HTTP auth requires allow = *(star)

Scott Davies scott at webdrive.co.nz
Wed Dec 12 04:32:47 UTC 2012


Hi all,

I am making a bunch of Mercurial repositories available on a server for 
my company. My problem is that I can only get Mercurial to work 
correctly with HTTP authorization through nginx/uwsgi if these settings 
are in a repository's hgrc file:

allow_push = *
allow_true = *

These are the versions of what I'm using:

Ubuntu 12.04
Nginx 1.1.19
Mercurial 2.0.2
Python 2.73
uWSGI 1.4.3

My nginx config file for my /var/www/hg_repos directory looks like this:

location /hg {
     auth_basic           "Restricted";
     auth_basic_user_file /etc/nginx/hg_passwords;
     root    /var/www/hg_repos;
     uwsgi_pass unix:///tmp/hg_repos.sock;
     uwsgi_modifier1 30;
     include uwsgi_params;
     uwsgi_param SCRIPT_NAME /hg;
}

Also in the /var/www/hg_repos directory I have two files "hgweb.config" 
and "hgweb_wsgi.py" which work fine to serve up the repos. However, when 
a user tries to run any read command on a repository if "allow_read" is 
not "*", or when a user tries to run any clone/push command on a 
repository if "allow_push" is not "*", this appears in the Nginx server 
logs at least three times:

...no user/password was provided for basic authentication...

It's like Nginx takes the username and password, and does not pass this 
to Mercurial.

This is the kind of output I receive if allow_push/read is not "*":

$ hg clone --debug http://localhost/hg/repo1
using http://localhost/hg/repo1
sending capabilities command
using auth.cpr.* for authentication
http auth: user scott, password **********
destination directory: repo1
query 1; heads
sending batch command
http auth: user scott, password **********
requesting all changes
sending getbundle command
http auth: user scott, password **********
abort: authorization failed

So I can do HTTP authentication on the server through Nginx basic auth, 
but the hgrc files for repos there have to be set to allow_read/push = 
"*". Not specify the users I want to. Darn! Hoping someone can help? 
Yes, I have read this:
http://bz.selenic.com/show_bug.cgi?id=3567

Regards,

Scott D.




More information about the Mercurial mailing list