--- a/.hgignore	Fri Dec 17 15:08:23 2010 +0000
+++ b/.hgignore	Fri Dec 17 18:19:31 2010 +0000
@@ -1,4 +1,6 @@
 ^build/
+^dev/chroot-test/build/
+
 syntax: glob
 
 *~

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dev/chroot-test/action/go	Fri Dec 17 18:19:31 2010 +0000
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd action
+
+ls -l
+
+. ./testing_system
+
+#exec > results 2>&1
+
+#aptitude --allow-untrusted --quiet --without-recommends --assume-yes  install mercurial
+#hg --version
+
+aptitude --allow-untrusted --quiet --without-recommends --assume-yes  install \
+    make mercurial xsltproc docbook-xsl openssh-server \
+    python python-support adduser 
+
+#aptitude --allow-untrusted --quiet --without-recommends --assume-yes  install \
+#     debconf python python-support adduser mercurial openssh-server 
+     
+
+perl -i -pe 's/^Port 22$/Port 2222/' /etc/ssh/sshd_config
+/etc/init.d/ssh start
+ssh-keyscan -p 2222 localhost > /etc/ssh/ssh_known_hosts
+
+#dpkg -i mercurial-server_1.0-1_all.deb
+cd mercurial-server
+make setup-adduser
+
+for user in test1 test2 ; do
+    adduser --gecos $user --disabled-password $user
+    su -l -c 'mkdir .ssh' $user
+    su -l -c 'ssh-keygen -N "" -f .ssh/id_rsa -t rsa' $user
+done
+cp /home/test1/.ssh/id_rsa.pub /etc/mercurial-server/keys/root/test1
+su -l -c /usr/local/share/mercurial-server/refresh-auth hg
+su -l -c /action/test1 test1
+su -l -c /action/test2 test2
+
+/etc/init.d/ssh stop
+
+#touch results
+

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dev/chroot-test/action/test1	Fri Dec 17 18:19:31 2010 +0000
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd
+
+cat > .ssh/config <<__END__
+Host chroothg
+Hostname localhost
+User hg
+Port 2222
+__END__
+
+echo "Cloning hgadmin..."
+hg clone ssh://chroothg/hgadmin
+echo "Updating hgadmin..."
+cd hgadmin
+
+cat > access.conf <<__END__
+read user=restricted/** file=denied/**
+write user=restricted/**
+__END__
+mkdir -p keys/restricted
+cp /home/test2/.ssh/id_rsa.pub keys/restricted/test2
+
+hg add keys/restricted/test2 access.conf
+hg commit -u test1 -m "Added user test2"
+echo "Push"
+hg push
+cd ..
+mkdir realrepo
+cd realrepo
+hg init .
+mkdir denied
+echo "This is a file" > content
+echo "This is a file not everyone can write to" > denied/cantwrite
+hg add content denied/cantwrite
+hg commit -u test1 -m "Add files to the repo"
+echo "Pushing changes"
+hg clone . ssh://chroothg/real/project
+echo "Done for user test1"

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dev/chroot-test/action/test2	Fri Dec 17 18:19:31 2010 +0000
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+set -e
+
+cd
+
+cat > .ssh/config <<__END__
+Host chroothg
+Hostname localhost
+User hg
+Port 2222
+__END__
+
+echo "Pulling real project"
+hg clone ssh://chroothg/real/project
+cd project
+echo "and I'm adding something" >> content
+hg commit -u test2 -m "Added something to the file"
+echo "This push should succeed"
+hg push
+echo "And it did"
+echo "This should fail" >> denied/cantwrite
+hg commit -u test2 -m "WONTPUSH"
+# Fail only if this succeeds
+echo "About to do bad push"
+hg push && false
+echo "really checking now"
+hg outgoing --template '{desc}' | grep -q WONTPUSH
+echo "done"

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dev/chroot-test/action/testing_system	Fri Dec 17 18:19:31 2010 +0000
@@ -0,0 +1,5 @@
+
+if [ \! -e /please-trash-this-system ] ; then
+    echo "These tests will only run in a special test environment, sorry"
+    exit -1
+fi

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dev/chroot-test/create-source-image	Fri Dec 17 18:19:31 2010 +0000
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+
+mkdir -p /var/local/cache/pristine
+debootstrap --arch i386 sid /var/local/cache/pristine/sid http://ftp.uk.debian.org/debian/
+

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dev/chroot-test/policy-rc.d	Fri Dec 17 18:19:31 2010 +0000
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+# Refuse everything - nothing should start.
+return 101

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dev/chroot-test/run-test	Fri Dec 17 18:19:31 2010 +0000
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+# Must be root to run this
+
+set -e
+
+DEBVERSION=sid
+
+PRISTINE=/var/local/cache/pristine/$DEBVERSION
+
+if [ ! -e $PRISTINE ] ; then
+    echo "Debian pristine image not found, try running create-source-image"
+    echo $PRISTINE
+    exit -1
+fi
+
+TOPDIR=`pwd`
+mkdir -p $TOPDIR/build/env
+BACKING=$TOPDIR/build/env/backing
+MOUNT=$TOPDIR/build/env/mount
+if [ -e $MOUNT ] ; then
+    echo "Removing old filesystem"
+    # FIXME: evil hack!
+    chroot $MOUNT /etc/init.d/ssh stop || true
+    umount $MOUNT/proc || true
+    umount $MOUNT || true
+    rm -rf $MOUNT
+fi
+if [ -e $BACKING ] ; then
+    echo "Copying deb files into cache"
+    cp $BACKING/var/cache/apt/archives/* build/aptcache/$DEBVERSION || true
+    echo "Deleting old filesystem backing store"
+    rm -rf $BACKING
+fi
+mkdir $BACKING $MOUNT
+
+touch $BACKING/please-trash-this-system
+mkdir -p $BACKING/etc
+echo "pristine" > $BACKING/etc/debian_chroot
+cp -v policy-rc.d $BACKING/etc/policy-rc.d
+
+mkdir -p $BACKING/var/cache/apt/archives
+echo "Copying deb files out of cache"
+cp build/aptcache/$DEBVERSION/* $BACKING/var/cache/apt/archives || true
+
+cp -av action $BACKING
+#hg -R ../mercurial-server archive -r default $BACKING/action/mercurial-server
+( cd ../mercurial-server && \
+    hg st -mac0n | cpio -p -0 -d $BACKING/action/mercurial-server )
+
+#cp ../mercurial-server/build/debian/mercurial-server_1.0-1_all.deb $BACKING/action
+
+unionfs-fuse -o cow -o allow_other,suid,dev $BACKING=RW:$PRISTINE=RO $MOUNT
+
+#mount --bind /dev "$MOUNT/dev"
+#mount --bind /dev/pts "$MOUNT/dev/pts"
+mount -t proc proc $MOUNT/proc
+
+chroot $MOUNT ./action/go
+
+
+#cat $BACKING/action/results
+
+#rm -rf build/env
+