# HG changeset patch # User Paul Crowley # Date 1243504693 -3600 # Node ID db219a5a14f8d3414cef2fe7a34ea0267be5139f # Parent cacc2cf27d1873c2a0ddea5edaeb41cf1230d96c share not lib in docs diff -r cacc2cf27d18 -r db219a5a14f8 README --- a/README Tue Mar 17 13:07:14 2009 +0000 +++ b/README Thu May 28 10:58:13 2009 +0100 @@ -40,7 +40,7 @@ To give a user access to the repository, place their key in an appropriately-named subdirectory of "/etc/mercurial-server/keys" and run -"/usr/local/lib/mercurial-server/refresh-auth". You can then control what +"/usr/local/share/mercurial-server/refresh-auth". You can then control what access they have to what repositories by editing the control file "/etc/mercurial-server/access.conf", which can match the names of these keys against a glob pattern. @@ -75,7 +75,7 @@ (ie the file is called something like "/etc/mercurial-server/keys/root/yourname/yourhostname") so that you can easily manage users who have a different key on each host they use. Then run -"/usr/local/lib/mercurial-server/refresh-auth". +"/usr/local/share/mercurial-server/refresh-auth". The repository is now ready to use, and you are now the sole user able to change and create repositories on this repository host. @@ -98,7 +98,7 @@ "keys/users" subdirectory - these users will be able to read and write to any repository (except one - see below) but will not be able to create new repositories. As always, when you change "/etc/mercurial-server/keys" you need -to re-run "/usr/local/lib/mercurial-server/refresh-auth". +to re-run "/usr/local/share/mercurial-server/refresh-auth". LOGGING diff -r cacc2cf27d18 -r db219a5a14f8 doc/PLAN --- a/doc/PLAN Tue Mar 17 13:07:14 2009 +0000 +++ b/doc/PLAN Thu May 28 10:58:13 2009 +0100 @@ -1,5 +1,3 @@ -Plan: do away with shell scripts, and un-hard-wire the path /usr/local/lib/mercurial-server. - Done: - move all modules into mercurial_server directory @@ -11,10 +9,10 @@ - abolish refresh-auth shell script and rename do-refresh-auth to refresh-auth - replace env vars with Python globals - change refresh-auth to refer to hg-ssh directly, abolish hg-ssh-wrapper +- change install script to a Python script, abolishing hginit Todo: - add comment check and -f flag to refresh-auth -- change install script to a Python script, abolishing hginit diff -r cacc2cf27d18 -r db219a5a14f8 doc/how-it-works --- a/doc/how-it-works Tue Mar 17 13:07:14 2009 +0000 +++ b/doc/how-it-works Thu May 28 10:58:13 2009 +0100 @@ -1,21 +1,22 @@ HOW IT WORKS -When a developer attempts to connect to a repository via ssh, the SSH daemon -searches for a match for that user's key in ~hg/.ssh/authorized_keys. If the -developer is authorised to connect to the repository they will have an entry -in this file. The entry includes a "command" prefix which specifies that the -restricted shell "/usr/local/lib/mercurial-server/hg-ssh" should be used; this -shell is passed an argument identifying the developer. The shell parses the -command the developer is trying to execute, and consults a rules file to see -if that developer is allowed to perform that action on that repository. +When a developer attempts to connect to a repository via ssh, the SSH +daemon searches for a match for that user's key in +~hg/.ssh/authorized_keys. If the developer is authorised to connect to the +repository they will have an entry in this file. The entry includes a +"command" prefix which specifies that the restricted shell +"/usr/local/share/mercurial-server/hg-ssh" should be used; this shell is +passed an argument identifying the developer. The shell parses the command +the developer is trying to execute, and consults a rules file to see if +that developer is allowed to perform that action on that repository. The file ~hg/.ssh/authorized_keys is generated by "refresh-auth", which -recurses through two directories of files containing SSH keys and generates an -entry in authorized_keys for each one, using the name of the key file as the -identifier for the developer. These keys will live in the "keys" subdirectory -"/etc/mercurial-server" and the "keys" subdirectory of a repository called -"hgadmin". A hook in this repository re-runs "refresh-auth" on the most recent -version after every push. +recurses through two directories of files containing SSH keys and generates +an entry in authorized_keys for each one, using the name of the key file as +the identifier for the developer. These keys will live in the "keys" +subdirectory "/etc/mercurial-server" and the "keys" subdirectory of a +repository called "hgadmin". A hook in this repository re-runs +"refresh-auth" on the most recent version after every push. Finally, hook in an extension is run for each changeset that is remotely committed, which uses the rules file to determine whether to allow the