Mercurial > hg
annotate contrib/hg-ssh @ 51376:0f3a091d887b
docs: fix broken `make` in `docs/`
We had some wrapped lines without blank lines between, which made the runrst
script think the list was not a list and it got confused about the
indentation. I added blank lines, and also some other minor styling for
consistency with the rest of the file.
author | Martin von Zweigbergk <martinvonz@google.com> |
---|---|
date | Tue, 13 Feb 2024 11:49:55 -0800 |
parents | 6000f5b25c9b |
children |
rev | line source |
---|---|
45830
c102b704edb5
global: use python3 in shebangs
Gregory Szorc <gregory.szorc@gmail.com>
parents:
43659
diff
changeset
|
1 #!/usr/bin/env python3 |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
2 # |
5191
831ebc408ffb
Adjust contrib/hg-ssh for moved dispatch() function.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1640
diff
changeset
|
3 # Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de> |
8228
eee2319c5895
add blank line after copyright notices and after header
Martin Geisler <mg@lazybytes.net>
parents:
8225
diff
changeset
|
4 # |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
5 # Author(s): |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
6 # Thomas Arendsen Hein <thomas@intevation.de> |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
7 # |
8225
46293a0c7e9f
updated license to be explicit about GPL version 2
Martin Geisler <mg@lazybytes.net>
parents:
5197
diff
changeset
|
8 # This software may be used and distributed according to the terms of the |
10263 | 9 # GNU General Public License version 2 or any later version. |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
10 |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
11 """ |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
12 hg-ssh - a wrapper for ssh access to a limited set of mercurial repos |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
13 |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
14 To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8): |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
15 command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ... |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
16 (probably together with these other useful options: |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
17 no-port-forwarding,no-X11-forwarding,no-agent-forwarding) |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
18 |
13996
1cafa0426a1a
hg-ssh: fix duplicate word in docstring
Andreas Freimuth <andreas.freimuth@united-bits.de>
parents:
10263
diff
changeset
|
19 This allows pull/push over ssh from/to the repositories given as arguments. |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
20 |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
21 If all your repositories are subdirectories of a common directory, you can |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
22 allow shorter paths with: |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
23 command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2" |
1640
9a5b778f7e2d
Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1537
diff
changeset
|
24 |
9a5b778f7e2d
Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1537
diff
changeset
|
25 You can use pattern matching of your normal shell, e.g.: |
9a5b778f7e2d
Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1537
diff
changeset
|
26 command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}" |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
27 |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
28 You can also add a --read-only flag to allow read-only access to a key, e.g.: |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
29 command="hg-ssh --read-only repos/*" |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
30 """ |
33891
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
31 |
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
32 import os |
47620
724066f23e2d
hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
45830
diff
changeset
|
33 import re |
33891
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
34 import shlex |
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
35 import sys |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
36 |
5197
55860a45bbf2
Enable demandimport only in scripts, not in importable modules (issue605)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
5191
diff
changeset
|
37 # enable importing on demand to reduce startup time |
43659
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
38 import hgdemandimport |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
39 |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
40 hgdemandimport.enable() |
5197
55860a45bbf2
Enable demandimport only in scripts, not in importable modules (issue605)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
5191
diff
changeset
|
41 |
33891
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
42 from mercurial import ( |
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
43 dispatch, |
38109
666d90ace0bb
py3: use pycompat.fsencode to convert path to bytes
Pulkit Goyal <7895pulkit@gmail.com>
parents:
38107
diff
changeset
|
44 pycompat, |
33891
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
45 ui as uimod, |
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
46 ) |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
47 |
43659
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
48 |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
49 def main(): |
37944
dc1ed7fe33e4
sshserver: do setbinary() by caller (API)
Yuya Nishihara <yuya@tcha.org>
parents:
33891
diff
changeset
|
50 # Prevent insertion/deletion of CRs |
dc1ed7fe33e4
sshserver: do setbinary() by caller (API)
Yuya Nishihara <yuya@tcha.org>
parents:
33891
diff
changeset
|
51 dispatch.initstdio() |
dc1ed7fe33e4
sshserver: do setbinary() by caller (API)
Yuya Nishihara <yuya@tcha.org>
parents:
33891
diff
changeset
|
52 |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
53 cwd = os.getcwd() |
47620
724066f23e2d
hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
45830
diff
changeset
|
54 if os.name == 'nt': |
724066f23e2d
hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
45830
diff
changeset
|
55 # os.getcwd() is inconsistent on the capitalization of the drive |
724066f23e2d
hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
45830
diff
changeset
|
56 # letter, so adjust it. see https://bugs.python.org/issue40368 |
724066f23e2d
hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
45830
diff
changeset
|
57 if re.match('^[a-z]:', cwd): |
724066f23e2d
hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
45830
diff
changeset
|
58 cwd = cwd[0:1].upper() + cwd[1:] |
724066f23e2d
hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
45830
diff
changeset
|
59 |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
60 readonly = False |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
61 args = sys.argv[1:] |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
62 while len(args): |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
63 if args[0] == '--read-only': |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
64 readonly = True |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
65 args.pop(0) |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
66 else: |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
67 break |
43659
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
68 allowed_paths = [ |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
69 os.path.normpath(os.path.join(cwd, os.path.expanduser(path))) |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
70 for path in args |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
71 ] |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
72 orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?') |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
73 try: |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
74 cmdargv = shlex.split(orig_cmd) |
28047
863075fd4cd0
misc: use modern exception syntax
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
28045
diff
changeset
|
75 except ValueError as e: |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
76 sys.stderr.write('Illegal command "%s": %s\n' % (orig_cmd, e)) |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
77 sys.exit(255) |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
78 |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
79 if cmdargv[:2] == ['hg', '-R'] and cmdargv[3:] == ['serve', '--stdio']: |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
80 path = cmdargv[2] |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
81 repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path))) |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
82 if repo in allowed_paths: |
38109
666d90ace0bb
py3: use pycompat.fsencode to convert path to bytes
Pulkit Goyal <7895pulkit@gmail.com>
parents:
38107
diff
changeset
|
83 cmd = [b'-R', pycompat.fsencode(repo), b'serve', b'--stdio'] |
32050
77eaf9539499
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)
Augie Fackler <augie@google.com>
parents:
28047
diff
changeset
|
84 req = dispatch.request(cmd) |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
85 if readonly: |
32050
77eaf9539499
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)
Augie Fackler <augie@google.com>
parents:
28047
diff
changeset
|
86 if not req.ui: |
77eaf9539499
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)
Augie Fackler <augie@google.com>
parents:
28047
diff
changeset
|
87 req.ui = uimod.ui.load() |
43659
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
88 req.ui.setconfig( |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
89 b'hooks', |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
90 b'pretxnopen.hg-ssh', |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
91 b'python:__main__.rejectpush', |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
92 b'hg-ssh', |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
93 ) |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
94 req.ui.setconfig( |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
95 b'hooks', |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
96 b'prepushkey.hg-ssh', |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
97 b'python:__main__.rejectpush', |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
98 b'hg-ssh', |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
99 ) |
32050
77eaf9539499
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)
Augie Fackler <augie@google.com>
parents:
28047
diff
changeset
|
100 dispatch.dispatch(req) |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
101 else: |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
102 sys.stderr.write('Illegal repository "%s"\n' % repo) |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
103 sys.exit(255) |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
104 else: |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
105 sys.stderr.write('Illegal command "%s"\n' % orig_cmd) |
16607
feb1fd2d13a9
hg-ssh: exit with 255 instead of -1 on error
Mads Kiilerich <mads@kiilerich.com>
parents:
16606
diff
changeset
|
106 sys.exit(255) |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
107 |
43659
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
108 |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
109 def rejectpush(ui, **kwargs): |
38107
44ef9bb7ccd9
py3: add b'' prefixes in contrib/hg-ssh
Pulkit Goyal <7895pulkit@gmail.com>
parents:
37944
diff
changeset
|
110 ui.warn((b"Permission denied\n")) |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
111 # mercurial hooks use unix process conventions for hook return values |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
112 # so a truthy return means failure |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
113 return True |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
114 |
43659
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
115 |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
116 if __name__ == '__main__': |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
117 main() |