Mercurial Mercurial > hg > mercurial-server / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
wrap overlong lines
authorPaul Crowley <paul@lshift.net>
Thu, 17 Apr 2008 15:36:10 +0100
changeset 10 524b4a45ef0a
parent 9 21d9048136dc
child 11 f3c73c9fc0ff
wrap overlong lines
README file | annotate | diff | comparison | revisions
hg-ssh file | annotate | diff | comparison | revisions
hg-ssh-wrapper file | annotate | diff | comparison | revisions 
--- a/README	Thu Apr 17 11:55:04 2008 +0100
+++ b/README	Thu Apr 17 15:36:10 2008 +0100
@@ -10,13 +10,20 @@
 
 INSTRUCTIONS FOR USE:
 
-This is only one setup - it can be tweaked in many ways, and is as specific as it is only in the interests of brevity.
-
-You, and all users of your Hg repository, will need SSH public key authentication set up, preferably working with ssh-agent so you don't have to type in your passphrase all the time.  I assume you've done that in what follows, so if you've done something different you'll need to change it appropriately.
+This is only one setup - it can be tweaked in many ways, and is as
+specific as it is only in the interests of brevity.
 
-Create a user called "hg" on the machine where the repository will live.  I used the command
+You, and all users of your Hg repository, will need SSH public key
+authentication set up, preferably working with ssh-agent so you don't
+have to type in your passphrase all the time.  I assume you've done
+that in what follows, so if you've done something different you'll
+need to change it appropriately.
 
-sudo adduser --system --shell /bin/sh --group --disabled-password --gecos "Mercural repository" hg
+Create a user called "hg" on the machine where the repository will
+live.  I used the command
+
+  sudo adduser --system --shell /bin/sh --group --disabled-password \
+    --gecos "Mercural repository" hg
 
 Now create a basic access control setup.  
 
@@ -32,7 +39,9 @@
    hg add
    hg commit -m "Initial configuration"
 
-You can use whatever you want in place of "myname" and indeed "admin".  The files in ~/hg must be readable by the hg user.  Issue these commands to become the hg user and set up the repository
+You can use whatever you want in place of "myname" and indeed "admin".
+The files in ~/hg must be readable by the hg user.  Issue these
+commands to become the hg user and set up the repository
 
    sudo -u hg -s
    cd ~hg
@@ -45,7 +54,8 @@
    ../../admin/hg-admin-tools/refresh-auth
     exit
 
-You should now have SSH access to this repository and full control, which you can test like so:
+You should now have SSH access to this repository and full control,
+which you can test like so:
 
    cd ~/hg/hgadmin
    echo "[paths]" >> .hg/hgrc
@@ -53,14 +63,24 @@
    hg pull
    hg push
 
-These attempts to push and pull should report no new changes but otherwise work.
+These attempts to push and pull should report no new changes but
+otherwise work.
 
-You can now add other users by putting their keys in an appropriate subdirectory of the "keys" directory, and control their access by editing hg-ssh-access.conf.  Changes will take effect as soon as you push them to the remote ssh server.
+You can now add other users by putting their keys in an appropriate
+subdirectory of the "keys" directory, and control their access by
+editing hg-ssh-access.conf.  Changes will take effect as soon as you
+push them to the remote ssh server.
 
-hg-ssh-access.conf has the following syntax:
+Each line of hg-ssh-access.conf has the following syntax:
 
 <rule> <keypattern> <repositorypattern>
 
-The "rule" is either "init", "allow", or "deny".  "keypattern" is a glob pattern matched against the name of the key used - for example, in our initial setup "admin/myname" matches "admin/*".  "repositorypattern" is a pattern matched againt the repository name - so "hgadmin" matches "*".  Only boring characters are allowed in patterns and key and repository names - see the source for details.  Blank lines and lines that start with "#" are ignored.
+The "rule" is either "init", "allow", or "deny".  "keypattern" is a
+glob pattern matched against the name of the key used - for example,
+in our initial setup "admin/myname" matches "admin/*".
+"repositorypattern" is a pattern matched againt the repository name -
+so "hgadmin" matches "*".  Only boring characters are allowed in
+patterns and key and repository names - see the source for details.
+Blank lines and lines that start with "#" are ignored.
 
 
--- a/hg-ssh	Thu Apr 17 11:55:04 2008 +0100
+++ b/hg-ssh	Thu Apr 17 15:36:10 2008 +0100
@@ -11,14 +11,18 @@
 # of the GNU General Public License, incorporated herein by reference.
 
 """
-hg-ssh - limit access to hg repositories reached via ssh.  Part of hg-admin-tools.
+hg-ssh - limit access to hg repositories reached via ssh.  Part of
+hg-admin-tools.
 
 This script is called by hg-ssh-wrapper with two arguments:
 
 hg-ssh <rulefile> <keyname>
 
-It expects to find the command the SSH user was trying to run in the environment variable
-SSH_ORIGINAL_COMMAND, and uses it to determine what the user was trying to do and to what repository, and then checks each rule in the rule file in turn for a matching rule which decides what to do, defaulting to disallowing the action.
+It expects to find the command the SSH user was trying to run in the
+environment variable SSH_ORIGINAL_COMMAND, and uses it to determine
+what the user was trying to do and to what repository, and then checks
+each rule in the rule file in turn for a matching rule which decides
+what to do, defaulting to disallowing the action.
 """
 
 # enable importing on demand to reduce startup time
@@ -89,6 +93,7 @@
 
 rulefile = sys.argv[1]
 keyname = sys.argv[2]
-todispatch = get_cmd(rulefile, keyname, os.environ.get('SSH_ORIGINAL_COMMAND', '?'))
+todispatch = get_cmd(rulefile, keyname, 
+    os.environ.get('SSH_ORIGINAL_COMMAND', '?'))
 dispatch.dispatch(todispatch)
 
--- a/hg-ssh-wrapper	Thu Apr 17 11:55:04 2008 +0100
+++ b/hg-ssh-wrapper	Thu Apr 17 15:36:10 2008 +0100
@@ -1,18 +1,22 @@
 #!/bin/sh
 
-# This file needs to be saved as ~/hg-ssh-wrapper for the user whose ~/.ssh/authorized_keys file
-# is rewritten by refresh-auth.  It expects to be specified as the target of the "command" section
-# in the prefix of a key in the authorized_keys file, and be passed a name associated with an
-# ssh key as its only argument.  It does some setting up before calling hg-ssh, which does the real
-# work of deciding whether to allow the users action based on the type of the action, the key name,
-# and the contents of the specified rules file.
+# This file needs to be saved as ~/hg-ssh-wrapper for the user whose
+# ~/.ssh/authorized_keys file is rewritten by refresh-auth.  It expects
+# to be specified as the target of the "command" section in the prefix
+# of a key in the authorized_keys file, and be passed a name associated
+# with an ssh key as its only argument.  It does some setting up before
+# calling hg-ssh, which does the real work of deciding whether to allow
+# the users action based on the type of the action, the key name, and
+# the contents of the specified rules file.
 
-# If your repository is laid out differently you may need to modify this file.
+# If your repository is laid out differently you may need to modify
+# this file.
 
 set -e
 
 # Use a different hgrc for remote pulls - this way you can set
 # up notify for everything at once without affecting local operations
+# 
 # HGRCPATH=$(pwd)/remote-hgrc
 # export HGRCPATH
mercurial-server