SSH scripts
Ludovic Chabant
ludovic at chabant.com
Mon Jan 21 08:27:51 UTC 2019
Hey there,
I'm trying to setup some shared SSH script for accessing hg repos. The SharedSSH page on the wiki (https://www.mercurial-scm.org/wiki/SharedSSH) helpfully pointed to the hg-ssh contrib script. That script loads Mercurial's libs directly and does a few funky things with the ui object, so I have questions.
1. I need to support read/write vs. read-only access. The hg-ssh script adds hooks on the fly to reject pushes. Instead of doing that, could I patch the hg command (which looks like "hg -R /path/to/repo serve --stdio") by adding a "--web-conf reject.conf" at the end? The "reject.conf" file would be a config file that has those hooks (pretxnopen and prepushkey) bound to a script that prints "Permission denied" and returns 1.
2. Why do we need the "prepushkey" hook? Wouldn't the "pretxnopen" hook be sufficient to gate any writing operation to the repo?
3. The documentation for "hg serve" indicates that it refuses push by default, yet, the "hg serve" that's run through SSH seems to allow it... how come?
4. Assuming the reply to [1] was "yeah you can", and depending on what the reply to [2] was, can I alternatively implement read-only access by making the reject.conf file simpler, with only a web.allow-push set to an empty value?
5. Partially unrelated, I can't get my local hg command to show the remote output ("adding manifest, adding changesets, ..."). Is "hg serve" logging that to stderr?
Thanks!
--
l u d o .
. 8 0 17 80
More information about the Mercurial
mailing list