|
1 <?xml version="1.0" encoding="utf-8"?> |
|
2 <article xmlns="http://docbook.org/ns/docbook" version="5.0" xml:lang="en"> |
|
3 <info> |
|
4 <title>Sharing Mercurial repositories with mercurial-server</title> |
|
5 <author><firstname>Paul</firstname><surname>Crowley</surname></author> |
|
6 <copyright><year>2009</year><holder>Paul Crowley</holder></copyright> |
|
7 </info> |
|
8 <section> |
|
9 <title>About mercurial-server</title> |
|
10 <para> |
|
11 mercurial-server is software for Debian and Ubuntu systems which gives your |
|
12 developers remote read/write access to <ulink |
|
13 url="http://hg-scm.org/">Mercurial</ulink> repositories using SSH public |
|
14 key authentication; it provides convenient and fine-grained key management |
|
15 and access control. |
|
16 </para> |
|
17 <para> |
|
18 mercurial-server is the easiest and most secure way for several developers |
|
19 to have read/write access to a central repository, but that's not the only |
|
20 way for several people to work on the same project using Mercurial; you |
|
21 should be familiar with the <ulink |
|
22 url="http://mercurial.selenic.com/wiki/MultipleCommitters">other ways of |
|
23 handling multiple commiters</ulink> before deciding to use this. |
|
24 </para> |
|
25 <para> |
|
26 Though mercurial-server is currently targeted at Debian-based systems such |
|
27 as Ubuntu, other users have reported success getting it running on other |
|
28 Unix-based systems such as Red Hat. Running it on a non-Unix system such as |
|
29 Windows is not supported. You will need root privileges to install it. |
|
30 </para> |
|
31 <section> |
|
32 <title>Legalese</title> |
|
33 <para> |
|
34 This program is free software; you can redistribute it and/or modify it |
|
35 under the terms of the GNU General Public License as published by the Free |
|
36 Software Foundation; either version 2 of the License, or (at your option) |
|
37 any later version. |
|
38 </para> |
|
39 <para> |
|
40 This program is distributed in the hope that it will be useful, but |
|
41 WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY |
|
42 or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for |
|
43 more details. |
|
44 </para> |
|
45 <para> |
|
46 You should have received a copy of the GNU General Public License along |
|
47 with this program; if not, write to the Free Software Foundation, Inc., 51 |
|
48 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
|
49 </para> |
|
50 </section> |
|
51 </section> |
|
52 <section> |
|
53 <title>Step by step</title> |
|
54 <para> |
|
55 mercurial-server authenticates users not using passwords but using <ulink url="http://sial.org/howto/openssh/publickey-auth/">SSH public keys</ulink>; everyone who wants access to a mercurial-server repository will need such a key, so you'll need to familiarize yourself with them before proceeding. In combination with <command>ssh-agent</command> (or equivalents such as the Windows program <ulink url="http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter9.html#pageant">Pageant</ulink>), this means that users will not need to type in a password to access the repository. |
|
56 </para> |
|
57 <para> |
|
58 In what follows, we assume that you usually sit at a machine called <systemitem class="systemname">my-workstation</systemitem> and you wish to install mercurial-server on <systemitem class="systemname">repository-host</systemitem>. First, you'll need to create an SSH public key if you haven't already. You should consult your system documentation on how to do this, but it should look something like this. |
|
59 </para> |
|
60 <screen> |
|
61 <computeroutput>user@my-workstation:~$ </computeroutput><userinput>ssh-keygen</userinput> |
|
62 <computeroutput>Generating public/private rsa key pair. |
|
63 Enter passphrase (empty for no passphrase): |
|
64 Enter same passphrase again: |
|
65 Your identification has been saved in /home/user/.ssh/id_rsa. |
|
66 Your public key has been saved in /home/user/.ssh/id_rsa.pub. |
|
67 The key fingerprint is: |
|
68 8b:aa:0a:98:fe:e7:84:48:a3:fe:5f:31:4b:16:e6:0b user@my-workstation |
|
69 user@my-workstation:~$ </computeroutput><userinput>ssh-add</userinput> |
|
70 <computeroutput>Enter passphrase for /home/user/.ssh/id_rsa: |
|
71 Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa) |
|
72 user@my-workstation:~$ </computeroutput></screen> |
|
73 <para>Now copy the files you're going to need over to your target system, and install mercurial-server</para> |
|
74 <screen> |
|
75 <computeroutput>user@my-workstation:~$ </computeroutput><userinput>ssh-copy-id repository-host</userinput> |
|
76 <computeroutput>user@repository-host's password: |
|
77 Now try logging into the machine, with "ssh 'repository-host'", and check in: |
|
78 |
|
79 .ssh/authorized_keys |
|
80 |
|
81 to make sure we haven't added extra keys that you weren't expecting. |
|
82 user@my-workstation:~$ </computeroutput><userinput>scp mercurial-server_0.6.1_amd64.deb repository-host:</userinput> |
|
83 <computeroutput>mercurial-server_0.6.1_amd64.deb 100% |
|
84 user@my-workstation:~$ </computeroutput><userinput>ssh -A repository-host</userinput> |
|
85 <computeroutput>user@repository-host:~$ </computeroutput><userinput>sudo dpkg -i ../mercurial-server_0.6.1_amd64.deb</userinput> |
|
86 <computeroutput>[sudo] password for user: |
|
87 Selecting previously deselected package mercurial-server. |
|
88 (Reading database ... 144805 files and directories currently installed.) |
|
89 Unpacking mercurial-server (from .../mercurial-server_0.6.1_amd64.deb) ... |
|
90 Setting up mercurial-server (0.6.1) ... |
|
91 user@repository-host:~$ </computeroutput></screen> |
|
92 <para> |
|
93 mercurial-server is now installed on the repository host. Next, we need to give you permission to see its repositories. |
|
94 </para> |
|
95 <screen> |
|
96 <computeroutput>user@repository-host:~$ </computeroutput><userinput>ssh-add -L > my-key</userinput> |
|
97 <computeroutput>user@repository-host:~$ </computeroutput><userinput>sudo mkdir -p /etc/mercurial-server/keys/root/user</userinput> |
|
98 <computeroutput>user@repository-host:~$ </computeroutput><userinput>sudo cp my-key /etc/mercurial-server/keys/root/user/my-workstation</userinput> |
|
99 <computeroutput>user@repository-host:~$ </computeroutput><userinput>sudo -u hg /usr/share/mercurial-server/refresh-auth</userinput> |
|
100 <computeroutput>user@repository-host:~$ </computeroutput><userinput>exit</userinput> |
|
101 <computeroutput>Connection to shell closed. |
|
102 user@my-workstation:~$ </computeroutput></screen> |
|
103 <para> |
|
104 You can now create repositories on the remote machine and have complete read-write access to all of them; you need never log on to <systemitem class="systemname">repository-host</systemitem> again. |
|
105 </para> |
|
106 <screen> |
|
107 <computeroutput>user@my-workstation:~$ </computeroutput><userinput>cd my-mercurial-project</userinput> |
|
108 <computeroutput>user@my-workstation:~/my-mercurial-project$ </computeroutput><userinput>hg clone . ssh://hg@repository-host/repository/name</userinput> |
|
109 <computeroutput>searching for changes |
|
110 remote: adding changesets |
|
111 remote: adding manifests |
|
112 remote: adding file changes |
|
113 remote: added 119 changesets with 284 changes to 61 files |
|
114 user@my-workstation:~/my-mercurial-project$ </computeroutput><userinput>hg pull ssh://hg@repository-host/repository/name</userinput> |
|
115 <computeroutput>pulling from ssh://hg@repository-host/repository/name |
|
116 searching for changes |
|
117 no changes found |
|
118 user@my-workstation:~/my-mercurial-project$ </computeroutput></screen> |
|
119 <para> |
|
120 As things stand, no-one but you has any access to any repositories you create on this system. In order to give anyone else access, you'll need a copy of their SSH public key. Once you have that key, you could give them access by logging into <systemitem class="systemname">repository-host</systemitem>, putting their keys in the right place under <filename class='directory'>/etc/mercurial-server/keys</filename>, and re-running <userinput>sudo -u hg /usr/share/mercurial-server/refresh-auth</userinput>. However, there's a more convenient way. |
|
121 </para> |
|
122 <screen> |
|
123 <computeroutput>user@my-workstation:~/my-mercurial-project$ </computeroutput><userinput>cd ..</userinput> |
|
124 <computeroutput>user@my-workstation:~$ </computeroutput><userinput>hg clone ssh://hg@repository-host/hgadmin</userinput> |
|
125 <computeroutput>destination directory: hgadmin |
|
126 no changes found |
|
127 updating working directory |
|
128 0 files updated, 0 files merged, 0 files removed, 0 files unresolved |
|
129 user@my-workstation:~$ </computeroutput><userinput>cd hgadmin</userinput> |
|
130 <computeroutput>user@my-workstation:~/hgadmin$ </computeroutput><userinput>mkdir -p keys/users/other-user</userinput> |
|
131 <computeroutput>user@my-workstation:~/hgadmin$ </computeroutput><userinput>cp ~/other-users-key.pub keys/users/other-user/their-workstation</userinput> |
|
132 <computeroutput>user@my-workstation:~/hgadmin$ </computeroutput><userinput>hg add</userinput> |
|
133 <computeroutput>adding keys/users/other-user/their-workstation |
|
134 user@my-workstation:~/hgadmin$ </computeroutput><userinput>hg commit -m "Add other user"</userinput> |
|
135 <computeroutput>user@my-workstation:~/hgadmin$ </computeroutput><userinput>hg push</userinput> |
|
136 <computeroutput>pushing to ssh://hg@repository-host/hgadmin |
|
137 searching for changes |
|
138 remote: adding changesets |
|
139 remote: adding manifests |
|
140 remote: adding file changes |
|
141 remote: added 1 changesets with 1 changes to 1 files |
|
142 user@my-workstation:~/hgadmin$ </computeroutput></screen> |
|
143 <para> |
|
144 The new user can now read and write to your <literal>ssh://hg@repository-host/repository/name</literal> repository. |
|
145 </para> |
|
146 </section> |
|
147 </article> |
|
148 |