|
Size: 2322
Comment: Shamelessly promote my own mercurial-server above all other options
|
Size: 2331
Comment: converted to 1.6 markup
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 2: | Line 2: |
| is setting up a central [:Repository:repository] every user pushes his changes to and pulls | is setting up a central [[Repository|repository]] every user pushes his changes to and pulls |
| Line 11: | Line 11: |
| * [http://hg.opensource.lshift.net/mercurial-server/file/release_0.6/README] * [http://hg.opensource.lshift.net/mercurial-server/file/release_0.6/doc/] * [http://hg.opensource.lshift.net/mercurial-server/archive/release_0.6.tar.gz] |
* [[http://hg.opensource.lshift.net/mercurial-server/file/release_0.6/README]] * [[http://hg.opensource.lshift.net/mercurial-server/file/release_0.6/doc/]] * [[http://hg.opensource.lshift.net/mercurial-server/archive/release_0.6.tar.gz]] |
| Line 21: | Line 21: |
| A python script available in [http://www.selenic.com/repo/hg-stable/raw-file/tip/contrib/hg-ssh contrib/hg-ssh]. Allowed repositories are managed directly in the authorized_keys file. | A python script available in [[http://www.selenic.com/repo/hg-stable/raw-file/tip/contrib/hg-ssh|contrib/hg-ssh]]. Allowed repositories are managed directly in the authorized_keys file. |
As described on MultipleCommitters, one way of collaboration (the CVS-like model) is setting up a central repository every user pushes his changes to and pulls the others' changes from. This page describes how to create such repositories accessible via a shared ssh account without needing to give full shell access to other people.
mercurial-server
mercurial-server provides the most complete and easiest-to-use solution to this problem for hosting a collection of repositories on Unix systems. Installing mercurial-server creates a new user, "hg", which will own all the repositories to be shared. Giving access to a new user is as simple as adding their SSH key to a special repository and pushing the changes. mercurial-server can enforce fine-grained permissions and logs all events.
http://hg.opensource.lshift.net/mercurial-server/file/release_0.6/README
http://hg.opensource.lshift.net/mercurial-server/file/release_0.6/doc/
http://hg.opensource.lshift.net/mercurial-server/archive/release_0.6.tar.gz
Other options
There are two alternative systems for achieving the same end, though both require more work to maintain:
hg-ssh
A python script available in contrib/hg-ssh. Allowed repositories are managed directly in the authorized_keys file. Look at the start of the script for usage instructions. mercurial-server is descended from hg-ssh.
hg-login
HgLogin is a system by MarcSchaefer for achieving the same end.
How these work
When accessing a remote repository via Mercurial's ssh repository type, hg basically does a
$ ssh hg.example.com hg -R /path/to/repos serve --stdio
and relies on ssh for authentication and tunneling. When using public key authentication, ssh allows limiting the user to one specific command, which can do all the sanity checks we want and then calls hg just like ssh would in the example above. Note that every user gets his own private key and his own entry in authorized_keys, which allows the scripts to distinguish between different users and thus enforce e.g. access permissions.
See also AclExtension, HgWebDirStepByStep.