Mercurial Mercurial > hg > mercurial-server / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
README
author Paul Crowley <paul@lshift.net>
Wed, 16 Apr 2008 12:43:21 +0100
changeset 4 dcd195f3e52c
parent 2 a69f7bea408c
child 10 524b4a45ef0a
permissions -rw-r--r--
move config out of Python files; don't make hg-ssh-wrapper a dotfile; update documentation.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
2
a69f7bea408c added a README to describe how this works.
Paul Crowley <paul@lshift.net>
parents:
diff changeset 
     1
 
hg-admin-tools version 0.1
a69f7bea408c added a README to describe how this works.
Paul Crowley <paul@lshift.net>
parents:
diff changeset 
     2
 












a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




     3


A set of tools for managing authorization and access control for













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




     4


ssh-based Hg repositories













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




     5














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




     6


Paul Crowley, paul@lshift.net, 2008-04-15













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




     7














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




     8


This software may be used and distributed according to the terms













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




     9


of the GNU General Public License, incorporated herein by reference.













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    10














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    11


INSTRUCTIONS FOR USE:













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    12














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    13


This is only one setup - it can be tweaked in many ways, and is as specific as it is only in the interests of brevity.













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    14














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    15


You, and all users of your Hg repository, will need SSH public key authentication set up, preferably working with ssh-agent so you don't have to type in your passphrase all the time.  I assume you've done that in what follows, so if you've done something different you'll need to change it appropriately.













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    16














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    17


Create a user called "hg" on the machine where the repository will live.  I used the command













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    18














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    19


sudo adduser --system --shell /bin/sh --group --disabled-password --gecos "Mercural repository" hg













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    20














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    21


Now create a basic access control setup.  













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    22














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    23


   cd













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    24


   mkdir hg













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    25


   cd hg













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    26


   hg clone ssh://hg.opensource.lshift.net/hg-admin-tools hg-admin-tools













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    27


   mkdir -p hgadmin/keys/admin













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    28


   cd hgadmin













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    29


   ssh-add -L > keys/admin/myname













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    30


   echo "init admin/* *" > hg-ssh-access.conf













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    31


   hg init .













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    32


   hg add













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    33


   hg commit -m "Initial configuration"













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    34














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    35


You can use whatever you want in place of "myname" and indeed "admin".  The files in ~/hg must be readable by the hg user.  Issue these commands to become the hg user and set up the repository













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    36














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    37


   sudo -u hg -s













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    38


   cd ~hg













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    39


   mkdir admin repos













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    40


   hg clone ~/hg/hg-admin-tools admin/hg-admin-tools













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    41


   hg clone ~/hg/hgadmin repos/hgadmin













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    42


   cp admin/hg-admin-tools/hgadmin-hgrc repos/hgadmin/.hg/hgrc








4






dcd195f3e52c
move config out of Python files; don't make hg-ssh-wrapper a dotfile;



Paul Crowley <paul@lshift.net>


parents: 
2

diff
changeset




    43


   cp admin/hg-admin-tools/hg-ssh-wrapper hg-ssh-wrapper








2






a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    44


   cd repos/hgadmin













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    45


   ../../admin/hg-admin-tools/refresh-auth













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    46


    exit













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    47














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    48


You should now have SSH access to this repository and full control, which you can test like so:













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    49














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    50


   cd ~/hg/hgadmin













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    51


   echo "[paths]" >> .hg/hgrc













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    52


   echo "default = ssh://hg@localhost/hgadmin"  >> .hg/hgrc













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    53


   hg pull













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    54


   hg push













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    55














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    56


These attempts to push and pull should report no new changes but otherwise work.













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    57














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    58


You can now add other users by putting their keys in an appropriate subdirectory of the "keys" directory, and control their access by editing hg-ssh-access.conf.  Changes will take effect as soon as you push them to the remote ssh server.













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    59














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    60


hg-ssh-access.conf has the following syntax:













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    61














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    62


<rule> <keypattern> <repositorypattern>













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    63














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    64


The "rule" is either "init", "allow", or "deny".  "keypattern" is a glob pattern matched against the name of the key used - for example, in our initial setup "admin/myname" matches "admin/*".  "repositorypattern" is a pattern matched againt the repository name - so "hgadmin" matches "*".  Only boring characters are allowed in patterns and key and repository names - see the source for details.  Blank lines and lines that start with "#" are ignored.













a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    65














a69f7bea408c
added a README to describe how this works.



Paul Crowley <paul@lshift.net>


parents: 

diff
changeset




    66
















mercurial-server