nginx+fcgiwrap versus mercurial

Augie Fackler raf at durin42.com
Thu Mar 19 15:52:02 UTC 2020


I guess I'm not sure what you're trying to accomplish. Are you looking to have a working http(s) mercurial server, or do something else?

If it's "have a working http(s) mercurial server", you're going to want to look for some kind of cgi->WSGI wrapper to use instead of trying to do bash - Mercurial's HTTP wire protocol isn't directly accessible via the CLI.

(I could totally see an argument for a `hg debugcgiserver` feature, but that's not a thing today.)

> On Mar 19, 2020, at 11:49, Robin Becker <robin at reportlab.com> wrote:
> 
> On 19/03/2020 14:54, Augie Fackler wrote:
>> What does your bash script look like? I'm dubious that will work, as hg's web bits are exposed via WSGI.
> effectively it looks like
> 
> #!/myhome/bin/arptlab /bin/bash
> cd .. #get to where the .hg is
> hg pull
> 
> the arptlab executable just runs bash as the user that owns the repository
> 
> I suspect that the fcgiwrap service is preventing this from working, but I don' know how or how it does this when I ssh into the same machine and try
> 
> /usr/bin/ssh myhost /bin/sh -l -c "'cd $(pwd) && hg pull'"
> 
> instead of just hg pull.
> 
> The simple hg pull technique used to work in 2015, but I suspect that was ubuntu 14.04 or 16.04.
> 
> I could just try making the whole area owned by www-data and see if that remains possible.
> 
> The idea that hg might be using wsgi under the hood didn't occur to me.
> 
>>> On Mar 18, 2020, at 04:35, Robin Becker <robin at reportlab.com> wrote:
>>> 
>>> I am trying to use a simple bash cgi script with nginx+fcgiwrap under ubuntu 18.04.
>>> The script runs as a non www-data user (using a setuid/setgid method).
>>> 
> ..........
> 
> -- 
> Robin Becker




More information about the Mercurial mailing list