Security Group website -- notes for contributors ------------------------------------------------ This directory appears on the web as https://www.cl.cam.ac.uk/research/security/ House-style formatting tools ---------------------------- We use a standard tool for maintaining pages formatted according to the Computer Laboratory house style. Calling /anfs/www/tools/bin/ucampas converts an undecorated "bare-bones" file -b.html into a decorated file .html. This tool also scans the filetree vicinity for uconfig.txt files, which provide style options and information about the structure of the navigation tree. Detailed documentation is at: https://www.cl.cam.ac.uk/local/sys/web/ucampas/ Files under version control --------------------------- All the main pages here reside in a Subversion repository. The URL associated with the directory in which this README.txt file is located is svn+ssh://wwwsvn@svn-www.cl.cam.ac.uk/security/ The actual Subversion repository is located at /usr/groups/wwwsvn/repositories/security/ and is owned by pseudo-user wwwsvn, to provide Clark-Wilson-style integrity protection. Detailed instructions on how to get access to the repository are at https://www.cl.cam.ac.uk/local/sys/web/subversion/#getaccess To contribute to the web site, first add your ssh public key at https://www.cl.cam.ac.uk/local/sys/web/subversion/sshkeys/ Then run svn checkout svn+ssh://wwwsvn@svn-www.cl.cam.ac.uk/security group-pages to set up a personal Subversion working directory. Make your edits there, preview them locally using ucampas, and finally commit them back to the repository. Each commit triggers the post-commit script /usr/groups/wwwsvn/repositories/security/hooks/post-commit This first sends out email notifications of the commit to interested people (email addresses can be added in that file). It then switches to the pseudo-user wwwupdate, which then calls "svn update" and "ucampas -r" in /anfs/www/html/research/security/, the Subversion working directory served by the CL web server. Finally, in any directory in which something has been modified by that Subversion update, wwwupdate executes any Makefile it finds there. (To preserve Clark-Wilson semantics in the presence of executable content in Makefiles and scripts that these might call, the pre-commit hook script /usr/groups/wwwsvn/repositories/security/hooks/pre-commit restricts edits to files called "Makefile" or files with property svn:executeable to privileged contributors.) Files not under version control ------------------------------- It remains possible to keep under /anfs/www/html/research/security files that are either not under version control, or linked to other repositories. Examples: - directories owned by some individuals or individual research projects that prefer to make their own arrangements, such as * capsicum * cstrd - directories that contain large third-party-provided files not routinely edited locally, such as * seminar/archive/slides/ * photos - historic or temporary files, such as * old pages - files that are auto-generated via the post-commit script by ucampas or make * seminars/archive/20??-b.html These files may be edited directly under /anfs/www/html/research/security by their respective owners. Users collaborating on such files may want to put the command "umask 002" into their ~/.bashrc file (or make otherwise sure that the edited files remain writable to group members).