Mercurial > hg

view contrib/hg-ssh @ 9622:9d1a480ca6ea

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
gendoc: fix synopsis The synopsis is used as an inline literal when generating the manpage. There should not be any whitespace on the inside of the quotation marks in inline literals. Commands with an empty synopsis (such as tags) produces ``tags `` as synopsis, which triggers a warning.
author Martin Geisler <mg@lazybytes.net>
date Tue, 20 Oct 2009 22:42:49 +0200
parents eee2319c5895
children 25e572394f5c
line wrap: on
line source

#!/usr/bin/env python
#
# Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de>
#
# Author(s):
# Thomas Arendsen Hein <thomas@intevation.de>
#
# This software may be used and distributed according to the terms of the
# GNU General Public License version 2, incorporated herein by reference.

"""
hg-ssh - a wrapper for ssh access to a limited set of mercurial repos

To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):
command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ...
(probably together with these other useful options:
 no-port-forwarding,no-X11-forwarding,no-agent-forwarding)

This allows pull/push over ssh to to the repositories given as arguments.

If all your repositories are subdirectories of a common directory, you can
allow shorter paths with:
command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"

You can use pattern matching of your normal shell, e.g.:
command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}"
"""

# enable importing on demand to reduce startup time
from mercurial import demandimport; demandimport.enable()

from mercurial import dispatch

import sys, os

cwd = os.getcwd()
allowed_paths = [os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
                 for path in sys.argv[1:]]
orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?')

if orig_cmd.startswith('hg -R ') and orig_cmd.endswith(' serve --stdio'):
    path = orig_cmd[6:-14]
    repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
    if repo in allowed_paths:
        dispatch.dispatch(['-R', repo, 'serve', '--stdio'])
    else:
        sys.stderr.write("Illegal repository %r\n" % repo)
        sys.exit(-1)
else:
    sys.stderr.write("Illegal command %r\n" % orig_cmd)
    sys.exit(-1)