Apache, this is often located at + /etc/logs/httpd/error_log. The error messages + you see may be self-explanatory enough to enable you to diagnose and + fix the problem. If not, see below for some commonly-encountered + errors. If that doesn't help, post the errors to the newsgroup. +

    2.5.2. I installed a Perl module, but + checksetup.pl claims it's not installed!

    You have two versions of Perl on your machine. You are installing + modules into one, and Bugzilla is using the other. Rerun the CPAN + commands (or manual compile) using the full path to Perl from the + top of checksetup.pl. This will make sure you + are installing the modules in the right place. +

    2.5.3. Bundle::Bugzilla makes me upgrade to Perl 5.6.1

    Try executing

    4.6.2. DBD::Sponge::db prepare failed

    2.5.4. DBD::Sponge::db prepare failed

    The following error message may appear due to a bug in DBD::mysql (over which the Bugzilla team have no control): @@ -200,7 +269,7 @@ CLASS="section" >4.6.3. cannot chdir(/var/spool/mqueue)2.5.5. cannot chdir(/var/spool/mqueue)

    If you are installing Bugzilla on SuSE Linux, or some other distributions with @@ -258,28 +327,15 @@ CLASS="section" >4.6.4. Your vendor has not defined Fcntl macro O_NOINHERIT2.5.6. Your vendor has not defined Fcntl macro O_NOINHERIT

    This is caused by a bug in the version of File::Temp that is distributed with perl - 5.6.0. Many minor variations of this error have been reported. Examples - can be found in Figure 4-2. + 5.6.0. Many minor variations of this error have been reported:

    Figure 4-2. Other File::Temp error messages

    
Your vendor has not defined Fcntl macro O_NOINHERIT, used 
    +>Your vendor has not defined Fcntl macro O_NOINHERIT, used 
     at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 208.
     
     Your vendor has not defined Fcntl macro O_EXLOCK, used 
     at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 210.
     
     Your vendor has not defined Fcntl macro O_TEMPORARY, used 
    -at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 233.
    -        

    Numerous people have reported that upgrading to version 5.6.1 or higher solved the problem for them. A less involved fix is to apply - the patch in Figure 4-3. The patch is also + the following patch, which is also available as a patch file.

    Figure 4-3. Patch for File::Temp in Perl 5.6.0

    
--- File/Temp.pm.orig   Thu Feb  6 16:26:00 2003
    +>--- File/Temp.pm.orig   Thu Feb  6 16:26:00 2003
     +++ File/Temp.pm        Thu Feb  6 16:26:23 2003
     @@ -205,6 +205,7 @@
          # eg CGI::Carp
    @@ -353,15 +395,13 @@ CLASS="programlisting"
     +    local *CORE::GLOBAL::die = sub {};
          $bit = &$func();
          1;
    -   };
    -        
    - PREAMBLE + Preamble The purpose of this License is to make a manual, textbook, or other written document "free" in the sense of freedom: to assure everyone the @@ -41,7 +41,7 @@
    - APPLICABILITY AND DEFINITIONS + Applicability and Definition This License applies to any manual or other work that contains a notice placed by the copyright holder saying it can be distributed under @@ -101,7 +101,7 @@
    - VERBATIM COPYING + Verbatim Copying You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the @@ -118,7 +118,7 @@
    - COPYING IN QUANTITY + Copying in Quantity If you publish printed copies of the Document numbering more than 100, and the Document's license notice requires Cover Texts, you must @@ -157,7 +157,7 @@
    - MODIFICATIONS + Modifications You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release @@ -287,7 +287,7 @@
    - COMBINING DOCUMENTS + Combining Documents You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified @@ -313,7 +313,7 @@
    - COLLECTIONS OF DOCUMENTS + Collections of Documents You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies @@ -329,7 +329,7 @@
    - AGGREGATION WITH INDEPENDENT WORKS + Aggregation with Independent Works A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a @@ -348,7 +348,7 @@
    - TRANSLATION + Translation Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. @@ -363,7 +363,7 @@
    - TERMINATION + Termination You may not copy, modify, sublicense, or distribute the Document except as expressly provided for under this License. Any other attempt to @@ -375,7 +375,7 @@
    - FUTURE REVISIONS OF THIS LICENSE + Future Revisions of this License The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions diff --git a/docs/xml/installation.xml b/docs/xml/installation.xml index b3dd2a420..fd7bacbf5 100644 --- a/docs/xml/installation.xml +++ b/docs/xml/installation.xml @@ -1,106 +1,107 @@ - - - Installation - -
    - Step-by-step Install - - Bugzilla has been successfully installed under many different - operating systems including almost all Unix clones and - Microsoft Windows. Many - operating systems have utilities that make installation easier or quirks - that make it harder. We have tried to collect that information in - , so unless you are on Linux, - be sure to check out that section before - you start your installation. - + + + Installing Bugzilla + +
    + Installation + + + If you just want to use Bugzilla, + you do not need to install it. None of this chapter is relevant to + you. Ask your Bugzilla administrator + for the URL to access it over the web. + + + + The Bugzilla server software is usually installed on Linux or + Solaris. + If you are installing on another OS, check + before you start your installation to see if there are any special + instructions. + - - Windows is one of those operating systems that has many quirks - and is not yet officially supported by the Bugzilla team. If you wish - to install Bugzilla on Windows, be sure to see - . - - + + As an alternative to following these instructions, you may wish to + try Arne Schirmacher's unofficial and unsupported + Bugzilla + Installer, which installs Bugzilla and all its prerequisites + on Linux or Solaris systems. + - - While installing Bugzilla, it is a good idea to ensure that there - is some kind of configurable firewall between you and the rest of the - Internet - as your machine may be insecure for periods during the install. Many - installation steps require an active Internet connection to complete, - but you must take care to ensure that at no point is your machine - vulnerable to an attack. - - - This guide assumes that you already have your operating system - installed, network configured, and have administrative access to the - machine onto which you are installing Bugzilla. It is possible to - install and run Bugzilla itself without administrative access, but you - have to - either make sure all the required software is installed or get somebody - with administrative access to install it for you. - + This guide assumes that you have administrative access to the + Bugzilla machine. It not possible to + install and run Bugzilla itself without administrative access except + in the very unlikely event that every single prerequisite is + already installed. + - - You are strongly recommended to make a backup of your system - before installing Bugzilla (and at regular intervals thereafter :-). - - - Here's a basic step-by-step list: + + The installation process may make your machine insecure for + short periods of time. Make sure there is a firewall between you + and the Internet. + - - - Install Perl - (&min-perl-ver; or above) - - - - Install MySQL - (&min-mysql-ver; or above) - - - - Install a Webserver - - - - Put Bugzilla in the Webspace - - - - Install Perl Modules - - - - Setup the MySQL Database - - - + + You are strongly recommended to make a backup of your system + before installing Bugzilla (and at regular intervals thereafter :-). + + + In outline, the installation proceeds as follows: + + + + + Install Perl + (&min-perl-ver; or above) + + + + Install MySQL + (&min-mysql-ver; or above) + + + + Install a Webserver + + + + Install Bugzilla + + + + Install Perl modules + + + + Configure all of the above. + + +
    Perl + Installed Version Test: perl -v + Any machine that doesn't have Perl on it is a sad machine indeed. - If your OS doesn't come with it, Perl can be got in source form - from . - There are also binary versions available for many platforms, most of which - are linked to from perl.com. - Although Bugzilla runs with perl &min-perl-ver;, - it's a good idea to be up to the very latest version - if you can when running Bugzilla. As of this writing, that is Perl - version &newest-perl-ver;. + If you don't have it and your OS doesn't provide official packages, + visit . + Although Bugzilla runs with Perl &min-perl-ver;, + it's a good idea to be using the latest stable version. + As of this writing, that is Perl &newest-perl-ver;.
    MySQL - If your OS doesn't come with it or provide official packages, - visit the MySQL homepage at - - to grab and install the latest stable release of the server. + Installed Version Test: mysql -V + + + If you don't have it and your OS doesn't provide official packages, + visit . You need MySQL version + &min-mysql-ver; or higher. @@ -108,278 +109,126 @@ versions of MySQL store their data files in /var. On some Unix systems, this is part of a smaller root partition, - and may not have room for your bug database. You can set the data - directory as an option to configure - if you build MySQL from source yourself. - - + and may not have room for your bug database. To change the data + directory, you have to build MySQL from source yourself, and + set it as an option to configure. + + If you install from something other than a packaging/installation - system (such as .rpm, .dep, .exe, or .msi) you will need to configure - your system so the MySQL server daemon will come back up whenever - your machine reboots. - - - If you wish to have attachments larger than 64K, you will have to - configure MySQL to accept large packets. This is done by adding the text - in to your - my.conf file. There is also a parameter in Bugzilla - for setting the maximum allowable attachment size. - - You should set this value to be slightly larger than that parameter. - + system (such as .rpm, .dep, .exe, or .msi) make sure the MySQL server + is started when the machine boots. + -
    - Set Max Packet Size in MySQL - - -[mysqld] -# Allow packets up to 1M -set-variable = max_allowed_packet=1M - -
    - - If you are running Bugzilla and MySQL on the same machine, you may - also wish to utilize the option as - mentioned in for the added security. - - -
    - Adding a user to MySQL - - This first thing you'll want to do is make sure you've given the - root user a password as suggested in - . Then, you need to add a user for - Bugzilla to use. For clarity, these instructions will - assume that your MySQL user for Bugzilla will be bugs_user, - the database will be called bugs_db and the password for - the bugs_user user is bugs_password. You - should, of course, substitute the values you intend to use for your site. - - - - Most people use bugs for both the user and - database name. Don't use it for the password, though... - - - - We use an SQL GRANT command to create a - bugs_user - user. This also restricts the - bugs_user - user to operations within a database called - bugs_db, and only allows the account to connect from - localhost. - Modify it to reflect your setup if you will be connecting from - another machine or as a different user. - - - mysql> GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE, - DROP,REFERENCES ON bugs_db.* TO bugs_user@localhost - IDENTIFIED BY 'bugs_password'; - mysql> FLUSH PRIVILEGES; - - - - If you are using MySQL 4, the bugs user also needs to be granted - the LOCK TABLES and - CREATE TEMPORARY TABLES permissions, - so add them to the list in the - GRANT command. - - -
    - +
    - HTTP Server + Web Server + Installed Version Test: view the default welcome page at + http://<your-machine>/ + You have freedom of choice here, pretty much any web server that is capable of running CGI - scripts will work. has more information about - configuring web servers to work with Bugzilla. - - - - We strongly recommend Apache as the web server to use. The - Bugzilla Guide installation instructions, in general, assume you are - using Apache. If you have got Bugzilla working using another webserver, + scripts will work. + However, we strongly recommend using the Apache web server + (either 1.3.x or 2.x), and + the installation instructions usually assume you are + using it. If you have got Bugzilla working using another webserver, please share your experiences with us by filing a bug in &bzg-bugs;. - - + + + + If you don't have Apache and your OS doesn't provide official packages, + visit . +
    Bugzilla - You should untar the Bugzilla files into a directory that you're - willing to make writable by the default web server user (probably - nobody). - You may decide to put the files in the main web space for your - web server or perhaps in - /usr/local - with a symbolic link in the web space that points to the Bugzilla - directory. - - - If you symlink the bugzilla directory into your Apache's - html - hierarchy, you may receive - Forbidden - errors unless you add the - FollowSymLinks - directive to the <Directory> entry for - the HTML root directory in httpd.conf. - + + Download a Bugzilla tarball (or check it out from CVS) and place + it in a suitable directory, writable by the default web server user + (probably nobody). + Good locations are either directly in the main web space for your + web server or perhaps in + /usr/local + with a symbolic link from the web space. + The default Bugzilla distribution is not designed to be placed - in a cgi-bin directory (this + in a cgi-bin directory. This includes any directory which is configured using the - directive of Apache). + directive of Apache. Once all the files are in a web accessible directory, make that directory writable by your webserver's user. This is a temporary step - until you run the post-install + until you run the checksetup.pl script, which locks down your installation. -
    -
    - - <filename>checksetup.pl</filename> - - - Next, run the magic checksetup.pl script. - This is designed to check whether you have all of the right - Perl modules in the correct - versions, and that Bugzilla is generally set up correctly. +
    + Perl Modules + + Bugzilla's installation process is based + on a script called checksetup.pl. + The first thing it checks is whether you have appropriate + versions of all the required + Perl modules. The aim of this section is to pass this check. + When it passes, + do not run it again, + but proceed to . - Eventually, - it will make sure Bugzilla files and directories have reasonable - permissions, set up the - data - directory, and create all the MySQL tables. But the first time you - run it, it's highly likely to tell you that you are missing a few - Perl modules. Make a note of which ones they are, and then proceed to - the next section to install them. + At this point, you need to su to root. You should + remain as root until the end of the install. Then run: - - -bash# ./checksetup.pl - - - - The first time you run it with all the correct modules installed, - it will create a file called - localconfig. - This file contains a variety of settings you may need to tweak - including how Bugzilla should connect to the MySQL database. - - The connection settings include: - - - server's host: just use - localhost - if the MySQL server is local - - - - database name: - bugs_db - if you're following these directions - - - - MySQL username: - bugs_user - if you're following these directions - + bash# ./checksetup.pl - - Password for the - bugs_user - MySQL account; (bugs_password above) - - + + + + + checksetup.pl will print out a list of the + required and optional Perl modules, together with the versions + (if any) installed on your machine. + The list of required modules is reasonably long; however, you + may already have several of them installed. - - Edit the file to change these. Once you are happy with the - settings, su to the user - your web server runs as, and re-run - checksetup.pl. (Note: on some security-conscious - systems, you may need to change the login shell for the webserver - account before you can do this.) - On this second run, it will create the database and an administrator - account for which you will be prompted to provide information. - - - The checksetup.pl script is designed so that you can run it at - any time without causing harm. You should run it after any upgrade to - Bugzilla. - -
    - -
    - Perl Modules - Don't be intimidated by this long list of modules. See - for a way of - installing all the ones you need with a single command. + + There is a meta-module called Bundle::Bugzilla, + which installs all the other + modules with a single command. You should use this if you are running + Perl 5.6.1 or above. - Perl modules can be found using - CPAN on Unix based systems or - PPM on Win32. - - - Good instuctions can be found for using each of these services on - their respective websites. The basics can be found in - for CPAN and - for PPM. - - - - Installing perl modules with CPAN - - The easy way: - -bash# perl -MCPAN -e 'install "<modulename>"' - - - - Or the hard way: - -bash# tar xzvf <module>.tar.gz -bash# cd <module> -bash# perl Makefile.PL -bash# make -bash# make test -bash# make install - - - - This assumes that you've already downloaded the - <module>.tar.gz to the current working - directory. - - - - The process of untarring the module as defined in - will create the - <module> directory. - - - - - + + The preferred way of installing Perl modules is via CPAN on Unix, + or PPM on Windows (see ). These + instructions assume you are using CPAN; if for some reason you need + to install the Perl modules manually, see + . + + + bash# perl -MCPAN -e 'install "<modulename>"' + + If you using Bundle::Bugzilla, invoke the magic CPAN command on it. + Otherwise, you need to work down the + list of modules that checksetup.pl says are + required, in the order given, invoking the command on each. + + Many people complain that Perl modules will not install for them. Most times, the error messages complain that they are missing a @@ -395,35 +244,41 @@ set-variable = max_allowed_packet=1M for further assistance or hire someone to help you out. + + Here is a complete list of modules and their minimum versions. + Some modules have special installation notes, which follow. + - Perl Modules (minimum version): + Required Perl modules: - Bundle::Bugzilla - (Will allow you to skip the rest) + AppConfig (&min-appconfig-ver;) - CGI - (&min-cgi-ver;) + CGI (&min-cgi-ver;) - Date::Format - (&min-date-format-ver;) + Data::Dumper (&min-data-dumper-ver;) + + + + + + Date::Format (&min-date-format-ver;) - DBI - (&min-dbi-ver;) + DBI (&min-dbi-ver;) @@ -436,34 +291,31 @@ set-variable = max_allowed_packet=1M - File::Spec - (&min-file-spec-ver;) + File::Spec (&min-file-spec-ver;) - File::Temp - (&min-file-temp-ver;) + File::Temp (&min-file-temp-ver;) - Template Toolkit + Template (&min-template-ver;) - Text::Wrap - (&min-text-wrap-ver;) + Text::Wrap (&min-text-wrap-ver;) - and, optionally: + Optional Perl modules: @@ -479,13 +331,6 @@ set-variable = max_allowed_packet=1M - - - XML::Parser - (&min-xml-parser-ver;) for the XML interface - - - GD::Graph @@ -502,8 +347,8 @@ set-variable = max_allowed_packet=1M - MIME::Parser - (&min-mime-parser-ver;) for the email interface + XML::Parser + (&min-xml-parser-ver;) for the XML interface @@ -513,472 +358,669 @@ set-variable = max_allowed_packet=1M (&min-patchreader-ver;) for pretty HTML view of patches + + + + MIME::Parser + (&min-mime-parser-ver;) for the optional email interface + + +
    + DBD::mysql -
    - Bundle::Bugzilla - - If you are running at least perl 5.6.1, you can save yourself a lot - of time by using Bundle::Bugzilla. This bundle contains every module - required to get Bugzilla running. It does not include GD and friends, but - these are not required for a base install and can always be added later - if the need arises. - - - Assuming your perl was installed with CPAN (most unix installations - are), using Bundle::Bugzilla is really easy. Simply follow along with the - commands below. - + The installation process will ask you a few questions about the + desired compilation target and your MySQL installation. For most of the + questions the provided default will be adequate, but when asked if your + desired target is the MySQL or mSQL packages, you should + select the MySQL-related ones. Later you will be asked if you wish to + provide backwards compatibility with the older MySQL packages; you + should answer YES to this question. The default is NO. + A host of 'localhost' should be fine. A testing user of 'test', + with a null password, should have sufficient access to run + tests on the 'test' database which MySQL creates upon installation. + +
    - -bash# perl -MCPAN -eshell -cpan shell -- CPAN exploration and modules installation (v1.63) -ReadLine support enabled +
    + Template Toolkit (&min-template-ver;) -cpan> + When you install Template Toolkit, you'll get asked various + questions about features to enable. The defaults are fine, except + that it is recommended you use the high speed XS Stash of the Template + Toolkit, in order to achieve best performance. + +
    -
    +
    + GD (&min-gd-ver;) - - - At this point, unless you've used CPAN on this machine before, - you'll have to go through a series of configuration steps. - - - -
    - -
    - CGI (&min-cgi-ver;) + The GD module is only required if you want graphical reports. + - The CGI module parses form elements and cookies and does many - other usefule things. It come as a part of recent perl distributions, but - Bugzilla needs a fairly new version. - + + The Perl GD module requires some other libraries that may or + may not be installed on your system, including + libpng + and + libgd. + The full requirements are listed in the Perl GD module README. + If compiling GD fails, it's probably because you're + missing a required library. + - - CPAN Download Page: - PPM Download Link: - Documentation: - -
    + + The version of the GD module you need is very closely tied + to the libgd version installed on your system. + If you have a version 1.x of libgd the 2.x + versions of the GD module won't work for you. + + +
    -
    - TimeDate modules (&min-date-format-ver;) +
    + Chart::Base (&min-chart-base-ver;) - Many of the more common date/time/calendar related Perl modules - have been grouped into a bundle similar to the MySQL modules bundle. - This bundle is stored on the CPAN under the name TimeDate. - The component module we're most interested in is the Date::Format - module, but installing all of them is probably a good idea anyway. - + The Chart::Base module is only required if you want graphical + reports. + Note that earlier versions that 0.99c used GIFs, which are no longer + supported by the latest versions of GD. +
    - - CPAN Download Page: - PPM Download Link: - Documentation: - -
    +
    + GD::Graph (&min-gd-graph-ver;) -
    - DBI (&min-dbi-ver;) - - The DBI module is a generic Perl module used the - MySQL-related modules. As long as your Perl installation was done - correctly the DBI module should be a breeze. It's a mixed Perl/C - module, but Perl's MakeMaker system simplifies the C compilation - greatly. - - - CPAN Download Page: - PPM Download Link: - Documentation: - -
    + The GD::Graph module is only required if you want graphical + reports. + +
    -
    - MySQL-related modules +
    + GD::Text::Align (&min-gd-text-align-ver;) - The Perl/MySQL interface requires a few mutually-dependent Perl - modules. These modules are grouped together into the the - Msql-Mysql-modules package. + The GD::Text::Align module is only required if you want graphical + reports. + +
    - The MakeMaker process will ask you a few questions about the - desired compilation target and your MySQL installation. For most of the - questions the provided default will be adequate, but when asked if your - desired target is the MySQL or mSQL packages, you should - select the MySQL related ones. Later you will be asked if you wish to - provide backwards compatibility with the older MySQL packages; you - should answer YES to this question. The default is NO. +
    + XML::Parser (&min-xml-parser-ver;) - A host of 'localhost' should be fine and a testing user of 'test' - with a null password should find itself with sufficient access to run - tests on the 'test' database which MySQL created upon installation. - + The XML::Parser module is only required if you want to import + XML bugs using the importxml.pl + script. This is required to use Bugzilla's "move bugs" feature; + you may also want to use it for migrating from another bug database. + XML::Parser requires that the + expat library is already installed on your machine. + +
    - - CPAN Download Page: - PPM Download Link: - Documentation: - -
    +
    + MIME::Parser (&min-mime-parser-ver;) -
    - File::Spec (&min-file-spec-ver;) + The MIME::Parser module is only required if you want to use the + email interface + located in the contrib directory. + +
    - File::Spec is a perl module that allows file operations, such as - generating full path names, to work cross platform. - +
    + PatchReader (&min-patchreader-ver;) - - CPAN Download Page: - PPM Download Page: - Documentation: - -
    + The PatchReader module is only required if you want to use + Patch Viewer, a + Bugzilla feature to show code patches in your web browser in a more + readable form. + +
    +
    +
    + + +
    + Configuration -
    - File::Temp (&min-file-temp-ver;) + + Poorly-configured MySQL and Bugzilla installations have + given attackers full access to systems in the past. Please take the + security parts of these guidelines seriously, even for Bugzilla + machines hidden away behind your firewall. + - File::Temp is used to generate a temporary filename that is - guaranteed to be unique. It comes as a standard part of perl +
    + localconfig + + + Once you run checksetup.pl with all the correct + modules installed, it displays a message about, and write out a + file called, + localconfig. This file contains the default + settings for a number of Bugzilla parameters. - - - CPAN Download Page: - PPM Download Link: - Documentation: - -
    - -
    - Template Toolkit (&min-template-ver;) - - When you install Template Toolkit, you'll get asked various - questions about features to enable. The defaults are fine, except - that it is recommended you use the high speed XS Stash of the Template - Toolkit, in order to achieve best performance. + + Load this file in your editor. The only value you + need to change is $db_pass, the password for + the user you will create for your database. + Pick a strong password (for simplicity, it should not contain + single quote characters) and put it here. - - - CPAN Download Page: - PPM Download Link: - Documentation: - -
    - -
    - Text::Wrap (&min-text-wrap-ver;) - - Text::Wrap is designed to proved intelligent text wrapping. + + + The other options in the localconfig file + are documented by their accompanying comments. If you have a slightly + non-standard MySQL setup, you may wish to change one or more of + the other "$db_*" parameters. - - - - CPAN Download Page: - Documentation: - -
    - - -
    - GD (&min-gd-ver;) [optional] - - You need the GD library if you want any of the graphing to work. + + + You may also wish to change the names of + the priorities, severities, operating systems and platforms for your + installation. However, you can always change these after installation + has finished; if you then re-run + checksetup.pl, the changes will get picked up. - - - The Perl GD library requires some other libraries that may or - may not be installed on your system, including - libpng - and - libgd. - The full requirements are listed in the Perl GD library README. - If compiling GD fails, it's probably because you're - missing a required library. - - - - The version of the GD perl module you need is very closely tied - to the libgd version installed on your system. - If you have a version 1.x of libgd the 2.x - versions of the GD perl module won't work for you. - - - - - CPAN Download Page: - PPM Download Link: - Documentation: - -
    - -
    - Chart::Base (&min-chart-base-ver;) [optional] - - The Chart module provides Bugzilla with on-the-fly charting - abilities. It can be installed in the usual fashion after it has been - fetched from CPAN. - Note that earlier versions that 0.99c used GIFs, which are no longer - supported by the latest versions of GD. - - - - CPAN Download Page: - PPM Download Link: -
    + +
    + MySQL -
    - XML::Parser (&min-xml-parser-ver;) [optional] +
    + Security - XML::Parser is used by the importxml.pl - script. You only need it if you are going to be importing bugs (such as - for bug moving). XML::Parser requires that the - expat library is already installed on your machine. - + MySQL ships as insecure by default. + It allows anybody to on the local machine full administrative + capabilities without requiring a password; the special + MySQL root account (note: this is not the same as + the system root) also has no password. + Also, many installations default to running + mysqld as the system root. + - - - CPAN Download Page: - Documentation: - -
    + + + To disable the anonymous user account + and set a password for the root user, execute the following. The + root user password should be different to the bugs user password + you set in + localconfig in the previous section, + and also different to + the password for the system root account on your machine. + + bash$ mysql mysql + mysql> DELETE FROM user WHERE user = ''; + mysql> UPDATE user SET password = password('new_password') WHERE user = 'root'; + mysql> FLUSH PRIVILEGES; + + From this point forward, to run the + mysql command-line client, + you will need to type + mysql -u root -p and enter + new_password when prompted. + + -
    - GD::Graph (&min-gd-graph-ver;) [optional] + + If you run MySQL on the same machine as your web server, you + should disable remote access to MySQL by adding + the following to your /etc/my.conf: + + [myslqd] + # Prevent network access to MySQL. + skip-networking + - In addition to GD listed above, the reporting interface of Bugzilla - needs to have the GD::Graph module installed. - + + Consult the documentation that came with your system for + information on making mysqld run as an + unprivileged user. + + - - CPAN Download Page: - PPM Download Link: - Documentation: - -
    + + For added security, you could also run MySQL, or even all + of Bugzilla + in a chroot jail; however, instructions for doing that are beyond + the scope of this document. + + -
    - GD::Text::Align (&min-gd-text-align-ver;) [optional] + - GD::Text::Align, as the name implies, is used to draw aligned - strings of text. It is needed by the reporting interface. - +
    + +
    + Allow large attachments + + You need to configure MySQL to accept large packets, if you + want to have attachments larger than 64K. Add the text + below to your + /etc/my.conf. + There is also a parameter in Bugzilla + for setting the maximum allowable attachment size, (default 1MB). + Bugzilla will only accept attachments up to the lower of these two + sizes. + - - CPAN Download Page: - PPM Download Page: - Documentation: - -
    + [mysqld] + # Allow packets up to 1M + set-variable = max_allowed_packet=1M +
    + +
    + Add a user to MySQL + + You need to add a new MySQL user for + Bugzilla to use. (It's not safe to have Bugzilla use the MySQL root + account.) The following instructions assume the defaults in + localconfig; + if you changed those, you need to modify the + SQL command appropriately. You will need the + $db_pass password you set in + localconfig in + . + -
    - MIME::Parser (&min-mime-parser-ver;) [optional] + We use an SQL GRANT command to create a + bugs + user. This also restricts the + bugs + user to operations within a database called + bugs, and only allows the account to connect from + localhost. + Modify it to reflect your setup if you will be connecting from + another machine or as a different user. + + Run the mysql command-line client and + enter: - MIME::Parser is only needed if you want to use the e-mail interface - located in the contrib directory. - + mysql> GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE, + DROP,REFERENCES ON bugs.* TO bugs@localhost + IDENTIFIED BY '$db_pass'; + mysql> FLUSH PRIVILEGES - - CPAN Download Page: - PPM Download Link: - Documentation: - + + If you are using MySQL 4, you need to add + the LOCK TABLES and + CREATE TEMPORARY TABLES permissions + to the list. + + +
    -
    - PatchReader (&min-patchreader-ver;) [optional] - - PatchReader is only needed if you want to use Patch Viewer, a - Bugzilla feature to format patches in a pretty HTML fashion. There are a - number of optional parameters you can configure Patch Viewer with as well, - including cvsroot, cvsroot_get, lxr_root, bonsai_url, lxr_url, and - lxr_root. Patch Viewer also optionally will use cvs, diff and interdiff - utilities if they exist on the system (interdiff can be found in the - patchutils package at . - These programs' locations can be configured in localconfig. - +
    + checksetup.pl - - CPAN Download Page: - Documentation: - -
    -
    - + + Next, rerun checksetup.pl. It reconfirms + that all the modules are present, and notices the altered + localconfig file, which it assumes you have edited to your + satisfaction. It compiles the UI templates, + connects to the database using the 'bugs' + user you created and the password you defined, and creates the + 'bugs' database and the tables therein. + -
    - Configuring Bugzilla - Once checksetup.pl has run successfully, Bugzilla should start up. - Proceed to the correct URL and log in with the administrator account - you defined in the last checksetup.pl run. + After that, it asks for details of an administrator account. Bugzilla + can have multiple administrators - you can create more later - but + it needs one to start off with. + Enter the email address of an administrator, his or her full name, + and a suitable Bugzilla password. - You should run through the parameters on the Edit Parameters page - (link in the footer) and set them all to appropriate values. - They key parameters are documented in . + checksetup.pl will then finish. You may rerun + checksetup.pl at any time if you wish.
    -
    - -
    - HTTP Server Configuration - - The Bugzilla Team recommends Apache when using Bugzilla, however, any web server - that can be configured to run CGI scripts - should be able to handle Bugzilla. No matter what web server you choose, but - especially if you choose something other than Apache, you should be sure to read - . - - - The plan for this section is to eventually document the specifics of how to lock - down permissions on individual web servers. - -
    - Apache <productname>httpd</productname> - You will have to make sure that Apache is properly - configured to run the Bugzilla CGI scripts. You also need to make sure - that the .htaccess files created by - ./checksetup.pl are allowed to override Apache's normal access - permissions or else important password information may be exposed to the - Internet. +
    + Web server + Configure your web server according to the instructions in the + appropriate section. The Bugzilla Team recommends Apache. - You need to configure Apache to run .cgi files outside the - cgi-bin directory. - Open your - httpd.conf file and make sure the - following line exists and is uncommented: - -AddHandler cgi-script .cgi - +
    + Apache <productname>httpd</productname> + + Load httpd.conf in your editor. + + Uncomment (or add) the following line. + This configures Apache to run .cgi files outside the + cgi-bin directory. + + + AddHandler cgi-script .cgi + + Apache uses <Directory> + directives to permit fine-grained permission setting. + Add the following two lines to a + <Directory> directive that + applies either to the Bugzilla directory or one of its parents + (e.g. the <Directory /var/www/html> + directive). + This allows Bugzilla's .htaccess files to + override global permissions, and allows .cgi files to run in the + Bugzilla directory. + + + Options +ExecCGI +FollowSymLinks + AllowOverride Limit + + Add index.cgi to the end + of the DirectoryIndex + line. + + checksetup.pl can set tighter permissions + on Bugzilla's files and directories if it knows what user the + webserver runs as. Look for the User + line in httpd.conf, and place that value in + the $webservergroup variable in + localconfig. Then rerun + checksetup.pl. + +
    + +
    + Microsoft <productname>Internet Information Services</productname> + + If you need, or for some reason even want, to use Microsoft's + Internet Information Services or + Personal Web Server you should be able + to. You will need to configure them to know how to run CGI scripts. + This is described in Microsoft Knowledge Base article + Q245225 + for Internet Information Services and + Q231998 + for Personal Web Server. + + + Also, and this can't be stressed enough, make sure that files such as + localconfig and your data + directory are secured as described in . + + +
    + +
    + AOL Server + + Ben FrantzDale reported success using AOL Server with Bugzilla. He + reported his experience and what appears below is based on that. + + + AOL Server will have to be configured to run + CGI scripts, please consult + the documentation that came with your server for more information on + how to do this. + - To allow .htaccess files to override - permissions and .cgi files to run in the Bugzilla directory, make sure - the following two lines are in a Directory - directive that applies to the Bugzilla directory on your system - (either the Bugzilla directory or one of its parents). + Because AOL Server doesn't support .htaccess + files, you'll have to create a TCL + script. You should create an aolserver/modules/tcl/filter.tcl + file (the filename shouldn't matter) with the following contents (change + /bugzilla/ to the web-based path to + your Bugzilla installation): + -Options +ExecCGI -AllowOverride Limit + ns_register_filter preauth GET /bugzilla/localconfig filter_deny + ns_register_filter preauth GET /bugzilla/localconfig~ filter_deny + ns_register_filter preauth GET /bugzilla/\#localconfig\# filter_deny + ns_register_filter preauth GET /bugzilla/*.pl filter_deny + ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny + ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny + ns_register_filter preauth GET /bugzilla/data/* filter_deny + ns_register_filter preauth GET /bugzilla/template/* filter_deny + + proc filter_deny { why } { + ns_log Notice "filter_deny" + return "filter_return" + } - You should modify the <DirectoryIndex> parameter for - the Apache virtual host running your Bugzilla installation to - allow index.cgi as the index page for a - directory, as well as the usual index.html, - index.htm, and so forth. + + This probably doesn't account for all possible editor backup + files so you may wish to add some additional variations of + localconfig. For more information, see + + bug 186383 or Bugtraq ID 6501. + + - For more information on Apache and its directives, see the - glossary entry on . + If you are using webdot from research.att.com (the default + configuration for the paramater), you + will need to allow access to data/webdot/*.dot + for the reasearch.att.com machine. + + If you are using a local installation of GraphViz, you will need to allow + everybody to access *.png, + *.gif, *.jpg, and + *.map in the + data/webdot directory. -
    +
    + +
    + Web Server Access Controls -
    - Microsoft <productname>Internet Information Services</productname> - - If you need, or for some reason even want, to use Microsoft's - Internet Information Services or - Personal Web Server you should be able - to. You will need to configure them to know how to run CGI scripts, - however. This is described in Microsoft Knowledge Base article - Q245225 - for Internet Information Services and - Q231998 - for Personal Web Server. - + Users of Apache can skip this section because + Bugzilla ships with .htaccess files which + restrict access in the manner required. + Users of other webservers, read on. + - Also, and this can't be stressed enough, make sure that files such as - localconfig and your data - directory are secured as described in . - + There are several files in the Bugzilla directory + that should not be accessible from the web. You need to configure + your webserver so they they aren't. Not doing this may reveal + sensitive information such as database passwords. + -
    + + + In the main Bugzilla directory, you should: + + + Block: + + *.pl + *localconfig* + runtests.sh + + + + + But allow: + + localconfig.js + localconfig.rdf + + + + + -
    - AOL Server + + In data: + + + Block everything + + + But allow: + + duplicates.rdf + + + + + - Ben FrantzDale reported success using AOL Server with Bugzilla. He - reported his experience and what appears below is based on that. - + + In data/webdot: + + + If you use a remote webdot server: + + + Block everything + + + But allow + + *.dot + + only for the remote webdot server + + + + + Otherwise, if you use a local GraphViz: + + + Block everything + + + But allow: + + *.png + *.gif + *.jpg + *.map + + + + + + + And if you don't use any dot: + + + Block everything + + + + + - AOL Server will have to be configured to run - CGI scripts, please consult - the documentation that came with your server for more information on - how to do this. - + + In Bugzilla: + + + Block everything + + + - Because AOL Server doesn't support .htaccess - files, you'll have to create a TCL - script. You should create an aolserver/modules/tcl/filter.tcl - file (the filename shouldn't matter) with the following contents (change - /bugzilla/ to the web-based path to - your Bugzilla installation): + + In template: + + + Block everything + + + + + + You should test to make sure that the files mentioned above are + not accessible from the Internet, especially your + localconfig file which contains your database + password. To test, simply point your web browser at the file; for + example, to test mozilla.org's installation, we'd try to access + . You should + get a 403 Forbidden + error. + +
    + +
    + +
    + Bugzilla + + + Your Bugzilla should now be working. Access + http://<your-bugzilla-server>/ - + you should see the Bugzilla + front page. If not, consult the Troubleshooting section, + . + + + + Log in with the administrator account you defined in the last + checksetup.pl run. You should go through + the parameters on the Edit Parameters page + (see link in the footer) and see if there are any you wish to + change. + They key parameters are documented in ; + you should certainly alter + maintainer and urlbase; + you may also want to alter + cookiepath or requirelogin. - -ns_register_filter preauth GET /bugzilla/localconfig filter_deny -ns_register_filter preauth GET /bugzilla/localconfig~ filter_deny -ns_register_filter preauth GET /bugzilla/\#localconfig\# filter_deny -ns_register_filter preauth GET /bugzilla/*.pl filter_deny -ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny -ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny -ns_register_filter preauth GET /bugzilla/data/* filter_deny -ns_register_filter preauth GET /bugzilla/template/* filter_deny - -proc filter_deny { why } { - ns_log Notice "filter_deny" - return "filter_return" -} - - - - This probably doesn't account for all possible editor backup - files so you may wish to add some additional variations of - localconfig. For more information, see - - bug 186383 or Bugtraq ID 6501. - - + + This would also be a good time to revisit the + localconfig file and make sure that the + names of the priorities, severities, platforms and operating systems + are those you wish to use when you start creating bugs. Remember + to rerun checksetup.pl if you change it. + - - If you are using webdot from research.att.com (the default - configuration for the paramater), you - will need to allow access to data/webdot/*.dot - for the reasearch.att.com machine. - - If you are using a local installation of GraphViz, you will need to allow - everybody to access *.png, - *.gif, *.jpg, and - *.map in the - data/webdot directory. - - -
    + + Bugzilla has several optional features which require extra + configuration. You can read about those in + . + +
    +
    Optional Additional Configuration + + Bugzilla has a number of optional features. This section describes how + to configure or enable them. + + +
    + Bug Graphs + + If you have installed the necessary Perl modules you + can start collecting statistics for the nifty Bugzilla + graphs. + + bash# crontab -e + + + This should bring up the crontab file in your editor. + Add a cron entry like this to run + collectstats.pl + daily at 5 after midnight: + + + 5 0 * * * cd <your-bugzilla-directory> ; ./collectstats.pl + + After two days have passed you'll be able to view bug graphs from + the Reports page. +
    +
    Dependency Charts - As well as the text-based dependency graphs, Bugzilla also - supports dependency graphing, using a package called 'dot'. + As well as the text-based dependency trees, Bugzilla also + supports a graphical view of dependency relationships, using a + package called 'dot'. Exactly how this works is controlled by the 'webdotbase' parameter, which can have one of three values: @@ -1006,80 +1048,66 @@ proc filter_deny { why } { - So, to get this working, install + The easiest way to get this working is to install GraphViz. If you do that, you need to enable server-side image maps in Apache. Alternatively, you could set up a webdot server, or use the AT&T - public webdot server (the - default for the webdotbase param). Note that AT&T's server won't work - if Bugzilla is only accessible using HARTS. + public webdot server. This is the default for the webdotbase param, + but it's often overloaded and slow. Note that AT&T's server + won't work + if Bugzilla is only accessible using HARTS. + Editor's note: What the heck is HARTS? Google doesn't know... +
    -
    - Bug Graphs - - As long as you installed the GD and Graph::Base Perl modules you - might as well turn on the nifty Bugzilla bug reporting graphs. - - Add a cron entry like this to run - collectstats.pl - daily at 5 after midnight: - - - - bash# - - crontab -e - - - - - 5 0 * * * cd <your-bugzilla-directory> ; - ./collectstats.pl - - - - - After two days have passed you'll be able to view bug graphs from - the Bug Reports page. -
    -
    The Whining Cron - By now you have a fully functional Bugzilla, but what good are - bugs if they're not annoying? To help make those bugs more annoying you + What good are + bugs if they're not annoying? To help make them more so you can set up Bugzilla's automatic whining system to complain at engineers which leave their bugs in the NEW or REOPENED state without triaging them. + This can be done by - adding the following command as a daily crontab entry (for help on that - see that crontab man page): - - - - cd <your-bugzilla-directory> ; - ./whineatnews.pl - - - + adding the following command as a daily crontab entry, in the same manner + as explained above for bug graphs. This example runs it at 12.55am. - - Depending on your system, crontab may have several manpages. - The following command should lead you to the most useful page for - this purpose: - -man 5 crontab - - - + 55 0 * * * cd <your-bugzilla-directory> ; ./whineatnews.pl +
    +
    + Patch Viewer + + + Patch Viewer is the engine behind Bugzilla's graphical display of + code patches. You can integrate this with copies of the + cvs, lxr and + bonsai tools if you have them, by giving + the locations of your installation of these tools in + editparams.cgi. + + + + Patch Viewer also optionally will use the + cvs, diff and + interdiff + command-line utilities if they exist on the system. + Interdiff can be obtained from + . + If these programs are not in the system path, you can configure + their locations in localconfig. + + + +
    +
    LDAP Authentication @@ -1166,7 +1194,7 @@ man 5 crontab LDAPBaseDN The LDAPBaseDN parameter should be set to the location in - your LDAP tree that you would like to search for e-mail addresses. + your LDAP tree that you would like to search for email addresses. Your uids should be unique under the DN specified here. Ex. ou=People,o=Company @@ -1189,7 +1217,7 @@ man 5 crontab LDAPmailattribute The LDAPmailattribute parameter should be the name of the - attribute which contains the e-mail address your users will enter + attribute which contains the email address your users will enter into the Bugzilla login boxes. Ex. mail @@ -1201,75 +1229,78 @@ man 5 crontab
    - Preventing untrusted Bugzilla content from executing malicious - Javascript code + Prevent users injecting malicious + Javascript - It is possible for a Bugzilla attachment to contain malicious - Javascript - code, which would be executed in the domain of your Bugzilla, thereby - making it possible for the attacker to e.g. steal your login cookies. + It is possible for a Bugzilla user to take advantage of character + set encoding ambiguities to inject HTML into Bugzilla comments. This + could include malicious scripts. Due to internationalization concerns, we are unable to - incorporate by default the code changes necessary to fulfill the CERT - advisory requirements mentioned in + incorporate by default the code changes suggested by . + url="http://www.cert.org/tech_tips/malicious_code_mitigation.html#3"> + the CERT advisory on this issue. If your installation is for an English speaking audience only, making the change below will prevent this problem. Simply locate the following line in Bugzilla/CGI.pm: - - $self->charset(''); - + $self->charset(''); and change it to: - - $self->charset('ISO-8859-1'); - + $self->charset('ISO-8859-1');
    -
    - - Bugzilla and <filename>mod_perl</filename> - - Bugzilla is unsupported under mod_perl. Effort is underway - to make it work cleanly in a mod_perl environment, but it is - slow going. - -
    -
    - <filename>mod_throttle</filename> - - and Security + mod_throttle It is possible for a user, by mistake or on purpose, to access the database many times in a row which can result in very slow access speeds for other users. If your Bugzilla installation is experiencing - this problem , you may install the Apache module + this problem, you may install the Apache module mod_throttle - - which can limit connections by ip-address. You may download this module + which can limit connections by IP address. You may download this module at . Follow the instructions to install into your Apache install. This module only functions with the Apache web server! - You may use the - ThrottleClientIP - - command provided by this module to accomplish this goal. See the - Module - Instructions + The command you need is + ThrottleClientIP. See the + documentation for more information.
    + +
    + TCP/IP Ports + + A single-box Bugzilla only requires port 80, plus port 25 if + you are using the optional email interface. You should firewall all + other ports and/or disable services listening on them. + +
    + +
    + Daemon Accounts + + Many daemons, such as Apache's httpd and MySQL's mysqld default to + running as either root or nobody. Running + as root introduces obvious security problems, but the + problems introduced by running everything as nobody may + not be so obvious. Basically, if you're running every daemon as + nobody and one of them gets compromised, they all get + compromised. For this reason it is recommended that you create a user + account for each daemon. + +
    +
    - OS Specific Installation Notes + OS-Specific Installation Notes Many aspects of the Bugzilla installation can be affected by the the operating system you choose to install it on. Sometimes it can be made @@ -1285,7 +1316,7 @@ man 5 crontab
    Microsoft Windows - Making Bugzilla work on windows is still a painful processes. + Making Bugzilla work on Windows is still a painful processes. The Bugzilla Team is working to make it easier, but that goal is not considered a top priority. If you wish to run Bugzilla, we still recommend doing so on a Unix based system such as GNU/Linux. As of this @@ -1297,9 +1328,9 @@ man 5 crontab installing Bugzilla on Win32, here are some pointers. @@ -1334,20 +1365,14 @@ C:\perl> ppm <module name> url="http://openinteract.sourceforge.net/">OpenInteract's website. - - - A complete list of modules that can be installed using ppm can - be found at . - -
    Code changes required to run on win32 As Bugzilla still doesn't run "out of the box" on - Windows, code has to be modified. This section is an attempt to - list the required changes. + Windows, code has to be modified. This section lists the required + changes.
    @@ -1377,7 +1402,7 @@ my $webservergid = '8'
    Changes to <filename>BugMail.pm</filename> - To make bug e-mail work on Win32 (until + To make bug email work on Win32 (until bug 84876 lands), the simplest way is to have the Net::SMTP Perl module installed and @@ -1409,7 +1434,7 @@ $smtp->quit; Don't forget to change the name of your SMTP server and the - domain of the sending e-mail address (after the '@') in the above + domain of the sending email address (after the '@') in the above lines of code.
    @@ -1430,7 +1455,7 @@ $smtp->quit; If using Apache on windows, you can set the ScriptInterpreterSource - directive in your Apache config, if you don't do this, you'll have + directive in your Apache config to avoid having to modify the first line of every script to contain your path to perl instead of /usr/bin/perl. @@ -1443,24 +1468,22 @@ $smtp->quit;
    <productname>Mac OS X</productname> - There are a lot of common libraries and utilities out there that - Apple did not include with Mac OS X, but which run perfectly well on it. - The GD library, which Bugzilla needs to do bug graphs, is one of - these. + Apple did not include the GD library with Mac OS X. Bugzilla + needs this for bug graphs. - The easiest way to get a lot of these is with a program called + You can install it using a program called Fink, which is similar in nature to the CPAN installer, but installs common GNU utilities. Fink is available from . Follow the instructions for setting up Fink. Once it's installed, - you'll want to use it to install the gd2 package. + you'll want to use it to install the gd2 package. It will prompt you for a number of dependencies, type 'y' and hit enter to install all of the dependencies and then watch it work. You will then be able to use CPAN to - install the GD perl module. + install the GD Perl module. @@ -1477,7 +1500,7 @@ $smtp->quit; - Also available via Fink is expat. Once running using fink to + Also available via Fink is expat. After using fink to install the expat package you will be able to install XML::Parser using CPAN. There is one caveat. Unlike recent versions of the GD module, XML::Parser doesn't prompt for the location of the @@ -1527,7 +1550,7 @@ $smtp->quit; - for Bugzilla e-mail integration + for Bugzilla email integration @@ -1535,278 +1558,52 @@ $smtp->quit;
    -
    - Bugzilla Security - - - Poorly-configured MySQL and Bugzilla installations have - given attackers full access to systems in the past. Please take these - guidelines seriously, even for Bugzilla machines hidden away behind - your firewall. 80% of all computer trespassers are insiders, not - anonymous crackers. - - This is not meant to be a comprehensive list of every possible - security issue pertaining to the software mentioned in this section. - There is - no subsitute for reading the information written by the authors of any - software running on your system. - - - -
    - TCP/IP Ports - - - TCP/IP defines 65,000 some ports for trafic. Of those, Bugzilla - only needs 1, or 2 if you need to use features that require e-mail such - as bug moving or the e-mail interface from contrib. You should audit - your server and make sure that you aren't listening on any ports you - don't need to be. You may also wish to use some kind of firewall - software to be sure that trafic can only be recieved on ports you - specify. - -
    - -
    - MySQL - MySQL ships by default with many settings that should be changed. - By defaults it allows anybody to connect from localhost without a - password and have full administrative capabilities. It also defaults to - not have a root password (this is not the same as - the system root). Also, many installations default to running - mysqld as the system root. +
    + Troubleshooting + + This section gives solutions to common Bugzilla installation + problems. If none of the section headings seems to match your + problem, read the general advice. + + +
    + General Advice + + If you can't get checksetup.pl to run to + completion, it normally explains what's wrong and how to fix it. + If you can't work it out, or if it's being uncommunicative, post + the errors in the + netscape.public.mozilla.webtools + newsgroup. - - - Consult the documentation that came with your system for - information on making mysqld run as an - unprivleged user. - - - - - You should also be sure to disable the anonymous user account - and set a password for the root user. This is accomplished using the - following commands: - - -bash$ mysql mysql -mysql> DELETE FROM user WHERE user = ''; -mysql> UPDATE user SET password = password('new_password') WHERE user = 'root'; -mysql> FLUSH PRIVILEGES; - - From this point forward you will need to use - mysql -u root -p and enter - new_password when prompted when using the - mysql client. - - - - - If you run MySQL on the same machine as your httpd server, you - should consider disabling networking from within MySQL by adding - the following to your /etc/my.conf: - - -[myslqd] -# Prevent network access to MySQL. -skip-networking - - - - - You may also consider running MySQL, or even all of Bugzilla - in a chroot jail; however, instructions for doing that are beyond - the scope of this document. - - - - - -
    - -
    - Daemon Accounts - - Many daemons, such as Apache's httpd and MySQL's mysqld default to - running as either root or nobody. Running - as root introduces obvious security problems, but the - problems introduced by running everything as nobody may - not be so obvious. Basically, if you're running every daemon as - nobody and one of them gets compromised, they all get - compromised. For this reason it is recommended that you create a user - account for each daemon. + + If you have made it all the way through + (Installation) and + (Configuration) but + accessing the Bugzilla URL doesn't work, + the first thing to do is to check your webserver error log. For + Apache, this is often located at + /etc/logs/httpd/error_log. The error messages + you see may be self-explanatory enough to enable you to diagnose and + fix the problem. If not, see below for some commonly-encountered + errors. If that doesn't help, post the errors to the newsgroup. - - - You will need to set the webservergroup to - the group you created for your webserver to run as in - localconfig. This will allow - ./checksetup.pl to better adjust the file - permissions on your Bugzilla install so as to not require making - anything world-writable. - - -
    - -
    - Web Server Access Controls - - There are many files that are placed in the Bugzilla directory - area that should not be accessable from the web. Because of the way - Bugzilla is currently laid out, the list of what should and should - not be accessible is rather complicated. - + +
    + I installed a Perl module, but + <filename>checksetup.pl</filename> claims it's not installed! - Users of Apache don't need to worry about this, however, because - Bugzilla ships with .htaccess files which restrict access to all the - sensitive files in this section. Users of other webservers, read on. - - - - - In the main Bugzilla directory, you should: - - - Block: - - *.pl - *localconfig* - runtests.sh - - - - - But allow: - - localconfig.js - localconfig.rdf - - - - - - - - In data: - - - Block everything - - - But allow: - - duplicates.rdf - - - - - - - - In data/webdot: - - - If you use a remote webdot server: - - - Block everything - - - But allow - - *.dot - - only for the remote webdot server - - - - - Otherwise, if you use a local GraphViz: - - - Block everything - - - But allow: - - *.png - *.gif - *.jpg - *.map - - - - - - - And if you don't use any dot: - - - Block everything - - - - - - - - In Bugzilla: - - - Block everything - - - - - - In template: - - - Block everything - - - - - - You should test to make sure that the files mentioned above are - not accessible from the Internet, especially your - localconfig file which contains your database - password. To test, simply point your web browser at the file; for - example, to test mozilla.org's installation, we'd try to access - . You should - get a 403 Forbidden - error. + + You have two versions of Perl on your machine. You are installing + modules into one, and Bugzilla is using the other. Rerun the CPAN + commands (or manual compile) using the full path to Perl from the + top of checksetup.pl. This will make sure you + are installing the modules in the right place. - - - Not following the instructions in this section, including - testing, may result in sensitive information being globally - accessible. - - - - - You should check to see if instructions - have been included for your web server. You should also compare those - instructions with this list to make sure everything is properly - accounted for. - - -
    - -
    - -
    - Troubleshooting - - This section gives solutions to common Bugzilla installation - problems. -
    Bundle::Bugzilla makes me upgrade to Perl 5.6.1 @@ -1900,36 +1697,25 @@ skip-networking This is caused by a bug in the version of File::Temp that is distributed with perl - 5.6.0. Many minor variations of this error have been reported. Examples - can be found in . + 5.6.0. Many minor variations of this error have been reported: -
    - Other File::Temp error messages - - -Your vendor has not defined Fcntl macro O_NOINHERIT, used + Your vendor has not defined Fcntl macro O_NOINHERIT, used at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 208. Your vendor has not defined Fcntl macro O_EXLOCK, used at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 210. Your vendor has not defined Fcntl macro O_TEMPORARY, used -at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 233. - -
    +at /usr/lib/perl5/site_perl/5.6.0/File/Temp.pm line 233. Numerous people have reported that upgrading to version 5.6.1 or higher solved the problem for them. A less involved fix is to apply - the patch in . The patch is also + the following patch, which is also available as a patch file. -
    - Patch for File::Temp in Perl 5.6.0 - - -
    + };]]>
    diff --git a/docs/xml/modules.xml b/docs/xml/modules.xml new file mode 100644 index 000000000..c7624d639 --- /dev/null +++ b/docs/xml/modules.xml @@ -0,0 +1,145 @@ + + + Manual Installation of Perl Modules + +
    + Instructions + If you need to install Perl modules manually, here's how it's done. + Download the module using the link given in the next section, and then + apply this magic incantation, as root: + + + + bash# tar -xzvf <module>.tar.gz +bash# cd <module> +bash# perl Makefile.PL +bash# make +bash# make test +bash# make install + +
    + +
    + Download Locations + + Note: some modules are in the core distribution of + ActiveState Perl for Windows. Others are not available. + No PPM links have been provided in either of these two cases. + + + CGI: + + CPAN Download Page: + PPM Download Link: + Documentation: + + + + TimeDate: + + CPAN Download Page: + PPM Download Link: + Documentation: + + + + DBI: + + CPAN Download Page: + PPM Download Link: + Documentation: + + + + DBD::mysql: + + CPAN Download Page: + PPM Download Link: + Documentation: + + + + File::Spec: + + CPAN Download Page: + PPM Download Page: + Documentation: + + + + File::Temp: + + CPAN Download Page: + Documentation: + + + + Template Toolkit: + + CPAN Download Page: + PPM Download Link: + Documentation: + + + + Text::Wrap: + + CPAN Download Page: + Documentation: + + + + GD: + + CPAN Download Page: + PPM Download Link: + Documentation: + + + + Chart::Base: + + + CPAN Download Page: + + + + GD::Graph: + + CPAN Download Page: + PPM Download Link: + Documentation: + + + + GD::Text::Align: + + CPAN Download Page: + PPM Download Page: + Documentation: + + + + MIME::Parser: + + CPAN Download Page: + PPM Download Link: + Documentation: + + + + XML::Parser: + + CPAN Download Page: + Documentation: + + + + PatchReader: + + CPAN Download Page: + Documentation: + + +
    +
    -- cgit v1.2.3-24-g4f1b