Mercurial > hg > mercurial-crew-with-dirclash

view contrib/hg-ssh @ 2439:e8c4f3d3df8c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
extend network protocol to stop clients from locking servers now all repositories have capabilities slot, tuple with list of names. if 'unbundle' capability present, repo supports push where client does not need to lock server. repository classes that have unbundle capability also have unbundle method. implemented for ssh now, will be base for push over http. unbundle protocol acts this way. server tells client what heads it has during normal negotiate step. client starts unbundle by repeat server's heads back to it. if server has new heads, abort immediately. otherwise, transfer changes to server. once data transferred, server locks and checks heads again. if heads same, changes can be added. else someone else added heads, and server aborts. if client wants to force server to add heads, sends special heads list of 'force'.
author Vadim Gelfer <vadim.gelfer@gmail.com>
date Thu, 15 Jun 2006 16:37:23 -0700
parents 9a5b778f7e2d
children 831ebc408ffb
line wrap: on
line source

#!/usr/bin/env python
#
# Copyright 2005, 2006 by Intevation GmbH <intevation@intevation.de>
# Author(s):
# Thomas Arendsen Hein <thomas@intevation.de>
#
# This software may be used and distributed according to the terms
# of the GNU General Public License, incorporated herein by reference.

"""
hg-ssh - a wrapper for ssh access to a limited set of mercurial repos

To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):
command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ...
(probably together with these other useful options:
 no-port-forwarding,no-X11-forwarding,no-agent-forwarding)

This allows pull/push over ssh to to the repositories given as arguments.

If all your repositories are subdirectories of a common directory, you can
allow shorter paths with:
command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"

You can use pattern matching of your normal shell, e.g.:
command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}"
"""

from mercurial import commands

import sys, os

cwd = os.getcwd()
allowed_paths = [os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
                 for path in sys.argv[1:]]
orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?')

if orig_cmd.startswith('hg -R ') and orig_cmd.endswith(' serve --stdio'):
    path = orig_cmd[6:-14]
    repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
    if repo in allowed_paths:
        commands.dispatch(['-R', repo, 'serve', '--stdio'])
    else:
        sys.stderr.write("Illegal repository %r\n" % repo)
        sys.exit(-1)
else:
    sys.stderr.write("Illegal command %r\n" % orig_cmd)
    sys.exit(-1)