Mercurial Mercurial > hg > mercurial-server / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
do-refresh-auth now does all the work
authorPaul Crowley <paul@lshift.net>
Fri, 06 Mar 2009 12:46:22 +0000
changeset 73 5d81ec164e5d
parent 72 582808b47653
child 74 9d2ae2841bf2
do-refresh-auth now does all the work
doc/PLAN file | annotate | diff | comparison | revisions
src/do-refresh-auth file | annotate | diff | comparison | revisions
src/init/conf/refresh-auth file | annotate | diff | comparison | revisions 
--- a/doc/PLAN	Fri Mar 06 12:34:07 2009 +0000
+++ b/doc/PLAN	Fri Mar 06 12:46:22 2009 +0000
@@ -3,13 +3,12 @@
 Done:
 
 - move all modules into mercurial_server directory
-
 - make mercurial_server.paths module; a function sets a global based on sys.argv[0]
 - reduce hg-ssh-wrapper to nothing by moving all functionality into hg-ssh
+- same for refresh-auth
 
 Todo:
 
-- same for refresh-auth
 - move most of do-refresh-auth into a module
 - give that module a hook, and call the hook instead of the exe
 - abolish refresh-auth shell script and rename do-refresh-auth to refresh-auth
--- a/src/do-refresh-auth	Fri Mar 06 12:34:07 2009 +0000
+++ b/src/do-refresh-auth	Fri Mar 06 12:46:22 2009 +0000
@@ -9,15 +9,22 @@
 import sys
 import os
 import os.path
+import pwd
 import subprocess
-from mercurialserver import ruleset
+from mercurialserver import ruleset, paths
 
-if len(sys.argv) <= 3:
-    sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv)
+if len(sys.argv) != 1:
+    sys.stderr.write("refresh-auth: must be called with no arguments (%s)\n" % sys.argv)
     sys.exit(-1)
 
-akeyfile = sys.argv[1]
-wrappercommand = sys.argv[2]
+pentry = pwd.getpwuid(os.geteuid())
+if pentry.pw_name != "hg":
+    # FIXME: re-execute
+    print >>sys.stderr, "Must be run as the 'hg' user"
+
+akeyfile = pentry.pw_dir + "/.ssh/authorized_keys"
+wrappercommand = paths.getEtcPath() + "/hg-ssh-wrapper"
+keydirs = [paths.getEtcPath() + "/keys", pentry.pw_dir + "/repos/hgadmin/keys"]
 prefix='no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command='
 
 if os.path.exists(akeyfile):
@@ -30,7 +37,7 @@
         f.close()
 
 akeys = open(akeyfile + "_new", "w")
-for keyroot in sys.argv[3:]:
+for keyroot in keydirs:
     kr = keyroot + "/"
     #print "Processing keyroot", keyroot
     for root, dirs, files in os.walk(keyroot):
--- a/src/init/conf/refresh-auth	Fri Mar 06 12:34:07 2009 +0000
+++ b/src/init/conf/refresh-auth	Fri Mar 06 12:46:22 2009 +0000
@@ -2,18 +2,6 @@
 # Copyright 2008-2009 LShift Ltd
 
 # This file should live in /etc/mercurial-server.
-# If your repository is laid out differently you may need to modify
-# this file.
-
-set -e
 
-if [ `whoami` != 'hg' ] ; then
-    echo "Must be run as hg user"
-    return -1
-else
-    /usr/local/lib/mercurial-server/do-refresh-auth \
-        ~hg/.ssh/authorized_keys \
-        /etc/mercurial-server/hg-ssh-wrapper \
-        /etc/mercurial-server/keys \
-        ~hg/repos/hgadmin/keys
-fi
+exec /usr/local/lib/mercurial-server/do-refresh-auth
+
mercurial-server