DROPBOX EX. 1004
`
`DROPBOX EX. 1004
`
`
`
`

`
`CVS Client(cid:2)Server
`
`This document describes the client(cid:2)server protocol used by CVS(cid:3) It does not describe
`how to use or administer client(cid:2)server CVS(cid:4) see the regular CVS manual for that(cid:3) This is
`version (cid:3) (cid:3) of the protocol speci(cid:8)cation(cid:9)See Chapter (cid:10)Introduction(cid:11)(cid:12) page (cid:12) for more
`on what this version number means(cid:3)
`
`Dropbox Ex. 1004
`Page 1
`
`

`
` Introduction
`
`CVS is a version control system (cid:14)with some additional con(cid:8)guration management func(cid:15)
`tionality(cid:16)(cid:3) It maintains a central repository which stores (cid:8)les (cid:14)often source code(cid:16)(cid:12) including
`past versions(cid:12) information about who modi(cid:8)ed them and when(cid:12) and so on(cid:3) People who
`wish to look at or modify those (cid:8)les(cid:12) known as developers(cid:12) use CVS to check outa working
`directory from the repository(cid:12) toc heck in new versions of (cid:8)les to the repository(cid:12) and other
`operations such as viewing the modi(cid:8)cation history of a (cid:8)le(cid:3) If developers are connected to
`the repository by a network(cid:12) particularly a slow or (cid:17)aky one(cid:12) the most e(cid:18)cient way to use
`the network is with the CVS(cid:15)speci(cid:8)c protocol described in this document(cid:3)
`Developers(cid:12) using the machine on which they store their working directory(cid:12) run the CVS
`client program(cid:3) To perform operations which cannot be done locally(cid:12) it connects to the CVS
`server program(cid:12) which maintains the repository(cid:3) For more information on how to connect
`see Chapter (cid:10)Connection and Authentication(cid:11)(cid:12) page (cid:3)
`This document describes the CVS protocol(cid:3) Unfortunately(cid:12) it does not yet completely
`document one aspect of the protocol(cid:9)the detailed operation of each CVS command and
`option(cid:9)and one must look at the CVS user documentation(cid:12) (cid:20)cvs(cid:2)texinfo(cid:21)(cid:12) for that infor(cid:15)
`mation(cid:3) The protocol is non(cid:15)proprietary (cid:14)anyone who wants to is encouraged to implement
`it(cid:16) and an implementation(cid:12) known as CVS(cid:12) is available under the GNU Public License(cid:3)
`The CVS distribution(cid:12) containing this implementation(cid:12) (cid:20)cvs(cid:2)texinfo(cid:21)(cid:12) and a copy (cid:14)possibly
`more or less up to date than what you are reading now(cid:16) of this document(cid:12) (cid:20)cvsclient(cid:2)texi(cid:21)(cid:12)
`can be found at the usual GNU FTP sites(cid:12) with a (cid:8)lename such as (cid:20)cvs(cid:3)version(cid:2)tar(cid:2)gz(cid:21)(cid:3)
`This is version (cid:3) (cid:3) of the protocol speci(cid:8)cation(cid:3) This version number is intended only
`to aid in distinguishing di(cid:22)erent versions of this speci(cid:8)cation(cid:3) Although the speci(cid:8)cation
`is currently maintained in conjunction with the CVS implementation(cid:12) and carries the same
`version number(cid:12) it also intends to document what is involved with interoperating with other
`implementations (cid:14)such as other versions of CVS(cid:16)(cid:4) see Section (cid:3)  (cid:10)Requirements(cid:11)(cid:12) page (cid:3)
`This version number should not be used by clients or servers to determine what variant of
`the protocol to speak(cid:4) they should instead use the valid(cid:3)requests and Valid(cid:3)responses
`mechanism (cid:14)see Chapter  (cid:10)Protocol(cid:11)(cid:12) page (cid:16)(cid:12) which is more (cid:17)exible(cid:3)
`
`Dropbox Ex. 1004
`Page 2
`
`

`
` Goals
`
`(cid:0) Do not assume any access to the repository other than via this protocol(cid:3) It does not
`depend on NFS(cid:12) rdist(cid:12) etc(cid:3)
`(cid:0) Providing a reliable transport is outside this protocol(cid:3) The protocol expects a reliable
`transport that is transparent (cid:14)that is(cid:12) there is no translation of characters(cid:12) including
`characters such as such as linefeeds or carriage returns(cid:16)(cid:12) and can transmit all  octets
`(cid:14)for example for proper handling of binary (cid:8)les(cid:12) compression(cid:12) and encryption(cid:16)(cid:3) The
`encoding of characters speci(cid:8)ed by the protocol (cid:14)the names of requests and so on(cid:16) is
`the invariant ISO  character set (cid:14)a subset of most popular character sets including
`ASCII and others(cid:16)(cid:3) For more details on running the protocol over the TCP reliable
`transport(cid:12) see Chapter (cid:10)Connection and Authentication(cid:11)(cid:12) page (cid:3)
`(cid:0) Security and authentication are handled outside this protocol (cid:14)but see below about
`(cid:20)cvs kserver(cid:21) and (cid:20)cvs pserver(cid:21)(cid:16)(cid:3)
`(cid:0) The protocol makes it possible for updates to be atomic with respect to checkins(cid:4) that
`is if someone commits changes to several (cid:8)les in one cvs command(cid:12) then an update by
`someone else would either get all the changes(cid:12) or none of them(cid:3) The current cvs server
`can(cid:21)t do this(cid:12) but that isn(cid:21)t the protocol(cid:21)s fault(cid:3)
`(cid:0) The protocol is(cid:12) with a few exceptions(cid:12) transaction(cid:15)based(cid:3) That is(cid:12) the client sends all
`its requests (cid:14)without waiting for server responses(cid:16)(cid:12) and then waits for the server to send
`back all responses (cid:14)without waiting for further client requests(cid:16)(cid:3) This has the advantage
`of minimizing network turnarounds and the disadvantage of sometimes transferring
`more data than would be necessary if there were a richer interaction(cid:3) Another(cid:12) more
`subtle(cid:12) advantage is that there is no need for the protocol to provide locking for features
`such as making checkins atomic with respect to updates(cid:3) Any such locking can be
`handled entirely by the server(cid:3) A good server implementation (cid:14)such as the current
`cvs server(cid:16) will make sure that it does not have any such locks in place whenever it is
`waiting for communication with the client(cid:4) this prevents one client on a slow or (cid:17)aky
`network from interfering with the work of others(cid:3)
`(cid:0) It is a general design goal to provide only one way to do a given operation (cid:14)where
`possible(cid:16)(cid:3) For example(cid:12) implementations have no choice about whether to terminate
`lines with linefeeds or some other character(cid:14)s(cid:16)(cid:12) and request and response names are
`case(cid:15)sensitive(cid:3) This is to enhance interoperability(cid:3) If a protocol allows more than one
`way to do something(cid:12) it is all too easy for some implementations to support only some
`of them (cid:14)perhaps accidentally(cid:16)(cid:3)
`
`Dropbox Ex. 1004
`Page 3
`
`

`
` How to Connect to and Authenticate Oneself to
`the CVS server
`
`Connection and authentication occurs before the CVS protocol itself is started(cid:3) There
`are several ways to connect(cid:3)
`
`server
`
`kserver
`
`pserver
`
`If the client has a way to execute commands on the server(cid:12) and provide input
`to the commands and output from them(cid:12) then it can connect that way(cid:3) This
`could be the usual rsh (cid:14)port  (cid:16) protocol(cid:12) Kerberos rsh(cid:12) SSH(cid:12) or any similar
`mechanism(cid:3) The client may allow the user to specify the name of the server
`program(cid:4) the default is cvs(cid:3) It is invoked with one argument(cid:12) server(cid:3) Once it
`invokes the server(cid:12) the client proceeds to start the cvs protocol(cid:3)
`
`The kerberized server listens on a port (cid:14)in the current implementation(cid:12) by
`having inetd call (cid:4)cvs kserver(cid:4)(cid:16) which defaults to (cid:3) The client connects(cid:12)
`sends the usual kerberos authentication information(cid:12) and then starts the cvs
`protocol(cid:3) Note(cid:27) port is o(cid:18)cially registered for another use(cid:12) and in any
`event one cannot register more than one port for CVS(cid:12) so GSS(cid:15)API (cid:14)see below(cid:16)
`is recommended instead of kserver as a way to support kerberos(cid:3)
`
`The name pserver is somewhat confusing(cid:3) It refers to both a generic framework
`which allows the CVS protocol to support several authentication mechanisms(cid:12)
`and a name for a speci(cid:8)c mechanism which transfers a username and a clear(cid:15)
`text password(cid:3) Servers need not support all mechanisms(cid:12) and in fact servers
`will typically want to support only those mechanisms which meet the relevant
`security needs(cid:3)
`The pserver server listens on a port (cid:14)in the current implementation(cid:12) by having
`inetd call (cid:4)cvs pserver(cid:4)(cid:16) which defaults to  (cid:14)this port is o(cid:18)cially registered(cid:16)(cid:3)
`The client connects(cid:12) and sends the following(cid:27)
`(cid:0) the string (cid:20)BEGIN AUTH REQUEST(cid:21)(cid:12) a linefeed(cid:12)
`(cid:0) the cvs root(cid:12) a linefeed(cid:12)
`(cid:0) the username(cid:12) a linefeed(cid:12)
`(cid:0) the password trivially encoded (cid:14)see Chapter  (cid:10)Password scrambling(cid:11)(cid:12)
`page (cid:16)(cid:12) a linefeed(cid:12)
`(cid:0) the string (cid:20)END AUTH REQUEST(cid:21)(cid:12) and a linefeed(cid:3)
`
`The client must send the identical string for cvs root both here and later in
`the Root request of the cvs protocol itself(cid:3) Servers are encouraged to enforce
`this restriction(cid:3) The possible server responses (cid:14)each of which is followed by
`a linefeed(cid:16) are the following(cid:3) Note that although there is a small similarity
`between this authentication protocol and the cvs protocol(cid:12) they are separate(cid:3)
`
`I LOVE YOU
`
`I HATE YOU
`
`The authentication is successful(cid:3) The client proceeds with the cvs
`protocol itself(cid:3)
`
`The authentication fails(cid:3) After sending this response(cid:12) the server
`may close the connection(cid:3) It is up to the server to decide whether
`
`Dropbox Ex. 1004
`Page 4
`
`

`
`E text
`
`to give this response(cid:12) which is generic(cid:12) or a more speci(cid:8)c response
`using (cid:20)E(cid:21) and(cid:2)or (cid:20)error(cid:21)(cid:3)
`
`Provide a message for the user(cid:3) After this reponse(cid:12) the authentica(cid:15)
`tion protocol continues with another response(cid:3) Typically the server
`will provide a series of (cid:20)E(cid:21) responses followed by (cid:20)error(cid:21)(cid:3) Compat(cid:15)
`ibility note(cid:27) cvs (cid:3) (cid:3) and older clients will print unrecognized
`auth response and text(cid:12) and then exit(cid:12) upon receiving this re(cid:15)
`sponse(cid:3)
`
`error code text
`The authentication fails(cid:3) After sending this response(cid:12) the server
`may close the connection(cid:3) The code is a code describing why it
`failed(cid:12) intended for computer consumption(cid:3) The only code currently
`de(cid:8)ned is (cid:20)(cid:21) which is nonspeci(cid:8)c(cid:12) but clients must silently treat any
`unrecognized codes as nonspeci(cid:8)c(cid:3) The text should be supplied to
`the user(cid:3) Compatibility note(cid:27) cvs (cid:3) (cid:3) and older clients will
`print unrecognized auth response and text(cid:12) and then exit(cid:12) upon
`receiving this response(cid:3)
`
`If the client wishes to merely authenticate without starting the cvs protocol(cid:12)
`the procedure is the same(cid:12) except BEGIN AUTH REQUEST is replaced with
`BEGIN VERIFICATION REQUEST(cid:12) END AUTH REQUEST is replaced with
`END VERIFICATION REQUEST(cid:12) and upon receipt of I LOVE YOU the con(cid:15)
`nection is closed rather than continuing(cid:3)
`Another mechanism is GSSAPI authentication(cid:3) GSSAPI is a generic interface
`to security services such as kerberos(cid:3) GSSAPI is speci(cid:8)ed in RFC (cid:14)GSSAPI
`version (cid:16) and RFC  (cid:14)GSSAPI version (cid:16)(cid:4) we are not aware of di(cid:22)erences
`between the two which a(cid:22)ect the protocol in incompatible ways(cid:12) so we make
`no attempt to specify one version or the other(cid:3) The procedure here is to start
`with (cid:20)BEGIN GSSAPI REQUEST(cid:21)(cid:3) GSSAPI authentication information is then ex(cid:15)
`changed between the client and the server(cid:3) Each packet of information consists
`of a two byte big endian length(cid:12) followed by that many bytes of data(cid:3) After
`the GSSAPI authentication is complete(cid:12) the server continues with the responses
`described above (cid:14)(cid:20)I LOVE YOU(cid:21)(cid:12) etc(cid:3)(cid:16)(cid:3)
`
`future possibilities
`There are a nearly unlimited number of ways to connect and authenticate(cid:3) One
`might want to allow access based on IP address (cid:14)similar to the usual rsh protocol
`but with di(cid:22)erent(cid:2)no restrictions on ports (cid:6) (cid:16)(cid:12) to adopt mechanisms such
`as Pluggable Authentication Modules (cid:14)PAM(cid:16)(cid:12) to allow users to run their own
`servers under their own usernames without root access(cid:12) or any number of other
`possibilities(cid:3) The way to add future mechanisms(cid:12) for the most part(cid:12) should be
`to continue to use port  (cid:12) but to use di(cid:22)erent strings in place of (cid:20)BEGIN AUTH
`REQUEST(cid:21)(cid:3)
`
`Dropbox Ex. 1004
`Page 5
`
`

`
` Password scrambling algorithm
`
`The pserver authentication protocol(cid:12) as described in Chapter (cid:10)Connection and Au(cid:15)
`thentication(cid:11)(cid:12) page (cid:12) trivially encodes the passwords(cid:3) This is only to prevent inadvertent
`compromise(cid:4) it provides no protection against even a relatively unsophisticated attacker(cid:3)
`For comparison(cid:12) HTTP Basic Authentication (cid:14)as described in RFC(cid:16) uses BASE for
`a similar purpose(cid:3) CVS uses its own algorithm(cid:12) described here(cid:3)
`The scrambled password starts with (cid:20)A(cid:21)(cid:12) which serves to identify the scrambling algorithm
`in use(cid:3) After that follows a single octet for each character in the password(cid:12) according to a
`(cid:8)xed encoding(cid:3) The values are shown here(cid:12) with the encoded values in decimal(cid:3) Control
`characters(cid:12) space(cid:12) and characters outside the invariant ISO  character set are not shown(cid:4)
`such characters are not recommended for use in passwords(cid:3) There is a long discussion of
`character set issues in Chapter  (cid:10)Protocol Notes(cid:11)(cid:12) page (cid:3)
`
`P 
`p 
` 
`Q 
`q
` 
`R
`
`r 
`
`S
`
`s
` 
`T 
`t 
` 
`U 
`u 
` 
`V
`
`v 
` 
`W
`
`w 
` 
`X
` 
`x
` 
`Y
`
`y 
`(cid:23) 
`Z 
`z 
`(cid:25) 
`(cid:6) 
`(cid:27)
`(cid:28) 
`(cid:30) 
`
`a 
`b 
`c 
`d
`e
`f 
`g 
`h
`i 
`j 
`k
`l
`m 
`n 
`o 
`
`(cid:11) 
`(cid:4) 
`
`(cid:17)
`(cid:18) 
`(cid:19) 
`(cid:20) 
`(cid:21) 
`(cid:22) 
`(cid:24) 
`(cid:26) 
`(cid:3) 
`(cid:2) 
`(cid:29) 
`
`A 
`B 
`C 
`D 
`E 
`F 
`G 
`H 
`I
`J 
`K 
`L 
`M 
`N
`O 
`
`(cid:31)
`
`
`
`Dropbox Ex. 1004
`Page 6
`
`

`
` The CVS client(cid:2)server protocol
`
`In the following(cid:12) (cid:20) n(cid:21) refers to a linefeed and (cid:20) t(cid:21) refers to a horizontal tab(cid:4) requests are
`what the client sends and responses are what the server sends(cid:3) In general(cid:12) the connection is
`governed by the client(cid:9)the server does not send responses without (cid:8)rst receiving requests
`to do so(cid:4) see Section (cid:3) (cid:10)Response intro(cid:11)(cid:12) page  for more details of this convention(cid:3)
`It is typical(cid:12) early in the connection(cid:12) for the client to transmit a Valid(cid:3)responses
`request(cid:12) containing all the responses it supports(cid:12) followed by a valid(cid:3)requests request(cid:12)
`which elicits from the server a Valid(cid:3)requests response containing all the requests it
`understands(cid:3) In this way(cid:12) the client and server each (cid:8)nd out what the other supports before
`exchanging large amounts of data (cid:14)such as (cid:8)le contents(cid:16)(cid:3)
`
`(cid:2) Entries Lines
`
`Entries lines are transmitted as(cid:27)
`(cid:29) name (cid:29) version (cid:29) con(cid:2)ict (cid:29) options (cid:29) tag or date
`tag or date is either (cid:20)T(cid:21) tag or (cid:20)D(cid:21) date or empty(cid:3) If it is followed by a slash(cid:12) anything
`after the slash shall be silently ignored(cid:3)
`version can be empty(cid:12) or start with (cid:20)(cid:21) or (cid:20)(cid:3)(cid:21)(cid:12) for no user (cid:8)le(cid:12) new user (cid:8)le(cid:12) or user (cid:8)le
`to be removed(cid:12) respectively(cid:3)
`con(cid:2)ict(cid:12) if it starts with (cid:20)(cid:24)(cid:21)(cid:12) indicates that the (cid:8)le had con(cid:17)icts in it(cid:3) The rest of con(cid:2)ict
`is (cid:20)(cid:27)(cid:21) if the timestamp matches the (cid:8)le(cid:12) or anything else if it doesn(cid:21)t(cid:3) If con(cid:2)ict does not
`start with a (cid:20)(cid:24)(cid:21)(cid:12) it is silently ignored(cid:3)
`options signi(cid:8)es the keyword expansion options (cid:14)for example (cid:20)(cid:3)ko(cid:21)(cid:16)(cid:3) In an Entry request(cid:12)
`this indicates the options that were speci(cid:8)ed with the (cid:8)le from the previous (cid:8)le updating
`response (cid:14)see Section (cid:3) (cid:10)Response intro(cid:11)(cid:12) page  (cid:12) for a list of (cid:8)le updating responses(cid:16)(cid:4) if
`the client is specifying the (cid:20)(cid:3)k(cid:21) or (cid:20)(cid:3)A(cid:21) option to update(cid:12) then it is the server which (cid:8)gures
`out what overrides what(cid:3)
`
`(cid:2) File Modes
`
`A mode is any number of repetitions of
`mode(cid:3)type (cid:27) data
`separated by (cid:20)(cid:26)(cid:21)(cid:3)
`mode(cid:3)type is an identi(cid:8)er composed of alphanumeric characters(cid:3) Currently speci(cid:8)ed(cid:27) (cid:20)u(cid:21)
`for user(cid:12) (cid:20)g(cid:21) for group(cid:12) (cid:20)o(cid:21) for other (cid:14)see below for discussion of whether these have their
`POSIX meaning or are more loose(cid:16)(cid:3) Unrecognized values of mode(cid:3)type are silently ignored(cid:3)
`data consists of any data not containing (cid:20)(cid:26)(cid:21)(cid:12) (cid:20) (cid:21) or (cid:20) n(cid:21)(cid:3) For (cid:20)u(cid:21)(cid:12) (cid:20)g(cid:21)(cid:12) and (cid:20)o(cid:21) mode types(cid:12)
`data consists of alphanumeric characters(cid:12) where (cid:20)r(cid:21) means read(cid:12) (cid:20)w(cid:21) means write(cid:12) (cid:20)x(cid:21) means
`execute(cid:12) and unrecognized letters are silently ignored(cid:3)
`The two most obvious ways in which the mode matters are(cid:27) (cid:14) (cid:16) is it writeable(cid:29) This
`is used by the developer communication features(cid:12) and is implemented even on OS(cid:2) (cid:14)and
`could be implemented on DOS(cid:16)(cid:12) whose notion of mode is limited to a readonly bit(cid:3) (cid:14)(cid:16) is it
`executable(cid:29) Unix CVS users need CVS to store this setting (cid:14)for shell scripts and the like(cid:16)(cid:3)
`
`Dropbox Ex. 1004
`Page 7
`
`

`
`The current CVS implementation on unix does a little bit more than just maintain these
`two settings(cid:12) but it doesn(cid:21)t really have a nice general facility to store or version control the
`mode(cid:12) even on unix(cid:12) much less across operating systems with diverse protection features(cid:3) So
`all the ins and outs of what the mode means across operating systems haven(cid:21)t really been
`worked out (cid:14)e(cid:3)g(cid:3) should the VMS port use ACLs to get POSIX semantics for groups(cid:29)(cid:16)(cid:3)
`
`(cid:2) Conventions regarding transmission of (cid:6)le names
`
`In most contexts(cid:12) (cid:20)(cid:29)(cid:21) is used to separate directory and (cid:8)le names in (cid:8)lenames(cid:12) and any
`use of other conventions (cid:14)for example(cid:12) that the user might type on the command line(cid:16) is
`converted to that form(cid:3) The only exceptions might be a few cases in which the server
`provides a magic cookie which the client then repeats verbatim(cid:12) but as the server has not
`yet been ported beyond unix(cid:12) the two rules provide the same answer (cid:14)and what to do if
`future server ports are operating on a repository like e(cid:27)(cid:2)foo or CVS ROOT(cid:27)(cid:10)FOO(cid:3)BAR(cid:11) has
`not been carefully thought out(cid:16)(cid:3)
`
`Characters outside the invariant ISO  character set should be avoided in (cid:8)lenames(cid:3)
`This restriction may need to be relaxed to allow for characters such as (cid:20)!(cid:21) and (cid:20)"(cid:21) (cid:14)see above
`about non(cid:15)unix servers(cid:16)(cid:4) this has not been carefully considered (cid:14)and currently implementa(cid:15)
`tions probably use whatever character sets that the operating systems they are running on
`allow(cid:12) and(cid:2)or that users specify(cid:16)(cid:3) Of course the most portable practice is to restrict oneself
`further(cid:12) to the POSIX portable (cid:8)lename character set as speci(cid:8)ed in POSIX(cid:3) (cid:3)
`
`(cid:2) File transmissions
`
`File contents (cid:14)noted below as (cid:4)le transmission(cid:16) can be sent in one of two forms(cid:3) The
`simpler form is a number of bytes(cid:12) followed by a linefeed(cid:12) followed by the speci(cid:8)ed number
`of bytes of (cid:8)le contents(cid:3) These are the entire contents of the speci(cid:8)ed (cid:8)le(cid:3) Second(cid:12) if both
`client and server support (cid:20)gzip(cid:3)file(cid:3)contents(cid:21)(cid:12) a (cid:20)z(cid:21) may precede the length(cid:12) and the
`(cid:20)(cid:8)le contents(cid:21) sent are actually compressed with (cid:20)gzip(cid:21) (cid:14)RFC (cid:2)  (cid:16) compression(cid:3) The
`length speci(cid:8)ed is that of the compressed version of the (cid:8)le(cid:3)
`
`In neither case are the (cid:8)le content followed by any additional data(cid:3) The transmission of
`a (cid:8)le will end with a linefeed i(cid:22) that (cid:8)le (cid:14)or its compressed form(cid:16) ends with a linefeed(cid:3)
`
`The encoding of (cid:8)le contents depends on the value for the (cid:20)(cid:3)k(cid:21) option(cid:3) If the (cid:8)le is binary
`(cid:14)as speci(cid:8)ed by the (cid:20)(cid:3)kb(cid:21) option in the appropriate place(cid:16)(cid:12) then it is just a certain number
`of octets(cid:12) and the protocol contributes nothing towards determining the encoding (cid:14)using
`the (cid:8)le name is one widespread(cid:12) if not universally popular(cid:12) mechanism(cid:16)(cid:3) If the (cid:8)le is text
`(cid:14)not binary(cid:16)(cid:12) then the (cid:8)le is sent as a series of lines(cid:12) separated by linefeeds(cid:3) If the keyword
`expansion is set to something other than (cid:20)(cid:3)ko(cid:21)(cid:12) then it is expected that the (cid:8)le conform to
`the RCS expectations regarding keyword expansion(cid:9)in particular(cid:12) that it is in a character
`set such as ASCII in which x is a dollar sign (cid:14)(cid:20)#(cid:21)(cid:16)(cid:3)
`
`(cid:2) Strings
`
`In various contexts(cid:12) for example the Argument request and the M response(cid:12) one transmits
`what is essentially an arbitrary string(cid:3) Often this will have been supplied by the user (cid:14)for
`
`Dropbox Ex. 1004
`Page 8
`
`

`
`example(cid:12) the (cid:20)(cid:3)m(cid:21) option to theci request(cid:16)(cid:3) The protocol has no mechanism to specify the
`character set of such strings(cid:4) it would be fairly safe to stick to the invariant ISO  character
`set but the existing practice is probably to just transmit whatever the user speci(cid:8)es(cid:12) and
`hope that everyone involved agrees which character set is in use(cid:12) or sticks to a common
`subset(cid:3)
`
`(cid:2) Dates
`
`The protocol contains times and dates in various places(cid:3)
`
`For the (cid:20)(cid:3)D(cid:21) option to the annotate(cid:12) co(cid:12) diff(cid:12) export(cid:12) history(cid:12) rdiff(cid:12) rtag(cid:12) tag(cid:12) and
`update requests(cid:12) the server should support two formats(cid:27)
` May  (cid:23) (cid:23) GMT (cid:25) RFC  as modi(cid:8)ed by RFC 
`(cid:25) traditional
`(cid:29)(cid:29)  (cid:23) (cid:23) GMT
`
`The former format is preferred(cid:4) the latter however is sent by the CVS command line
`client (cid:14)versions (cid:3) through at least (cid:3) (cid:16)(cid:3)
`
`For the (cid:20)(cid:3)d(cid:21) option to the log request(cid:12) servers should at least support RFC (cid:2) 
`format(cid:3) Clients are encouraged to use this format too (cid:14)traditionally the command line CVS
`client has just passed along the date format speci(cid:8)ed by the user(cid:12) however(cid:16)(cid:3)
`
`For Mod(cid:3)time(cid:12) see the description of that response(cid:3)
`
`For Notify(cid:12) see the description of that request(cid:3)
`
`(cid:2) Request intro
`
`By convention(cid:12) requests which begin with a capital letter do not elicit a response from
`the server(cid:12) while all others do (cid:30) save one(cid:3) The exception is (cid:20)gzip(cid:3)file(cid:3)contents(cid:21)(cid:3) Unrec(cid:15)
`ognized requests will always elicit a response from the server(cid:12) even if that request begins
`with a capital letter(cid:3)
`
`(cid:2) Requests
`
`Here are the requests(cid:27)
`
`Root pathname n
`Response expected(cid:27) no(cid:3) Tell the server which CVSROOT to use(cid:3) Note that path(cid:3)
`name is a local directory and not a fully quali(cid:8)ed CVSROOT variable(cid:3) pathname
`must already exist(cid:4) if creating a new root(cid:12) use the init request(cid:12) not Root(cid:3) path(cid:3)
`name does not include the hostname of the server(cid:12) how to access the server(cid:12)
`etc(cid:3)(cid:4) by the time the CVS protocol is in use(cid:12) connection(cid:12) authentication(cid:12) etc(cid:3)(cid:12)
`are already taken care of(cid:3)
`The Root request must be sent only once(cid:12) and it must be sent before any requests
`other than Valid(cid:3)responses(cid:12) valid(cid:3)requests(cid:12) UseUnchanged(cid:12) or init(cid:3)
`
`Valid(cid:3)responses request(cid:3)list n
`Response expected(cid:27) no(cid:3) Tell the server what responses the client will accept(cid:3)
`request(cid:15)list is a space separated list of tokens(cid:3)
`
`Dropbox Ex. 1004
`Page 9
`
`

`
`valid(cid:3)requests n
`Response expected(cid:27) yes(cid:3) Ask the server to send back a Valid(cid:3)requests re(cid:15)
`sponse(cid:3)
`
`Directory local(cid:3)directory n
`Additional data(cid:27) repository n(cid:3) Response expected(cid:27) no(cid:3) Tell the server what
`directory to use(cid:3) The repository should be a directory name from a previous
`server response(cid:3) Note that this both gives a default for Entry and Modified
`and also for ci and the other commands(cid:4) normal usage is to send Directory
`for each directory in which there will be an Entry or Modified(cid:12) and then a (cid:8)nal
`Directory for the original directory(cid:12) then the command(cid:3) The local(cid:3)directory
`is relative to the top level at which the command is occurring (cid:14)i(cid:3)e(cid:3) the last
`Directory which is sent before the command(cid:16)(cid:4) to indicate that top level(cid:12) (cid:20)(cid:2)(cid:21)
`should be sent for local(cid:3)directory(cid:3)
`Here is an example of where a client gets repository and local(cid:3)directory(cid:3) Sup(cid:15)
`pose that there is a module de(cid:8)ned by
`moddir dir
`That is(cid:12) one can check out moddir and it will take dir in the repository and
`check it out to moddir in the working directory(cid:3) Then an initial check out could
`proceed like this(cid:27)
`C(cid:23) Root (cid:29)home(cid:29)kingdon(cid:29)zwork(cid:29)cvsroot
`(cid:2) (cid:2) (cid:2)
`C(cid:23) Argument moddir
`C(cid:23) Directory (cid:2)
`C(cid:23) (cid:29)home(cid:29)kingdon(cid:29)zwork(cid:29)cvsroot
`C(cid:23) co
`S(cid:23) Clear(cid:3)sticky moddir(cid:29)
`S(cid:23) (cid:29)home(cid:29)kingdon(cid:29)zwork(cid:29)cvsroot(cid:29) dir(cid:29)
`(cid:2) (cid:2) (cid:2)
`S(cid:23) ok
`In this example the response shown is Clear(cid:3)sticky(cid:12) but it could be another
`response instead(cid:3) Note that it returns two pathnames(cid:3) The (cid:8)rst one(cid:12) (cid:20)moddir(cid:29)(cid:21)(cid:12)
`indicates the working directory to check out into(cid:3) The second one(cid:12) ending in
`(cid:20) dir(cid:29)(cid:21)(cid:12) indicates the directory to pass back to the server in a subsequent
`Directory request(cid:3) For example(cid:12) a subsequent update request might look like(cid:27)
`C(cid:23) Directory moddir
`C(cid:23) (cid:29)home(cid:29)kingdon(cid:29)zwork(cid:29)cvsroot(cid:29) dir
`(cid:2) (cid:2) (cid:2)
`C(cid:23) update
`For a given local(cid:3)directory(cid:12) the repository will be the same for each of the
`responses(cid:12) so one can use the repository from whichever response is most con(cid:15)
`venient(cid:3) Typically a client will store the repository along with the sources for
`each local(cid:3)directory(cid:12) use that same setting whenever operating on that local(cid:3)
`directory(cid:12) and not update the setting as long as the local(cid:3)directory exists(cid:3)
`A client is free to rename a local(cid:3)directory at any time (cid:14)for example(cid:12) in response
`to an explicit user request(cid:16)(cid:3) While it is true that the server supplies a local(cid:3)
`
`Dropbox Ex. 1004
`Page 10
`
`

`
`directory to the client(cid:12) as noted above(cid:12) this is only the default place to put the
`directory(cid:3) Of course(cid:12) the various Directory requests for a single command (cid:14)for
`example(cid:12) update or ci request(cid:16) should name a particular directory with the
`same local(cid:3)directory(cid:3)
`Each Directory request speci(cid:8)es a brand(cid:15)new local(cid:3)directory and repository(cid:4)
`that is(cid:12) local(cid:3)directory and repository are never relative to paths speci(cid:8)ed in
`any previous Directory request(cid:3)
`Here(cid:21)s a more complex example(cid:12) in which we request an update of a working
`directory which has been checked out from multiple places in the repository(cid:3)
`C(cid:23) Argument dir
`C(cid:23) Directory dir
`C(cid:23) (cid:29)home(cid:29)foo(cid:29)repos(cid:29)mod
`(cid:2) (cid:2) (cid:2)
`C(cid:23) Argument dir
`C(cid:23) Directory dir
`C(cid:23) (cid:29)home(cid:29)foo(cid:29)repos(cid:29)mod
`(cid:2) (cid:2) (cid:2)
`C(cid:23) Argument dir
`C(cid:23) Directory dir (cid:29)subdir
`C(cid:23) (cid:29)home(cid:29)foo(cid:29)repos(cid:29)mod
`(cid:2) (cid:2) (cid:2)
`C(cid:23) update
`While directories dir and dir will be handled in similar fashion to the other
`examples given above(cid:12) dir is slightly di(cid:22)erent from the server(cid:21)s standpoint(cid:3)
`Notice that module mod is actually checked out into dir (cid:29)subdir (cid:12) meaning
`that directory dir is either empty or does not contain data checked out from
`this repository(cid:3)
`The above example will work correctly in cvs (cid:3) (cid:3) and later(cid:3) The server will
`descend the tree starting from all directories mentioned in Argument requests
`and update those directories speci(cid:8)cally mentioned in Directory requests(cid:3)
`Previous versions of cvs (cid:14) (cid:3) and earlier(cid:16) do not behave the same way(cid:3) While
`the descent of the tree begins at all directories mentioned in Argument requests(cid:12)
`descent into subdirectories only occurs if a directory has been mentioned in a
`Directory request(cid:3) Therefore(cid:12) the above example would succeed in updating
`dir and dir(cid:12) but would skip dir because that directory was not speci(cid:8)cally
`mentioned in a Directory request(cid:3) A functional version of the above that
`would run on a (cid:3) or earlier server is as follows(cid:27)
`C(cid:23) Argument dir
`C(cid:23) Directory dir
`C(cid:23) (cid:29)home(cid:29)foo(cid:29)repos(cid:29)mod
`(cid:2) (cid:2) (cid:2)
`C(cid:23) Argument dir
`C(cid:23) Directory dir
`C(cid:23) (cid:29)home(cid:29)foo(cid:29)repos(cid:29)mod
`(cid:2) (cid:2) (cid:2)
`C(cid:23) Argument dir
`
`Dropbox Ex. 1004
`Page 11
`
`

`
`C(cid:23) Directory dir
`C(cid:23) (cid:29)home(cid:29)foo(cid:29)repos(cid:29)(cid:2)
`(cid:2) (cid:2) (cid:2)
`C(cid:23) Directory dir (cid:29)subdir
`C(cid:23) (cid:29)home(cid:29)foo(cid:29)repos(cid:29)mod
`(cid:2) (cid:2) (cid:2)
`C(cid:23) update
`Note the extra Directory dir request(cid:3) It might be better to use Emptydir as
`the repository for the dir directory(cid:12) but the above will certainly work(cid:3)
`One more peculiarity of the (cid:3) and earlier protocol
`is the ordering of
`Directory arguments(cid:3) In order for a subdirectory to be registered correctly for
`descent by the recursion processor(cid:12) its parent must be sent (cid:8)rst(cid:3) For example(cid:12)
`the following would not work to update dir (cid:29)subdir (cid:27)
`(cid:2) (cid:2)