8 This software may be used and distributed according to the terms |
8 This software may be used and distributed according to the terms |
9 of the GNU General Public License, incorporated herein by reference. |
9 of the GNU General Public License, incorporated herein by reference. |
10 |
10 |
11 INSTRUCTIONS FOR USE: |
11 INSTRUCTIONS FOR USE: |
12 |
12 |
13 This is only one setup - it can be tweaked in many ways, and is as specific as it is only in the interests of brevity. |
13 This is only one setup - it can be tweaked in many ways, and is as |
|
14 specific as it is only in the interests of brevity. |
14 |
15 |
15 You, and all users of your Hg repository, will need SSH public key authentication set up, preferably working with ssh-agent so you don't have to type in your passphrase all the time. I assume you've done that in what follows, so if you've done something different you'll need to change it appropriately. |
16 You, and all users of your Hg repository, will need SSH public key |
|
17 authentication set up, preferably working with ssh-agent so you don't |
|
18 have to type in your passphrase all the time. I assume you've done |
|
19 that in what follows, so if you've done something different you'll |
|
20 need to change it appropriately. |
16 |
21 |
17 Create a user called "hg" on the machine where the repository will live. I used the command |
22 Create a user called "hg" on the machine where the repository will |
|
23 live. I used the command |
18 |
24 |
19 sudo adduser --system --shell /bin/sh --group --disabled-password --gecos "Mercural repository" hg |
25 sudo adduser --system --shell /bin/sh --group --disabled-password \ |
|
26 --gecos "Mercural repository" hg |
20 |
27 |
21 Now create a basic access control setup. |
28 Now create a basic access control setup. |
22 |
29 |
23 cd |
30 cd |
24 mkdir hg |
31 mkdir hg |
30 echo "init admin/* *" > hg-ssh-access.conf |
37 echo "init admin/* *" > hg-ssh-access.conf |
31 hg init . |
38 hg init . |
32 hg add |
39 hg add |
33 hg commit -m "Initial configuration" |
40 hg commit -m "Initial configuration" |
34 |
41 |
35 You can use whatever you want in place of "myname" and indeed "admin". The files in ~/hg must be readable by the hg user. Issue these commands to become the hg user and set up the repository |
42 You can use whatever you want in place of "myname" and indeed "admin". |
|
43 The files in ~/hg must be readable by the hg user. Issue these |
|
44 commands to become the hg user and set up the repository |
36 |
45 |
37 sudo -u hg -s |
46 sudo -u hg -s |
38 cd ~hg |
47 cd ~hg |
39 mkdir admin repos |
48 mkdir admin repos |
40 hg clone ~/hg/hg-admin-tools admin/hg-admin-tools |
49 hg clone ~/hg/hg-admin-tools admin/hg-admin-tools |
43 cp admin/hg-admin-tools/hg-ssh-wrapper hg-ssh-wrapper |
52 cp admin/hg-admin-tools/hg-ssh-wrapper hg-ssh-wrapper |
44 cd repos/hgadmin |
53 cd repos/hgadmin |
45 ../../admin/hg-admin-tools/refresh-auth |
54 ../../admin/hg-admin-tools/refresh-auth |
46 exit |
55 exit |
47 |
56 |
48 You should now have SSH access to this repository and full control, which you can test like so: |
57 You should now have SSH access to this repository and full control, |
|
58 which you can test like so: |
49 |
59 |
50 cd ~/hg/hgadmin |
60 cd ~/hg/hgadmin |
51 echo "[paths]" >> .hg/hgrc |
61 echo "[paths]" >> .hg/hgrc |
52 echo "default = ssh://hg@localhost/hgadmin" >> .hg/hgrc |
62 echo "default = ssh://hg@localhost/hgadmin" >> .hg/hgrc |
53 hg pull |
63 hg pull |
54 hg push |
64 hg push |
55 |
65 |
56 These attempts to push and pull should report no new changes but otherwise work. |
66 These attempts to push and pull should report no new changes but |
|
67 otherwise work. |
57 |
68 |
58 You can now add other users by putting their keys in an appropriate subdirectory of the "keys" directory, and control their access by editing hg-ssh-access.conf. Changes will take effect as soon as you push them to the remote ssh server. |
69 You can now add other users by putting their keys in an appropriate |
|
70 subdirectory of the "keys" directory, and control their access by |
|
71 editing hg-ssh-access.conf. Changes will take effect as soon as you |
|
72 push them to the remote ssh server. |
59 |
73 |
60 hg-ssh-access.conf has the following syntax: |
74 Each line of hg-ssh-access.conf has the following syntax: |
61 |
75 |
62 <rule> <keypattern> <repositorypattern> |
76 <rule> <keypattern> <repositorypattern> |
63 |
77 |
64 The "rule" is either "init", "allow", or "deny". "keypattern" is a glob pattern matched against the name of the key used - for example, in our initial setup "admin/myname" matches "admin/*". "repositorypattern" is a pattern matched againt the repository name - so "hgadmin" matches "*". Only boring characters are allowed in patterns and key and repository names - see the source for details. Blank lines and lines that start with "#" are ignored. |
78 The "rule" is either "init", "allow", or "deny". "keypattern" is a |
|
79 glob pattern matched against the name of the key used - for example, |
|
80 in our initial setup "admin/myname" matches "admin/*". |
|
81 "repositorypattern" is a pattern matched againt the repository name - |
|
82 so "hgadmin" matches "*". Only boring characters are allowed in |
|
83 patterns and key and repository names - see the source for details. |
|
84 Blank lines and lines that start with "#" are ignored. |
65 |
85 |
66 |
86 |