contrib/hg-ssh
author Raphaël Gomès <rgomes@octobus.net>
Wed, 25 Jan 2023 15:34:27 +0100
changeset 50997 752c5a5b73c6
parent 48966 6000f5b25c9b
permissions -rwxr-xr-x
admin-command: add verify command Start using the 'admin' namespace by adding a 'verify' command. Invocation is 'admin::verify'. The idea is to progressively add more focused checks than the existing verify command. To do so we need an advanced way to express what we want to check. The first check for admin::verify is 'working-copy.dirstate' which has no options, because it was an easy first check to implement, which verifies the integrity of the dirstate. This changeset was created with the help of Franck Bret.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
45849
c102b704edb5 global: use python3 in shebangs
Gregory Szorc <gregory.szorc@gmail.com>
parents: 43703
diff changeset
     1
#!/usr/bin/env python3
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
     2
#
5191
831ebc408ffb Adjust contrib/hg-ssh for moved dispatch() function.
Thomas Arendsen Hein <thomas@intevation.de>
parents: 1640
diff changeset
     3
# Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de>
8228
eee2319c5895 add blank line after copyright notices and after header
Martin Geisler <mg@lazybytes.net>
parents: 8225
diff changeset
     4
#
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
     5
# Author(s):
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
     6
# Thomas Arendsen Hein <thomas@intevation.de>
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
     7
#
8225
46293a0c7e9f updated license to be explicit about GPL version 2
Martin Geisler <mg@lazybytes.net>
parents: 5197
diff changeset
     8
# This software may be used and distributed according to the terms of the
10263
25e572394f5c Update license to GPLv2+
Matt Mackall <mpm@selenic.com>
parents: 8228
diff changeset
     9
# GNU General Public License version 2 or any later version.
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    10
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    11
"""
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    12
hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    13
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    14
To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    15
command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ...
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    16
(probably together with these other useful options:
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    17
 no-port-forwarding,no-X11-forwarding,no-agent-forwarding)
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    18
13996
1cafa0426a1a hg-ssh: fix duplicate word in docstring
Andreas Freimuth <andreas.freimuth@united-bits.de>
parents: 10263
diff changeset
    19
This allows pull/push over ssh from/to the repositories given as arguments.
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    20
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    21
If all your repositories are subdirectories of a common directory, you can
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    22
allow shorter paths with:
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    23
command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"
1640
9a5b778f7e2d Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents: 1537
diff changeset
    24
9a5b778f7e2d Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents: 1537
diff changeset
    25
You can use pattern matching of your normal shell, e.g.:
9a5b778f7e2d Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents: 1537
diff changeset
    26
command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}"
16836
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    27
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    28
You can also add a --read-only flag to allow read-only access to a key, e.g.:
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    29
command="hg-ssh --read-only repos/*"
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    30
"""
33909
42bc7f39376b contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents: 32050
diff changeset
    31
42bc7f39376b contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents: 32050
diff changeset
    32
import os
47620
724066f23e2d hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents: 45849
diff changeset
    33
import re
33909
42bc7f39376b contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents: 32050
diff changeset
    34
import shlex
42bc7f39376b contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents: 32050
diff changeset
    35
import sys
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    36
5197
55860a45bbf2 Enable demandimport only in scripts, not in importable modules (issue605)
Thomas Arendsen Hein <thomas@intevation.de>
parents: 5191
diff changeset
    37
# enable importing on demand to reduce startup time
43703
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    38
import hgdemandimport
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    39
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    40
hgdemandimport.enable()
5197
55860a45bbf2 Enable demandimport only in scripts, not in importable modules (issue605)
Thomas Arendsen Hein <thomas@intevation.de>
parents: 5191
diff changeset
    41
33909
42bc7f39376b contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents: 32050
diff changeset
    42
from mercurial import (
42bc7f39376b contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents: 32050
diff changeset
    43
    dispatch,
38142
666d90ace0bb py3: use pycompat.fsencode to convert path to bytes
Pulkit Goyal <7895pulkit@gmail.com>
parents: 38140
diff changeset
    44
    pycompat,
33909
42bc7f39376b contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents: 32050
diff changeset
    45
    ui as uimod,
42bc7f39376b contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents: 32050
diff changeset
    46
)
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    47
43703
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    48
16779
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    49
def main():
37988
dc1ed7fe33e4 sshserver: do setbinary() by caller (API)
Yuya Nishihara <yuya@tcha.org>
parents: 33909
diff changeset
    50
    # Prevent insertion/deletion of CRs
dc1ed7fe33e4 sshserver: do setbinary() by caller (API)
Yuya Nishihara <yuya@tcha.org>
parents: 33909
diff changeset
    51
    dispatch.initstdio()
dc1ed7fe33e4 sshserver: do setbinary() by caller (API)
Yuya Nishihara <yuya@tcha.org>
parents: 33909
diff changeset
    52
16779
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    53
    cwd = os.getcwd()
47620
724066f23e2d hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents: 45849
diff changeset
    54
    if os.name == 'nt':
724066f23e2d hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents: 45849
diff changeset
    55
        # os.getcwd() is inconsistent on the capitalization of the drive
724066f23e2d hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents: 45849
diff changeset
    56
        # letter, so adjust it. see https://bugs.python.org/issue40368
724066f23e2d hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents: 45849
diff changeset
    57
        if re.match('^[a-z]:', cwd):
724066f23e2d hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents: 45849
diff changeset
    58
            cwd = cwd[0:1].upper() + cwd[1:]
724066f23e2d hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents: 45849
diff changeset
    59
16836
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    60
    readonly = False
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    61
    args = sys.argv[1:]
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    62
    while len(args):
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    63
        if args[0] == '--read-only':
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    64
            readonly = True
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    65
            args.pop(0)
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    66
        else:
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    67
            break
43703
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    68
    allowed_paths = [
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    69
        os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    70
        for path in args
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    71
    ]
16779
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    72
    orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?')
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    73
    try:
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    74
        cmdargv = shlex.split(orig_cmd)
28047
863075fd4cd0 misc: use modern exception syntax
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents: 28045
diff changeset
    75
    except ValueError as e:
16779
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    76
        sys.stderr.write('Illegal command "%s": %s\n' % (orig_cmd, e))
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    77
        sys.exit(255)
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    78
16779
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    79
    if cmdargv[:2] == ['hg', '-R'] and cmdargv[3:] == ['serve', '--stdio']:
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    80
        path = cmdargv[2]
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    81
        repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    82
        if repo in allowed_paths:
38142
666d90ace0bb py3: use pycompat.fsencode to convert path to bytes
Pulkit Goyal <7895pulkit@gmail.com>
parents: 38140
diff changeset
    83
            cmd = [b'-R', pycompat.fsencode(repo), b'serve', b'--stdio']
32050
77eaf9539499 dispatch: protect against malicious 'hg serve --stdio' invocations (sec)
Augie Fackler <augie@google.com>
parents: 28047
diff changeset
    84
            req = dispatch.request(cmd)
16836
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    85
            if readonly:
32050
77eaf9539499 dispatch: protect against malicious 'hg serve --stdio' invocations (sec)
Augie Fackler <augie@google.com>
parents: 28047
diff changeset
    86
                if not req.ui:
77eaf9539499 dispatch: protect against malicious 'hg serve --stdio' invocations (sec)
Augie Fackler <augie@google.com>
parents: 28047
diff changeset
    87
                    req.ui = uimod.ui.load()
43703
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    88
                req.ui.setconfig(
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    89
                    b'hooks',
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    90
                    b'pretxnopen.hg-ssh',
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    91
                    b'python:__main__.rejectpush',
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    92
                    b'hg-ssh',
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    93
                )
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    94
                req.ui.setconfig(
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    95
                    b'hooks',
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    96
                    b'prepushkey.hg-ssh',
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    97
                    b'python:__main__.rejectpush',
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    98
                    b'hg-ssh',
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
    99
                )
32050
77eaf9539499 dispatch: protect against malicious 'hg serve --stdio' invocations (sec)
Augie Fackler <augie@google.com>
parents: 28047
diff changeset
   100
            dispatch.dispatch(req)
16779
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
   101
        else:
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
   102
            sys.stderr.write('Illegal repository "%s"\n' % repo)
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
   103
            sys.exit(255)
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
   104
    else:
16779
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
   105
        sys.stderr.write('Illegal command "%s"\n' % orig_cmd)
16607
feb1fd2d13a9 hg-ssh: exit with 255 instead of -1 on error
Mads Kiilerich <mads@kiilerich.com>
parents: 16606
diff changeset
   106
        sys.exit(255)
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
   107
43703
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
   108
16836
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
   109
def rejectpush(ui, **kwargs):
38140
44ef9bb7ccd9 py3: add b'' prefixes in contrib/hg-ssh
Pulkit Goyal <7895pulkit@gmail.com>
parents: 37988
diff changeset
   110
    ui.warn((b"Permission denied\n"))
16836
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
   111
    # mercurial hooks use unix process conventions for hook return values
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
   112
    # so a truthy return means failure
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
   113
    return True
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
   114
43703
99e231afc29c black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents: 38142
diff changeset
   115
16779
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
   116
if __name__ == '__main__':
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
   117
    main()