We didn't have a bugtracker at work, and since we needed it pretty badly, I volunteered to install bugzilla. After I got the root password, I was able to start the installation.
I downloaded the bugzilla 2.22 which is the latest stable version. And read the QUICKSTART guide. I ran checksetup.pl repeatedly to look for uninstalled CPAN modules, and installed them using Ovid (the CPAN-to-RPM gateway, not Curtis "Ovid" Poe) and rpm. Then I set up a database.
I encountered a problem where Apache just displayed the code of the CGI scripts instead of running them. This was resolved by uncommenting an Apache directive from httpd.conf (it was pointed at the QUICKSTART guide by I assumed it was OK on our server). Then I tried to login with the password of the admin account. It did not work.
I changed the password, it did not work again. So I had to investigate. Turns out that the code for crypting the password is the following:
my @saltchars = (0..9, 'A'..'Z', 'a'..'z', '.', '/');
my $salt = '';
for ( my $i=0 ; $i < 8 ; ++$i ) {
$salt .= $saltchars[rand(64)];
}
my $cryptedpassword = crypt($password, $salt);
Now the rand() call is interesting. If we want it to be determinstic, than either srand() should be called previously or we can assume it will yield the same values on each invocation of Perl.
However, this happens:
$ perl -le 'print int(rand(10))' 8 $ perl -le 'print int(rand(10))' 5
And a grep for srand() on the bugzilla code yielded no result.
I added a call to srand() at the beginning of the module with a number I chose, and then it worked.
I wonder why the call to srand() is absent, and its need is not documented anywhere. There are also other possible problems with the portability of rand() and crypt(). In order to not completely slander bugzilla here, I'd like to add that except for the srand() issue, setting up bugzilla was very straightforward, and starting to administrate the bugs database was also a very pleasant experience. It truly is a fine, powerful and easy to use and setup product.
I recall that in the early DOS and XT-ROM versions of BASIC, the random number generator generated the same numbers on every invocation. Maybe that was also the case for perl5, but it obviously no longer is, so I wonder how come Bugzilla was not adapted yet.
And BTW, in case you're not monitoring Gabor Szabo's journal or the perl-qa mailing, you should check out this entry in his journal about slides for software testing with Perl.
perldoc -f srand says:If srand() is not called explicitly, it is called implicitly at the first use of the "rand" operator. However, this was not the case in versions of Perl before 5.004, so if your script will run under older Perl versions, it should call "srand".
Bugzilla is a hole-ridden hackfest that gives Perl a bad name. Try RT instead; if non-Perl systems aren’t a problem, be sure to check out Trac.