start to move towards things living where they should and new
break-in system. Big change.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/.hgignore Wed May 28 18:14:15 2008 +0100
@@ -0,0 +1,4 @@
+syntax: glob
+
+*~
+*.pyc
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/break-in Wed May 28 18:14:15 2008 +0100
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+REPO=~hg/repos/hgadmin
+sudo -u hg -H hg -q -R "$REPO" update null
+sudo -u hg mkdir $REPO/keys
+cp $1 $REPO/keys/root
+cd $REPO
+echo "init user=root" > hg-ssh-access.conf
+sudo -u hg -H /usr/local/lib/hg-admin-tools/refresh-auth ~/.ssh/authorized_keys /etc/hg-admin-tools/hg-ssh-wrapper
+
--- a/hg-ssh-wrapper Fri May 02 18:03:42 2008 +0100
+++ b/hg-ssh-wrapper Wed May 28 18:14:15 2008 +0100
@@ -1,7 +1,6 @@
#!/bin/sh
-# This file needs to be saved as ~/hg-ssh-wrapper for the user whose
-# ~/.ssh/authorized_keys file is rewritten by refresh-auth. It expects
+# This file should live in /etc/hg-admin-tools. It expects
# to be specified as the target of the "command" section in the prefix
# of a key in the authorized_keys file, and be passed a name associated
# with an ssh key as its only argument. It does some setting up before
@@ -17,7 +16,7 @@
# Use a different hgrc for remote pulls - this way you can set
# up access.py for everything at once without affecting local operations
-HGRCPATH=$(pwd)/remote-hgrc
+HGRCPATH=/etc/hg-admin-tools/remote-hgrc
export HGRCPATH
# Set up this environment variable - useful for hg hooks to check.
@@ -27,4 +26,5 @@
cd repos
HG_ACCESS_RULES_FILE=$(pwd)/hgadmin/hg-ssh-access.conf
export HG_ACCESS_RULES_FILE
-exec ../admin/hg-admin-tools/hg-ssh
+exec /usr/local/lib/hg-admin-tools/hg-ssh
+
--- a/hgadmin-hgrc Fri May 02 18:03:42 2008 +0100
+++ b/hgadmin-hgrc Wed May 28 18:14:15 2008 +0100
@@ -3,5 +3,6 @@
[hooks]
changegroup.aaaaa_update = hg update -C default > /dev/null
-changegroup.refreshauth = ../../admin/hg-admin-tools/refresh-auth ~/.ssh/authorized_keys ./hg-ssh-wrapper
+changegroup.aaaab_purge = hg purge --all > /dev/null
+changegroup.refreshauth = /usr/local/lib/hg-admin-tools/refresh-auth ~/.ssh/authorized_keys /etc/hg-admin-tools/hg-ssh-wrapper
--- a/hginit Fri May 02 18:03:42 2008 +0100
+++ b/hginit Wed May 28 18:14:15 2008 +0100
@@ -2,17 +2,9 @@
set -e
-initdir=$(pwd)
-
cd
-mkdir -p admin repos/hgadmin/keys/admin .ssh
-cp -r "$initdir" admin/hg-admin-tools
-cp admin/hg-admin-tools/hg-ssh-wrapper admin/hg-admin-tools/remote-hgrc ~
-mv admin/hg-admin-tools/first-adminkey repos/hgadmin/keys/admin/first
+mkdir -p repos/hgadmin .ssh
cd repos/hgadmin
hg init .
-echo "init user=admin/*" > hg-ssh-access.conf
-hg add
-hg commit -m "initial commit"
-cp ../../admin/hg-admin-tools/hgadmin-hgrc .hg/hgrc
-../../admin/hg-admin-tools/refresh-auth ~/.ssh/authorized_keys ./hg-ssh-wrapper
+cp /usr/local/lib/hg-admin-tools/hgadmin-hgrc .hg/hgrc
+
--- a/install Fri May 02 18:03:42 2008 +0100
+++ b/install Wed May 28 18:14:15 2008 +0100
@@ -2,13 +2,13 @@
set -e
-ssh-add -L > first-adminkey
-
-if [ \! -s first-adminkey ] ; then
- echo "No key defined in ssh agent; exiting"
- exit -1
-fi
+install -o root -g root -d /usr/local/lib/hg-admin-tools
+install -o root -g root -t /usr/local/lib/hg-admin-tools \
+ access.py hg-ssh refresh-auth ruleset.py hgadmin-hgrc break-in
+install -o root -g root -d /etc/hg-admin-tools
+install -o root -g root -t /etc/hg-admin-tools hg-ssh-wrapper remote-hgrc
sudo adduser --system --shell /bin/sh --group --disabled-password \
--gecos "Mercurial repositories" hg
sudo -u hg -H ./hginit
+
--- a/remote-hgrc Fri May 02 18:03:42 2008 +0100
+++ b/remote-hgrc Wed May 28 18:14:15 2008 +0100
@@ -1,7 +1,7 @@
# hgrc to use for all remote users
[extensions]
-access = /home/hg/admin/hg-admin-tools/access.py
+access = /usr/local/lib/hg-admin-tools/access.py
[hooks]
pretxnchangegroup.access = python:access.hook