WANdisco

 Subversion MultiSite v3.7 - Pre-deployment Guide

wandisco.com | Home | Pre-deployment | Installation | Upgrade | User Guide | Technical Guide | Glossary
*

Pre-deployment
1 Introduction
1.1 Deployment Overview
1.2 System requirements
1.3 Setting up repositories
1.4 Using two or more repositories
1.4.1 Subversion location directive
1.4.2 About Subversion ParentPath
1.5 Using the Authz Module
1.6 MultiSite and Subversion password files
1.7 Quorum recommendations
1.8 Firewalls and virus scanners
1.9 Deployment checklist
1.10 Creating a new Subversion repository?
1.11 Configuring Apache
1.11.1 Changing Subversion port (Unix)
1.11.2 Sharing Apache, and Using HTTPS
1.11.3 Using HTTP with Apache
1.11.4 Apache and SVNKit
1.11.4.1 SVNKit and Connection Pooling
1.11.4.2 Optimize Your Configuration
1.11.5 Apache 2.2/SVN-DAV (Windows)
2 Installing Java and Perl
2.1 Installing Java
2.2 Installing Perl

Installation
1. Installation overview
2. Starting the installation
2.1 Starting the installation
2.2 Place your license key
3. Run the setup file
4. Complete setup through a browser
5. Login to the admin console
6. Setting up additional nodes
7. Create a replication group
8. Copy the installation files manually
9. Post installation configuration
9.1 Using pre-commit hooks

Upgrade
1. Upgrade using the upgrader script
2. Upgrade using backed-up data
3. Backup your settings
4. Delete directories
5. Extract and run the setup file
6. Browser based setup
7. Import your saved settings

User Guide
1. Procedures
1.1 Disabling Access to Subversions
1.1.1 (selected nodes)
1.1.2 (all nodes)
1.2 Establishing a baseline for replication
1.2.1 Copying the Subversion Database
1.2.2 Synchronizing with an older copy
1.2.3 Copying Over the Network
1.2.4 Sending repositories on disk
1.3 Finding the Last Committed Transaction
1.4 Adding a repository to a replication group
1.5 Removing a Repository from the Replication Group
1.6 Moving a Repository to another replication group
1.7 Adding a Node to the Replication Group
1.8 Removing a Node from the Replication Group
1.9 Creating a New Replication Group
1.9.1 Considerations
1.9.2 Considerations for Majority Quorum
1.9.3 Procedure
1.10 Deleting a Replication Group
1.11 Emergency Reconfiguration of Quorum
1.12 Changing a prefs.xml File
1.12.1 Changing One Node's prefs.xml File
1.12.2 Changing All Nodes' prefs.xml Files
1.13 Performing a Synchronized Stop
1.14 Verifying That the replicator is working
1.15 Installing an updated .jar File
1.16 Changing the Distinguished Node
1.17 Using Subversion triggers for sending e-mails
1.18 Toggling the Quorum Check
1.19 Changing the admin console username
1.20 Changing the admin console password
1.21 Resetting or recovering the admin console password
1.21.1 Restore the admin console password
1.21.2 Reset the admin console password as "wandisco"
1.22 Setting Up Hooks"
1.22.1 Pre-Replication Hook"
1.22.1.1 Configuration
1.22.1.2 Repository-Specific Hooks
1.23 Selective Replication
1.24 Updating Apache or Subversion
1.25 Checking Repository Consistency

2. Replicator Management
2.1 Setting Replicator to Start Up on System Boot
2.2 Setting up the Replicator as a Windows Service
2.3 Changing the Quorum Type
2.4 About Watchdog Mode
2.5 Temporary Files

3. Troubleshooting
3.1 How Do I Get WANdisco Support?
3.1.1 How Do I Run the Talkback Script?
3.2 General Subversion MultiSite
3.2.1 Connection Request Timeout Messages
3.2.2 VPN, NAT, Firewall Timeouts
3.2.3 A node is in read-only mode
3.3 Error messages
3.3.1 Missing License Key file
3.2.1 Connection Request Timeout Messages
3.3.2 I'm getting a severe exception
3.3.3 Compressed Stream Invalid
3.3.4 Java consistency check on relicator restart
3.4 Oops!
3.4.1 I Directly Committed to Subversion, How Do I Rsync?
3.4.2 I Pressed Ctrl-C During a Subversion Command

4. Frequently Asked Questions
4.1 Why Are So Many Java Processes Running?
4.2 Can I Store Logs or Content on NFS?
4.3 Why is Installer Configuring IP Addresses as 0.0.0.0?
4.4 Should I Worry About Time Changes or Time Zones?
4.5 Does WANdisco Support Dynamic DNS?
4.6 Can I Use SSH Tunnel to Navigate a Firewall?
4.7 WANdisco Authentication
4.8 Encryption Around WANdisco Protocol
4.9 How Do I Restrict Direct Access to My Repository?
44.10 About MultiSite log files
4.11 How do I deal with failover agent failure?

5 Guide to the Admin Console
5.1. Security
5.1.1 Create Roles
5.1.2 List Roles
5.2. User Administration
5.2.1 Create User
5.2.2 List Users
5.2.3 Import Users
5.2.4 Change Admin Password
5.3. Group Administration
5.3.1 Create Group
5.3.2 List Groups
5.3.3 Assign Users
5.3.4 Remove Users
5.3.5 Import Groups
5.4. ACL Administration
5.4.1 Create ACLS
5.4.2 List ACLS
5.4.3 ACL Options
5.5. System
  5.5.1 Log Viewer
  5.5.2 System Settings
  5.5.3 Transaction Status
  5.5.4 Log Level
  5.5.5 Free Memory
  5.5.6 Dashboard
  5.5.7 Export Settings
  5.5.8 Import Settings
5.6. Proxy
5.6.1 Proxy Status
5.6.2 Log Viewer
5.6.3 SVN Settings
5.6.4 Email Settings
5.6.5 Change Distinguished Node
5.6.6 Stop Proxy
5.6.7 Shut Down Node
5.6.8 Nodes
5.6.9 Replication Groups
5.6.10 Replication Group History
5.7 Reports
5.7.1 Configure URI
5.7.2 User Group Report
5.7.3 Audit Reports

Technical Guide
1. Introduction
2. MultiSite Overview
3 WANdisco Concepts
3.1 How Replication Works
3.2 Replication Example
3.3 WANdisco is Listening
3.4 Synchronized Stop of all nodes
4. Handling Node and Network Failure
4.1 Node Failure
4.2 Network Failure



1 Introduction

This pre-deployment guide will help you to ensure that your platform is set up for a trouble-free installation of WANdisco MultiSite.

We'll be using terms like "node" and "replication group" without explaining what we mean. Check out the Glossary for an explanation of these and other WANdisco terms.

For a better understanding about how MultiSite and WANdisco's replication technology works read the Subversion MultiSite Technical Overview.

1.1 Deploy

Setting up Subversion MultiSite calls for some level of expertise in a number of areas. The following task list will help you decide if you need to call in help to get Subversion MultiSite set up:

  • Unix or Windows system administration
  • Configuring inetd/xinetd on Unix or Cygwin on Windows
  • Installing Perl
  • Installing Java
  • Installing Apache plus server
  • Setting up a Subversion repository

If you're not confident about handling any of these tasks, you can request a supported Installation from WANdisco.

A single administrator can manage all the systems running MultiSite, although it's a good idea to have someone at each site who is familar with the MultiSite Basics.

1.2 System requirements

This is a list of the basic hardware and software requirements for a successful setup. See the Pre-installation Checklist for a more detailed list.

Nodes belonging to a replication group require;
  • the same operating system
  • the same Apache major/minor version, and mod_dav and mod_svn_dav versions
  • Java installed (see Installing Java and Perl)
  • Perl installed (see Installing Java and Perl)
  • have a browser with network access to all servers
  • have a dedicated server for the Failover Agent of each High Availability sub group
  • have a command line compression utility
  • have a copy of the installion and license key files. (These are always sent to you in an email).

Subversion installations must have;
  • the same version of Subversion server
  • matching file and directory level permissions on repositories
  • matching contents in the svnroot directories. Make sure the initial contents are exactly the same, including the repository UUID.
  • The Subversion user/passwords on all repository hosts should match.

** Alert! ** If possible, run MultiSite and your Subversion repositories on the same server. You'll get the following benefits;

* The MultiSite installer can package a copy of the repository when setting up nodes

* The MultiSite can manage the Subversion password file

* Support for pre-replication hooks.

1.3 Setting up identical repositories at all nodes

During setup, all repositories must be identical, with identical file structures.

Repositories up to 1GB (Gigabyte) in size:
MultiSite can bundle your repository with the installation package that it uses to setup your additional nodes.

Repositories larger than 1GB in size:
You'll benefit from having your repository already copied to each node, and available when the MultiSite installer runs. This way, at the end of installation you'll be up and running, not waiting for your repositories to copy to all nodes.

If you are copying the repositories manually to the other nodes, double-check that the repository files have the same file ownerships and permissions at all nodes.

small repositories

large repositories1
large repositories2
large repositories3
large repositories4

1.4 Using two or more repositories

WANdisco supports replication of multiple repositories. Multiple repositories can be configured using multiple SVNPath location directives or with the use of SVNParentPath.

1.4.1 Subversion location directive

Individual subversion repository can be added with the Add Repository command on the SVN Settings page.

  <Location /repo>
    DAV svn
    SVNPath /home/scm/repositories/svn-repo
    AuthType Basic
    AuthName wandisco
    AuthUserFile /home/scm/htpasswd
    Require valid-user  </Location>
                
        
  <Location /xyz>
    DAV svn
    SVNPath /home/scm/repositories/xyz
    AuthType Basic
    AuthName wandisco
    AuthUserFile /home/scm/htpasswd
    Require valid-user  </Location>
    

1.4.2 About Subversion ParentPath

MultiSite uses ParentPath to handle multiple repositories on a node. Here's an example of two replication groups running across three nodes that illustrates the use of ParentPath.

Replication Group Nodes
US1 San Ramon
San Francisco
US2 San Ramon
Sacramento
Each replication group contains two repositories.

parent paths explained

alert A repository can belong to only one replication group at a time. To use ParentPath, configure mod_dav_svn to use SVNParentPath.
Each replication group has its own ParentPath. For our example, here are the SVNParentPaths.


Apache config for San Francisco Node
<Location /repofirst>
    DAV svn
    SVNParentPath /home/wandisco/parent54
    SVNAutoVersioning on
    AuthType Basic
    AuthName "SVN Repo"
    AuthUserFile /home/wandisco/parent54/dav-auth
    Require valid-user </Location>
Apache config for Sacramento Node
 <Location /reposecond>
    DAV svn
    SVNParentPath /home/wandisco/parent68
    SVNAutoVersioning on
    AuthType Basic
    AuthName "SVN Repo"
    AuthUserFile /home/wandisco/parent68/dav-auth
    Require valid-user 
        </Location>
Apache Config for San Ramon Node
<Location /repofirst>
    DAV svn
    SVNParentPath /home/wandisco/parent54
    SVNAutoVersioning on
    AuthType Basic
    AuthName "SVN Repo"
    AuthUserFile /home/wandisco/parent54/dav-auth
    Require valid-user
    </Location>

 <Location /reposecond>
    DAV svn
    SVNParentPath /home/wandisco/parent68
    SVNAutoVersioning on
    AuthType Basic
    AuthName "SVN Repo"
    AuthUserFile /home/wandisco/parent68/dav-auth
    Require valid-user 
 </Location>

Subversion Repository Location

Place your Subversion repositories in a location that is not the same as the DAV location directive.

Example:

/home/wandisco/grouprepos/repo1
/home/wandisco/grouprepos/repo2
/home/wandisco/grouprepos/repo3
/home/wandisco/grouprepos/repo4

In our example, all Subversion repositories are stored in the /home/wandisco/grouprepos directory.


Using Symbolic Links

You can create symbolic links from each SVNParentPath to each repository required in that replication group. The links must be created at each node in the replication group.

For example:

Created symlinks for replication group US1, under SVNParentPath in the Location directive.

repo1 (linked to /home/wandisco/grouprepos/repo1)
repo2 (linked to /home/wandisco/grouprepos/repo2)

Created symlinks for replication group US2, under SVNParentPath in the Location directive.

repo3 (linked to /home/wandisco/grouprepos/repo3)
repo4 (linked to /home/wandisco/grouprepos/repo4)

1.5 Using the Authz Module

We recommend using the Apache Authz module in combination with Access Control for a very complete and robust user access control.

To use Authz, create an empty file, svn.authz at your install node. MultiSite will include the file when it creates the package for copying to additional nodes. Also at each node, add the following line to the Location directive in your Apache conf file.

  
    ###
    # Authz module for authorization configuration
    ###
    AuthzSVNAccessFile /path/to/file/svn.authz

Make sure MultiSite has permission to read and write to the svn.auth file. In the file, create an entry for the admin user at each repository: e.g. for repository mapped to /svn add the following:

 [svn:/]
<admin username> = rw

or for a repo mapped to /myrepo:

[myrepo:/]
<admin username> = rw

where <admin username> is the username that the user enters when adding a repository.

During installation, you are asked if you want to use this module, and the path to its location.

Using blank DAV Locations

It's possible to set the DAV location as blank, i.e.

 <Location />        

Using a blank DAV location, sets the Subversion server's root as the repository path (instead of using a subdirectory, such as /repo/). It's worth noting that this opens the whole server to external access.


1.6 MultiSite and Subversion password files

All Subversion servers need to have the details of all users across a replication group. The easiest way to keep user details consistant is the allow MultiSite to take control of the Subversion password files, so that any user created in MultiSite is automatically added to Subversion servers across the replication group. In this way, MultiSite's Admin Console makes user administration much easier.

You can choose to have MultiSite control the Subversion password during installation, where you identify the Subversion password file's location. The installer then incorporates it into the replication group. If you have a lot of Subversion users, you can bulk import them into MultiSite.

1.7 Quorum recommendations

This table will help you decide which quorum type is best for your requirements.

Setup Type Quorum Recommendation
MultiSite Singleton Response or Majority Response quorum, balancing performance versus availability.
MultiSite with High Availability Sub Groups Majority Response quorum. If you select Singleton Response quorum, the distinguished node represents a single point of failure.
Stand-Alone High Availability Group at One Location Have a group of at least three nodes, which automatically handles the failure of any single replicator node and its subsequent recovery.

With a two node group, select Singleton or Majority Response quorum, and the second node must be the distinguished node.

1.8 Firewalls and virus scanners

You must determine if your replication group sits outside a firewall. Iif any part of your replication group sits outside a firewall, you must configure the firewall so that the port numbers you specify during installation are not blocked or filtered.

If you have a virus scanner running on your network, you must configure it to not filter traffic on the ports you specify during installation.

1.9 Deployment checklist

Though you may have referred to the Deployment Checklist prior to an evaluation of Subversion MultiSite we strongly recommend that you revisit the checklist and confirm that you're system still meets all requirements.
View the Deployment Checklist

1.10 Creating a new Subversion repository?

If you're creating a new Subversion repository, follow the Subversion documentation at http://svnbook.red-bean.com.

1.11 Configuring Apache

Carefully consider your environment when setting up Apache. You can either dedicate Apache to MultiSite, or share Apache with other locations or applications. MultiSite also supports the use of HTTPS.
Here is an example of a simple configuration without MultiSite.

basic apache

1.11.1 Changing Subversion port (Unix)

You can configure Apache to be dedicated to WANdisco, as shown in the following illustration.

basic apache

Change the port number in the httpd.conf configuration file in the Apache server. Please see the Listen directive, discussed in the article at http://httpd.apache.org/docs/2.2/bind.html.

Here is a snippet of the httpd.conf file:

#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
Listen 8080

With this configuration, Apache server listens on port 8080 instead of default port 80.

1.11.2 Sharing Apache, and Using HTTPS

Alternately, you can configure Apache to use HTTPS, and you can share Apache with other locations or applications, as shown in the following illustration.

apache shared

You can use this configuration if you enable a proxy pass.

The following ports are assumed for this example configuration:

  • Apache server is running on port 80
  • Apache web-dav module is running on port 8181
  • WANdisco Subversion replicator is configured to listen on port 8080, and it forwards the requests to apache web-dav module on port 8181
  • WANdisco port is listening on port 6444
  • Apache SSL is running on port 443 to handle HTTPS requests (if this is set up, the stunnel package is not required)
  • All the processes are running on the same machine
  • Apache is compiled with mod-proxy and mod-ssl modules
  • The Subversion URL is /svnrepos

When you perform the WANdisco installation, specify these ports for each replicator:

  • WANdisco port 6444
  • Proxy port 8080
  • Apache web-dav port 8181 on localhost

In the httpd.conf file, specify the following parameters:

#
# Define apache port and pass anything that matches location /svnrepos to
# WANdisco SVN Replicator
#
NameVirtualHost *:80
<VirtualHost *:80>
ProxyPass /svnrepos http://127.0.0.1:8080/svnrepos
ProxyPassReverse /svnrepos http://127.0.0.1:8080/svnrepos
</VirtualHost>

Listen 8181
NameVirtualHost *:8181

<VirtualHost *:8181>
<Location /svnrepos>
AllowOverride None
Order allow,deny
Allow from 127.0.0.1
DAV svn
SVNParentPath /tmp/dav
AuthType Basic
AuthName wandisco
AuthUserFile /etc/httpd/conf/htpasswd
Require valid-user
</Location>
</VirtualHost>
# For the SSL option
Listen 443
<VirtualHost *:443>
ProxyPass /svnrepos http://127.0.0.1:8080/svnrepos
ProxyPass /!svn http://127.0.0.1:8080/svnrepos/!svn
ProxyPassReverse /svnrepos http://127.0.0.1:8080/svnrepos
ProxyPassReverse /!svn http://127.0.0.1:8080/svnrepos/!svn
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
</VirtualHost>

1.11.3 Using HTTP with Apache

This section applies to any Apache configuration.

** Alert! ** In order to make a Subversion repository function in a distributed environment, Subversion MultiSite requires exactly the same Apache/Subversion setup at all the nodes.

Even without MultiSite, Apache benefits from some tweaks to work effectively with Subversion.

1 Change Apache's connection keep-alive settings to allow long lived HTTP connections. Add this to the Apache configuration file conf/httpd.conf or included conf/extra/httpd-defaults.conf. For instance,

$ vi conf/httpd.conf
...
# Various default settings
Include conf/extra/httpd-default.conf
...
$ vi conf/extra/httpd-default.conf
...
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 7200
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection).
#
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
#
MaxKeepAliveRequests 0
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 14400
...

2. Ensure the SVN DAV settings in Apache's configuration files are exactly the same at all nodes. The top level location URI prefix should be the same.


If you are using ProxyPass, avoid using a Dav Location that is a single '/' (slash). This is not compatible with MultiSite and can cause the replicator to crash.

We recommend copying the current conf file, and then changing the host:port settings. For instance, here is a conf file snippet with Apache virtual hosts (you do not have to use Apache virtual hosts, this is only an illustration):

# Site A
$ cat conf/extra/httpd-svn-dav.conf
...
NameVirtualHost site-a:8181
<VirtualHost site-a:8181>
<Location /dir0>
DAV svn
SVNPath /home/site-a/svnroot
AuthType Basic
AuthName wandisco
AuthUserFile /home/site-a/apache2/dist/conf/htpasswd
Require valid-user
</Location>
</VirtualHost>
...
# Site B
$ cat conf/extra/httpd-svn-dav.conf
...
NameVirtualHost site-b:9191
<VirtualHost site-b:9191>
<Location /dir0>
DAV svn
SVNPath /home/site-b/svnroot
AuthType Basic
AuthName wandisco
AuthUserFile /home/site-b/apache2/dist/conf/htpasswd
Require valid-user
</Location>
</VirtualHost>
...

3. The Apache user names and passwords should match at all nodes. Subversion MultiSite requires a valid username inside the HTTP authorization header to be passed for all DAV commands.

1.11.4 Apache and SVNKit

There are potential problems with connection pooling when using Apache and SVNKit. Adding Subversion MultiSite to the mix doesn't change these issues, though you may need to revisit them after installing MultiSite.

WANdisco recommends using JavaHL with Eclipse IDE, which does not use connection pooling, and thereby eliminates any problems.

1.11.4.1 SVNKit and Connection Pooling

SVNKit uses connection pooling. For a given client, SVNKit opens two connections and keeps them open for later use. On a system with a heavy load this can hit performance. An open connection consumes an Apache worker thread, with lots of clients and pooling going on, Apache may run out.

Apache provides some tuning parameters to optimize connection pooling, while still releasing unused connections. The tunable parameters are Timeout, KeepAliveTimeout, MaxKeepAliveRequests, and KeepAlive. For more details refer to the Apache configuration documentation.

1.11.4.2 Optimize Your Configuration

Apache has two timeout configurations: Timeout and KeepAliveTimeout. In general, the Timeout value should be lower than the value for KeepAliveTimeout.

** Alert! ** Setting KeepAlive to false is not recommended. If you set KeepAlive to false, a client's transactions create an enormous overhead establishing and destroying connection.


1.11.5 Apache 2.2/SVN-DAV (Windows)

Follow the standard Subversion documentation for installing Subversion on Windows. Here's a typical setup for Apache 2.2 with svn-dav.

1. Install Apache 2.2.x.

2. Install subversion. Make sure it's Subversion for Apache 2.2.x. For this example assume subversion is installed in c:\Subversion and apache is installed in c:\Apache.

3 Copy c:\Subversion\bin\int13_svn.dll to c:\Apache\bin.

4. Copy c:\Subversion\bin\libdb44.dll to c:\Apache\bin.

5. c:\Subversion\bin\mod_authz_svn.so to c:\Apache\modules.

6. Copy c:\Subversion\bin\mod_dav_svn.so to c:\Apache\modules.

7. Uncomment these lines in apache/conf/httpd.conf:

LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so

8. Add these lines to apache/conf/httpd.conf:

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
<Location /myDavLocation>
DAV svn
SVNPath C:\repo
SVNAutoversioning on
AuthType Basic
AuthName "SVN Repo"
AuthUserFile C:\repo\dav-auth
Require valid-user
</Location>

9. Check that the users have been added to the C:\repo\dav-auth file. To add new users or change passwords, use apache/bin/htpasswd.exe.

10. Restart Apache.

11. Point a web browser to http://server:port/<Your Dav Location>.

2 Installing Java and Perl

You should have already installed Java and Perl at all the nodes in your replication group for your trial evaluation. Any new node you add to the replication group needs Java and Perl installed as well.

2.1 Installing Java

1.Install JDK 1.6 and define the JAVA_HOME environment variable to point to the directory where the JDK is installed. You can download JDK 1.6. from http://java.sun.com/.

2. Add $JAVA_HOME/bin to the path and ensure that no other java (JDK or JRE) is on the path.

$ which java
/usr/bin/java
$export JAVA_HOME="/usr"

or

$ which java
/export/share/apps/jdk/1.6.0/bin/java
$export JAVA_HOME="/export/share/apps/jdk/1.6.0"

3. Ensure the full JDK is installed, not just the JRE. This can be confirmed by running java -server -version. If it generates a not found error, repeat Steps 1 and 2.

If you find package management problems or conflicts with the JDK version you are downloading (for example, rpm download for Linux), you may want to use the self-extracting download file instead of the rpm (on Linux) package. The self-extracting download easily installs in any directory without any dependency checks.

2.2 Installing Perl

1. On UNIX or Cygwin, install perl version 5.6 or greater and ensure that the perl executable is on the system path.

2. On Windows, install ActivePerl version 5.8 or greater and ensure that the perl executable is on the system path. You can download the MSI installer for ActivePerl





Copyright © 2010 WANdisco
All Rights Reserved

This product is protected by copyright and distributed under licenses restricting copying, distribution and decompilation.