Here are some questions and answers relating to HepForge. Please ask us
some more questions to make this document more useful!
Shell account issues
How can I set up passwordless SSH key access to HepForge?
Passwordless SSH access is very desirable, especially if you will be logging
in repeatedly or using Subversion via SSH, which results in multiple password
requests per operation. There are many guides on the Web to setting up passwordless
access, but I often find them confusing, so my effort is below. If you find it
confusing, then maybe try these alternative guides:
Here goes, then: You should run ssh-keygen -t rsa
on the machine from which you'll be accessing HepForge: this will make a private
and a public key in your local $HOME/.ssh/ directory. You should now
copy the public key to your HepForge shell account and append the key to your
authorized_hosts file. Here's a quick idea of what your command line
session might look like (where the e.g. local$ indicates which machine
you're working on):
local$ ssh-keygen -t
now enter a keyphrase...or leave it blank if you want
local$ scp ~/.ssh/id_rsa.pub login.hepforge.org:myrsakey.pub
local$ ssh email@example.com
cedar$ cat myrsakey.pub >> .ssh/authorized_keys
cedar$ rm myrsakey.pub; exit
local$ ssh firstname.lastname@example.org
no need to enter password... if it's worked!
The major cause of failing SSH keys is wrong permissions on either the local
or remote ~/.ssh directories or their contents. If you have
problems, try making sure that your home directory, ~/.ssh and
its contents are neither world- nor group-writeable. After that, ensure that
your private key(s) (e.g. ~/.ssh/id_rsa) and your
authorized_keys file are neither world- nor
group-writeable or -readable. If that still fails, try running
SSH with one, two or three "-v" options for more debugging info, e.g.
ssh -vv email@example.com. The debug output is notoriously
unhelpful for rooting out passwordless access problems, though, so this is
probably the point where you contact your local sysadmin to get it sorted
and let you get back to doing some work!
Can I make cron scripts execute as my project's user?
No, not at the moment. The project user cannot login and doesn't have a
valid shell. We're afraid that you'll just have to nominate a project
member to be responsible for running project cron jobs at the moment.
Please try to be sensible with the frequency and timing of cron jobs -
don't run them every other minute, don't run them all at the same time,
and (if you can) run them in the middle of the night (for Europeans and
Americans, I suppose - we don't have many users in Asia at the moment).
How can I make part of my site private?
Your project configuration area (/hepforge/projname/project-config)
contains files called htpasswd and htgroup, which can be used to define sets of groups
and users. You can then make areas of your site password-protected by placing a .htaccess file
in the top-level directory of the area you want to be protected, as described in the Apache web server documentation:
Here's an example .htaccess file:
AuthName "My private place"
Note that you don't have to specify the AuthUserFile or AuthGroupFile explicitly:
each project's web configuration already defines these to point at the appropriate files.
We recomment that you use HepForge's SSL encryption functionality on protected areas of your site: otherwise
the login passwords that your users type in will be sent across the internet unencrypted. To use SSL, just
replace the http with https in the URL. If you make a link to this private part of your
site from a non-private bit, make sure you use a full HTTPS URL rather than just a relative path.
Why do I get a security warning when I access HTTPS pages?
The central idea of SSL certificates, which are used to encrypt HTTPS traffic, is that there must be a
"web of trust" between the certificate of a Web site (such as HepForge) and a trusted certificate in your
Web browser. By default, Web browsers only contain a few trusted certificates, and the companies that
own them charge hefty sums to supply certificates signed by their trusted "root certificate". We don't
have the resources to spend lots of money on certificates and, after all, why should it cost so much. So
we get our certificates signed by OpenSSL, a free certificate authority:
the security isn't any less valid, it's just not bought from one of the "normal" suppliers.
Can I host my personal home page on HepForge?
Yes, though it's not our main purpose, so we won't guarantee any uptime, services, functionality or
similar. Actually, we don't guarantee anything anyway, but home pages are particularly low priority!
If you've got a HepForge user account (i.e. a shell account rather than just a project htpasswd entry)
then you can put Web pages in ~/public_html and they'll be visible at
Bug tracker and wiki
How can I get login access to a tracker and wiki?
To do this yourself, you will need to have a HepForge user account and be a member of the
project whose tracker or wiki you wish to edit. Assuming that those conditions are met, log
in to the server using SSH, then use this command:
htpasswd /hepforge/projconf/projname/htpasswd username
where projname is the name of the project and
username is the web user name you want to use. It's best that
you use your shell login name for this, to avoid clashes with other web users.
If you don't have a shell account with HepForge, you should either ask the project developers
to give you a Web access name and password or, if there is one for the project, use the guest
How can I change my tracker/wiki password?
Same procedure as in the FAQ above! If a user entry already exists in the htpasswd auth file,
the password will be updated rather than create a new entry.
How do I create or edit tickets / milestones?
For this, you'll need to use the trac-admin command line program from your
HepForge shell account:
This will give you an interactive prompt from which to control your project. You
probably want to type "?" or "help" initially, which will produce a fairly clear summary
of available Trac commands. Initially, you should define some "components" for your
project, with the "component add" command: these are used to define what part
of your project a given ticket will be associated with. Each component has a user name
designated as its owner: the owner will be the default person to whom tickets on that
component will get assigned.
You'll now want to set up some
user permissions, which is done with the "permission add" command: a list of
the available permissions can be obtained by typing "permission list" at the
trac-admin prompt. The general permissions modes you're most likely to want to
use are TRAC_ADMIN (for general control of all Trac features through the Web
interface), ROADMAP_ADMIN (for milestone administration), WIKI_ADMIN
(for wiki administration), TICKET_ADMIN and REPORT_ADMIN (hopefully
you could guess the function of the last two!) Remember that the user names to which you
bind permissions have to match the names defined in your project's htpasswd
file. There are two exceptions to this: the generic users "authenticated" and "anonymous".
Respectively, these allow you to assign default permissions to site visitors who are, or are not,
logged in. Trac permissions management is described in more detail e.g.
Users with the approriate permissions should now be able to create, edit and delete
tickets, roadmap milestones, reports and wiki pages via the Web interface, provided they
are logged in. Buttons should appear on the editable pages to allow this control.
Much more info on using Trac is available from
Trac's own user guide.
How can I allow unregistered users to submit tickets / edit my wiki?
The recommended way to allow "unknown" users to submit tickets and edit wiki pages is to use
trac-admin to create a guest account:
trac-admin /hepforge/projconf/projname/trac permission add guest TICKET_CREATE TICKET_MODIFY
trac-admin /hepforge/projconf/projname/trac permission add guest WIKI_CREATE WIKI_MODIFY
and then add the guest account to the project password file:
htpasswd /hepforge/projconf/projname/htpasswd guest
enter a password
You'll have to put something on your project web page to tell them that the "guest"
user, with the password you specified, can be used by any web visitor to contribute
anonymously to the project. It is also possible to use the trac-admin commands
above to add these permissions to anonymous users, but this causes problems with
automated "spamming" of the Trac pages, so isn't advised unless you also use some
anti-span procedure: see Trac Hacks for more info.
Of course, if particular users are submitting a lot of information via the guest
account, it's a good idea to actually give them an htpasswd identity of
How do I get Trac to send me emails when my tickets are added or modified?
All new projects are set up with appropriate settings in
the trac.ini file for automatic ticket emails to work. All you have to do to
get them is to log in to the project's bug track Web area, click on the "Settings"
link at the top of the page and enter your name and email address.
I have two dependent projects: can I link issues between their copies of Trac?
Have a look at the InterTrac system -
it is supported by our version of Trac.
How do I use a HepForge project's Subversion repository?
First, see the documentation in the user guide. If your
confusion is about SVN in general rather than HepForge SVN specifically, then
the SVN book is your first port of call.
If you want to use Subversion directly, then you have the choice of using the
anonymous read-only system over HTTP or the full read-write system via SSH.
To use the full permissions system you will need to have a HepForge shell
account and be a registered developer on the relevant project.
First, anonymous access: you can perform lists, check-outs, updates and other
operations which don't modify the repository with a command line like this:
svn list http://projname.hepforge.org/svn/
No password or similar is required: it really is that easy :-)
For developers, you probably want to use something like this for the check-out:
svn list svn+ssh://svn.hepforge.org/hepforge/svn/projname/trunk
svn co svn+ssh://svn.hepforge.org/hepforge/svn/projname/trunk localname
You will probably want to set up an SSH key for your HepForge account
if you'll use Subversion a lot: otherwise the repeated password requests get
annoying very quickly. There are plenty of guides to setting up an SSH key on the
Web, but the basic procedure is described in the FAQ entry below.
I want a private CVS or Subversion area. How can I do that?
This is relatively straightforward: in fact, it was a lot harder to set up
all the Web viewers and anonymous access that your default repository has!
In brief, you should create a private repository in your project's home
svnadmin create --fs-type fsfs /hepforge/projname/privatesvn
The same principle applies to using any other version control system. You will
then have to access the repository via SSH. With Subversion, that will mean e.g.
svn list svn+ssh://svn.hepforge.org/hepforge/home/projname/privatesvn