README
changeset 10 524b4a45ef0a
parent 4 dcd195f3e52c
child 12 834426fcbada
equal deleted inserted replaced
9:21d9048136dc 10:524b4a45ef0a
     8 This software may be used and distributed according to the terms
     8 This software may be used and distributed according to the terms
     9 of the GNU General Public License, incorporated herein by reference.
     9 of the GNU General Public License, incorporated herein by reference.
    10 
    10 
    11 INSTRUCTIONS FOR USE:
    11 INSTRUCTIONS FOR USE:
    12 
    12 
    13 This is only one setup - it can be tweaked in many ways, and is as specific as it is only in the interests of brevity.
    13 This is only one setup - it can be tweaked in many ways, and is as
       
    14 specific as it is only in the interests of brevity.
    14 
    15 
    15 You, and all users of your Hg repository, will need SSH public key authentication set up, preferably working with ssh-agent so you don't have to type in your passphrase all the time.  I assume you've done that in what follows, so if you've done something different you'll need to change it appropriately.
    16 You, and all users of your Hg repository, will need SSH public key
       
    17 authentication set up, preferably working with ssh-agent so you don't
       
    18 have to type in your passphrase all the time.  I assume you've done
       
    19 that in what follows, so if you've done something different you'll
       
    20 need to change it appropriately.
    16 
    21 
    17 Create a user called "hg" on the machine where the repository will live.  I used the command
    22 Create a user called "hg" on the machine where the repository will
       
    23 live.  I used the command
    18 
    24 
    19 sudo adduser --system --shell /bin/sh --group --disabled-password --gecos "Mercural repository" hg
    25   sudo adduser --system --shell /bin/sh --group --disabled-password \
       
    26     --gecos "Mercural repository" hg
    20 
    27 
    21 Now create a basic access control setup.  
    28 Now create a basic access control setup.  
    22 
    29 
    23    cd
    30    cd
    24    mkdir hg
    31    mkdir hg
    30    echo "init admin/* *" > hg-ssh-access.conf
    37    echo "init admin/* *" > hg-ssh-access.conf
    31    hg init .
    38    hg init .
    32    hg add
    39    hg add
    33    hg commit -m "Initial configuration"
    40    hg commit -m "Initial configuration"
    34 
    41 
    35 You can use whatever you want in place of "myname" and indeed "admin".  The files in ~/hg must be readable by the hg user.  Issue these commands to become the hg user and set up the repository
    42 You can use whatever you want in place of "myname" and indeed "admin".
       
    43 The files in ~/hg must be readable by the hg user.  Issue these
       
    44 commands to become the hg user and set up the repository
    36 
    45 
    37    sudo -u hg -s
    46    sudo -u hg -s
    38    cd ~hg
    47    cd ~hg
    39    mkdir admin repos
    48    mkdir admin repos
    40    hg clone ~/hg/hg-admin-tools admin/hg-admin-tools
    49    hg clone ~/hg/hg-admin-tools admin/hg-admin-tools
    43    cp admin/hg-admin-tools/hg-ssh-wrapper hg-ssh-wrapper
    52    cp admin/hg-admin-tools/hg-ssh-wrapper hg-ssh-wrapper
    44    cd repos/hgadmin
    53    cd repos/hgadmin
    45    ../../admin/hg-admin-tools/refresh-auth
    54    ../../admin/hg-admin-tools/refresh-auth
    46     exit
    55     exit
    47 
    56 
    48 You should now have SSH access to this repository and full control, which you can test like so:
    57 You should now have SSH access to this repository and full control,
       
    58 which you can test like so:
    49 
    59 
    50    cd ~/hg/hgadmin
    60    cd ~/hg/hgadmin
    51    echo "[paths]" >> .hg/hgrc
    61    echo "[paths]" >> .hg/hgrc
    52    echo "default = ssh://hg@localhost/hgadmin"  >> .hg/hgrc
    62    echo "default = ssh://hg@localhost/hgadmin"  >> .hg/hgrc
    53    hg pull
    63    hg pull
    54    hg push
    64    hg push
    55 
    65 
    56 These attempts to push and pull should report no new changes but otherwise work.
    66 These attempts to push and pull should report no new changes but
       
    67 otherwise work.
    57 
    68 
    58 You can now add other users by putting their keys in an appropriate subdirectory of the "keys" directory, and control their access by editing hg-ssh-access.conf.  Changes will take effect as soon as you push them to the remote ssh server.
    69 You can now add other users by putting their keys in an appropriate
       
    70 subdirectory of the "keys" directory, and control their access by
       
    71 editing hg-ssh-access.conf.  Changes will take effect as soon as you
       
    72 push them to the remote ssh server.
    59 
    73 
    60 hg-ssh-access.conf has the following syntax:
    74 Each line of hg-ssh-access.conf has the following syntax:
    61 
    75 
    62 <rule> <keypattern> <repositorypattern>
    76 <rule> <keypattern> <repositorypattern>
    63 
    77 
    64 The "rule" is either "init", "allow", or "deny".  "keypattern" is a glob pattern matched against the name of the key used - for example, in our initial setup "admin/myname" matches "admin/*".  "repositorypattern" is a pattern matched againt the repository name - so "hgadmin" matches "*".  Only boring characters are allowed in patterns and key and repository names - see the source for details.  Blank lines and lines that start with "#" are ignored.
    78 The "rule" is either "init", "allow", or "deny".  "keypattern" is a
       
    79 glob pattern matched against the name of the key used - for example,
       
    80 in our initial setup "admin/myname" matches "admin/*".
       
    81 "repositorypattern" is a pattern matched againt the repository name -
       
    82 so "hgadmin" matches "*".  Only boring characters are allowed in
       
    83 patterns and key and repository names - see the source for details.
       
    84 Blank lines and lines that start with "#" are ignored.
    65 
    85 
    66 
    86