The Original Code is "The Unofficial Webtools FAQ".
The Initial Developer of the Original Code is AtHome Corporation. Portions created by AtHome are Copyright © 1995-2000 AtHome Corporation. All Rights Reserved. @Home, Excite@Home, @Work, and Excite are the trademarks of At Home Corporation, and may be registered in certain jurisdictions
Contributor(s):
Last change: April 10, 2000Changes:
Version 0.2: Initial public release. (April 10, 2000)
Version 0.2.1: Fixed formatting, released as HTML. Also corrected
incorrect fix for missing bugs from queries (it's syncshadowdb, not processmail)
and information about bugzilla maintainers (April 10,2000)
Version 0.2.2:
Maintainer: Matthew P.
Barnson
This FAQ is not maintained by Netscape or Netscape employees, so please do not contact them regarding errors or omissions contained herein. Please direct all questions, comments, updates, flames, etc. to Matthew P. Barnson (barnboy or barnhome on irc.mozilla.org in #mozwebtools).
I'm sure I've made some glaring errors or omissions in this paper -- please email me corrections or post corrections to the netscape.public.mozilla.webtools newsgroup.
Bugzilla attracts very intelligent, competent people who need a good bug-tracking system to support their projects, so I make a few assumptions in this FAQ:
Q: Where can I find information about bugzilla?
A: You can stay up-to-date with the latest bugzilla information
at http://www.mozilla.org/projects/bugzilla/.
Q: What license is Bugzilla distributed under?
A: Bugzilla is under the Mozilla Public License. See
details at http://www.mozilla.org/MPL/
Q: How do I get commercial support for Bugzilla?
A: As far as I know, there are not yet any companies
that offer commercial Bugzilla support. However, I've heard there are consulting
companies that will install and maintain a Bugzilla installation for charge,
and would accept responsibility for it's upkeep. I'm not sure which large
consulting firms do this yet -- I'm open to more contributions in this
area.
Q: What major companies or projects are currently using
Bugzilla for bug-tracking?
A: This is by no means a complete list, and is assembled
from contributions and about 10 minutes of searching on AltaVista. Contributions
welcome:
Q: Why does Bugzilla use .png files instead of .gifs
for graphs?
A: Patent restrictions (see http://www.gnu.org/philosophy/gif.html
for details). If you're using a recent version of the GD library and a
recent version of Bugzilla, this is no longer a FAQ.
Q: How does Bugzilla stack up against other bug-tracking
databases?
A: As far as I know, there have been no feature-by-feature
comparisons to other bug-tracking systems. Howeve, here are some
primary reasons people cite for moving to Bugzilla:
I wrote Bugzilla primarily for mozilla.org's use. It is a secondary concern (but one still important to me) that it be of use to other folks, too. So, rather than spend a lot of time making everything thoroughly portable and easy to install, I just threw it over the wall, and prayed that random developers would help pitch in and make things easier for everyone.(I'm being a little hard on myself here. I *did* spend a week porting the whole thing from TCL to Perl, just so that outside folk would have a chance of using it. You shoulda seen it before...)UPDATE: Bugzilla is making tremendous strides in usability, customizability, scalability, and user interfaces. It is widely considered the most complete and popular open-source bug database in existence. Download a copy today!
Q: Why MySQL? I'm interested in seeing this run on
(insert "real" RDBMS name here)...
A: Terry answers,
You're not the only one. But *I* am not very interested. I'm not real SQL or database person. I just wanted to make a useful tool, and build it on top of free software. So, I picked MySQL, and learned SQL by staring at the MySQL manual and some code lying around here, andUPDATED ANSWER: Looks like RedHat might land changes real soon that will bring some more portability to Bugzilla. However, they are in severe need of help. Please contact dkl@redhat.com if you are interested in helping this effort.
wrote Bugzilla. I didn't know that Enum's were non-standard SQL. I'm not sure if I would have cared, but I didn't even know. So, to me, things are "portable" because it uses MySQL, and MySQL is portable enough. I fully understand (now) that people want to be portable to other databases, but that's never been a real concern of mine.
Q: Why do the scripts say "/usr/bonsaitools/bin/perl"
instead of "/usr/bin/perl" or something else?
A: Mozilla.org uses /usr/bonsaitools/bin/perl. The prime
rule in making submissions is "don't break bugzilla.mozilla.org". If it
breaks it, your patch will be reverted faster than you can do a diff.
Terry says:
Purely my own convention. I wanted a place to put a version of Perl and other tools that was strictly under my control for the various webtools, and not subject to anyone else. Edit it to point to whatever you like.
Q: What about Red Hat Bugzilla?
A: Red Hat has a
(arguably more user-friendly/customizable/scalable buzzword here) version
of Bugzilla available. Check it out at http://bugzilla.redhat.com
and
the sources at ftp://people.redhat.com/dkl/.
They've set theirs up to work with Oracle out of the box. The buzz says
their changes will be landing in the source tree "real soon now".
Note that it is based primarily upon the 2.8 Bugzilla tree; Bugzilla has
made some tremendous advances since the 2.8 release. I recommend
you download the primary Bugzilla as well as Red Hat's to check out the
differences for yourself. Red Hat Bugzilla's maintainer, dkl@redhat.com,
when asked about landing the changes from the Red Hat fork, notes,
Somebody needs to take the ball and run with it. I'm the only maintainer and am very pressed for time.
Q: What about Loki Bugzilla?
A: Loki Games has a customized version of Bugzilla
available at http://fenris.lokigames.com.
From that page,
You may have noticed that Fenris is a fork from Bugzilla-- our patches weren't suitable for integration --and a few people have expressed interest in the code. Fenris has one major improvement over Bugzilla, and that is individual comments are not appended onto a string blob, they are stored as a record in a separate table. This allows you to, for instance, separate comments out according to privilege levels in case your bug database could contain sensitive information not for public eyes. We also provide things like email hiding to protect user's privacy, additional fields such as 'user_affected' in case someone enters someone else's bug, comment editing and deletion, and more conditional system variables than Bugzilla does (turn off attachments, qacontact, etc.).Like Red Hat Bugzilla, I recommend if you are interested in their changes that you download the source and compare.
Q: How do I install Bugzilla on Windows NT?
A: That question is complex enough it deserves
it's
own section, below.
Q: Is there an easy way to change the Bugzilla cookie
name?
A: At present, no.
Q: How do I completely disable MySQL security if it's giving me problems (I've followed the instructions in the README!)?SECURITY
Q: Are there any security problems with Bugzilla?
A: Prior to 2.10, yes. For 2.10 and later, probably,
but we haven't discovered them yet.. You should upgrade to 2.10 and use
the following instructions from Chris Yeh's security advisory of 5/10/2000
if you are running a previous version of bugzilla. Chances are good a lot
of these permissions issues will make it into checksetup.pl.
It is recommended that you closely examine permissions on your Bugzilla
installation. Make sure you are not running mysqld as root. Included is
one person's examination of their local Bugzilla installation, and how
they secured it:
I closed-up some of the all-writeable files
and directories. The code itself had to be modified to keep it from making
directories and files world-writeable again... Once this was done, I felt
confident that this install of bugzilla was running securely. (We don't
run ftp, and mysql doesn't run as root). The setup we have is that apache
runs as user 'nobody'. Directories being written into via CGI are therefore
owner.group==nobody.nobody and only read/writable by user nobody, not world-writeable
as before ... The *.cgi/*.pl/etc scripts (source) are owned by root.root
and we can prevent CGI execution and HTTPD reading of the scripts by doing
chmod go-rwx.... Finally, we prevent reading of the writeable directories
by HTTP. (The security of this could further be improved by running bugzilla
as user 'bugzilla' with same privs as 'nobody' but at least a different
user than the webserver). I did the following to secure our install:
(1) cd /home/httpd/bugzilla ensure all files owned
root.root (other than ones in 'shadow' and 'data').
(2) chmod go-rwx backdoor.cgi ; chmod go-rwx *.sh
; chmod go-rwx printenv.cgi ; chmod go-rwx 0CGI.pl ; chmod go-rwx *~* ;
chown -R nobody.nobody data ; chmod -R go-rwx data ; chown -R nobody.nobody
shadow ; chmod -R go-rwx shadow
(3) in emacs, in *.pl and *.cgi and processmail in
bugzilla dir
(etags *.cgi *.pl processmail) ... do: (tags-query-replace
"umask 0" "umask 077" nil)
(tags-query-replace "umask(0)" "umask(077)" nil)
(tags-query-replace "0777" "0700" nil)
(tags-query-replace "0666" "0600" nil)
(4) re-enable bugzilla with /home/httpd/bug-track.conf
set to:
--------------------
AddHandler cgi-script .cgi
#
# setup ExecCGI'able directory alias from which we
run
# "bugzilla" under URL "bugs"
#
Alias /bugs/ "/home/httpd/bugzilla/"
<Directory "/home/httpd/bugzilla">
Options Indexes ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
--------------------
(5) add to /home/httpd/bug-track.conf (prevent cgi
from being
written into data or shadow directories, and prevent
contents from
being read):
--------------------
<Directory "/home/httpd/bugzilla/data">
Options None
AllowOverride None
Deny from all
</Directory>
<Directory "/home/httpd/bugzilla/shadow">
Options None
AllowOverride None
Deny from all
</Directory>
--------------------
(6) I noticed that my non-superuser-$PATH had wound
up in apache's GGI
environment... that $PATH included "." so that could
have been a security-exploit-in-waiting right there... so remember, when
restarting apache on servers, do (in tcsh anyways):
unsetenv *
prior to doing
apachectl stop
<wait>
apachectl start
Q: I've implemented the security fixes mentioned in Chris
Yeh's security advisory of 5/10/2000 advising not to run MySQL as root,
and am running into problems with MySQL no longer working correctly.
A: Mozilla.org had a problem getting enough file descriptors
once they stopped running mysql as root; they have many tables in their
database and had "shadowdb" turned on, which doubles the number of tables.
Terry mentioned in IRC: "I added the line "ulimit -n unlimited" to the
/bin/sh script in /etc/init.d that starts mysqld." That should fix ulimit
problems with MySQL.
Q: I have a user who doesn't want to receive any more
email from Bugzilla. How do I stop it entirely for this user?
A: Easy. Add his/her login name to "bugzilla_home/data/nomail".
One entry per line. It must match the login name exactly.
UPDATE: I'm not sure this works as advertised...
Anyone know of any bugs with this solution?
Q: I'm evaluating/testing Bugzilla, and don't want it to send
email to anyone but me. How do I do it?
A: According to Terry, the *correct* way to do this is,
in editparams.cgi: "Go tweak the param for the mail text, replacing "To:"
with "X-Real-To:", and replacing "Cc:" with "X-Real-CC", and add a "To:
(myemailaddress)". This param file can also be manually edited bugzilla_home/data/params
(but is not recommended).
Q: I want whineatnews.pl to whine at something more,
or other than, only new bugs. How do I do it?
A: Try Klaas Freitag's excellent patch for "whineatassigned"
functionality. You can find it at http://bugzilla.mozilla.org/show_bug.cgi?id=6679.
Realize that as Bugzilla progresses, this patch may go out of date. At
present, I know of no plans to integrate this functionality into the core
Bugzilla distribution.
Q: I don't like/want to use Procmail to handle email
to bugzilla. What else can I use?
A: Bugzilla can work with alternate MTA's/filters,
but there is no documentation how.
Q: How do I set up the email interface to submit/change
bugs via email?
A: Download the tarball or CVS and extract it (if applicable).
CD to the (bugzilla_home)/contrib directory, and read the README contained
therein. Seth will be pulling his changes (the bugzilla email submission
stuff) into the main tree sometime as soon as he gets the OK from the powers-that-be.
Procmail is included by default on most Linux distributions, and if you
use the bugzilla.procmailrc file as the .procmailrc for the user bugzilla
runs as, it works pretty quickly.
My setup is a little different from the standard way of doing things.
Here's what I do:
Q: Email takes FOREVER to reach me from bugzilla --
it's extremely slow. What gives?
A: If you are using an alternate Mail Transport Agent
(MTA other than sendmail), make sure the options given in the "processmail"
script for all instances of "sendmail" are correct for your MTA. If you
are using Sendmail, you may wish to delete the "-ODeliveryMode=deferred"
option in the "processmail" script for every invocation of "sendmail".
(Be sure and leave the "-t" option, though!) This option is put into
the code to handle the massive mail delivery load bugzilla.mozilla.org
gets -- but most of us don't need it. We're lobbying to make it a
settable parameter. Realize if you turn this off, and plan on sending
more than a few hundred email messages a day, people may experience nasty
slowdowns when submitting changes to bugs because Sendmail insists on delivering
it *that instant*.
Q: Email never reaches me from bugzilla changes! What
gives?
A: Chances are really good Bugzilla expects "sendmail"
to live somewhere else than you have it installed. Make sure your "sendmail"
lives in, or has a symlink to, "/usr/lib/sendmail".
Q: I've heard Bugzilla can be used with Oracle?DATABASE
Q: Bugs are missing from queries, but exist in the
database (and I can pull them up by specifying the bug ID). What's wrong?
A: You've almost certainly enabled the "shadow database",
but for some reason it hasn't been updated for all your bugs. This is the
database against which queries are run, so that really complex or slow
queries won't lock up portions of the database for other users. You can
turn off the shadow database in editparams.cgi. If you wish to continue
using the shadow database, then as your "bugs" user run "./syncshadowdb
-syncall" from the command line in the bugzilla installation directory
to recreate your shadow database. After it finishes, be sure to check the
params and make sure that "queryagainstshadowdb" is still turned on. The
syncshadowdb program turns it off if it was on, and is supposed to turn
it back on when completed; that way, if it crashes in the middle of recreating
the database, it will stay off forever until someone turns it back on by
hand. Apparently, it doesn't always do that yet.
Q: I think my database might be corrupted, or contain invalid
entries. What do I do?
A: Run the "sanity check" utility (./sanitycheck.cgi in the bugzilla_home
directory) to see! If it all comes back, you're OK. If it doesn't
come back OK (i.e. any red letters), there are certain things Bugzilla
can recover from and certain things it can't. If it can't auto-recover,
I hope you're familiar with mysqladmin commands or have installed another
way to manage your database...
Q: I want to manually edit some entries in my database.
How?
A: There is no facility in Bugzilla itself to do this. It's
also generally not a smart thing to do if you don't know exactly what you're
doing. However, if you understand SQL you can use the mysqladmin utility
to manually insert, delete, and modify table information. Personally, I
hate dealing with big SELECT statements and such, so I use "phpMyAdmin",
to do all my database administration. You have to compile a PHP module
with MySQL support to make it work, but it's very clean and easy to use.
There are other utilities that work, as well, but I am lacking URL's.
Q: MySQL GPL edition doesn't seem to work...
A: Right! It doesn't! It's too old. Download the latest
tarball or rpm from www.mysql.com if
you want this to work.
Q: I think I've set up MySQL permissions correctly,
but bugzilla still can't connect.
A: Try running MySQL from it's binary: "mysqld --skip-grant-tables".
This will allow you to completely rule out grant tables as the cause of
your frustration. However, I do not recommend you run it this way on a
regular basis, unless you really want your web site defaced and your machine
cracked...
Q: How do I synchronize bug information among multiple
different Bugzilla databases?
A: Currently, there is no way to do this. However, a
discussion about this has raged on and off in the newsgroup -- feel free
to whip something up, put it out there, and see how it's received. We're
at the point where most folks are sick of discussion. If you can create
a working model with working code, that's 90% of the battle.
Q: I get bizarre errors when trying to submit data,
particularly problems with "groupset". What gives?
A: If you're sure your MySQL parameters are correct, you might
want turn "strictvaluechecks" OFF in editparams.cgi. If you have
"usebugsentry" set "On", you also cannot submit a bug as readable by more
than one group with "strictvaluechecks" ON.
Right now, running Bugzilla under Windows NT is an extremely hairy process.
I'll provide the instructions below, but please don't ask me how it's done
-- getting this working on NT involves a lot of patience, skill, and PFM
(Pure Fscking Magic). As far as I know, nobody has been able to get a recent
(2.8 or post) version of Bugzilla running on NT. If you know different,
or can provide updated instructions to those provided below, please email
Matthew
Barnson with details.
These are hints straight out of the newsgroup discussions. I
can't offer much more editing or insight, since I don't manage Bugzilla
on any NT boxes.
Q: What is the easiest way to run Bugzilla on NT?
A: Remove NT. Install Linux. Slap a label on the box
that says "Windows NT." The boss will never know the difference, except
perhaps wonder why the machine isn't crashing anymore.
Q: CGI's are failing with a "something.cgi is not a
valid Windows NT application" error. Why?
A: Depending on what Web server you are using, you will
have to configure the Web server to treat *.cgi files as CGI scripts. In
IIS, you do this by adding *.cgi to the App Mappings with the <path>\perl.exe
%s %s as the executable.
...or this tip from Microsoft's web site...
"Set application mappings. In the ISM, map the extension for the script
file(s) to the executable for the script interpreter. For example, you
might map the extension .py to Python.exe, the executable for the Python
script interpreter. Note For the ActiveState Perl script interpreter, the
extension .pl is associated with PerlIS.dll by default. If you want to
change the association of .pl to perl.exe, you need to change the application
mapping. In the mapping, you must add two percent (%) characters to the
end of the pathname for perl.exe, as shown in this example: c:\perl\bin\perl.exe
%s %s"
Q: Can I have some general instructions on how to make
this work?
A: Sure. Your Mileage May Vary. Contact Andrew
Lahser for the patches mentioned. He may decide to kill me for
saying that, though...
II. Set password for root.
C:\mysql\bin\mysql -u root mysql
mysql> UPDATE user SET Password=PASSWORD('new_password')
WHERE user='root';
mysql> FLUSH PRIVILEGES;
mysql> quit
C:\mysql\bin\mysqladmin -u root reload
III. Create bugs user.
C:\mysql\bin\mysql -u root -p
mysql> insert into user (host,user,password) values('localhost','bugs','');
mysql> quit
C:\mysql\bin\mysqladmin -u root reload
IV. Create the bugs database.
C:\mysql\bin\mysql -u root -p
mysql> create database bugs;
V. Give the bugs user access to the bugs database.
mysql> insert into db (host,db,user,select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv)
values('localhost','bugs','bugs','Y','Y','Y','Y','Y','N')
mysql> quit
C:\mysql\bin\mysqladmin -u root reload
Q: How do I use "new email tech"?
A: First, go to editparams.cgi and make sure the "newemailtech"
option is set to "on", then set the "new email tech" option in your personal
user prefs "on".
Q: How do I make "new email tech" the default for my entire
site?
A: You need to alter the user preferences table using
one of the tools mentioned in the DATABASE section.
Change the default value for "newemailtech" to "1", and change any user
values you think apply.
Q: I'm confused by the behavior of the "accept" button
in the Show Bug form. Why doesn't it assign the bug to me when I accept
it?
A: Right now, how this should behave is the subject of
considerable discussion on the mailing list and in the bug database. There
is a patch
for this, and a lot of talk. Tara has this to say:
"I think I put this in the main bug itself, but I have to admit I *really* don't like the whole "accept" thing at this point. I especially am completely against anything that changes the current functionality, and am only moderately placated by the idea of seperate additional functionality. IMHO Bugzilla is getting so kludgy that all we're doing is making things harder and harder to understand and maintain, not to mention adding additional fields to an already almost overwhelming query form. For now I'm going to have to make people who want this suffer through sharing patches until I come up with a course of action on it."
Q: How do I enable voting?
A: Make sure you're using at least version 2.10.
It's available via editparams.cgi.
Q: I can't upload anything into the database via the
"Create Attachment" link. What am I doing wrong?
A: The most likely cause is a very old browser
or a browser that is incompatible with file upload via POST. Download
the latest Netscape or Microsoft browser to handle uploads correctly.
Q: What bugs currently exist in bugzilla?
A: The answer is too long (and easily outdated)
to keep in this FAQ. However, bugzilla is made for this, so just
try this
link.
Q: Groups don't quite work right yet...
A: Correct. That's a current area of hacking.
You may want to check out Loki's version of Bugzilla for some patches that
support the group functionality you need.
Q: Why can't I set "target milestone" to something other
than a number?
A: The concept of a target milestone was initially
that each group would have their own definition for what each target milestone
number is, but share a common pool of numbers. Unfortunately, this
concept has proven confusing for new and experienced users alike.
Someone needs to pick up the ball and run with "target milestone" so it
has the following features:
Q: What's the best way to submit patches? What
guidelines should I follow.
A: Tara summed this FAQ up nicely:
"Well, I guess I'd better answer this, as I'm the one who's supposed to be in charge of this stuff...Q: What does the above mean for me when I want to submit a bug?
I say, if you have a patch that is a bug fix or feature enhancement, log a bug and attach the patch. I've inherited almost 300 bugs from the ownership transition, so I can't guarantee how soon I'll get to it, but I'm steadily working my way through the bug list and trying to pay special attention to all bugs that do come with patches. Secondly, if you'd like faster feedback or better exposure, I'd post the bug number URL to the newsgroup so more people can have a look and provide feedback, suggestions, etc. That way I think all bases are covered. Speaking for myself in trying to be a good module owner, getting a new bug makes sure I
don't lose track of your patch, so this makes it easier for me."
Q: I want to add a new form or module to Bugzilla. Where can I find API documention?API
CGI scripts:
Q: What are the most-needed features?
A: Check out the Bugzilla Development Roadmap at
http://www.mozilla.org/projects/bugzilla/roadmap.html
Q: Why do you use this antiquated format for maintaining
the FAQ, instead of FAQ-O-Matic or (insert cool FAQ program here)
A: I'm actively seeking a better way to maintain
this. It's easily maintainable in it's current form, but as it grows
it will become much less so. I'm interested in more options, but
don't want to lose control of the FAQ or be subjected to a page that's
a nest of hyperlinks and unprintable. The FAQ-O-Matic tends to create
FAQ's that cannot be easily printed as one page, and not easily portable
to another format (particulary PDF). One must be able to maintain
the FAQ as a single, printable document; if you know of a good system that
will fit the bill, let me know.
Q: Who are you?
A: I'm Matthew P. Barnson, manager of Systems Administration
for Excite@Home E-Business Services
and
part-time Bugzilla hacker :)
Q: Why are you doing this?
A: I have nothing better to do with my time!
Seriously, I run a fairly large private Bugzilla database.
I felt the need for some documentation to help other SysAdmins run this
thing. There was nothing out there like it, so I decided to improve
what I'd written for internal documentation with more general questions
and release it to the public under the MPL. I feel like the Mozilla
Webtools are far more in need of good documentation and a major architectural
rewrite than they are more hacks to support more features. Since
I'm not qualified to write more than trivial hacks for Bugzilla if I were
to code, I figured doing some documentation would be A Good Thing.
Q: How are you affiliated with Mozilla.org?
A: I'm not.
Q: Where do those lame quotes in each section
heading come from?
A: Check out http://bugzilla.mozilla.org/data/comments.
These are random quips added by people who use bugzilla. I find them
endlessly entertaining.
I am personally attempting to address the numerous documentation
needs, including an Installation guide (based upon the README), Administration
Guide, Troubleshooting guide, Database Management Guide, and Configuration
Guide.