# HG changeset patch # User Paul Crowley # Date 1236343582 0 # Node ID 5d81ec164e5ded4ff2a223ff4fb79b0ab8f6983b # Parent 582808b47653503392077de312db7f0934aca031 do-refresh-auth now does all the work diff -r 582808b47653 -r 5d81ec164e5d doc/PLAN --- a/doc/PLAN Fri Mar 06 12:34:07 2009 +0000 +++ b/doc/PLAN Fri Mar 06 12:46:22 2009 +0000 @@ -3,13 +3,12 @@ Done: - move all modules into mercurial_server directory - - make mercurial_server.paths module; a function sets a global based on sys.argv[0] - reduce hg-ssh-wrapper to nothing by moving all functionality into hg-ssh +- same for refresh-auth Todo: -- same for refresh-auth - move most of do-refresh-auth into a module - give that module a hook, and call the hook instead of the exe - abolish refresh-auth shell script and rename do-refresh-auth to refresh-auth diff -r 582808b47653 -r 5d81ec164e5d src/do-refresh-auth --- a/src/do-refresh-auth Fri Mar 06 12:34:07 2009 +0000 +++ b/src/do-refresh-auth Fri Mar 06 12:46:22 2009 +0000 @@ -9,15 +9,22 @@ import sys import os import os.path +import pwd import subprocess -from mercurialserver import ruleset +from mercurialserver import ruleset, paths -if len(sys.argv) <= 3: - sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv) +if len(sys.argv) != 1: + sys.stderr.write("refresh-auth: must be called with no arguments (%s)\n" % sys.argv) sys.exit(-1) -akeyfile = sys.argv[1] -wrappercommand = sys.argv[2] +pentry = pwd.getpwuid(os.geteuid()) +if pentry.pw_name != "hg": + # FIXME: re-execute + print >>sys.stderr, "Must be run as the 'hg' user" + +akeyfile = pentry.pw_dir + "/.ssh/authorized_keys" +wrappercommand = paths.getEtcPath() + "/hg-ssh-wrapper" +keydirs = [paths.getEtcPath() + "/keys", pentry.pw_dir + "/repos/hgadmin/keys"] prefix='no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command=' if os.path.exists(akeyfile): @@ -30,7 +37,7 @@ f.close() akeys = open(akeyfile + "_new", "w") -for keyroot in sys.argv[3:]: +for keyroot in keydirs: kr = keyroot + "/" #print "Processing keyroot", keyroot for root, dirs, files in os.walk(keyroot): diff -r 582808b47653 -r 5d81ec164e5d src/init/conf/refresh-auth --- a/src/init/conf/refresh-auth Fri Mar 06 12:34:07 2009 +0000 +++ b/src/init/conf/refresh-auth Fri Mar 06 12:46:22 2009 +0000 @@ -2,18 +2,6 @@ # Copyright 2008-2009 LShift Ltd # This file should live in /etc/mercurial-server. -# If your repository is laid out differently you may need to modify -# this file. - -set -e -if [ `whoami` != 'hg' ] ; then - echo "Must be run as hg user" - return -1 -else - /usr/local/lib/mercurial-server/do-refresh-auth \ - ~hg/.ssh/authorized_keys \ - /etc/mercurial-server/hg-ssh-wrapper \ - /etc/mercurial-server/keys \ - ~hg/repos/hgadmin/keys -fi +exec /usr/local/lib/mercurial-server/do-refresh-auth +