--- a/hg-ssh-wrapper Tue Apr 15 18:30:43 2008 +0100
+++ b/hg-ssh-wrapper Wed Apr 16 12:43:21 2008 +0100
@@ -1,5 +1,17 @@
#!/bin/sh
+# This file needs to be saved as ~/hg-ssh-wrapper for the user whose ~/.ssh/authorized_keys file
+# is rewritten by refresh-auth. It expects to be specified as the target of the "command" section
+# in the prefix of a key in the authorized_keys file, and be passed a name associated with an
+# ssh key as its only argument. It does some setting up before calling hg-ssh, which does the real
+# work of deciding whether to allow the users action based on the type of the action, the key name,
+# and the contents of the specified rules file.
+
+# If your repository is laid out differently you may need to modify this file.
+
set -e
cd repos
-../admin/hg-admin-tools/hg-ssh "$@"
+# Set up this environment variable - useful for hg hooks to check.
+HG_ACL_USER=$1
+export HG_ACL_USER
+../admin/hg-admin-tools/hg-ssh hgadmin/hg-ssh-access.conf "$@"