HepForge FAQs

Here are some questions and answers relating to HepForge. Please ask us some more questions to make this document more useful!

Shell account issues

  • How can I set up passwordless SSH key access to HepForge?

    Passwordless SSH access is very desirable, especially if you will be logging in repeatedly or using Subversion via SSH, which results in multiple password requests per operation. There are many guides on the Web to setting up passwordless access, but I often find them confusing, so my effort is below. If you find it confusing, then maybe try these alternative guides:

    Here goes, then: You should run ssh-keygen -t rsa on the machine from which you'll be accessing HepForge: this will make a private and a public key in your local $HOME/.ssh/ directory. You should now copy the public key to your HepForge shell account and append the key to your authorized_hosts file. Here's a quick idea of what your command line session might look like (where the e.g. local$ indicates which machine you're working on):

    local$ ssh-keygen -t
    now enter a keyphrase...or leave it blank if you want
    local$ scp ~/.ssh/id_rsa.pub login.hepforge.org:myrsakey.pub
    enter password
    local$ ssh myname@login.hepforge.org
    enter password
    cedar$ cat myrsakey.pub >> .ssh/authorized_keys
    cedar$ rm myrsakey.pub; exit
    local$ ssh myname@login.hepforge.org
    no need to enter password... if it's worked!

    The major cause of failing SSH keys is wrong permissions on either the local or remote ~/.ssh directories or their contents. If you have problems, try making sure that your home directory, ~/.ssh and its contents are neither world- nor group-writeable. After that, ensure that your private key(s) (e.g. ~/.ssh/id_rsa) and your authorized_keys file are neither world- nor group-writeable or -readable. If that still fails, try running SSH with one, two or three "-v" options for more debugging info, e.g. ssh -vv myname@svn.hepforge.org. The debug output is notoriously unhelpful for rooting out passwordless access problems, though, so this is probably the point where you contact your local sysadmin to get it sorted and let you get back to doing some work!

  • Can I make cron scripts execute as my project's user?

    No, not at the moment. The project user cannot login and doesn't have a valid shell. We're afraid that you'll just have to nominate a project member to be responsible for running project cron jobs at the moment. Please try to be sensible with the frequency and timing of cron jobs - don't run them every other minute, don't run them all at the same time, and (if you can) run them in the middle of the night (for Europeans and Americans, I suppose - we don't have many users in Asia at the moment).

Web space

  • How can I make part of my site private?

    Your project configuration area (/hepforge/projname/project-config) contains files called htpasswd and htgroup, which can be used to define sets of groups and users. You can then make areas of your site password-protected by placing a .htaccess file in the top-level directory of the area you want to be protected, as described in the Apache web server documentation: http://httpd.apache.org/docs/2.0/howto/htaccess.html. Here's an example .htaccess file:

    AuthType Basic
    AuthName "My private place"
    Require valid-user

    Note that you don't have to specify the AuthUserFile or AuthGroupFile explicitly: each project's web configuration already defines these to point at the appropriate files.

    We recomment that you use HepForge's SSL encryption functionality on protected areas of your site: otherwise the login passwords that your users type in will be sent across the internet unencrypted. To use SSL, just replace the http with https in the URL. If you make a link to this private part of your site from a non-private bit, make sure you use a full HTTPS URL rather than just a relative path.

  • Why do I get a security warning when I access HTTPS pages?

    The central idea of SSL certificates, which are used to encrypt HTTPS traffic, is that there must be a "web of trust" between the certificate of a Web site (such as HepForge) and a trusted certificate in your Web browser. By default, Web browsers only contain a few trusted certificates, and the companies that own them charge hefty sums to supply certificates signed by their trusted "root certificate". We don't have the resources to spend lots of money on certificates and, after all, why should it cost so much. So we get our certificates signed by OpenSSL, a free certificate authority: the security isn't any less valid, it's just not bought from one of the "normal" suppliers.

  • Can I host my personal home page on HepForge?

    Yes, though it's not our main purpose, so we won't guarantee any uptime, services, functionality or similar. Actually, we don't guarantee anything anyway, but home pages are particularly low priority! If you've got a HepForge user account (i.e. a shell account rather than just a project htpasswd entry) then you can put Web pages in ~/public_html and they'll be visible at http://users.hepforge.org/~username/.

Bug tracker and wiki

  • How can I get login access to a tracker and wiki?

    To do this yourself, you will need to have a HepForge user account and be a member of the project whose tracker or wiki you wish to edit. Assuming that those conditions are met, log in to the server using SSH, then use this command:

    htpasswd /hepforge/projconf/projname/htpasswd username

    where projname is the name of the project and username is the web user name you want to use. It's best that you use your shell login name for this, to avoid clashes with other web users.

    If you don't have a shell account with HepForge, you should either ask the project developers to give you a Web access name and password or, if there is one for the project, use the guest account.

  • How can I change my tracker/wiki password?

    Same procedure as in the FAQ above! If a user entry already exists in the htpasswd auth file, the password will be updated rather than create a new entry.

  • How do I create or edit tickets / milestones?

    For this, you'll need to use the trac-admin command line program from your HepForge shell account: trac-admin /hepforge/projconf/projname/trac This will give you an interactive prompt from which to control your project. You probably want to type "?" or "help" initially, which will produce a fairly clear summary of available Trac commands. Initially, you should define some "components" for your project, with the "component add" command: these are used to define what part of your project a given ticket will be associated with. Each component has a user name designated as its owner: the owner will be the default person to whom tickets on that component will get assigned.

    You'll now want to set up some user permissions, which is done with the "permission add" command: a list of the available permissions can be obtained by typing "permission list" at the trac-admin prompt. The general permissions modes you're most likely to want to use are TRAC_ADMIN (for general control of all Trac features through the Web interface), ROADMAP_ADMIN (for milestone administration), WIKI_ADMIN (for wiki administration), TICKET_ADMIN and REPORT_ADMIN (hopefully you could guess the function of the last two!) Remember that the user names to which you bind permissions have to match the names defined in your project's htpasswd file. There are two exceptions to this: the generic users "authenticated" and "anonymous". Respectively, these allow you to assign default permissions to site visitors who are, or are not, logged in. Trac permissions management is described in more detail e.g. here.

    Users with the approriate permissions should now be able to create, edit and delete tickets, roadmap milestones, reports and wiki pages via the Web interface, provided they are logged in. Buttons should appear on the editable pages to allow this control.

    Much more info on using Trac is available from Trac's own user guide.

  • How can I allow unregistered users to submit tickets / edit my wiki?

    The recommended way to allow "unknown" users to submit tickets and edit wiki pages is to use trac-admin to create a guest account:

    trac-admin /hepforge/projconf/projname/trac permission add guest TICKET_CREATE TICKET_MODIFY
    trac-admin /hepforge/projconf/projname/trac permission add guest WIKI_CREATE WIKI_MODIFY

    and then add the guest account to the project password file:

    htpasswd /hepforge/projconf/projname/htpasswd guest
    enter a password

    You'll have to put something on your project web page to tell them that the "guest" user, with the password you specified, can be used by any web visitor to contribute anonymously to the project. It is also possible to use the trac-admin commands above to add these permissions to anonymous users, but this causes problems with automated "spamming" of the Trac pages, so isn't advised unless you also use some anti-span procedure: see Trac Hacks for more info.

    Of course, if particular users are submitting a lot of information via the guest account, it's a good idea to actually give them an htpasswd identity of their own!

  • How do I get Trac to send me emails when my tickets are added or modified?

    All new projects are set up with appropriate settings in the trac.ini file for automatic ticket emails to work. All you have to do to get them is to log in to the project's bug track Web area, click on the "Settings" link at the top of the page and enter your name and email address.

  • I have two dependent projects: can I link issues between their copies of Trac?

    Have a look at the InterTrac system - it is supported by our version of Trac.

Version control

  • How do I use a HepForge project's Subversion repository?

    First, see the documentation in the user guide. If your confusion is about SVN in general rather than HepForge SVN specifically, then the SVN book is your first port of call.

    If you want to use Subversion directly, then you have the choice of using the anonymous read-only system over HTTP or the full read-write system via SSH. To use the full permissions system you will need to have a HepForge shell account and be a registered developer on the relevant project.

    First, anonymous access: you can perform lists, check-outs, updates and other operations which don't modify the repository with a command line like this:

    svn list http://projname.hepforge.org/svn/

    No password or similar is required: it really is that easy :-)

    For developers, you probably want to use something like this for the check-out:

    svn list svn+ssh://svn.hepforge.org/hepforge/svn/projname/trunk
    svn co svn+ssh://svn.hepforge.org/hepforge/svn/projname/trunk localname

    You will probably want to set up an SSH key for your HepForge account if you'll use Subversion a lot: otherwise the repeated password requests get annoying very quickly. There are plenty of guides to setting up an SSH key on the Web, but the basic procedure is described in the FAQ entry below.

  • I want a private CVS or Subversion area. How can I do that?

    This is relatively straightforward: in fact, it was a lot harder to set up all the Web viewers and anonymous access that your default repository has! In brief, you should create a private repository in your project's home directory, e.g.

    svnadmin create --fs-type fsfs /hepforge/projname/privatesvn

    The same principle applies to using any other version control system. You will then have to access the repository via SSH. With Subversion, that will mean e.g.

    svn list svn+ssh://svn.hepforge.org/hepforge/home/projname/privatesvn