Mercurial 1.7.1 released!

JonnyDee jonny.dee.1 at googlemail.com
Fri Nov 26 08:59:54 UTC 2010


Hi Martin,


> > You were right -- I really didn't get the 'trust' thing right. Thank
> > you for your explanation. So let me shortly recap what I understood
> > now:
>
> > The key point is that I must configure "my Mercurial" to trust a the
> > ".hg/hgrc" of a repository owned by another user B. The reason behind
> > that is that this makes sure extensions enabled by the other user for
> > his repository are not loaded/executed as long as I don't explicitly
> > trust his configuration by adding his user account/group to my 'hgrc'
> > file. Right?
>
> Correct -- extensions can execute arbitrary code when loaded, so loading
> any random extension pointed to by a .hg/hgrc file would be dangerous.
>
> > So now I'll tell you my setup:
>
> > * A (Ubuntu server) host 'x-host' has Mercurial 1.7.1 and 'mercurial-
> > server' software installed.
>
> Okay.
>
> [...]
>
> > ** The 'mercurial-server' software is installed for user 'hg'.
>
> Very relevant -- when this is the user running mercurial-server, then
> this is the user for whom you must configure the trust settings.
>
> [...]
>
> > ** The 'bookmarks' extension is enabled within jonny's user
> > configuration file.
>
> Okay.
>
> > WRT the explanation you gave me I can image the following scenario:
>
> > * My user 'jonny' of 'y-host' first clones the remote repository
> > using: "hg clone ssh://hg@x-host/path/to/repo a-repo"
> > * My user 'jonny' needs to trust the remote user 'hg' in order to
> > enable the extensions activated for/by 'hg'.
>
> No -- this is the key point where things break. There is never really a
> 'local' and a 'remote' user when you use Mercurial: repository access is
> always done locally.

I actually was expecting this, but due to the trust issues I was not
sure anymore.

> In your case, the user 'hg' on machine 'x-host' will make a clone of
> ~hg/path/to/repo. This all takes place on machine 'x-host' -- your local
> Mercurial process starts a remote Mercurial process via SSH.
>
> The clone ends up on 'y-host' because of the SSH tunnel involved, but
> that is actually not important. What is important is that the Mercurial
> process started on 'x-host' trusts the .hg/hgrc file in the repo you
> clone from. It will trust it if the 'hg' user on 'x-host' owns .hg/hgrc
> of if the 'hg' user on 'x-host' trusts the owner of the .hg/hgrc file.
>
> I hope that helps you track it down.

Martin, thank you very much! All my repositories I access using
'mercurial-server' are located in 'hg's home directory, were created
by
the 'hg' user, and are also owned by that user. This is why I wondered
why I suddenly had to deal with trust configuration...

But due to the help of Matt and you I am now able to understand how
everything
fits together. And this helped me to rule out every possible
misconfigurations...

I finally managed to solve my problem. I had to activate the bookmarks
extension
for 'mercurial-server' explicitly by adding a new corresponding
configuration
file within the '/etc/mercurial-server/remote-hgrc.d' directory. I was
expecting
that to enable an extension system-wide would also enable it for
'mercurial-server'.
Obviously, I was wrong, and the existence of a corresponding
'/etc/mercurial-server/remote-hgrc.d' directory really emphasizes this
fact. ;)

Anyway, I hope others might profit from my mistake...

Thanks again,
Jonny



More information about the Mercurial mailing list