# HG changeset patch # User Paul Crowley # Date 1211994855 -3600 # Node ID d54720d47ca2a647a6179799f7979293cfcbcdff # Parent 98dbde5b13a16c1bc283e4dafe240f09c76ecea8 start to move towards things living where they should and new break-in system. Big change. diff -r 98dbde5b13a1 -r d54720d47ca2 .hgignore --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/.hgignore Wed May 28 18:14:15 2008 +0100 @@ -0,0 +1,4 @@ +syntax: glob + +*~ +*.pyc \ No newline at end of file diff -r 98dbde5b13a1 -r d54720d47ca2 break-in --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/break-in Wed May 28 18:14:15 2008 +0100 @@ -0,0 +1,12 @@ +#!/bin/sh + +set -e + +REPO=~hg/repos/hgadmin +sudo -u hg -H hg -q -R "$REPO" update null +sudo -u hg mkdir $REPO/keys +cp $1 $REPO/keys/root +cd $REPO +echo "init user=root" > hg-ssh-access.conf +sudo -u hg -H /usr/local/lib/hg-admin-tools/refresh-auth ~/.ssh/authorized_keys /etc/hg-admin-tools/hg-ssh-wrapper + diff -r 98dbde5b13a1 -r d54720d47ca2 hg-ssh-wrapper --- a/hg-ssh-wrapper Fri May 02 18:03:42 2008 +0100 +++ b/hg-ssh-wrapper Wed May 28 18:14:15 2008 +0100 @@ -1,7 +1,6 @@ #!/bin/sh -# This file needs to be saved as ~/hg-ssh-wrapper for the user whose -# ~/.ssh/authorized_keys file is rewritten by refresh-auth. It expects +# This file should live in /etc/hg-admin-tools. It expects # to be specified as the target of the "command" section in the prefix # of a key in the authorized_keys file, and be passed a name associated # with an ssh key as its only argument. It does some setting up before @@ -17,7 +16,7 @@ # Use a different hgrc for remote pulls - this way you can set # up access.py for everything at once without affecting local operations -HGRCPATH=$(pwd)/remote-hgrc +HGRCPATH=/etc/hg-admin-tools/remote-hgrc export HGRCPATH # Set up this environment variable - useful for hg hooks to check. @@ -27,4 +26,5 @@ cd repos HG_ACCESS_RULES_FILE=$(pwd)/hgadmin/hg-ssh-access.conf export HG_ACCESS_RULES_FILE -exec ../admin/hg-admin-tools/hg-ssh +exec /usr/local/lib/hg-admin-tools/hg-ssh + diff -r 98dbde5b13a1 -r d54720d47ca2 hgadmin-hgrc --- a/hgadmin-hgrc Fri May 02 18:03:42 2008 +0100 +++ b/hgadmin-hgrc Wed May 28 18:14:15 2008 +0100 @@ -3,5 +3,6 @@ [hooks] changegroup.aaaaa_update = hg update -C default > /dev/null -changegroup.refreshauth = ../../admin/hg-admin-tools/refresh-auth ~/.ssh/authorized_keys ./hg-ssh-wrapper +changegroup.aaaab_purge = hg purge --all > /dev/null +changegroup.refreshauth = /usr/local/lib/hg-admin-tools/refresh-auth ~/.ssh/authorized_keys /etc/hg-admin-tools/hg-ssh-wrapper diff -r 98dbde5b13a1 -r d54720d47ca2 hginit --- a/hginit Fri May 02 18:03:42 2008 +0100 +++ b/hginit Wed May 28 18:14:15 2008 +0100 @@ -2,17 +2,9 @@ set -e -initdir=$(pwd) - cd -mkdir -p admin repos/hgadmin/keys/admin .ssh -cp -r "$initdir" admin/hg-admin-tools -cp admin/hg-admin-tools/hg-ssh-wrapper admin/hg-admin-tools/remote-hgrc ~ -mv admin/hg-admin-tools/first-adminkey repos/hgadmin/keys/admin/first +mkdir -p repos/hgadmin .ssh cd repos/hgadmin hg init . -echo "init user=admin/*" > hg-ssh-access.conf -hg add -hg commit -m "initial commit" -cp ../../admin/hg-admin-tools/hgadmin-hgrc .hg/hgrc -../../admin/hg-admin-tools/refresh-auth ~/.ssh/authorized_keys ./hg-ssh-wrapper +cp /usr/local/lib/hg-admin-tools/hgadmin-hgrc .hg/hgrc + diff -r 98dbde5b13a1 -r d54720d47ca2 install --- a/install Fri May 02 18:03:42 2008 +0100 +++ b/install Wed May 28 18:14:15 2008 +0100 @@ -2,13 +2,13 @@ set -e -ssh-add -L > first-adminkey - -if [ \! -s first-adminkey ] ; then - echo "No key defined in ssh agent; exiting" - exit -1 -fi +install -o root -g root -d /usr/local/lib/hg-admin-tools +install -o root -g root -t /usr/local/lib/hg-admin-tools \ + access.py hg-ssh refresh-auth ruleset.py hgadmin-hgrc break-in +install -o root -g root -d /etc/hg-admin-tools +install -o root -g root -t /etc/hg-admin-tools hg-ssh-wrapper remote-hgrc sudo adduser --system --shell /bin/sh --group --disabled-password \ --gecos "Mercurial repositories" hg sudo -u hg -H ./hginit + diff -r 98dbde5b13a1 -r d54720d47ca2 remote-hgrc --- a/remote-hgrc Fri May 02 18:03:42 2008 +0100 +++ b/remote-hgrc Wed May 28 18:14:15 2008 +0100 @@ -1,7 +1,7 @@ # hgrc to use for all remote users [extensions] -access = /home/hg/admin/hg-admin-tools/access.py +access = /usr/local/lib/hg-admin-tools/access.py [hooks] pretxnchangegroup.access = python:access.hook