Mercurial Mercurial > hg > mercurial-server / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
README
changeset 13 1206ed37090a
parent 12 834426fcbada
child 14 e7d5254cd0ca
equal deleted inserted replaced
12:834426fcbada 13:1206ed37090a 
     1 hg-admin-tools version 0.1
 
     1 hg-admin-tools
 
     2 
     2 
     3 A set of tools for managing authorization and access control for
 
     3 A set of tools for managing authorization and access control for
 
     4 ssh-based Mercurial repositories
 
     4 ssh-based Mercurial repositories
 
     5 
     5 
     6 Paul Crowley, paul@lshift.net, 2008
 
     6 Paul Crowley, paul@lshift.net, 2008
 
    48 the key file as the identifier for the developer.  These keys will
 
    48 the key file as the identifier for the developer.  These keys will
 
    49 live in the "keys" subdirectory of a repository, "hgadmin".  A hook in
 
    49 live in the "keys" subdirectory of a repository, "hgadmin".  A hook in
 
    50 this repository re-runs "refresh-auth" on the most recent version
 
    50 this repository re-runs "refresh-auth" on the most recent version
 
    51 after every push.
 
    51 after every push.
 
    52 
    52 
    53 INSTRUCTIONS FOR USE
 
    53 GETTING STARTED
 
    54 
    54 
    55 This is only one setup - it can be tweaked in many ways, and is as
 
    55 This is only one setup - it can be tweaked in many ways, and is as
 
    56 specific as it is only in the interests of brevity.
 
    56 specific as it is only in the interests of brevity.
 
    57 
    57 
    58 You, and all users of your Hg repository, will need SSH public key
 
    58 You, and all users of your Hg repository, will need SSH public key
 
    68     --gecos "Mercural repository" hg
 
    68     --gecos "Mercural repository" hg
 
    69 
    69 
    70 Issue these commands to become the hg user and set up the repository.
 
    70 Issue these commands to become the hg user and set up the repository.
 
    71 Use your own name in place of "myname".
 
    71 Use your own name in place of "myname".
 
    72 
    72 
       
    73    ssh-add -L >> /tmp/my-ssh-public-key
 
    73    sudo -u hg -s
 
    74    sudo -u hg -s
 
    74    cd ~hg
 
    75    cd ~hg
 
    75    mkdir -p admin repos/hgadmin/keys/admin
 
    76    mkdir -p admin repos/hgadmin/keys/admin
 
    76    cd admin
 
    77    cd admin
 
    77    tar xvzf /tmp/hg-admin-tools.tar.gz
 
    78    hg clone http://hg.opensource.lshift.net/hg-admin-tools
 
    78    mv hg-admin-tools* hg-admin-tools
 
       
    79    cp hg-admin-tools/hg-ssh-wrapper ~
 
    79    cp hg-admin-tools/hg-ssh-wrapper ~
 
    80    cd ../repos/hgadmin
 
    80    cd ../repos/hgadmin
 
    81    hg init .
 
    81    hg init .
 
    82    echo "init admin/* *" > hg-ssh-access.conf
 
    82    echo "init admin/* *" > hg-ssh-access.conf
 
    83    cp /tmp/my-ssh-public-key keys/admin/myname
 
    83    cp /tmp/my-ssh-public-key keys/admin/myname
 
       
    84    hg add
 
       
    85    hg commit
 
    84    cp ~/admin/hg-admin-tools/hgadmin-hgrc .hg/hgrc
 
    86    cp ~/admin/hg-admin-tools/hgadmin-hgrc .hg/hgrc
 
    85    ../../admin/hg-admin-tools/refresh-auth
 
    87    ../../admin/hg-admin-tools/refresh-auth
 
    86    exit
 
    88    exit
 
    87 
    89 
    88 You should now have SSH access to this repository and full control.
 
    90 You should now have SSH access to this repository and full control.
 
    94    cd hgadmin
 
    96    cd hgadmin
 
    95 
    97 
    96 You can now add other users by putting their keys in an appropriate
 
    98 You can now add other users by putting their keys in an appropriate
 
    97 subdirectory of the "keys" directory, and control their access by
 
    99 subdirectory of the "keys" directory, and control their access by
 
    98 editing hg-ssh-access.conf.  Changes will take effect as soon as you
 
   100 editing hg-ssh-access.conf.  Changes will take effect as soon as you
 
    99 push them to the remote ssh server.
 
   101 push them to the remote repository.
 
       
   102 
       
   103 HG-SSH-ACCESS.CONF
 
   100 
   104 
   101 Each line of hg-ssh-access.conf has the following syntax:
 
   105 Each line of hg-ssh-access.conf has the following syntax:
 
   102 
   106 
   103 <rule> <keypattern> <repositorypattern>
 
   107 <rule> <keypattern> <repositorypattern>
 
   104 
   108 
   106 glob pattern matched against the name of the key used - for example,
 
   110 glob pattern matched against the name of the key used - for example,
 
   107 in our initial setup "admin/myname" matches "admin/*".
 
   111 in our initial setup "admin/myname" matches "admin/*".
 
   108 "repositorypattern" is a pattern matched againt the repository name -
 
   112 "repositorypattern" is a pattern matched againt the repository name -
 
   109 so "hgadmin" matches "*".  Only boring characters are allowed in
 
   113 so "hgadmin" matches "*".  Only boring characters are allowed in
 
   110 patterns and key and repository names - see the source for details.
 
   114 patterns and key and repository names - see the source for details.
 
   111 Blank lines and lines that start with "#" are ignored.
 
   115 Blank lines and lines that start with "#" are ignored.  The first rule
 
   112 
   116 to match both the key and the repository applies: "deny" will deny all
 
       
   117 matching requests, "allow" allows read/write access to existing
 
       
   118 repositories, and "init" allows that and creation of new repositories.
mercurial-server