# HG changeset patch # User Paul Crowley # Date 1213633049 -3600 # Node ID 4b5ca59fe3b7b22548e131f5d47bbc65887aa8ed # Parent 18e93dbdaf126154e236cde3954322d8c4b4cb6c more actual file moves - forgot to tell hg diff -r 18e93dbdaf12 -r 4b5ca59fe3b7 as-if-by-ssh --- a/as-if-by-ssh Mon Jun 16 17:12:20 2008 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,10 +0,0 @@ -#!/bin/sh -# Used only for break-ins - -set -e -SSH_ORIGINAL_COMMAND=$1 -echo "SSH_ORIGINAL_COMMAND=$SSH_ORIGINAL_COMMAND" >&2 -export SSH_ORIGINAL_COMMAND -cd -exec /etc/hg-admin-tools/hg-ssh-wrapper root - diff -r 18e93dbdaf12 -r 4b5ca59fe3b7 break-in --- a/break-in Mon Jun 16 17:12:20 2008 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,14 +0,0 @@ -#!/bin/sh - -set -e - -user=$(whoami) - -/usr/local/lib/hg-admin-tools/create-breakin-repository -cd hgadmin -mkdir -p keys -ssh-add -L > keys/$user -echo "init user=$user" > hg-ssh-access.conf -hg add keys/$user hg-ssh-access.conf -hg commit -m "Give all access only to user $user" -hg push diff -r 18e93dbdaf12 -r 4b5ca59fe3b7 create-breakin-repository --- a/create-breakin-repository Mon Jun 16 17:12:20 2008 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ -#!/bin/sh - -set -e - -hg clone -e /usr/local/lib/hg-admin-tools/ssh-replacement ssh://localhost/hgadmin -cd hgadmin -cat >> .hg/hgrc << __END__ -[ui] -ssh = /usr/local/lib/hg-admin-tools/ssh-replacement -__END__ -echo "cd to hgadmin, make changes and commit" - diff -r 18e93dbdaf12 -r 4b5ca59fe3b7 hg-ssh-wrapper --- a/hg-ssh-wrapper Mon Jun 16 17:12:20 2008 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,30 +0,0 @@ -#!/bin/sh - -# This file should live in /etc/hg-admin-tools. It expects -# to be specified as the target of the "command" section in the prefix -# of a key in the authorized_keys file, and be passed a name associated -# with an ssh key as its only argument. It does some setting up before -# calling hg-ssh, which does the real work of deciding whether to allow -# the users action based on the type of the action, the key name, and -# the contents of the specified rules file. - -# If your repository is laid out differently you may need to modify -# this file. - -set -e - -# Use a different hgrc for remote pulls - this way you can set -# up access.py for everything at once without affecting local operations - -HGRCPATH=/etc/hg-admin-tools/remote-hgrc -export HGRCPATH - -# Set up this environment variable - useful for hg hooks to check. -REMOTE_USER=$1 -export REMOTE_USER - -cd repos -HG_ACCESS_RULES_FILE=$(pwd)/hgadmin/hg-ssh-access.conf -export HG_ACCESS_RULES_FILE -exec /usr/local/lib/hg-admin-tools/hg-ssh - diff -r 18e93dbdaf12 -r 4b5ca59fe3b7 hgadmin-hgrc --- a/hgadmin-hgrc Mon Jun 16 17:12:20 2008 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,8 +0,0 @@ -# WARNING: when these hooks run they will entirely destroy and rewrite -# ~/.ssh/authorized_keys - -[hooks] -changegroup.aaaaa_update = hg update -C default > /dev/null -changegroup.aaaab_purge = hg purge --all > /dev/null -changegroup.refreshauth = /usr/local/lib/hg-admin-tools/refresh-auth ~/.ssh/authorized_keys /etc/hg-admin-tools/hg-ssh-wrapper - diff -r 18e93dbdaf12 -r 4b5ca59fe3b7 src/init/break-in/as-if-by-ssh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/init/break-in/as-if-by-ssh Mon Jun 16 17:17:29 2008 +0100 @@ -0,0 +1,10 @@ +#!/bin/sh +# Used only for break-ins + +set -e +SSH_ORIGINAL_COMMAND=$1 +echo "SSH_ORIGINAL_COMMAND=$SSH_ORIGINAL_COMMAND" >&2 +export SSH_ORIGINAL_COMMAND +cd +exec /etc/hg-admin-tools/hg-ssh-wrapper root + diff -r 18e93dbdaf12 -r 4b5ca59fe3b7 src/init/break-in/break-in --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/init/break-in/break-in Mon Jun 16 17:17:29 2008 +0100 @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +user=$(whoami) + +/usr/local/lib/hg-admin-tools/create-breakin-repository +cd hgadmin +mkdir -p keys +ssh-add -L > keys/$user +echo "init user=$user" > hg-ssh-access.conf +hg add keys/$user hg-ssh-access.conf +hg commit -m "Give all access only to user $user" +hg push diff -r 18e93dbdaf12 -r 4b5ca59fe3b7 src/init/break-in/create-breakin-repository --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/init/break-in/create-breakin-repository Mon Jun 16 17:17:29 2008 +0100 @@ -0,0 +1,12 @@ +#!/bin/sh + +set -e + +hg clone -e /usr/local/lib/hg-admin-tools/ssh-replacement ssh://localhost/hgadmin +cd hgadmin +cat >> .hg/hgrc << __END__ +[ui] +ssh = /usr/local/lib/hg-admin-tools/ssh-replacement +__END__ +echo "cd to hgadmin, make changes and commit" + diff -r 18e93dbdaf12 -r 4b5ca59fe3b7 src/init/break-in/ssh-replacement --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/init/break-in/ssh-replacement Mon Jun 16 17:17:29 2008 +0100 @@ -0,0 +1,7 @@ +#!/bin/sh +# Used only for break-ins + +echo "arg: $2" >&2 + +exec sudo -H -u hg /usr/local/lib/hg-admin-tools/as-if-by-ssh "$2" + diff -r 18e93dbdaf12 -r 4b5ca59fe3b7 src/init/conf/hg-ssh-wrapper --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/init/conf/hg-ssh-wrapper Mon Jun 16 17:17:29 2008 +0100 @@ -0,0 +1,30 @@ +#!/bin/sh + +# This file should live in /etc/hg-admin-tools. It expects +# to be specified as the target of the "command" section in the prefix +# of a key in the authorized_keys file, and be passed a name associated +# with an ssh key as its only argument. It does some setting up before +# calling hg-ssh, which does the real work of deciding whether to allow +# the users action based on the type of the action, the key name, and +# the contents of the specified rules file. + +# If your repository is laid out differently you may need to modify +# this file. + +set -e + +# Use a different hgrc for remote pulls - this way you can set +# up access.py for everything at once without affecting local operations + +HGRCPATH=/etc/hg-admin-tools/remote-hgrc +export HGRCPATH + +# Set up this environment variable - useful for hg hooks to check. +REMOTE_USER=$1 +export REMOTE_USER + +cd repos +HG_ACCESS_RULES_FILE=$(pwd)/hgadmin/hg-ssh-access.conf +export HG_ACCESS_RULES_FILE +exec /usr/local/lib/hg-admin-tools/hg-ssh + diff -r 18e93dbdaf12 -r 4b5ca59fe3b7 src/init/hgadmin-hgrc --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/init/hgadmin-hgrc Mon Jun 16 17:17:29 2008 +0100 @@ -0,0 +1,8 @@ +# WARNING: when these hooks run they will entirely destroy and rewrite +# ~/.ssh/authorized_keys + +[hooks] +changegroup.aaaaa_update = hg update -C default > /dev/null +changegroup.aaaab_purge = hg purge --all > /dev/null +changegroup.refreshauth = /usr/local/lib/hg-admin-tools/refresh-auth ~/.ssh/authorized_keys /etc/hg-admin-tools/hg-ssh-wrapper + diff -r 18e93dbdaf12 -r 4b5ca59fe3b7 ssh-replacement --- a/ssh-replacement Mon Jun 16 17:12:20 2008 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,7 +0,0 @@ -#!/bin/sh -# Used only for break-ins - -echo "arg: $2" >&2 - -exec sudo -H -u hg /usr/local/lib/hg-admin-tools/as-if-by-ssh "$2" -