Force specific usernames for Mercurial commits

Greg Ward greg-hg at gerg.ca
Fri Feb 4 14:17:16 UTC 2011 

On Fri, Feb 4, 2011 at 1:26 AM, Sven Jacobs <mail at svenjacobs.com> wrote:
> we're switching from Subversion to Mercurial in our corporate environment.
> There will a central repository that is accessible via HTTPS with basic HTTP
> authentication.
> Now I'm curious whether it's possible to force specific usernames for
> commits? I'm talking about the usernames that can be set in .hgrc like this
>     [ui]
>     username = John Doe <john.doe at mycompany.com>
> and that are visible in the log messages.
> Because this file is placed on each developer's machine it's outside of the
> administrator's control.

I implemented this with a commit-time hook.  My goal was to avoid
typos and enforce consistency, not impose draconian high security.  It
works like this: we have a tracked file, .hgauthors, that lists
everyone who is "allowed" to commit:

  $ cat .hgauthors
  Alice Brown <alice at example.com>
  Bob Jones <jones at example.com>
  ...
  Zeke Smith <zsmith at example.com>

Then, around commit time (I think I did it in pretxncommit in case of
"hg commit -u"), I check that the username in the commit equals one of
the lines of .hgauthors.

There are all sorts of ways people could defeat this if they are
feeling mischievous.  But we already trust our programmers not to
insert backdoors into our software, so additionally trusting them to
not turn off this hook is pretty minor.

In fact, part of the hazing ritual for new developers is that they
have to add themselves to .hgauthors before they can commit their
first fix.  I suppose that looks kinda sloppy, but I like the fact
that it makes them actually read an error message from my hook.  ;-)

Incidentally, I screwed up the implementation of this by reading
.hgauthors from tip. Trouble is, when you are committing on an old
release branch, tip is the changeset being committed *right now*, and
we only maintain .hgauthors on default.  So new developers end up
adding themselves to .hgauthors on branch 4.1, and then a week later
when they have to fix a bug on 3.8, they have to add themselves again.
 Sigh.  See if you can do better than me: read .hgauthors from
'default'.  ;-)

Greg

More information about the Mercurial mailing list