Mercurial 1.7.1 released!

Martin Geisler mg at aragost.com
Thu Nov 25 08:48:18 UTC 2010


JonnyDee <jonny.dee.1 at googlemail.com> writes:

> You were right -- I really didn't get the 'trust' thing right. Thank
> you for your explanation. So let me shortly recap what I understood
> now:
>
> The key point is that I must configure "my Mercurial" to trust a the
> ".hg/hgrc" of a repository owned by another user B. The reason behind
> that is that this makes sure extensions enabled by the other user for
> his repository are not loaded/executed as long as I don't explicitly
> trust his configuration by adding his user account/group to my 'hgrc'
> file. Right?

Correct -- extensions can execute arbitrary code when loaded, so loading
any random extension pointed to by a .hg/hgrc file would be dangerous.

> So now I'll tell you my setup:
>
> * A (Ubuntu server) host 'x-host' has Mercurial 1.7.1 and 'mercurial-
> server' software installed.

Okay.

> ** The sources of 'mercurial-server' are owned by 'root'.

Okay, but not relevant.

> ** The 'mercurial-server' software is installed for user 'hg'.

Very relevant -- when this is the user running mercurial-server, then
this is the user for whom you must configure the trust settings.

> ** The 'bookmarks' extension is enabled system-wide within the '/etc/
> mercurial/hgrc.d/hgext.rc' configuration file.

Okay.

> * My (Windows client) host 'y-host' has Mercurial 1.7.1 (TortoiseHG
> 1.6.1.1) installed, and I am logged in as user 'jonny'.

Your local username is actually not relevant.

> ** The 'bookmarks' extension is enabled within jonny's user
> configuration file.

Okay.

> WRT the explanation you gave me I can image the following scenario:
>
> * My user 'jonny' of 'y-host' first clones the remote repository
> using: "hg clone ssh://hg@x-host/path/to/repo a-repo"

> * My user 'jonny' needs to trust the remote user 'hg' in order to
> enable the extensions activated for/by 'hg'.

No -- this is the key point where things break. There is never really a
'local' and a 'remote' user when you use Mercurial: repository access is
always done locally.

In your case, the user 'hg' on machine 'x-host' will make a clone of
~hg/path/to/repo. This all takes place on machine 'x-host' -- your local
Mercurial process starts a remote Mercurial process via SSH.

The clone ends up on 'y-host' because of the SSH tunnel involved, but
that is actually not important. What is important is that the Mercurial
process started on 'x-host' trusts the .hg/hgrc file in the repo you
clone from. It will trust it if the 'hg' user on 'x-host' owns .hg/hgrc
of if the 'hg' user on 'x-host' trusts the owner of the .hg/hgrc file.

I hope that helps you track it down.

-- 
Martin Geisler

aragost Trifork
Professional Mercurial support
http://mercurial.aragost.com/kick-start/



More information about the Mercurial mailing list