mercurial-server: README@524b4a45ef0a (annotated)

2 a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	1	hg-admin-tools version 0.1
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	2
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	3	A set of tools for managing authorization and access control for
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	4	ssh-based Hg repositories
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	5
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	6	Paul Crowley, paul@lshift.net, 2008-04-15
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	7
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	8	This software may be used and distributed according to the terms
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	9	of the GNU General Public License, incorporated herein by reference.
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	10
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	11	INSTRUCTIONS FOR USE:
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	12
10 524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	13	This is only one setup - it can be tweaked in many ways, and is as
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	14	specific as it is only in the interests of brevity.
2 a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	15
10 524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	16	You, and all users of your Hg repository, will need SSH public key
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	17	authentication set up, preferably working with ssh-agent so you don't
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	18	have to type in your passphrase all the time. I assume you've done
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	19	that in what follows, so if you've done something different you'll
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	20	need to change it appropriately.
2 a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	21
10 524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	22	Create a user called "hg" on the machine where the repository will
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	23	live. I used the command
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	24
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	25	sudo adduser --system --shell /bin/sh --group --disabled-password \
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	26	--gecos "Mercural repository" hg
2 a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	27
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	28	Now create a basic access control setup.
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	29
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	30	cd
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	31	mkdir hg
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	32	cd hg
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	33	hg clone ssh://hg.opensource.lshift.net/hg-admin-tools hg-admin-tools
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	34	mkdir -p hgadmin/keys/admin
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	35	cd hgadmin
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	36	ssh-add -L > keys/admin/myname
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	37	echo "init admin/* *" > hg-ssh-access.conf
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	38	hg init .
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	39	hg add
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	40	hg commit -m "Initial configuration"
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	41
10 524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	42	You can use whatever you want in place of "myname" and indeed "admin".
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	43	The files in ~/hg must be readable by the hg user. Issue these
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	44	commands to become the hg user and set up the repository
2 a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	45
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	46	sudo -u hg -s
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	47	cd ~hg
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	48	mkdir admin repos
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	49	hg clone ~/hg/hg-admin-tools admin/hg-admin-tools
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	50	hg clone ~/hg/hgadmin repos/hgadmin
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	51	cp admin/hg-admin-tools/hgadmin-hgrc repos/hgadmin/.hg/hgrc
4 dcd195f3e52c move config out of Python files; don't make hg-ssh-wrapper a dotfile; Paul Crowley <paul@lshift.net> parents: 2 diff changeset	52	cp admin/hg-admin-tools/hg-ssh-wrapper hg-ssh-wrapper
2 a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	53	cd repos/hgadmin
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	54	../../admin/hg-admin-tools/refresh-auth
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	55	exit
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	56
10 524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	57	You should now have SSH access to this repository and full control,
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	58	which you can test like so:
2 a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	59
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	60	cd ~/hg/hgadmin
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	61	echo "[paths]" >> .hg/hgrc
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	62	echo "default = ssh://hg@localhost/hgadmin" >> .hg/hgrc
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	63	hg pull
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	64	hg push
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	65
10 524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	66	These attempts to push and pull should report no new changes but
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	67	otherwise work.
2 a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	68
10 524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	69	You can now add other users by putting their keys in an appropriate
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	70	subdirectory of the "keys" directory, and control their access by
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	71	editing hg-ssh-access.conf. Changes will take effect as soon as you
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	72	push them to the remote ssh server.
2 a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	73
10 524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	74	Each line of hg-ssh-access.conf has the following syntax:
2 a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	75
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	76	<rule> <keypattern> <repositorypattern>
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	77
10 524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	78	The "rule" is either "init", "allow", or "deny". "keypattern" is a
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	79	glob pattern matched against the name of the key used - for example,
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	80	in our initial setup "admin/myname" matches "admin/*".
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	81	"repositorypattern" is a pattern matched againt the repository name -
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	82	so "hgadmin" matches "*". Only boring characters are allowed in
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	83	patterns and key and repository names - see the source for details.
524b4a45ef0a wrap overlong lines Paul Crowley <paul@lshift.net> parents: 4 diff changeset	84	Blank lines and lines that start with "#" are ignored.
2 a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	85
a69f7bea408c added a README to describe how this works. Paul Crowley <paul@lshift.net> parents: diff changeset	86

author	Paul Crowley <paul@lshift.net>
	Thu, 17 Apr 2008 15:36:10 +0100
changeset 10	524b4a45ef0a
parent 4	dcd195f3e52c
child 12	834426fcbada
permissions	-rw-r--r--