B.1. Database Schema Chart
Bugzilla database relationships chart
The Original Code is "The Bugzilla FAQ". -
The Initial Developer of the Original Code is AtHome Corporation. Portions -created by AtHome are Copyright © 1995-2000 AtHome Corporation. All -Rights Reserved. @Home, Excite@Home, @Work, and Excite are the trademarks -of At Home Corporation, and may be registered in certain jurisdictions -
Contributor(s): -
Changes:
-
Version 0.2: Initial public release. (April 10, 2000)
-
Version 0.2.1: Fixed formatting, released as HTML. Also corrected
-incorrect fix for missing bugs from queries (it's syncshadowdb, not processmail)
-and information about bugzilla maintainers (April 10,2000)
-
Version 0.2.2: (May 15, 2000)
-
Version 0.2.4: (June 7, 2000)
-
Maintainer: Matthew P.
-Barnson
-
-
-
The Bugzilla FAQ is designed to answer common user questions outside -the scope of the README file and supporting documentation in an easy "question -and answer" format. Where appropriate, this FAQ will refer to URLs rather -than including documents in their entirety to ensure completeness even -should this FAQ become out of date. -
This FAQ is not maintained by Netscape or Netscape employees, so please -do not contact them regarding errors or omissions contained herein. Please -direct all questions, comments, updates, flames, etc. to Matthew -P. Barnson (barnboy or barnhome on irc.mozilla.org in #mozwebtools). -
I'm sure I've made some glaring errors or omissions in this paper -- -please email me corrections -or post corrections to the netscape.public.mozilla.webtools newsgroup. -
Bugzilla attracts very intelligent, competent people who need a good -bug-tracking system to support their projects, so I make a few assumptions -in this FAQ: -
Q: Where can I find information about bugzilla?
-
A: You can stay up-to-date with the latest bugzilla information
-at http://www.mozilla.org/projects/bugzilla/.
-
Q: What license is Bugzilla distributed under?
-
A: Bugzilla is under the Mozilla Public License. See
-details at http://www.mozilla.org/MPL/
-
Q: How do I get commercial support for Bugzilla?
-
A: As far as I know, there are not yet any companies
-that offer commercial Bugzilla support. However, I've heard there are consulting
-companies that will install and maintain a Bugzilla installation for charge,
-and would accept responsibility for its upkeep. I'm not sure which large
-consulting firms do this yet -- I'm open to more contributions in this
-area.
-
Q: What major companies or projects are currently using
-Bugzilla for bug-tracking?
-
A: This is by no means a complete list, and is assembled
-from contributions and about 10 minutes of searching on AltaVista. Contributions
-welcome:
-
Q: Why does Bugzilla use .png files instead of .gifs
-for graphs?
-
A: Patent restrictions (see http://www.gnu.org/philosophy/gif.html
-for details). If you're using a recent version of the GD library and a
-recent version of Bugzilla, this is no longer a FAQ.
-
Q: How does Bugzilla stack up against other bug-tracking
-databases?
-
A: As far as I know, there have been no feature-by-feature
-comparisons to other bug-tracking systems. However, here are some
-primary reasons people cite for moving to Bugzilla:
-
Q: Why doesn't Bugzilla offer this or that feature or compatability
-with <insert cool tracking software here>?
-
A: Terry writes,
-
I wrote Bugzilla primarily for mozilla.org's use. It is a secondary -concern (but one still important to me) that it be of use to other folks, -too. So, rather than spend a lot of time making everything thoroughly portable -and easy to install, I just threw it over the wall, and prayed that random -developers would help pitch in and make things easier for everyone.(I'm -being a little hard on myself here. I *did* spend a week porting the whole -thing from TCL to Perl, just so that outside folk would have a chance of -using it. You shoulda seen it before...)-UPDATE: Bugzilla is making tremendous -strides in usability, customizability, scalability, and user interfaces. -It is widely considered the most complete and popular open-source bug database -in existence. Download -a copy today! -
Q: Why MySQL? I'm interested in seeing this run on
-(insert "real" RDBMS name here)...
-
A: Terry answers,
-
You're not the only one. But *I* am not very interested. I'm -not real SQL or database person. I just wanted to make a useful tool, and -build it on top of free software. So, I picked MySQL, and learned SQL by -staring at the MySQL manual and some code lying around here, and --UPDATE: Looks like RedHat might land -changes real soon that will bring some more portability to Bugzilla. -However, they are in severe need of help. Please contact Dave -Lawrence if you are interested in helping this effort. -
wrote Bugzilla. I didn't know that Enum's were non-standard SQL. I'm -not sure if I would have cared, but I didn't even know. So, to me, things -are "portable" because it uses MySQL, and MySQL is portable enough. I fully -understand (now) that people want to be portable to other databases, but -that's never been a real concern of mine.
Q: Why do the scripts say "/usr/bonsaitools/bin/perl"
-instead of "/usr/bin/perl" or something else?
-
A: Mozilla.org uses /usr/bonsaitools/bin/perl. The prime
-rule in making submissions is "don't break bugzilla.mozilla.org". If it
-breaks it, your patch will be reverted faster than you can do a diff.
-Terry says:
-
Purely my own convention. I wanted a place to put a version -of Perl and other tools that was strictly under my control for the various -webtools, and not subject to anyone else. Edit it to point to whatever -you like.- -
-- --Red Hat Bugzilla
-
Q: What about Red Hat Bugzilla?
-
A: Red Hat has a
-(arguably more user-friendly/customizable/scalable buzzword here) version
-of Bugzilla available. Check it out at http://bugzilla.redhat.com
-and
-the sources at ftp://people.redhat.com/dkl/.
-They've set theirs up to work with Oracle out of the box. The buzz says
-their changes will be landing in the source tree "real soon now".
-Note that it is based primarily upon the 2.8 Bugzilla tree; Bugzilla has
-made some tremendous advances since the 2.8 release. I recommend
-you download the primary Bugzilla as well as Red Hat's to check out the
-differences for yourself. Red Hat Bugzilla's maintainer, Dave
-Lawrence, when asked about landing the changes from the Red Hat fork,
-notes,
-
Somebody needs to take the ball and run with it. I'm -the only maintainer and am very pressed for time.-Q: What are the primary benefits of Red Hat Bugzilla? (answer -by Dave Lawrence, of Red Hat) -
Q: What's the current status of Red Hat Bugzilla?
-
Update: From Dave Lawrence (June 7 2000)
-
I suppose the current thread warrants an update on the status -of Oracle and bugzilla ;) We have now been running Bugzilla 2.8 on Oracle -for the last two days in our production environment. I tried to do as much -testing as possible with it before going live which is some of the reason -for the long delay. I did not get enough feedback as I would have liked -from internal developers to help weed out any bugs still left so I said -"Fine, i will take it live and then I will get the feedback I want :)" -So it is now starting to stabilize and it running quite well after working -feverishly the last two days fixing problems as soon as they came in from -the outside world. The current branch in cvs is up2date if anyone would -like to grab it and try it out. The oracle _setup.pl is broken right now -due to some last minute changes but I will update that soon. Therefore -you would probably need to create the database tables the old fashioned -way using the supplied sql creation scripts located in the ./oracle directory. -We have heavy optimizations in the database it self thanks to the in-house -DBA here at Red Hat so it is running quite fast. The database itself -is located on a dual PII450 with 1GB ram and 14 high voltage differential -raided scsi drives. The tables and indexes are partitioned in 4 chuncks -across the raided drive which is nice because when ever you need to do -a full table scan, it is actually starting in 4 different locations on -4 different drives simultaneously. And the indexes of course are on separate -drives from the data so that speeds things up tremendously. When -I can find the time I will document all that we have done to get this -thing going to help others that may need it. --Note: This is based primarily -on a single email conversation with the first developer of Fenris, Michael -Vance. Maintenance of Fenris has since been handed off to Raphael -Barrerro <raistlin@lokigames.com>. -As Matt has mentioned it is still using out-dated code and with a -little help I would like to bring everything up to date for eventual -incorporation with the main cvs tree. Due to other duties I have with the -company any help with this wiould be appreciated. What we are using -now is what I call a best first effort. It definitely can be improved on -and may even need complete rewrites in a lot of areas. A lot of changes -may have to be made in the way Bugzilla does things currently to -make this transition to a more generic database interface. Fortunately -when making the Oracle changes I made sure I didn't do anything that -I would consider Oracle specific and could not be easily done with other -databases. Alot of the sql statements need to be broken up into smaller -utilities that themselves would need to make decisions on what database -they are using but the majority of the code can be made database neutral. -
-Loki Bugzilla (AKA: Fenris)
-
Q: What about Loki Bugzilla?
-
A: Loki Games has a customized version of Bugzilla
-available at http://fenris.lokigames.com.
-From that page,
-
You may have noticed that Fenris is a fork from Bugzilla-- -our patches weren't suitable for integration --and a few people have expressed -interest in the code. Fenris has one major improvement over Bugzilla, -and that is individual comments are not appended onto a string blob, they -are stored as a record in a separate table. This allows you to, for instance, -separate comments out according to privilege levels in case your bug database -could contain sensitive information not for public eyes. We also provide -things like email hiding to protect user's privacy, additional fields such -as 'user_affected' in case someone enters someone else's bug, comment editing -and deletion, and more conditional system variables than Bugzilla does -(turn off attachments, qacontact, etc.).-Q: Are you interested in landing your [Fenris] changes -back in the main tree so Fenris can live on the tip again? -
Q: If so, when?
-
A: Well, if there's anything interesting, people
-of course can just grab the code. I don't really maintain it anymore. We
-have a real, honest to goodness sysadmin, Raphael Barrerro, who works on
-it now. His email is raistlin@lokigames.com.
-
Q: Main tree bugzilla changed for 2.10 to storing individual
-comments in a separate table. Are there reasons for users to use
-Fenris, based on Bugzilla 2.8, over main tree 2.10 or the current CVS version?
-What are they?
-
A: I have no idea :). IMNSHO, Bugzilla is an interesting
-piece of software in that it has a lot of logic encoded into it that is
-sometimes really cumbersome to some people, and then it doesn't have *enough*
-logic in it for other people's tastes. If I were going to start over, I
-would again try to use the CVS and get any changes I felt necessary integrated.
-But for us, right now, it works fine, so we haven't bothered to really
-change our setup.
-
Q: What do you mean by "our patches weren't suitable
-for integration" on your web page?
-
A: Basically, I did not know:
-
--Note: The title of this section doesn't -mean you're a PHB -- it just means you probably HAVE a PHB who wants to -know this :) --Pointy-Haired-Boss Questions
-
Q: Is Bugzilla web-based or do you have to have specific
-software or specific operating system on your machine?
-
A: It is web and e-mail based. You can edit
-bugs by sending specially formatted email to a properly configured Bugzilla,
-or control via the web. Bugzilla works best with Netscape Navigator, but
-works fine with IE (just some Javascript is disabled for IE).
-
Q: Has anyone you know of already done any Bugzilla
-integration with Perforce (SCM software)?
-
A: Not to my knowledge -- but that would be a question
-much better asked in the newsgroup (news://netscape.public.mozilla.webtools).
-
Q: Does Bugzilla allow the user to track multiple projects?
-
A: It's not specifically a "project management
-tool", although it does have some project management features, such as
-the ability for a task/bug to "block" another task/bug. We use it
-here at Excite@Home to track requests to our Network Operations Center,
-software defects in our online inventories, requests for enhancement, quality
-assurance, personnel tasks, and other things.
-
So the answer is: Yes, it handles multiple projects very well.
-When discussing Bugzilla with people who use it a lot, it's helpful to
-refer to a "project" as a "product", individual areas of the project as
-"components", and tasks as "bugs".
-
Q: If I am on many projects, and search for all bugs
-assigned to me, will Bugzilla list them for me and allow me to sort by
-project, severity etc?
-
A: The heart of the Bugzilla system is the query
-interface. Within that query interface, you can customize extremely
-powerful queries to deliver exactly what you need. Once delivered,
-you can sort by age (bug ID number), severity, priority, platform, owner,
-current state, or current result (only for "resolved" bugs).
-
You cannot sort a query by product/project at this time -- most
-people consider the current options sufficient. We are trying very
-hard to reduce complexity in Bugzilla. I'm personally involved in
-a half-dozen products in Bugzilla, and routinely just sort by priority.
-
Q: Does Bugzilla allow attachments (text, screenshots,
-urls etc)? If yes, are there any that are NOT allowed?
-
A: Yes, it allows any kind of attachment.
-However, if you do not have a MIME type defined for that kind of file in
-your web *server*, the browser may klonk on you. URL's in comments
-are automatically hyperlinked if they are properly formatted (http://www.somedomain.com),
-but any HTML in a comment shows up as raw html, not the formatting you'd
-expect. If someone refers to "bug #4444" it's automatically hyperlinked
-to that bug in the existing database. It's pretty cool.
-
Q: Does Bugzilla allow us to define our own priorities
-and levels? Do we have complete freedom to change the labels of fields
-and format of them, and the choice of acceptable values?
-
A: In part. Priority, severity, target milestones,
-product names, and many many other fields are completely configurable.
-However, at this time for certain types of changes you need someone who
-knows some Perl and HTML -- not a lot, but enough to provide consistency
-and be able to re-apply your customizations if you update your installation
-of Bugzilla.
-
Q: Does Bugzilla provide any reporting features, metrics,
-graphs, etc? You know, the type of stuff that management likes to see.
-:)
-
A: Yes. Check out http://bugzilla.mozilla.org/reports.cgi
-for some pre-cooked reports. The reports other than the pre-fab ones
-that you can create are limited only by your imagination and experience
-in Perl.
-
Q: Is there email notification and if so, what do you
-see when you get an email? Do you see bug number and title or is it only
-the number?
-
A: You can choose to see complete status of the
-bug (using old email tech) or just the changes (using new email tech).
-The subject is just the bug ID and short description of the bug, but the
-content is very complete.
-
Q: If there is email notification, can it be set up
-to send to multiple people, some on the To List, CC List, BCC List etc?
-
A: You bet! By default, the person who reported
-the bug, the person to whom the bug is assigned, and anyone on the CC list
-for the bug will get email notification when anything regarding the bug
-changes. You can also enable a "Q/A Contact" field that will assign
-a default Q/A person to monitor the bug and ensure it's completed correctly
-(we use this a lot and love it). The
-
equivalent to a "BCC" list is a "watcher": someone who watches another
-person's bugs (if they are out of town, whatever). We have several
-of these people who need to see what bugs someone else is working on (team
-leads, coding partners, etc.)
-
Q: If there is email notification, do users have to
-have any particular type of email application? For example, our users have
-a variety of email apps in use, like Outlook, Netscape Mail, Eudora etc.
-Our system would need to work with just about anything.
-
A: The emails SENT from Bugzilla will work with
-any mail reader that's reasonably current (newer than about 5 years old).
-However, if you set up the email RECEPTION capabilities of Bugzilla, it's
-important your users configure their mailreader to send mail as plain text
-instead of HTML. HTML mail sent to Bugzilla looks horrible.
-
Q: If I just wanted to track certain bugs, as they go
-through life, can I set it up to alert me via email whenever that bug changes,
-whether it be owner, status or description etc.?
-
A: Yes. You could, for instance, set yourself
-up as the default QA contact for all bugs in a certain component of a product,
-and would be CC'd on every single bug that came into that component.
-
Q: Does Bugzilla allow data to be imported and exported?
-If I had outsiders write up a bug report using a MS Word bug template,
-could that template be imported into "matching" fields? If I wanted to
-take the results of a query and export that data to MS Excel, could I do
-that?
-
A: Rudimentary exporting ability is currently in
-development, but is not ready for prime-time. Ditto for importing
-data. However, it works against an industry-standard database (MySQL),
-so anyone with a little SQL knowledge can create queries to import and
-export any data they want. That's one of the reasons development
-is going slow on import/export in Bugzilla: SQL already
-
has it. It requires a certain level of familiarity with SQL though.
-
Q: Does Bugzilla allow fields to be added, changed or
-deleted? If I want to customize the bug submission form to meet our needs,
-can I do that using our terminology?
-
A: This is really two questions in one.
-
Bugzilla allows some fields to be added, changed, and deleted
-with ease using the standard parameters. Realize, since you have
-the code (and Bugzilla is really not terribly complicated), you can change
-ANYTHING to behave however you want it. However, the more adjustments
-you make to the code, the more painful your next upgrade will be as you
-re-apply your custom
-
patches. On the other hand, you can create your own HTML bug
-submission form to make it look however you want. Check http://www.mozilla.org/quality/help/bug-form.html
-for an example of what can be done creating a standard HTML bug submission
-form. It makes some things much easier, and submitters never have
-to have a clue what the actual names of your fields are -- just the people
-who work with the bugs every day do.
-
Q: Has anyone converted Bugzilla to another language
-to be used in other countries? Is it localizable?
-
A: There are efforts underway to allow easy indo-european
-localization of Bugzilla, but i18n (Kanji, Chinese, etc.) are a long way
-off. So, to answer your question, right now, no.
-
Q: Can a user create and save reports? Can they do this in
-Word format? Excel format?
-
A: Yes, no, and no.
-
Q: Can a user re-run a report with a new project, same
-query?
-
A: Yes.
-
Q: Can a user modify an existing report and then save
-it into another name?
-
A: Umm... You'd save the report as HTML from
-your browser. You can modify it however you want after that.
-
Q: Does Bugzilla have the ability to search by word,
-phrase, compound search?
-
A: You can search by just about ANYTHING.
-If you know basic boolean formatting, you can go completely crazy and do
-things without even using the query interface (create your own custom query
-in the location bar in your browser). We routinely search here by
-descriptions, subjects, dates, users, reporters, projects, severity, priority,
-and anything else that strikes our fancy.
-
Q: Can the admin person establish separate group and
-individual user privileges?
-
A: Yes, using Bug Group Sentry. Right now,
-it's not terribly granular, though: you can restrict users to editing bugs
-assigned to them, reported by them, assigned to a particular product, etc.
-but cannot restrict them based on product components, allow access to only
-certain bugs outside their product, etc.
-
Q: Does Bugzilla provide record locking when there is
-simultaneous access to the same bug? Does the second person get a notice
-that the bug is in use or how are they notified?
-
A: If someone has a bug open and another person
-attempts to write to the bug, you get a "mid-air collision" error in Bugzilla.
-the second person is told who currently has the existing record locked,
-and is told he/she cannot commit the bug until they have finished editing
-it. You can specify a timeout value (ours is 30 minutes) where it
-will break locks on the database,
-
assuming someone just left the edit screen up.
-
Q: Are there any backup features provided?
-
A: You have the ability to lock all users out of
-the database for backups via the Bugzilla interface or using MySQL itself.
-Once you've locked people out of the database, use some backup utility
-standard to your operating system.
-
Q: Can users be on the system while a backup is in progress?
-
A: If they make a change, you can end up with a
-corrupt database on your backup tape. Bugzilla databases are relatively
-small. We have over 5000 bugs in our database and a backup takes
-about 45 seconds. We lock the MySQL database, copy the databases
-over to a second hard drive, unlock the database, and that second hard
-drive is covered by our standard backup procedures.
-
You may wish to consider a robust backup solution, like ARCserveIT,
-which will backup up open files by finding a time when it can lock the
-file, copy it to memory, unlock it, and back it up. That product
-is the "Open Files Agent", or OFA. That would allow you to never
-have to down your database just to back it up -- but it's a good idea to
-plan on a daily maintenance period in which it's backed up, for the time
-when your database grows absolutely huge.
-
Q: What type of human resources are needed to be on
-staff to install and maintain Bugzilla? Specifically, what type of skills
-does the person need to have? I need to find out if we were to go with
-Bugzilla, what types of individuals would we need to hire and how much
-would that cost vs buying an "Out-of-the-Box" solution.
-
A: My experience with "Out-of-the-Box" solutions
-are these:
-
Q: What time frame are we looking at if we decide to
-hire people to install and maintain the Bugzilla? Is this something that
-takes hours or weeks to install and a couple of hours per week to maintain
-and customize or is this a multi-week install process, plus a full time
-job for 1 person, 2 people, etc?
-
A: It's really hard to say -- it depends on the
-level of commitment you want. If you want someone on-staff who's an absolute
-expert on the system, plan on them working on it full-time for a week,
-then 10 hours a week for a few months thereafter. If you just want
-the thing to work and don't want to worry about how it works, just hire
-that consultant for a week and call it
-
good.
-
Personally, I spend about 15 minutes a week maintaining our
-installation Bugzilla. But since I'm the documentation person for
-Bugzilla, I spend about 10 hours a week documenting, answering questions
-like this, etc.
-
If you get somebody to install Bugzilla, and they don't have
-at least a basic installation mostly functional within a day on UNIX, or
-within a week on NT, you probably should consider getting a different admin
-to install it.
-
Q: Is there any licensing fee or other fees for using
-Bugzilla? Any out-of-pocket cost other than the bodies needed as identified
-above?
-
A: No, Bugzilla is free software (free as in speech
-and free as in beer) licensed under the Mozilla
-Public License. However, depending on your level of expertise you may
-wish to find a company that you can pay to maintain it for you if you really
-need somebody to blame. MySQL, the database Bugzilla uses for
-storage, asks for a licensing fee if you're going to use it for non-internal
-commercial usage. The license is cheap (170 euro), but support can
-be expensive depending on the level of support you desire. There
-is also a version of Bugzilla available at http://bugzilla.redhat.com which
-runs over top of Oracle; that's a pretty expensive product, but Oracle
-support and proven scalability may be worth it to you.
-
-
-
Q: How do I install Bugzilla on Windows NT?
-
A: That question is complex enough it deserves
-its
-own section, below.
-
Q: Is there an easy way to change the Bugzilla cookie
-name?
-
A: At present, no.
-
-
Q: I want to set up a test installation to try out new
-changes. How do I copy over data from my real database?
-
A:
-
-Copying the mysql files directly from one machine to another is likely
-to confuse mysql. Its recommended to create a dump of the database
-and to populate the new database from the dump.
-
-%mysqldump bugs > ~/bugs.dump
-
-%mysql
-mysql> drop database bugs;
-mysql> create database bugs;
-
-%mysql bugs < bugs.dump
--
--Q: How do I completely disable MySQL security if -it's giving me problems (I've followed the instructions in the README!)? --SECURITY
-
Q: Are there any security problems with Bugzilla?
-
A: Prior to 2.10, yes. For 2.10 and later, probably,
-but we haven't discovered them yet.. You should upgrade to 2.10 and use
-the following instructions from Chris Yeh's security advisory of 5/10/2000
-if you are running a previous version of bugzilla. Chances are good a lot
-of these permissions issues will make it into checksetup.pl.
-
It is recommended that you closely examine permissions on your Bugzilla
-installation. Make sure you are not running mysqld as root. Included is
-one person's examination of their local Bugzilla installation, and how
-they secured it:
-
I closed-up some of the all-writeable files
-and directories. The code itself had to be modified to keep it from making
-directories and files world-writeable again... Once this was done, I felt
-confident that this install of bugzilla was running securely. (We don't
-run ftp, and mysql doesn't run as root). The setup we have is that apache
-runs as user 'nobody'. Directories being written into via CGI are therefore
-owner.group==nobody.nobody and only read/writable by user nobody, not world-writeable
-as before ... The *.cgi/*.pl/etc scripts (source) are owned by root.root
-and we can prevent CGI execution and HTTPD reading of the scripts by doing
-chmod go-rwx.... Finally, we prevent reading of the writeable directories
-by HTTP. (The security of this could further be improved by running bugzilla
-as user 'bugzilla' with same privs as 'nobody' but at least a different
-user than the webserver). I did the following to secure our install:
-
(1) cd /home/httpd/bugzilla ensure all files owned
-root.root (other than ones in 'shadow' and 'data').
-
(2) chmod go-rwx backdoor.cgi ; chmod go-rwx *.sh
-; chmod go-rwx printenv.cgi ; chmod go-rwx 0CGI.pl ; chmod go-rwx *~* ;
-chown -R nobody.nobody data ; chmod -R go-rwx data ; chown -R nobody.nobody
-shadow ; chmod -R go-rwx shadow
-
(3) in emacs, in *.pl and *.cgi and processmail in
-bugzilla dir
-
(etags *.cgi *.pl processmail) ... do: (tags-query-replace
-"umask 0" "umask 077" nil)
-
(tags-query-replace "umask(0)" "umask(077)" nil)
-
(tags-query-replace "0777" "0700" nil)
-
(tags-query-replace "0666" "0600" nil)
-
(4) re-enable bugzilla with /home/httpd/bug-track.conf
-set to:
-
--------------------
-
AddHandler cgi-script .cgi
-
#
-
# setup ExecCGI'able directory alias from which we
-run
-
# "bugzilla" under URL "bugs"
-
#
-
Alias /bugs/ "/home/httpd/bugzilla/"
-
<Directory "/home/httpd/bugzilla">
-
Options Indexes ExecCGI
-
AllowOverride None
-
Order allow,deny
-
Allow from all
-
</Directory>
-
--------------------
-
(5) add to /home/httpd/bug-track.conf (prevent cgi
-from being
-
written into data or shadow directories, and prevent
-contents from
-
being read):
-
-------------------- -
<Directory "/home/httpd/bugzilla/data">
-
Options None
-
AllowOverride None
-
Deny from all
-
</Directory>
-
<Directory "/home/httpd/bugzilla/shadow">
-
Options None
-
AllowOverride None
-
Deny from all
-
</Directory>
-
-------------------- -
(6) I noticed that my non-superuser-$PATH had wound
-up in apache's GGI
-
environment... that $PATH included "." so that could
-have been a security-exploit-in-waiting right there... so remember, when
-restarting apache on servers, do (in tcsh anyways):
-
unsetenv *
-
prior to doing
-
apachectl stop
-
<wait>
-
apachectl start
-
-
Q: I've implemented the security fixes mentioned in Chris
-Yeh's security advisory of 5/10/2000 advising not to run MySQL as root,
-and am running into problems with MySQL no longer working correctly.
-
A: Mozilla.org had a problem getting enough file descriptors
-once they stopped running mysql as root; they have many tables in their
-database and had "shadowdb" turned on, which doubles the number of tables.
-Terry mentioned in IRC: "I added the line "ulimit -n unlimited" to the
-/bin/sh script in /etc/init.d that starts mysqld." That should fix ulimit
-problems with MySQL.
-
-
-- -
Q: I have a user who doesn't want to receive any more
-email from Bugzilla. How do I stop it entirely for this user?
-
A: Easy. Add his/her login name to "bugzilla_home/data/nomail".
-One entry per line. It must match the login name exactly.
-
UPDATE: I'm not sure this works as advertised...
-Anyone know of any bugs with this solution?
-
Q: I'm evaluating/testing Bugzilla, and don't want it to send
-email to anyone but me. How do I do it?
-
A: According to Terry, the *correct* way to do this is,
-in editparams.cgi: "Go tweak the param for the mail text, replacing "To:"
-with "X-Real-To:", and replacing "Cc:" with "X-Real-CC", and add a "To:
-(myemailaddress)". This param file can also be manually edited bugzilla_home/data/params
-(but is not recommended).
-
Q: I want whineatnews.pl to whine at something more,
-or other than, only new bugs. How do I do it?
-
A: Try Klaas Freitag's excellent patch for "whineatassigned"
-functionality. You can find it at http://bugzilla.mozilla.org/show_bug.cgi?id=6679.
-Realize that as Bugzilla progresses, this patch may go out of date. At
-present, I know of no plans to integrate this functionality into the core
-Bugzilla distribution.
-
Q: I don't like/want to use Procmail to handle email
-to bugzilla. What else can I use?
-
A: Bugzilla can work with alternate MTA's/filters,
-but there is no documentation how.
-
Q: How do I set up the email interface to submit/change
-bugs via email?
-
A: Download the tarball or CVS and extract it (if applicable).
-CD to the (bugzilla_home)/contrib directory, and read the README contained
-therein. Seth will be pulling his changes (the bugzilla email submission
-stuff) into the main tree sometime as soon as he gets the OK from the powers-that-be.
-Procmail is included by default on most Linux distributions, and if you
-use the bugzilla.procmailrc file as the .procmailrc for the user bugzilla
-runs as, it works pretty quickly.
-
My setup is a little different from the standard way of doing things.
-Here's what I do:
-
Q: Email takes FOREVER to reach me from bugzilla --
-it's extremely slow. What gives?
-
A: If you are using an alternate Mail Transport Agent
-(MTA other than sendmail), make sure the options given in the "processmail"
-script for all instances of "sendmail" are correct for your MTA. If you
-are using Sendmail, you may wish to delete the "-ODeliveryMode=deferred"
-option in the "processmail" script for every invocation of "sendmail".
-(Be sure and leave the "-t" option, though!) This option is put into
-the code to handle the massive mail delivery load bugzilla.mozilla.org
-gets -- but most of us don't need it. We're lobbying to make it a
-settable parameter. Realize if you turn this off, and plan on sending
-more than a few hundred email messages a day, people may experience nasty
-slowdowns when submitting changes to bugs because Sendmail insists on delivering
-it *that instant*.
-
Q: Email never reaches me from bugzilla changes! What
-gives?
-
A: Chances are really good Bugzilla expects "sendmail"
-to live somewhere else than you have it installed. Make sure your "sendmail"
-lives in, or has a symlink to, "/usr/lib/sendmail".
-
-
--Q: I've heard Bugzilla can be used with Oracle? --DATABASE
-
Q: Bugs are missing from queries, but exist in the
-database (and I can pull them up by specifying the bug ID). What's wrong?
-
A: You've almost certainly enabled the "shadow database",
-but for some reason it hasn't been updated for all your bugs. This is the
-database against which queries are run, so that really complex or slow
-queries won't lock up portions of the database for other users. You can
-turn off the shadow database in editparams.cgi. If you wish to continue
-using the shadow database, then as your "bugs" user run "./syncshadowdb
--syncall" from the command line in the bugzilla installation directory
-to recreate your shadow database. After it finishes, be sure to check the
-params and make sure that "queryagainstshadowdb" is still turned on. The
-syncshadowdb program turns it off if it was on, and is supposed to turn
-it back on when completed; that way, if it crashes in the middle of recreating
-the database, it will stay off forever until someone turns it back on by
-hand. Apparently, it doesn't always do that yet.
-
Q: I think my database might be corrupted, or contain invalid
-entries. What do I do?
-
A: Run the "sanity check" utility (./sanitycheck.cgi in the bugzilla_home
-directory) to see! If it all comes back, you're OK. If it doesn't
-come back OK (i.e. any red letters), there are certain things Bugzilla
-can recover from and certain things it can't. If it can't auto-recover,
-I hope you're familiar with mysqladmin commands or have installed another
-way to manage your database...
-
Q: I want to manually edit some entries in my database.
-How?
-
A: There is no facility in Bugzilla itself to do this. It's
-also generally not a smart thing to do if you don't know exactly what you're
-doing. However, if you understand SQL you can use the mysqladmin utility
-to manually insert, delete, and modify table information. Personally, I
-hate dealing with big SELECT statements and such, so I use "phpMyAdmin",
-to do all my database administration. You have to compile a PHP module
-with MySQL support to make it work, but it's very clean and easy to use.
-There are other utilities that work, as well, but I am lacking URL's.
-
Q: MySQL GPL edition doesn't seem to work...
-
A: Right! It doesn't! It's too old. Download the latest
-tarball or rpm from www.mysql.com if
-you want this to work.
-
Q: I think I've set up MySQL permissions correctly,
-but bugzilla still can't connect.
-
A: Try running MySQL from its binary: "mysqld --skip-grant-tables".
-This will allow you to completely rule out grant tables as the cause of
-your frustration. However, I do not recommend you run it this way on a
-regular basis, unless you really want your web site defaced and your machine
-cracked...
-
Q: How do I synchronize bug information among multiple
-different Bugzilla databases?
-
A: Currently, there is no way to do this. However, a
-discussion about this has raged on and off in the newsgroup -- feel free
-to whip something up, put it out there, and see how it's received. We're
-at the point where most folks are sick of discussion. If you can create
-a working model with working code, that's 90% of the battle.
-
Q: I get bizarre errors when trying to submit data,
-particularly problems with "groupset". What gives?
-
A: If you're sure your MySQL parameters are correct, you might
-want turn "strictvaluechecks" OFF in editparams.cgi. If you have
-"usebugsentry" set "On", you also cannot submit a bug as readable by more
-than one group with "strictvaluechecks" ON.
-
Q: Even after I delete bugs, the long descriptions
-show up?
-
A: Delete everything from $BUZILLAHOME/shadow.
-Bugzilla creates shadow files there, with each filename corresponding to
-a
-
bug number. Also be sure to run syncshadowdb to make sure, if
-you are using a shadow database, that the shadow database is current.
-
-
-
-
Right now, running Bugzilla under Windows NT is an extremely hairy process.
-I'll provide the instructions below, but please don't ask me how it's done
--- getting this working on NT involves a lot of patience, skill, and PFM
-(Pure Fscking Magic). As far as I know, nobody has been able to get a recent
-(2.8 or post) version of Bugzilla running on NT. If you know different,
-or can provide updated instructions to those provided below, please email
-Matthew
-Barnson with details.
-
These are hints straight out of the newsgroup discussions. I
-can't offer much more editing or insight, since I don't manage Bugzilla
-on any NT boxes.
-
Q: What is the easiest way to run Bugzilla on NT?
-
A: Remove NT. Install Linux. Slap a label on the box
-that says "Windows NT." The boss will never know the difference, except
-perhaps wonder why the machine isn't crashing anymore.
-
Q: CGI's are failing with a "something.cgi is not a
-valid Windows NT application" error. Why?
-
A: Depending on what Web server you are using, you will
-have to configure the Web server to treat *.cgi files as CGI scripts. In
-IIS, you do this by adding *.cgi to the App Mappings with the <path>\perl.exe
-%s %s as the executable.
-
...or this tip from Microsoft's web site...
-
"Set application mappings. In the ISM, map the extension for the script
-file(s) to the executable for the script interpreter. For example, you
-might map the extension .py to Python.exe, the executable for the Python
-script interpreter. Note For the ActiveState Perl script interpreter, the
-extension .pl is associated with PerlIS.dll by default. If you want to
-change the association of .pl to perl.exe, you need to change the application
-mapping. In the mapping, you must add two percent (%) characters to the
-end of the pathname for perl.exe, as shown in this example: c:\perl\bin\perl.exe
-%s %s"
-
Q: Can I have some general instructions on how to make
-this work?
-
A: Sure. Your Mileage May Vary. Contact Andrew
-Lahser for the patches mentioned.
-
II. Set password for root.
-
C:\mysql\bin\mysql -u root mysql
-
mysql> UPDATE user SET Password=PASSWORD('new_password')
-
WHERE user='root';
-
mysql> FLUSH PRIVILEGES;
-
mysql> quit
-
C:\mysql\bin\mysqladmin -u root reload
-
III. Create bugs user.
-
C:\mysql\bin\mysql -u root -p
-
mysql> insert into user (host,user,password) values('localhost','bugs','');
-
mysql> quit
-
C:\mysql\bin\mysqladmin -u root reload
-
IV. Create the bugs database.
-
C:\mysql\bin\mysql -u root -p
-
mysql> create database bugs;
-
V. Give the bugs user access to the bugs database.
-
mysql> insert into db (host,db,user,select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv)
-values('localhost','bugs','bugs','Y','Y','Y','Y','Y','N')
-
mysql> quit
-
C:\mysql\bin\mysqladmin -u root reload
-
Q: How do I use "new email tech"?
-
A: First, go to editparams.cgi and make sure the "newemailtech"
-option is set to "on", then set the "new email tech" option in your personal
-user prefs "on".
-
Q: How do I make "new email tech" the default for my entire
-site?
-
A: You need to alter the user preferences table using
-one of the tools mentioned in the DATABASE section.
-Change the default value for "newemailtech" to "1", and change any user
-values you think apply.
-
Q: I'm confused by the behavior of the "accept" button
-in the Show Bug form. Why doesn't it assign the bug to me when I accept
-it?
-
A: Right now, how this should behave is the subject of
-considerable discussion on the mailing list and in the bug database. There
-is a patch
-for
-this, and a lot of talk. Tara has this to say:
-
"I think I put this in the main bug itself, but I have to admit -I *really* don't like the whole "accept" thing at this point. I especially -am completely against anything that changes the current functionality, -and am only moderately placated by the idea of seperate additional functionality. -IMHO Bugzilla is getting so kludgy that all we're doing is making things -harder and harder to understand and maintain, not to mention adding additional -fields to an already almost overwhelming query form. For now I'm going -to have to make people who want this suffer through sharing patches until -I come up with a course of action on it."-I'm working on a real patch for this now that allows you to select which -behavior you want vi editparams.cgi! -
Q: How do I enable voting?
-
A: Make sure you're using at least version 2.10.
-It's available via editparams.cgi.
-
Q: I can't upload anything into the database via the
-"Create Attachment" link. What am I doing wrong?
-
A: The most likely cause is a very old browser
-or a browser that is incompatible with file upload via POST. Download
-the latest Netscape, Microsoft, or Mozilla browser to handle uploads correctly.
-
Q: Email submissions to Bugzilla that have attachments
-end up asking me to save it as a "cgi" file.
-
A: Right now, submissions via email only have one
-mime-type "applications/octet-stream". Just save the file and look
-at it in your favorite editor, you'll be fine (even though the name of
-it will be "showattachment.cgi").
-
Q: Argh, I forgot my password!
-
A: No problem. Visit the query page, click
-the "log in" button at the bottom, then just type in your email address
-and click the "Email me a password" button. Your password will arrive
-in your inbox in moments.
-
-
-
Q: What bugs currently exist in bugzilla?
-
A: The answer is too long (and easily outdated)
-to keep in this FAQ. However, bugzilla is made for this, so just
-try this
-link.
-
Q: Groups don't quite work right yet...
-
A: Correct. That's a current area of hacking.
-You may want to check out Loki's version of Bugzilla for some patches that
-support the group functionality you need.
-
Q: Why can't I set "target milestone" to something other
-than a number?
-
A: The concept of a target milestone was initially
-that each group would have their own definition for what each target milestone
-number is, but share a common pool of numbers. Unfortunately, this
-concept has proven confusing for new and experienced users alike.
-Someone needs to pick up the ball and run with "target milestone" so it
-has the following features:
-
-
Q: What's the best way to submit patches? What
-guidelines should I follow.
-
A: Tara summed this FAQ up nicely:
-
"Well, I guess I'd better answer this, as I'm the one who's -supposed to be in charge of this stuff... --Q: What does the above mean for me when I want to -submit a bug? -
I say, if you have a patch that is a bug fix or feature enhancement, -log a bug and attach the patch. I've inherited almost 300 bugs from -the ownership transition, so I can't guarantee how soon I'll get to it, -but I'm steadily working my way through the bug list and trying to pay -special attention to all bugs that do come with patches. Secondly, if you'd -like faster feedback or better exposure, I'd post the bug number URL to -the newsgroup so more people can have a look and provide feedback, suggestions, -etc. That way I think all bases are covered. Speaking for myself -in trying to be a good module owner, getting a new bug makes sure I -
don't lose track of your patch, so this makes it easier for me."
--Q: I want to add a new form or module to Bugzilla. -Where can I find API documention? --API
-
Q: What are the most-needed features?
-
A: Check out the Bugzilla Development Roadmap at
-http://www.mozilla.org/projects/bugzilla/roadmap.html
-
-
-
Q: Why do you use this antiquated format for maintaining
-the FAQ, instead of FAQ-O-Matic or (insert cool FAQ program here)
-
A: I'm actively seeking a better way to maintain
-this. It's easily maintainable in its current form, but as it grows
-it will become much less so. I'm interested in more options, but
-don't want to lose control of the FAQ or be subjected to a page that's
-a nest of hyperlinks and unprintable. The FAQ-O-Matic tends to create
-FAQ's that cannot be easily printed as one page, and not easily portable
-to another format (particulary PDF). One must be able to maintain
-the FAQ as a single, printable document; if you know of a good system that
-will fit the bill, let me know.
-
Q: Who are you?
-
A: I'm Matthew P. Barnson, manager of Systems Administration
-for Excite Business Applications
-and
-part-time Bugzilla hacker.
-
Q: Why are you doing this?
-
A: I have nothing better to do with my time!
-
Seriously, I run a fairly large private Bugzilla database.
-I felt the need for some documentation to help other SysAdmins run this
-thing. There was nothing out there like it, so I decided to improve
-what I'd written for internal documentation with more general questions
-and release it to the public under the MPL. I feel like the Mozilla
-Webtools are far more in need of good documentation and a major architectural
-rewrite than they are more hacks to support more features. Since
-I'm not qualified to write more than trivial hacks for Bugzilla if I were
-to code, I figured doing some documentation would be A Good Thing.
-
Q: How are you affiliated with Mozilla.org?
-
A: I'm not, except I've been appointed the "Docs
-Knight" for Bugzilla, and contribute documentation to other webtools.
-
Q: Where do those lame quotes in each section
-heading come from?
-
A: Check out http://bugzilla.mozilla.org/data/comments.
-These are random quips added by people who use bugzilla. I find them
-endlessly entertaining.
-
Q: What other documentation is available?
-
A: I am personally attempting to address the numerous
-documentation needs, including an Installation guide (based upon the README),
-Administration Guide, Troubleshooting guide, Database Management Guide,
-and Configuration Guide.
-
-
-
This document was started on September 17, 2000 + by Matthew P. Barnson after a great deal of procrastination updating the Bugzilla FAQ, + which I left untouched for nearly half a year. + After numerous complete rewrites and reformatting, it is the document you see today. +
Despite the lack of updates, Bugzilla is simply the best piece of bug-tracking software + the world has ever seen. This document is intended to be the comprehensive guide to + the installation, administration, maintenance, and use of the Bugzilla bug-tracking system. +
This release of the Bugzilla Guide is the 2.11 release. + It is so named that it may match the current version of Bugzilla. + The numbering tradition stems from that used for many free software projects, + in which even-numbered point releases (1.2, 1.14, etc.) + are considered "stable releases", intended for public consumption; on the other + hand, odd-numbered point releases (1.3, 2.09, etc.) + are considered unstable development releases intended + for advanced users, systems administrators, developers, and those who enjoy + a lot of pain. +
Newer revisions of the Bugzilla Guide will follow the numbering conventions of + the main-tree Bugzilla releases, available at + Mozilla.org, with + the exception that intermediate releases will have a minor revision number + following a period. For instance, if the current version of Bugzilla is 4.2, + the current "stable" version of the Bugzilla guide, in, say, it's fifth revision, + would be numbered "4.2.5". Got it? Good. +
I wrote this in response to the enormous demand for decent Bugzilla documentation. + I have incorporated instructions from the Bugzilla README, Frequently Asked Questions, + Database Schema Document, and various mailing lists to create it. + Chances are, there are glaring errors in this documentation; please contact + <barnboy@trilobyte.net> to correct them. +
So you followed the README isntructions to the letter, and +just logged into bugzilla with your super-duper god account and you are sitting at the query +screen. Yet, you have nothing to query. Your first act of bisuness needs to be to setup the +operating parameters for bugzilla.
We need Bonsai integration information.
1. Inline Bug Changes
+
+Why do I see so many "moving to M5" and "reassigning to blahblah"
+messages, and in other circumstances none are entered? Why aren't these
+automatically generated? A comment should be only necessary when there
+is something to add, and if I'm not interested in this sort of
+information, I should be able to hide it.
+
+At the moment we're in a hybrid world where we don't get everything, but
+we can't get rid of the bug change "messages" either. Furthermore,
+"View Bug Activity" requires me to manually cross reference events on
+another page, rather than being able to visually see the chronological
+order. Shouldn't I be able to see all the information on one page?
+
+A proposal to allow bugs to be shown either way is at
+"http://bugzilla.mozilla.org/show_bug.cgi?id=11368".
+
+2. Hard Wrapping Comments
+
+One thing that annoys me is the fact that comments are "hard wrapped" to
+a certain column width. This is a mistake Internet Mail and News has
+made, unlike every word processor in existence, and as a consequence,
+Usenet suffers to this day from bad software. Why has Bugzilla repeated
+the problem?
+
+Hard wrapping to a certain column width is open to abuse (see old
+Mozilla browsers that didn't wrap properly, resulting in many ugly bug
+reports we have to read to this day), and furthermore doesn't expand to
+fill greater screen sizes. I'm also under the impression the current
+hard wrap uses a non-standard HTML facility. See
+"http://bugzilla.mozilla.org/show_bug.cgi?id=11901".
+
+3. REMIND and LATER Are Evil
+
+I really hate REMIND and LATER. Not because they mean something
+won't be implemented, but because they aren't the best solutions.
+
+Why are they bad? Well, basically because they are not resolved, yet
+they are marked as such. Hence queries have to be well crafted to
+include them.
+
+LATER, according to Bugzilla, means it won't be done this release.
+There is a better mechanism of doing this, that is assigning to
+nobody@mozilla.org and making the milestone blank. It's more likely to
+appear in a casual query, and it doesn't resolve the bug.
+
+REMIND, according to Bugzilla, means it might still be implemented this
+release. Well, why not just move it to a later milestone then? You're
+a lot less likely to forget it. If it's really needed, a keyword would
+be better.
+
+Some people can't use blank milestones to mean an untargetted milestone,
+since they use this to assess new bugs that have no target. Hence, it
+would be nice to distinguish between bugs that have not yet been
+considered, and those that really are not assigned to any milestone in
+the future (assumedly beyond).
+
+All this is covered at
+"http://bugzilla.mozilla.org/show_bug.cgi?id=13534".
+
+4. Create An Enhancement Field
+
+Currently enhancement is an option in severity. This means that
+important enhancements (like for example, POP3 support) are not properly
+distinguished as such, because they need a proper severity. This
+dilutes the meaning of enhancement.
+
+If enhancement was separated, we could properly see what was an
+enhancement. See "http://bugzilla.mozilla.org/show_bug.cgi?id=9412". I
+see keywords like [RFE] and [FEATURE] that seem to be compensating for
+this problem.
One day, Bugzilla 3.0 will have lots of cool stuff.
Contributed by Eric Hansen:
+There are several things, and one trick. There is a small tiny piece of
+documentation I saw once that said something very important.
+1) After pretty much any manual working of the Mysql db, you must
+delete a file in the bugzilla directory: data/versioncache
+Versioncache basically is a way to speed up bugzilla (from what I
+understand). It stores a lot of commonly used information. However,
+this file is refreshed every so often (I can't remember the time
+interval though). So eventually all changes do propogate out, so you
+may see stuff suddenly working.
+2) Assuming that failed, you will also have to check something with the
+checksetup.pl file. It actually is run twice. The first time it
+creates the file: localconfig. You can modify localconfig, (or not if
+you are doing bug_status stuff) or you should delete localconfig and
+rerun your modified checksetup.pl. Since I don't actually see anything
+in localconfig pertaining to bug_status, this point is mainly a FYI.
+
Users can query Bugzilla from the command line using + this suite of utilities. +
The query.conf file contains the mapping from options to field + names and comparison types. Quoted option names are "grepped" for, so + it should be easy to edit this file. Comments (#) have no effect; you + must make sure these lines do not contain any quoted "option" +
buglist is a shell script which submits a Bugzilla query and writes the + resulting HTML page to stdout. It supports both short options, + (such as "-Afoo" or "-Rbar") and long options (such as + "--assignedto=foo" or "--reporter=bar"). If the first character + of an option is not "-", it is treated as if it were prefixed + with "--default=". +
The columlist is taken from the COLUMNLIST environment variable. + This is equivalent to the "Change Columns" option when you list + bugs in buglist.cgi. If you have already used Bugzilla, use + grep COLUMLIST ~/.netscape/cookies to see + your current COLUMNLIST setting. +
bugs is a simple shell script which calls buglist and extracts + the bug numbers from the output. Adding the prefix + "http://bugzilla.mozilla.org/buglist.cgi?bug_id=" + turns the bug list into a working link if any bugs are found. + Counting bugs is easy. Pipe the results through + sed -e 's/,/ /g' | wc | awk '{printf $2 "\n"}' +
Akkana says she has good results piping buglist output through + w3m -T text/html -dump +
Download three files: +
bash$ + wget -O query.conf 'http://bugzilla.mozilla.org/showattachment.cgi?attach_id=26157' + +
bash$ + wget -O buglist 'http://bugzilla.mozilla.org/showattachment.cgi?attach_id=26944' + +
bash# + wget -O bugs 'http://bugzilla.mozilla.org/showattachment.cgi?attach_id=26215' + +
Make your utilities executable: + bash$ + chmod u+x buglist bugs + +
Thanks go to these people for significant contributions to this documentation: +
Zach Lipton, Andrew Pearson, Spencer Smith, Eric Hansen +
This document uses the following conventions +
| Descriptions | Appearance | ||
|---|---|---|---|
| Warnings |
| ||
| Hint |
| ||
| Notes |
| ||
| Information requiring special attention |
| ||
| File Names | file.extension | ||
| Directory Names | directory | ||
| Commands to be typed | command | ||
| Applications Names | application | ||
| Prompt of users command under bash shell | bash$ | ||
| Prompt of root users command under bash shell | bash# | ||
| Prompt of user command under tcsh shell | tcsh$ | ||
| Environment Variables | VARIABLE | ||
| Emphasized word | word | ||
| Code Example |
|
Permission is granted to copy, distribute and/or modify this document under thei + terms of the GNU Free Documentation License, Version 1.1 or any later version published + by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and + with no Back-Cover Texts. A copy of the license is included in the section entitled + "GNU Free Documentation LIcense". + | ||
| --Copyright (c) 2000-2001 Matthew P. Barnson |
If you have any questions regarding this document, its' copyright, or publishing this + document in non-electronic form, please contact <barnboy@trilobyte.net> +
The people listed below have made enormous contributions to the creation + of this Guide, through their dedicated hacking efforts, + numerous e-mail and IRC support sessions, + and overall excellent contribution to the Bugzilla community: +
Terry Weissman + for initially converting Bugzilla from BugSplat! + and writing the README upon which this documentation is largely based. +
Tara Hernandez + for keeping Bugzilla development going strong after Terry left Mozilla.org +
Dave Lawrence + for providing insight into the key differences between Red Hat's + customized Bugzilla, and being largely responsible for the + "Red Hat Bugzilla" appendix +
Dawn Endico + for being a hacker extraordinaire and putting up with my incessant + questions and arguments on irc.mozilla.org in #mozwebtools +
Last but not least, all the members of the + netscape.public.mozilla.webtools newsgroup. Without your + discussions, insight, suggestions, and patches, this could never have happened. +
We need CVS integration information
Note: This document really needs to be updated with more fleshed out information about primary keys, interrelationships, and maybe some nifty tables to document dependencies. Any takers?
Bugzilla could be more proactive in detecting suboptimal situations and
+prevent them or whine about them.
+
+1. Bugzilla Crime #1: Marking A Bug Fixed With Unresolved Dependencies
+
+It can't be marked fixed with unresolved dependencies. Either mark it
+INVALID (tracking bugs), fix the dependencies at the same time, or
+resolve the blockers.
+
+See "http://bugzilla.mozilla.org/show_bug.cgi?id=24496".
+
+2. Keyword Restrictions
+
+Some keywords should only apply in certain circumstances, eg beta1 =>
+Milestone <
+M14, css1 => Component = Style System are possibilities. See
+"http://bugzilla.mozilla.org/show_bug.cgi?id=26940".
+
+3. Whine About Old Votes
+
+Old votes can just sit on resolved bugs. This is problematic with
+duplicates especially. Automatic transferral/removal is not
+appropriate since bugs can be reopened, but a whining solution might
+work. See "http://bugzilla.mozilla.org/show_bug.cgi?id=27553".
+
+4. Whine And Warn About Milestone Mismatches
+
+Here's a fun one. Bug X (M17) depends on Bug Y (M15). Bug Y gets moved
+out to M19. The notification to the assignee of Bug X gets ignored (of
+course) and Bug X is now due to be fixed before one of its blockers.
+
+Warnings about this when it is detected as well as whining about it in
+email would help bring these issues to the attention of people sooner.
+
+Note that this would be less of a problem if we didn't have so many
+tracking bugs since they aren't updated that often and often have this
+problem.
+
+See "http://bugzilla.mozilla.org/show_bug.cgi?id=16743".
+Contributor(s): Matthew P. Barnson (mbarnson@excitehome.net)
+
+Last update: May 16, 2000
+
+Changes:
+Version 1.0: Initial public release (May 16, 2000)
+
+Maintainer: Matthew P. Barnson (mbarnson@excitehome.net)
+
+
+===
+Table Of Contents
+===
+
+FOREWORD
+INTRODUCTION
+THE BASICS
+THE TABLES
+THE DETAILS
+
+
+
+===
+FOREWORD
+===
+
+ This information comes straight from my life. I was forced to learn how
+Bugzilla organizes database because of nitpicky requests from users for tiny
+changes in wording, rather than having people re-educate themselves or
+figure out how to work our procedures around the tool. It sucks, but it can
+and will happen to you, so learn how the schema works and deal with it when it
+comes.
+
+ I'm sorry this version is plain text. I can whip this info out a lot faster
+if I'm not concerned about complex formatting. I'll get it into sgml for easy
+portability as time permits.
+
+ The Bugzilla Database Schema has a home! In addition to availability via CVS
+and released versions 2.12 and higher of Bugzilla, you can find the latest &
+greatest version of the Bugzilla Database Schema at
+http://www.trilobyte.net/barnsons/. This is a living document; please be sure
+you are up-to-date with the latest version before mirroring.
+
+ The Bugzilla Database Schema is designed to provide vital information
+regarding the structure of the MySQL database. Where appropriate, this
+document will refer to URLs rather than including documents in their entirety
+to ensure completeness even should this paper become out of date.
+
+ This document is not maintained by Netscape or Netscape employees, so please
+do not contact them regarding errors or omissions contained herein. Please
+direct all questions, comments, updates, flames, etc. to Matthew P. Barnson
+mbarnson@excitehome.net) (barnboy or barnhome on irc.mozilla.org in
+#mozwebtools).
+
+ I'm sure I've made some glaring errors or omissions in this paper -- please
+email me corrections or post corrections to the
+netscape.public.mozilla.webtools newsgroup.
+
+
+
+===
+INTRODUCTION
+===
+
+
+
+ So, here you are with your brand-new installation of Bugzilla. You've got
+MySQL set up, Apache working right, Perl DBI and DBD talking to the database
+flawlessly. Maybe you've even entered a few test bugs to make sure email's
+working; people seem to be notified of new bugs and changes, and you can
+enter and edit bugs to your heart's content. Perhaps you've gone through the
+trouble of setting up a gateway for people to submit bugs to your database via
+email, have had a few people test it, and received rave reviews from your beta
+testers.
+
+ What's the next thing you do? Outline a training strategy for your
+development team, of course, and bring them up to speed on the new tool you've
+labored over for hours.
+
+ Your first training session starts off very well! You have a captive
+audience which seems enraptured by the efficiency embodied in this thing called
+"Bugzilla". You are caught up describing the nifty features, how people can
+save favorite queries in the database, set them up as headers and footers on
+their pages, customize their layouts, generate reports, track status with
+greater efficiency than ever before, leap tall buildings with a single bound
+and rescue Jane from the clutches of Certain Death!
+
+ But Certain Death speaks up -- a tiny voice, from the dark corners of the
+conference room. "I have a concern," the voice hisses from the darkness,
+"about the use of the word 'verified'.
+
+ The room, previously filled with happy chatter, lapses into reverential
+silence as Certain Death (better known as the Vice President of Software
+Engineering) continues. "You see, for two years we've used the word 'verified'
+to indicate that a developer or quality assurance engineer has confirmed that,
+in fact, a bug is valid. I don't want to lose two years of training to a
+new software product. You need to change the bug status of 'verified' to
+'approved' as soon as possible. To avoid confusion, of course."
+
+ Oh no! Terror strikes your heart, as you find yourself mumbling "yes, yes, I
+don't think that would be a problem," You review the changes with Certain
+Death, and continue to jabber on, "no, it's not too big a change. I mean, we
+have the source code, right? You know, 'Use the Source, Luke' and all that...
+no problem," All the while you quiver inside like a beached jellyfish bubbling,
+burbling, and boiling on a hot Jamaican sand dune...
+
+ Thus begins your adventure into the heart of Bugzilla. You've been forced
+to learn about non-portable enum() fields, varchar columns, and tinyint
+definitions. The Adventure Awaits You!
+
+
+
+===
+The Basics
+===
+
+ If you were like me, at this point you're totally clueless about the
+internals of MySQL, and if it weren't for this executive order from the Vice
+President you couldn't care less about the difference between a "bigint" and a
+"tinyint" entry in MySQL. I'd refer you first to the MySQL documentation,
+available at http://www.mysql.com/doc.html, but that's mostly a confusing
+morass of high-level database jargon. Here are the basics you need to know
+about the database to proceed:
+
+1. To connect to your database, type "mysql -u root" at the command prompt as
+any user. If this works without asking you for a password, SHAME ON YOU! You
+should have locked your security down like the README told you to. You can
+find details on locking down your database in the Bugzilla FAQ in this
+directory (under "Security"), or more robust security generalities in the
+MySQL searchable documentation at
+http://www.mysql.com/php/manual.php3?section=Privilege_system .
+
+2. You should now be at a prompt that looks like this:
+
+mysql>
+
+ At the prompt, if "bugs" is the name of your Bugzilla database, type:
+
+mysql> use bugs;
+
+ (don't forget the ";" at the end of each line, or you'll be kicking yourself
+all the way through this documentation)
+ Young Grasshopper, you are now ready for the unveiling of the Bugzilla
+database, in the next section...
+
+
+
+===
+THE TABLES
+===
+
+ Imagine your MySQL database as a series of spreadsheets, and you won't be too
+far off. If you use this command:
+
+mysql> show tables from bugs;
+
+ you'll be able to see all the "spreadsheets" (tables) in your database. Cool,
+huh? It's kinda' like a filesystem, only much faster and more robust. Come
+on, I'll show you more!
+
+ From the command issued above, you should now have some output that looks
+like this:
+
++-------------------+
+| Tables in bugs |
++-------------------+
+| attachments |
+| bugs |
+| bugs_activity |
+| cc |
+| components |
+| dependencies |
+| fielddefs |
+| groups |
+| keyworddefs |
+| keywords |
+| logincookies |
+| longdescs |
+| milestones |
+| namedqueries |
+| products |
+| profiles |
+| profiles_activity |
+| shadowlog |
+| versions |
+| votes |
+| watch |
++-------------------+
+
+
+ If it doesn't look quite the same, that probably means it's time to
+update this documentation :)
+
+ Here's an overview of what each table does. Most columns in each table have
+descriptive names that make it fairly trivial to figure out their jobs.
+
+attachments: This table stores all attachments to bugs. It tends to be your
+largest table, yet also generally has the fewest entries because file
+attachments are so (relatively) large.
+
+bugs: This is the core of your system. The bugs table stores most of the
+current information about a bug, with the exception of the info stored in the
+other tables.
+
+bugs_activity: This stores information regarding what changes are made to bugs
+when -- a history file.
+
+cc: This tiny table simply stores all the CC information for any bug which has
+any entries in the CC field of the bug. Note that, like most other tables in
+Bugzilla, it does not refer to users by their user names, but by their unique
+userid, stored as a primary key in the profiles table.
+
+components: This stores the programs and components (or products and
+components, in newer Bugzilla parlance) for Bugzilla. Curiously, the "program"
+(product) field is the full name of the product, rather than some other unique
+identifier, like bug_id and user_id are elsewhere in the database.
+
+dependencies: Stores data about those cool dependency trees.
+
+fielddefs: A nifty table that defines other tables. For instance, when you
+submit a form that changes the value of "AssignedTo" this table allows
+translation to the actual field name "assigned_to" for entry into MySQL.
+
+groups: defines bitmasks for groups. A bitmask is a number that can uniquely
+identify group memberships. For instance, say the group that is allowed to
+tweak parameters is assigned a value of "1", the group that is allowed to edit
+users is assigned a "2", and the group that is allowed to create new groups is
+assigned the bitmask of "4". By uniquely combining the group bitmasks (much
+like the chmod command in UNIX,) you can identify a user is allowed to tweak
+parameters and create groups, but not edit users, by giving him a bitmask of
+"5", or a user allowed to edit users and create groups, but not tweak
+parameters, by giving him a bitmask of "6" Simple, huh?
+ If this makes no sense to you, try this at the mysql prompt:
+mysql> select * from groups;
+ You'll see the list, it makes much more sense that way.
+
+keyworddefs: Definitions of keywords to be used
+
+keywords: Unlike what you'd think, this table holds which keywords are
+associated with which bug id's.
+
+logincookies: This stores every login cookie ever assigned to you for every
+machine you've ever logged into Bugzilla from. Curiously, it never does any
+housecleaning -- I see cookies in this file I've not used for months. However,
+since Bugzilla never expires your cookie (for convenience' sake), it makes
+sense.
+
+longdescs: The meat of bugzilla -- here is where all user comments are stored!
+You've only got 2^24 bytes per comment (it's a mediumtext field), so speak
+sparingly -- that's only the amount of space the Old Testament from the Bible
+would take (uncompressed, 16 megabytes). Each comment is keyed to the
+bug_id to which it's attached, so the order is necessarily chronological, for
+comments are played back in the order in which they are received.
+
+milestones: Interesting that milestones are associated with a specific product
+in this table, but Bugzilla does not yet support differing milestones by
+product through the standard configuration interfaces.
+
+namedqueries: This is where everybody stores their "custom queries". Very
+cool feature; it beats the tar out of having to bookmark each cool query you
+construct.
+
+products: What products you have, whether new bug entries are allowed for the
+product, what milestone you're working toward on that product, votes, etc. It
+will be nice when the components table supports these same features, so you
+could close a particular component for bug entry without having to close an
+entire product...
+
+profiles: Ahh, so you were wondering where your precious user information was
+stored? Here it is! With the passwords in plain text for all to see! (but
+sshh... don't tell your users!)
+
+profiles_activity: Need to know who did what when to who's profile? This'll
+tell you, it's a pretty complete history.
+
+shadowlog: I could be mistaken here, but I believe this table tells you when
+your shadow database is updated and what commands were used to update it. We
+don't use a shadow database at our site yet, so it's pretty empty for us.
+
+versions: Version information for every product
+
+votes: Who voted for what when
+
+watch: Who (according to userid) is watching who's bugs (according to their
+userid).
+
+
+===
+THE DETAILS
+===
+
+ Ahh, so you're wondering just what to do with the information above? At the
+mysql prompt, you can view any information about the columns in a table with
+this command (where "table" is the name of the table you wish to view):
+
+mysql> show columns from table;
+
+ You can also view all the data in a table with this command:
+
+mysql> select * from table;
+
+ -- note: this is a very bad idea to do on, for instance, the "bugs" table if
+you have 50,000 bugs. You'll be sitting there a while until you ctrl-c or
+50,000 bugs play across your screen.
+
+ You can limit the display from above a little with the command, where
+"column" is the name of the column for which you wish to restrict information:
+
+mysql> select * from table where (column = "some info");
+
+ -- or the reverse of this
+
+mysql> select * from table where (column != "some info");
+
+ Let's take our example from the introduction, and assume you need to change
+the word "verified" to "approved" in the resolution field. We know from the
+above information that the resolution is likely to be stored in the "bugs"
+table. Note we'll need to change a little perl code as well as this database
+change, but I won't plunge into that in this document. Let's verify the
+information is stored in the "bugs" table:
+
+mysql> show columns from bugs
+
+ (exceedingly long output truncated here)
+| bug_status| enum('UNCONFIRMED','NEW','ASSIGNED','REOPENED','RESOLVED','VERIFIED','CLOSED')||MUL | UNCONFIRMED||
+
+ Sorry about that long line. We see from this that the "bug status" column is
+an "enum field", which is a MySQL peculiarity where a string type field can
+only have certain types of entries. While I think this is very cool, it's not
+standard SQL. Anyway, we need to add the possible enum field entry
+'APPROVED' by altering the "bugs" table.
+
+mysql> ALTER table bugs CHANGE bug_status bug_status
+ -> enum("UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED", "RESOLVED",
+ -> "VERIFIED", "APPROVED", "CLOSED") not null;
+
+ (note we can take three lines or more -- whatever you put in before the
+semicolon is evaluated as a single expression)
+
+Now if you do this:
+
+mysql> show columns from bugs;
+
+ you'll see that the bug_status field has an extra "APPROVED" enum that's
+available! Cool thing, too, is that this is reflected on your query page as
+well -- you can query by the new status. But how's it fit into the existing
+scheme of things?
+ Looks like you need to go back and look for instances of the word "verified"
+in the perl code for Bugzilla -- wherever you find "verified", change it to
+"approved" and you're in business (make sure that's a case-insensitive search).
+Although you can query by the enum field, you can't give something a status
+of "APPROVED" until you make the perl changes. Note that this change I
+mentioned can also be done by editing checksetup.pl, which automates a lot of
+this. But you need to know this stuff anyway, right?
+
+ I hope this database tutorial has been useful for you. If you have comments
+to add, questions, concerns, etc. please direct them to
+mbarnson@excitehome.net. Please direct flames to /dev/null :) Have a nice
+day!
+
+
+
+===
+LINKS
+===
+
+Great MySQL tutorial site:
+http://www.devshed.com/Server_Side/MySQL/
+
+