Mercurial > hg
annotate contrib/hg-ssh @ 27489:51aff98d2861
remove: quote --force in never deletes note
Split Note into a note container
author | timeless <timeless@mozdev.org> |
---|---|
date | Tue, 22 Dec 2015 06:02:01 +0000 |
parents | 2b9cda9040f7 |
children | f68ded00cae5 |
rev | line source |
---|---|
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
1 #!/usr/bin/env python |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
2 # |
5191
831ebc408ffb
Adjust contrib/hg-ssh for moved dispatch() function.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1640
diff
changeset
|
3 # Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de> |
8228
eee2319c5895
add blank line after copyright notices and after header
Martin Geisler <mg@lazybytes.net>
parents:
8225
diff
changeset
|
4 # |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
5 # Author(s): |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
6 # Thomas Arendsen Hein <thomas@intevation.de> |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
7 # |
8225
46293a0c7e9f
updated license to be explicit about GPL version 2
Martin Geisler <mg@lazybytes.net>
parents:
5197
diff
changeset
|
8 # This software may be used and distributed according to the terms of the |
10263 | 9 # GNU General Public License version 2 or any later version. |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
10 |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
11 """ |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
12 hg-ssh - a wrapper for ssh access to a limited set of mercurial repos |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
13 |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
14 To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8): |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
15 command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ... |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
16 (probably together with these other useful options: |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
17 no-port-forwarding,no-X11-forwarding,no-agent-forwarding) |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
18 |
13996
1cafa0426a1a
hg-ssh: fix duplicate word in docstring
Andreas Freimuth <andreas.freimuth@united-bits.de>
parents:
10263
diff
changeset
|
19 This allows pull/push over ssh from/to the repositories given as arguments. |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
20 |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
21 If all your repositories are subdirectories of a common directory, you can |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
22 allow shorter paths with: |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
23 command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2" |
1640
9a5b778f7e2d
Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1537
diff
changeset
|
24 |
9a5b778f7e2d
Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1537
diff
changeset
|
25 You can use pattern matching of your normal shell, e.g.: |
9a5b778f7e2d
Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1537
diff
changeset
|
26 command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}" |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
27 |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
28 You can also add a --read-only flag to allow read-only access to a key, e.g.: |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
29 command="hg-ssh --read-only repos/*" |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
30 """ |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
31 |
5197
55860a45bbf2
Enable demandimport only in scripts, not in importable modules (issue605)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
5191
diff
changeset
|
32 # enable importing on demand to reduce startup time |
55860a45bbf2
Enable demandimport only in scripts, not in importable modules (issue605)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
5191
diff
changeset
|
33 from mercurial import demandimport; demandimport.enable() |
55860a45bbf2
Enable demandimport only in scripts, not in importable modules (issue605)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
5191
diff
changeset
|
34 |
5191
831ebc408ffb
Adjust contrib/hg-ssh for moved dispatch() function.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1640
diff
changeset
|
35 from mercurial import dispatch |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
36 |
15897
cc021114fc98
hg-ssh: use shlex for shell-like parsing of SSH_ORIGINAL_COMMAND
Mads Kiilerich <mads@kiilerich.com>
parents:
14462
diff
changeset
|
37 import sys, os, shlex |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
38 |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
39 def main(): |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
40 cwd = os.getcwd() |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
41 readonly = False |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
42 args = sys.argv[1:] |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
43 while len(args): |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
44 if args[0] == '--read-only': |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
45 readonly = True |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
46 args.pop(0) |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
47 else: |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
48 break |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
49 allowed_paths = [os.path.normpath(os.path.join(cwd, |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
50 os.path.expanduser(path))) |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
51 for path in args] |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
52 orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?') |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
53 try: |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
54 cmdargv = shlex.split(orig_cmd) |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
55 except ValueError, e: |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
56 sys.stderr.write('Illegal command "%s": %s\n' % (orig_cmd, e)) |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
57 sys.exit(255) |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
58 |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
59 if cmdargv[:2] == ['hg', '-R'] and cmdargv[3:] == ['serve', '--stdio']: |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
60 path = cmdargv[2] |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
61 repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path))) |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
62 if repo in allowed_paths: |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
63 cmd = ['-R', repo, 'serve', '--stdio'] |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
64 if readonly: |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
65 cmd += [ |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
66 '--config', |
25127
2b9cda9040f7
hg-ssh: reject push earlier (on pretxnopen)
Pierre-Yves David <pierre-yves.david@fb.com>
parents:
16836
diff
changeset
|
67 'hooks.pretxnopen.hg-ssh=python:__main__.rejectpush', |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
68 '--config', |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
69 'hooks.prepushkey.hg-ssh=python:__main__.rejectpush' |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
70 ] |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
71 dispatch.dispatch(dispatch.request(cmd)) |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
72 else: |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
73 sys.stderr.write('Illegal repository "%s"\n' % repo) |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
74 sys.exit(255) |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
75 else: |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
76 sys.stderr.write('Illegal command "%s"\n' % orig_cmd) |
16607
feb1fd2d13a9
hg-ssh: exit with 255 instead of -1 on error
Mads Kiilerich <mads@kiilerich.com>
parents:
16606
diff
changeset
|
77 sys.exit(255) |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
78 |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
79 def rejectpush(ui, **kwargs): |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
80 ui.warn("Permission denied\n") |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
81 # mercurial hooks use unix process conventions for hook return values |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
82 # so a truthy return means failure |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
83 return True |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
84 |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
85 if __name__ == '__main__': |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
86 main() |