Mercurial > hg
annotate contrib/hg-ssh @ 48264:bb240915f69f
dirstate-v2: adjust the meaning of directory flags
Tracking directory "explicitly" give use the opportunity to distinct between
entry that are untracked because they are part of the directory structure and
entry that are ignored/unknown files on the files system.
The help is adjusted to the new semantic and the code now comply to it for both
read and write.
Differential Revision: https://phab.mercurial-scm.org/D11694
author | Pierre-Yves David <pierre-yves.david@octobus.net> |
---|---|
date | Tue, 19 Oct 2021 18:18:05 +0200 |
parents | 724066f23e2d |
children | 6000f5b25c9b |
rev | line source |
---|---|
45830
c102b704edb5
global: use python3 in shebangs
Gregory Szorc <gregory.szorc@gmail.com>
parents:
43659
diff
changeset
|
1 #!/usr/bin/env python3 |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
2 # |
5191
831ebc408ffb
Adjust contrib/hg-ssh for moved dispatch() function.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1640
diff
changeset
|
3 # Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de> |
8228
eee2319c5895
add blank line after copyright notices and after header
Martin Geisler <mg@lazybytes.net>
parents:
8225
diff
changeset
|
4 # |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
5 # Author(s): |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
6 # Thomas Arendsen Hein <thomas@intevation.de> |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
7 # |
8225
46293a0c7e9f
updated license to be explicit about GPL version 2
Martin Geisler <mg@lazybytes.net>
parents:
5197
diff
changeset
|
8 # This software may be used and distributed according to the terms of the |
10263 | 9 # GNU General Public License version 2 or any later version. |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
10 |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
11 """ |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
12 hg-ssh - a wrapper for ssh access to a limited set of mercurial repos |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
13 |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
14 To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8): |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
15 command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ... |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
16 (probably together with these other useful options: |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
17 no-port-forwarding,no-X11-forwarding,no-agent-forwarding) |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
18 |
13996
1cafa0426a1a
hg-ssh: fix duplicate word in docstring
Andreas Freimuth <andreas.freimuth@united-bits.de>
parents:
10263
diff
changeset
|
19 This allows pull/push over ssh from/to the repositories given as arguments. |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
20 |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
21 If all your repositories are subdirectories of a common directory, you can |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
22 allow shorter paths with: |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
23 command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2" |
1640
9a5b778f7e2d
Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1537
diff
changeset
|
24 |
9a5b778f7e2d
Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1537
diff
changeset
|
25 You can use pattern matching of your normal shell, e.g.: |
9a5b778f7e2d
Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1537
diff
changeset
|
26 command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}" |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
27 |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
28 You can also add a --read-only flag to allow read-only access to a key, e.g.: |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
29 command="hg-ssh --read-only repos/*" |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
30 """ |
33891
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
31 from __future__ import absolute_import |
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
32 |
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
33 import os |
47620
724066f23e2d
hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
45830
diff
changeset
|
34 import re |
33891
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
35 import shlex |
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
36 import sys |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
37 |
5197
55860a45bbf2
Enable demandimport only in scripts, not in importable modules (issue605)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
5191
diff
changeset
|
38 # enable importing on demand to reduce startup time |
43659
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
39 import hgdemandimport |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
40 |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
41 hgdemandimport.enable() |
5197
55860a45bbf2
Enable demandimport only in scripts, not in importable modules (issue605)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
5191
diff
changeset
|
42 |
33891
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
43 from mercurial import ( |
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
44 dispatch, |
38109
666d90ace0bb
py3: use pycompat.fsencode to convert path to bytes
Pulkit Goyal <7895pulkit@gmail.com>
parents:
38107
diff
changeset
|
45 pycompat, |
33891
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
46 ui as uimod, |
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
47 ) |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
48 |
43659
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
49 |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
50 def main(): |
37944
dc1ed7fe33e4
sshserver: do setbinary() by caller (API)
Yuya Nishihara <yuya@tcha.org>
parents:
33891
diff
changeset
|
51 # Prevent insertion/deletion of CRs |
dc1ed7fe33e4
sshserver: do setbinary() by caller (API)
Yuya Nishihara <yuya@tcha.org>
parents:
33891
diff
changeset
|
52 dispatch.initstdio() |
dc1ed7fe33e4
sshserver: do setbinary() by caller (API)
Yuya Nishihara <yuya@tcha.org>
parents:
33891
diff
changeset
|
53 |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
54 cwd = os.getcwd() |
47620
724066f23e2d
hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
45830
diff
changeset
|
55 if os.name == 'nt': |
724066f23e2d
hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
45830
diff
changeset
|
56 # os.getcwd() is inconsistent on the capitalization of the drive |
724066f23e2d
hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
45830
diff
changeset
|
57 # letter, so adjust it. see https://bugs.python.org/issue40368 |
724066f23e2d
hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
45830
diff
changeset
|
58 if re.match('^[a-z]:', cwd): |
724066f23e2d
hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
45830
diff
changeset
|
59 cwd = cwd[0:1].upper() + cwd[1:] |
724066f23e2d
hg-ssh: normalize the drive of the current working directory on windows
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
45830
diff
changeset
|
60 |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
61 readonly = False |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
62 args = sys.argv[1:] |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
63 while len(args): |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
64 if args[0] == '--read-only': |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
65 readonly = True |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
66 args.pop(0) |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
67 else: |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
68 break |
43659
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
69 allowed_paths = [ |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
70 os.path.normpath(os.path.join(cwd, os.path.expanduser(path))) |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
71 for path in args |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
72 ] |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
73 orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?') |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
74 try: |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
75 cmdargv = shlex.split(orig_cmd) |
28047
863075fd4cd0
misc: use modern exception syntax
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
28045
diff
changeset
|
76 except ValueError as e: |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
77 sys.stderr.write('Illegal command "%s": %s\n' % (orig_cmd, e)) |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
78 sys.exit(255) |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
79 |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
80 if cmdargv[:2] == ['hg', '-R'] and cmdargv[3:] == ['serve', '--stdio']: |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
81 path = cmdargv[2] |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
82 repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path))) |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
83 if repo in allowed_paths: |
38109
666d90ace0bb
py3: use pycompat.fsencode to convert path to bytes
Pulkit Goyal <7895pulkit@gmail.com>
parents:
38107
diff
changeset
|
84 cmd = [b'-R', pycompat.fsencode(repo), b'serve', b'--stdio'] |
32050
77eaf9539499
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)
Augie Fackler <augie@google.com>
parents:
28047
diff
changeset
|
85 req = dispatch.request(cmd) |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
86 if readonly: |
32050
77eaf9539499
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)
Augie Fackler <augie@google.com>
parents:
28047
diff
changeset
|
87 if not req.ui: |
77eaf9539499
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)
Augie Fackler <augie@google.com>
parents:
28047
diff
changeset
|
88 req.ui = uimod.ui.load() |
43659
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
89 req.ui.setconfig( |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
90 b'hooks', |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
91 b'pretxnopen.hg-ssh', |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
92 b'python:__main__.rejectpush', |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
93 b'hg-ssh', |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
94 ) |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
95 req.ui.setconfig( |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
96 b'hooks', |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
97 b'prepushkey.hg-ssh', |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
98 b'python:__main__.rejectpush', |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
99 b'hg-ssh', |
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
100 ) |
32050
77eaf9539499
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)
Augie Fackler <augie@google.com>
parents:
28047
diff
changeset
|
101 dispatch.dispatch(req) |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
102 else: |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
103 sys.stderr.write('Illegal repository "%s"\n' % repo) |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
104 sys.exit(255) |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
105 else: |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
106 sys.stderr.write('Illegal command "%s"\n' % orig_cmd) |
16607
feb1fd2d13a9
hg-ssh: exit with 255 instead of -1 on error
Mads Kiilerich <mads@kiilerich.com>
parents:
16606
diff
changeset
|
107 sys.exit(255) |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
108 |
43659
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
109 |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
110 def rejectpush(ui, **kwargs): |
38107
44ef9bb7ccd9
py3: add b'' prefixes in contrib/hg-ssh
Pulkit Goyal <7895pulkit@gmail.com>
parents:
37944
diff
changeset
|
111 ui.warn((b"Permission denied\n")) |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
112 # mercurial hooks use unix process conventions for hook return values |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
113 # so a truthy return means failure |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
114 return True |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
115 |
43659
99e231afc29c
black: blacken scripts
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38109
diff
changeset
|
116 |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
117 if __name__ == '__main__': |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
118 main() |