author | Paul Crowley <paul@lshift.net> |
Sat, 07 Mar 2009 10:05:14 +0000 | |
changeset 87 | 535502c18eaa |
parent 83 | 86ec1268d306 |
child 100 | db219a5a14f8 |
permissions | -rw-r--r-- |
83
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
1 |
HOW IT WORKS |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
2 |
|
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
3 |
When a developer attempts to connect to a repository via ssh, the SSH daemon |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
4 |
searches for a match for that user's key in ~hg/.ssh/authorized_keys. If the |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
5 |
developer is authorised to connect to the repository they will have an entry |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
6 |
in this file. The entry includes a "command" prefix which specifies that the |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
7 |
restricted shell "/usr/local/lib/mercurial-server/hg-ssh" should be used; this |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
8 |
shell is passed an argument identifying the developer. The shell parses the |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
9 |
command the developer is trying to execute, and consults a rules file to see |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
10 |
if that developer is allowed to perform that action on that repository. |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
11 |
|
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
12 |
The file ~hg/.ssh/authorized_keys is generated by "refresh-auth", which |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
13 |
recurses through two directories of files containing SSH keys and generates an |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
14 |
entry in authorized_keys for each one, using the name of the key file as the |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
15 |
identifier for the developer. These keys will live in the "keys" subdirectory |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
16 |
"/etc/mercurial-server" and the "keys" subdirectory of a repository called |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
17 |
"hgadmin". A hook in this repository re-runs "refresh-auth" on the most recent |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
18 |
version after every push. |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
19 |
|
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
20 |
Finally, hook in an extension is run for each changeset that is remotely |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
21 |
committed, which uses the rules file to determine whether to allow the |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
22 |
changeset. |