Mercurial > hg
view tests/test-acl.t @ 40326:fed697fa1734
sqlitestore: file storage backend using SQLite
This commit provides an extension which uses SQLite to store file
data (as opposed to revlogs).
As the inline documentation describes, there are still several
aspects to the extension that are incomplete. But it's a start.
The extension does support basic clone, checkout, and commit
workflows, which makes it suitable for simple use cases.
One notable missing feature is support for "bundlerepos." This is
probably responsible for the most test failures when the extension
is activated as part of the test suite.
All revision data is stored in SQLite. Data is stored as zstd
compressed chunks (default if zstd is available), zlib compressed
chunks (default if zstd is not available), or raw chunks (if
configured or if a compressed delta is not smaller than the raw
delta). This makes things very similar to revlogs.
Unlike revlogs, the extension doesn't yet enforce a limit on delta
chain length. This is an obvious limitation and should be addressed.
This is somewhat mitigated by the use of zstd, which is much faster
than zlib to decompress.
There is a dedicated table for storing deltas. Deltas are stored
by the SHA-1 hash of their uncompressed content. The "fileindex" table
has columns that reference the delta for each revision and the base
delta that delta should be applied against. A recursive SQL query
is used to resolve the delta chain along with the delta data.
By storing deltas by hash, we are able to de-duplicate delta storage!
With revlogs, the same deltas in different revlogs would result in
duplicate storage of that delta. In this scheme, inserting the
duplicate delta is a no-op and delta chains simply reference the
existing delta.
When initially implementing this extension, I did not have
content-indexed deltas and deltas could be duplicated across files
(just like revlogs). When I implemented content-indexed deltas, the
size of the SQLite database for a full clone of mozilla-unified
dropped:
before: 2,554,261,504 bytes
after: 2,488,754,176 bytes
Surprisingly, this is still larger than the bytes size of revlog
files:
revlog files: 2,104,861,230 bytes
du -b: 2,254,381,614
I would have expected storage to be smaller since we're not limiting
delta chain length and since we're using zstd instead of zlib. I
suspect the SQLite indexes and per-column overhead account for the
bulk of the differences. (Keep in mind that revlog uses a 64-byte
packed struct for revision index data and deltas are stored without
padding. Aside from the 12 unused bytes in the 32 byte node field,
revlogs are pretty efficient.) Another source of overhead is file
name storage. With revlogs, file names are stored in the filesystem.
But with SQLite, we need to store file names in the database. This is
roughly equivalent to the size of the fncache file, which for the
mozilla-unified repository is ~34MB.
Since the SQLite database isn't append-only and since delta chains
can reference any delta, this opens some interesting possibilities.
For example, we could store deltas in reverse, such that fulltexts
are stored for newer revisions and deltas are applied to reconstruct
older revisions. This is likely a more optimal storage strategy for
version control, as new data tends to be more frequently accessed
than old data. We would obviously need wire protocol support for
transferring revision data from newest to oldest. And we would
probably need some kind of mechanism for "re-encoding" stores. But
it should be doable.
This extension is very much experimental quality. There are a handful
of features that don't work. It probably isn't suitable for day-to-day
use. But it could be used in limited cases (e.g. read-only checkouts
like in CI). And it is also a good proving ground for alternate
storage backends. As we continue to define interfaces for all things
storage, it will be useful to have a viable alternate storage backend
to see how things shake out in practice.
test-storage.py passes on Python 2 and introduces no new test failures on
Python 3. Having the storage-level unit tests has proved to be insanely
useful when developing this extension. Those tests caught numerous bugs
during development and I'm convinced this style of testing is the way
forward for ensuring alternate storage backends work as intended. Of
course, test coverage isn't close to what it needs to be. But it is
a start. And what coverage we have gives me confidence that basic store
functionality is implemented properly.
Differential Revision: https://phab.mercurial-scm.org/D4928
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Tue, 09 Oct 2018 08:50:13 -0700 |
parents | 6beb8347b709 |
children | 671d5a712237 |
line wrap: on
line source
> do_push() > { > user=$1 > shift > echo "Pushing as user $user" > echo 'hgrc = """' > sed -n '/\[[ha]/,$p' b/.hg/hgrc | grep -v fakegroups.py > echo '"""' > if test -f acl.config; then > echo 'acl.config = """' > cat acl.config > echo '"""' > fi > # On AIX /etc/profile sets LOGNAME read-only. So > # LOGNAME=$user hg --cws a --debug push ../b > # fails with "This variable is read only." > # Use env to work around this. > env LOGNAME=$user hg --cwd a --debug push ../b $* > hg --cwd b rollback > hg --cwd b --quiet tip > echo > } > cat > posixgetuser.py <<'EOF' > import getpass > from mercurial import pycompat > from mercurial.utils import procutil > def posixgetuser(): > return pycompat.fsencode(getpass.getuser()) > if not pycompat.isposix: > procutil.getuser = posixgetuser # forcibly trust $LOGNAME > EOF > init_config() > { > cat > fakegroups.py <<EOF > from hgext import acl > def fakegetusers(ui, group): > try: > return acl._getusersorig(ui, group) > except: > return ["fred", "betty"] > acl._getusersorig = acl._getusers > acl._getusers = fakegetusers > EOF > rm -f acl.config > cat > $config <<EOF > [hooks] > pretxnchangegroup.acl = python:hgext.acl.hook > prepushkey.acl = python:hgext.acl.hook > [acl] > sources = push > [extensions] > f=`pwd`/fakegroups.py > posixgetuser=$TESTTMP/posixgetuser.py > EOF > } $ hg init a $ cd a $ mkdir foo foo/Bar quux $ echo 'in foo' > foo/file.txt $ echo 'in foo/Bar' > foo/Bar/file.txt $ echo 'in quux' > quux/file.py $ hg add -q $ hg ci -m 'add files' -d '1000000 0' $ echo >> foo/file.txt $ hg ci -m 'change foo/file' -d '1000001 0' $ echo >> foo/Bar/file.txt $ hg ci -m 'change foo/Bar/file' -d '1000002 0' $ echo >> quux/file.py $ hg ci -m 'change quux/file' -d '1000003 0' $ hg tip --quiet 3:911600dab2ae $ cd .. $ hg clone -r 0 a b adding changesets adding manifests adding file changes added 1 changesets with 3 changes to 3 files new changesets 6675d58eff77 updating to branch default 3 files updated, 0 files merged, 0 files removed, 0 files unresolved $ config=b/.hg/hgrc $ cat >> "$config" <<EOF > [extensions] > posixgetuser=$TESTTMP/posixgetuser.py > EOF Extension disabled for lack of a hook $ do_push fred Pushing as user fred hgrc = """ """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files bundle2-input-part: total payload size 1553 bundle2-input-part: "phase-heads" supported bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total updating the branch cache bundle2-output-bundle: "HG20", 1 parts total bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload bundle2-input-bundle: no-transaction bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported bundle2-input-bundle: 0 parts total listing keys for "phases" repository tip rolled back to revision 0 (undo push) 0:6675d58eff77 $ echo '[hooks]' >> $config $ echo 'pretxnchangegroup.acl = python:hgext.acl.hook' >> $config $ echo 'prepushkey.acl = python:hgext.acl.hook' >> $config Extension disabled for lack of acl.sources $ do_push fred Pushing as user fred hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: changes have source "push" - skipping bundle2-input-part: total payload size 1553 bundle2-input-part: "phase-heads" supported bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total updating the branch cache bundle2-output-bundle: "HG20", 1 parts total bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload bundle2-input-bundle: no-transaction bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported bundle2-input-bundle: 0 parts total listing keys for "phases" repository tip rolled back to revision 0 (undo push) 0:6675d58eff77 No [acl.allow]/[acl.deny] $ echo '[acl]' >> $config $ echo 'sources = push' >> $config $ do_push fred Pushing as user fred hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "fred" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: acl.allow not enabled acl: acl.deny not enabled acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" acl: path access granted: "f9cafe1212c8" acl: branch access granted: "911600dab2ae" on branch "default" acl: path access granted: "911600dab2ae" bundle2-input-part: total payload size 1553 bundle2-input-part: "phase-heads" supported bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total updating the branch cache bundle2-output-bundle: "HG20", 1 parts total bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload bundle2-input-bundle: no-transaction bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported bundle2-input-bundle: 0 parts total listing keys for "phases" repository tip rolled back to revision 0 (undo push) 0:6675d58eff77 Empty [acl.allow] $ echo '[acl.allow]' >> $config $ do_push fred Pushing as user fred hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [acl.allow] """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "fred" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: acl.allow enabled, 0 entries for user fred acl: acl.deny not enabled acl: branch access granted: "ef1ea85a6374" on branch "default" error: pretxnchangegroup.acl hook failed: acl: user "fred" not allowed on "foo/file.txt" (changeset "ef1ea85a6374") bundle2-input-part: total payload size 1553 bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total transaction abort! rollback completed abort: acl: user "fred" not allowed on "foo/file.txt" (changeset "ef1ea85a6374") no rollback information available 0:6675d58eff77 fred is allowed inside foo/ $ echo 'foo/** = fred' >> $config $ do_push fred Pushing as user fred hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [acl.allow] foo/** = fred """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "fred" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: acl.allow enabled, 1 entries for user fred acl: acl.deny not enabled acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" acl: path access granted: "f9cafe1212c8" acl: branch access granted: "911600dab2ae" on branch "default" error: pretxnchangegroup.acl hook failed: acl: user "fred" not allowed on "quux/file.py" (changeset "911600dab2ae") bundle2-input-part: total payload size 1553 bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total transaction abort! rollback completed abort: acl: user "fred" not allowed on "quux/file.py" (changeset "911600dab2ae") no rollback information available 0:6675d58eff77 Empty [acl.deny] $ echo '[acl.deny]' >> $config $ do_push barney Pushing as user barney hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [acl.allow] foo/** = fred [acl.deny] """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "barney" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: acl.allow enabled, 0 entries for user barney acl: acl.deny enabled, 0 entries for user barney acl: branch access granted: "ef1ea85a6374" on branch "default" error: pretxnchangegroup.acl hook failed: acl: user "barney" not allowed on "foo/file.txt" (changeset "ef1ea85a6374") bundle2-input-part: total payload size 1553 bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total transaction abort! rollback completed abort: acl: user "barney" not allowed on "foo/file.txt" (changeset "ef1ea85a6374") no rollback information available 0:6675d58eff77 fred is allowed inside foo/, but not foo/bar/ (case matters) $ echo 'foo/bar/** = fred' >> $config $ do_push fred Pushing as user fred hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [acl.allow] foo/** = fred [acl.deny] foo/bar/** = fred """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "fred" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: acl.allow enabled, 1 entries for user fred acl: acl.deny enabled, 1 entries for user fred acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" acl: path access granted: "f9cafe1212c8" acl: branch access granted: "911600dab2ae" on branch "default" error: pretxnchangegroup.acl hook failed: acl: user "fred" not allowed on "quux/file.py" (changeset "911600dab2ae") bundle2-input-part: total payload size 1553 bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total transaction abort! rollback completed abort: acl: user "fred" not allowed on "quux/file.py" (changeset "911600dab2ae") no rollback information available 0:6675d58eff77 fred is allowed inside foo/, but not foo/Bar/ $ echo 'foo/Bar/** = fred' >> $config $ do_push fred Pushing as user fred hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [acl.allow] foo/** = fred [acl.deny] foo/bar/** = fred foo/Bar/** = fred """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "fred" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: acl.allow enabled, 1 entries for user fred acl: acl.deny enabled, 2 entries for user fred acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" error: pretxnchangegroup.acl hook failed: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8") bundle2-input-part: total payload size 1553 bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total transaction abort! rollback completed abort: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8") no rollback information available 0:6675d58eff77 $ echo 'barney is not mentioned => not allowed anywhere' barney is not mentioned => not allowed anywhere $ do_push barney Pushing as user barney hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [acl.allow] foo/** = fred [acl.deny] foo/bar/** = fred foo/Bar/** = fred """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "barney" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: acl.allow enabled, 0 entries for user barney acl: acl.deny enabled, 0 entries for user barney acl: branch access granted: "ef1ea85a6374" on branch "default" error: pretxnchangegroup.acl hook failed: acl: user "barney" not allowed on "foo/file.txt" (changeset "ef1ea85a6374") bundle2-input-part: total payload size 1553 bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total transaction abort! rollback completed abort: acl: user "barney" not allowed on "foo/file.txt" (changeset "ef1ea85a6374") no rollback information available 0:6675d58eff77 fred is not blocked from moving bookmarks $ hg -R a book -q moving-bookmark -r 1 $ hg -R b book -q moving-bookmark -r 0 $ cp $config normalconfig $ do_push fred -r 1 Pushing as user fred hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [acl.allow] foo/** = fred [acl.deny] foo/bar/** = fred foo/Bar/** = fred """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 1 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 bundle2-output-bundle: "HG20", 7 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:bookmarks" 37 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-output-part: "bookmarks" 37 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:bookmarks" supported bundle2-input-part: total payload size 37 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 adding manifests adding file changes adding foo/file.txt revisions added 1 changesets with 1 changes to 1 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "fred" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: acl.allow enabled, 1 entries for user fred acl: acl.deny enabled, 2 entries for user fred acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" bundle2-input-part: total payload size 520 bundle2-input-part: "phase-heads" supported bundle2-input-part: total payload size 24 bundle2-input-part: "bookmarks" supported bundle2-input-part: total payload size 37 calling hook prepushkey.acl: hgext.acl.hook acl: checking access for user "fred" acl: acl.allow.bookmarks not enabled acl: acl.deny.bookmarks not enabled acl: bookmark access granted: "ef1ea85a6374b77d6da9dcda9541f498f2d17df7" on bookmark "moving-bookmark" bundle2-input-bundle: 6 parts total updating the branch cache bundle2-output-bundle: "HG20", 1 parts total bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload bundle2-input-bundle: no-transaction bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported bundle2-input-bundle: 0 parts total updating bookmark moving-bookmark listing keys for "phases" repository tip rolled back to revision 0 (undo push) 0:6675d58eff77 fred is not allowed to move bookmarks $ echo '[acl.deny.bookmarks]' >> $config $ echo '* = fred' >> $config $ do_push fred -r 1 Pushing as user fred hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [acl.allow] foo/** = fred [acl.deny] foo/bar/** = fred foo/Bar/** = fred [acl.deny.bookmarks] * = fred """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 1 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 bundle2-output-bundle: "HG20", 7 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:bookmarks" 37 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-output-part: "bookmarks" 37 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:bookmarks" supported bundle2-input-part: total payload size 37 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 adding manifests adding file changes adding foo/file.txt revisions added 1 changesets with 1 changes to 1 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "fred" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: acl.allow enabled, 1 entries for user fred acl: acl.deny enabled, 2 entries for user fred acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" bundle2-input-part: total payload size 520 bundle2-input-part: "phase-heads" supported bundle2-input-part: total payload size 24 bundle2-input-part: "bookmarks" supported bundle2-input-part: total payload size 37 calling hook prepushkey.acl: hgext.acl.hook acl: checking access for user "fred" acl: acl.allow.bookmarks not enabled acl: acl.deny.bookmarks enabled, 1 entries for user fred error: prepushkey.acl hook failed: acl: user "fred" denied on bookmark "moving-bookmark" (changeset "ef1ea85a6374b77d6da9dcda9541f498f2d17df7") bundle2-input-bundle: 6 parts total transaction abort! rollback completed abort: acl: user "fred" denied on bookmark "moving-bookmark" (changeset "ef1ea85a6374b77d6da9dcda9541f498f2d17df7") no rollback information available 0:6675d58eff77 cleanup bookmark stuff $ hg book -R a -d moving-bookmark $ hg book -R b -d moving-bookmark $ cp normalconfig $config barney is allowed everywhere $ echo '[acl.allow]' >> $config $ echo '** = barney' >> $config $ do_push barney Pushing as user barney hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [acl.allow] foo/** = fred [acl.deny] foo/bar/** = fred foo/Bar/** = fred [acl.allow] ** = barney """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "barney" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: acl.allow enabled, 1 entries for user barney acl: acl.deny enabled, 0 entries for user barney acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" acl: path access granted: "f9cafe1212c8" acl: branch access granted: "911600dab2ae" on branch "default" acl: path access granted: "911600dab2ae" bundle2-input-part: total payload size 1553 bundle2-input-part: "phase-heads" supported bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total updating the branch cache bundle2-output-bundle: "HG20", 1 parts total bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload bundle2-input-bundle: no-transaction bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported bundle2-input-bundle: 0 parts total listing keys for "phases" repository tip rolled back to revision 0 (undo push) 0:6675d58eff77 wilma can change files with a .txt extension $ echo '**/*.txt = wilma' >> $config $ do_push wilma Pushing as user wilma hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [acl.allow] foo/** = fred [acl.deny] foo/bar/** = fred foo/Bar/** = fred [acl.allow] ** = barney **/*.txt = wilma """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "wilma" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: acl.allow enabled, 1 entries for user wilma acl: acl.deny enabled, 0 entries for user wilma acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" acl: path access granted: "f9cafe1212c8" acl: branch access granted: "911600dab2ae" on branch "default" error: pretxnchangegroup.acl hook failed: acl: user "wilma" not allowed on "quux/file.py" (changeset "911600dab2ae") bundle2-input-part: total payload size 1553 bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total transaction abort! rollback completed abort: acl: user "wilma" not allowed on "quux/file.py" (changeset "911600dab2ae") no rollback information available 0:6675d58eff77 file specified by acl.config does not exist $ echo '[acl]' >> $config $ echo 'config = ../acl.config' >> $config $ do_push barney Pushing as user barney hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [acl.allow] foo/** = fred [acl.deny] foo/bar/** = fred foo/Bar/** = fred [acl.allow] ** = barney **/*.txt = wilma [acl] config = ../acl.config """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "barney" error: pretxnchangegroup.acl hook raised an exception: [Errno *] * (glob) bundle2-input-part: total payload size 1553 bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total transaction abort! rollback completed abort: $ENOENT$: ../acl.config no rollback information available 0:6675d58eff77 betty is allowed inside foo/ by a acl.config file $ echo '[acl.allow]' >> acl.config $ echo 'foo/** = betty' >> acl.config $ do_push betty Pushing as user betty hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [acl.allow] foo/** = fred [acl.deny] foo/bar/** = fred foo/Bar/** = fred [acl.allow] ** = barney **/*.txt = wilma [acl] config = ../acl.config """ acl.config = """ [acl.allow] foo/** = betty """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "betty" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: acl.allow enabled, 1 entries for user betty acl: acl.deny enabled, 0 entries for user betty acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" acl: path access granted: "f9cafe1212c8" acl: branch access granted: "911600dab2ae" on branch "default" error: pretxnchangegroup.acl hook failed: acl: user "betty" not allowed on "quux/file.py" (changeset "911600dab2ae") bundle2-input-part: total payload size 1553 bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total transaction abort! rollback completed abort: acl: user "betty" not allowed on "quux/file.py" (changeset "911600dab2ae") no rollback information available 0:6675d58eff77 acl.config can set only [acl.allow]/[acl.deny] $ echo '[hooks]' >> acl.config $ echo 'changegroup.acl = false' >> acl.config $ do_push barney Pushing as user barney hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [acl.allow] foo/** = fred [acl.deny] foo/bar/** = fred foo/Bar/** = fred [acl.allow] ** = barney **/*.txt = wilma [acl] config = ../acl.config """ acl.config = """ [acl.allow] foo/** = betty [hooks] changegroup.acl = false """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "barney" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: acl.allow enabled, 1 entries for user barney acl: acl.deny enabled, 0 entries for user barney acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" acl: path access granted: "f9cafe1212c8" acl: branch access granted: "911600dab2ae" on branch "default" acl: path access granted: "911600dab2ae" bundle2-input-part: total payload size 1553 bundle2-input-part: "phase-heads" supported bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total updating the branch cache bundle2-output-bundle: "HG20", 1 parts total bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload bundle2-input-bundle: no-transaction bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported bundle2-input-bundle: 0 parts total listing keys for "phases" repository tip rolled back to revision 0 (undo push) 0:6675d58eff77 asterisk $ init_config asterisk test $ echo '[acl.allow]' >> $config $ echo "** = fred" >> $config fred is always allowed $ do_push fred Pushing as user fred hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [extensions] posixgetuser=$TESTTMP/posixgetuser.py [acl.allow] ** = fred """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "fred" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: acl.allow enabled, 1 entries for user fred acl: acl.deny not enabled acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" acl: path access granted: "f9cafe1212c8" acl: branch access granted: "911600dab2ae" on branch "default" acl: path access granted: "911600dab2ae" bundle2-input-part: total payload size 1553 bundle2-input-part: "phase-heads" supported bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total updating the branch cache bundle2-output-bundle: "HG20", 1 parts total bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload bundle2-input-bundle: no-transaction bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported bundle2-input-bundle: 0 parts total listing keys for "phases" repository tip rolled back to revision 0 (undo push) 0:6675d58eff77 $ echo '[acl.deny]' >> $config $ echo "foo/Bar/** = *" >> $config no one is allowed inside foo/Bar/ $ do_push fred Pushing as user fred hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [extensions] posixgetuser=$TESTTMP/posixgetuser.py [acl.allow] ** = fred [acl.deny] foo/Bar/** = * """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "fred" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: acl.allow enabled, 1 entries for user fred acl: acl.deny enabled, 1 entries for user fred acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" error: pretxnchangegroup.acl hook failed: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8") bundle2-input-part: total payload size 1553 bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total transaction abort! rollback completed abort: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8") no rollback information available 0:6675d58eff77 Groups $ init_config OS-level groups $ echo '[acl.allow]' >> $config $ echo "** = @group1" >> $config @group1 is always allowed $ do_push fred Pushing as user fred hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [extensions] posixgetuser=$TESTTMP/posixgetuser.py [acl.allow] ** = @group1 """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "fred" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: "group1" not defined in [acl.groups] acl: acl.allow enabled, 1 entries for user fred acl: acl.deny not enabled acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" acl: path access granted: "f9cafe1212c8" acl: branch access granted: "911600dab2ae" on branch "default" acl: path access granted: "911600dab2ae" bundle2-input-part: total payload size 1553 bundle2-input-part: "phase-heads" supported bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total updating the branch cache bundle2-output-bundle: "HG20", 1 parts total bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload bundle2-input-bundle: no-transaction bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported bundle2-input-bundle: 0 parts total listing keys for "phases" repository tip rolled back to revision 0 (undo push) 0:6675d58eff77 $ echo '[acl.deny]' >> $config $ echo "foo/Bar/** = @group1" >> $config @group is allowed inside anything but foo/Bar/ $ do_push fred Pushing as user fred hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [extensions] posixgetuser=$TESTTMP/posixgetuser.py [acl.allow] ** = @group1 [acl.deny] foo/Bar/** = @group1 """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 3 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 24 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 24 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 24 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae adding manifests adding file changes adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 3 changesets with 3 changes to 3 files calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "fred" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: "group1" not defined in [acl.groups] acl: acl.allow enabled, 1 entries for user fred acl: "group1" not defined in [acl.groups] acl: acl.deny enabled, 1 entries for user fred acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" error: pretxnchangegroup.acl hook failed: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8") bundle2-input-part: total payload size 1553 bundle2-input-part: total payload size 24 bundle2-input-bundle: 4 parts total transaction abort! rollback completed abort: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8") no rollback information available 0:6675d58eff77 Invalid group Disable the fakegroups trick to get real failures $ grep -v fakegroups $config > config.tmp $ mv config.tmp $config $ echo '[acl.allow]' >> $config $ echo "** = @unlikelytoexist" >> $config $ do_push fred 2>&1 | grep unlikelytoexist ** = @unlikelytoexist acl: "unlikelytoexist" not defined in [acl.groups] error: pretxnchangegroup.acl hook failed: group 'unlikelytoexist' is undefined abort: group 'unlikelytoexist' is undefined Branch acl tests setup $ init_config $ cd b $ hg up 0 files updated, 0 files merged, 0 files removed, 0 files unresolved $ hg branch foobar marked working directory as branch foobar (branches are permanent and global, did you want a bookmark?) $ hg commit -m 'create foobar' $ echo 'foo contents' > abc.txt $ hg add abc.txt $ hg commit -m 'foobar contents' $ cd .. $ hg --cwd a pull ../b pulling from ../b searching for changes adding changesets adding manifests adding file changes added 2 changesets with 1 changes to 1 files (+1 heads) new changesets 81fbf4469322:fb35475503ef (run 'hg heads' to see heads) Create additional changeset on foobar branch $ cd a $ hg up -C foobar 4 files updated, 0 files merged, 0 files removed, 0 files unresolved $ echo 'foo contents2' > abc.txt $ hg commit -m 'foobar contents2' $ cd .. No branch acls specified $ do_push astro Pushing as user astro hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [extensions] posixgetuser=$TESTTMP/posixgetuser.py """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 4 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 48 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 48 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 48 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae add changeset e8fc755d4d82 adding manifests adding file changes adding abc.txt revisions adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 4 changesets with 4 changes to 4 files (+1 heads) calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "astro" acl: acl.allow.branches not enabled acl: acl.deny.branches not enabled acl: acl.allow not enabled acl: acl.deny not enabled acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" acl: path access granted: "f9cafe1212c8" acl: branch access granted: "911600dab2ae" on branch "default" acl: path access granted: "911600dab2ae" acl: branch access granted: "e8fc755d4d82" on branch "foobar" acl: path access granted: "e8fc755d4d82" bundle2-input-part: total payload size 2068 bundle2-input-part: "phase-heads" supported bundle2-input-part: total payload size 48 bundle2-input-bundle: 4 parts total updating the branch cache bundle2-output-bundle: "HG20", 1 parts total bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload bundle2-input-bundle: no-transaction bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported bundle2-input-bundle: 0 parts total listing keys for "phases" repository tip rolled back to revision 2 (undo push) 2:fb35475503ef Branch acl deny test $ echo "[acl.deny.branches]" >> $config $ echo "foobar = *" >> $config $ do_push astro Pushing as user astro hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [extensions] posixgetuser=$TESTTMP/posixgetuser.py [acl.deny.branches] foobar = * """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 4 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 48 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 48 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 48 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae add changeset e8fc755d4d82 adding manifests adding file changes adding abc.txt revisions adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 4 changesets with 4 changes to 4 files (+1 heads) calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "astro" acl: acl.allow.branches not enabled acl: acl.deny.branches enabled, 1 entries for user astro acl: acl.allow not enabled acl: acl.deny not enabled acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" acl: path access granted: "f9cafe1212c8" acl: branch access granted: "911600dab2ae" on branch "default" acl: path access granted: "911600dab2ae" error: pretxnchangegroup.acl hook failed: acl: user "astro" denied on branch "foobar" (changeset "e8fc755d4d82") bundle2-input-part: total payload size 2068 bundle2-input-part: total payload size 48 bundle2-input-bundle: 4 parts total transaction abort! rollback completed abort: acl: user "astro" denied on branch "foobar" (changeset "e8fc755d4d82") no rollback information available 2:fb35475503ef Branch acl empty allow test $ init_config $ echo "[acl.allow.branches]" >> $config $ do_push astro Pushing as user astro hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [extensions] posixgetuser=$TESTTMP/posixgetuser.py [acl.allow.branches] """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 4 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 48 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 48 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 48 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae add changeset e8fc755d4d82 adding manifests adding file changes adding abc.txt revisions adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 4 changesets with 4 changes to 4 files (+1 heads) calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "astro" acl: acl.allow.branches enabled, 0 entries for user astro acl: acl.deny.branches not enabled acl: acl.allow not enabled acl: acl.deny not enabled error: pretxnchangegroup.acl hook failed: acl: user "astro" not allowed on branch "default" (changeset "ef1ea85a6374") bundle2-input-part: total payload size 2068 bundle2-input-part: total payload size 48 bundle2-input-bundle: 4 parts total transaction abort! rollback completed abort: acl: user "astro" not allowed on branch "default" (changeset "ef1ea85a6374") no rollback information available 2:fb35475503ef Branch acl allow other $ init_config $ echo "[acl.allow.branches]" >> $config $ echo "* = george" >> $config $ do_push astro Pushing as user astro hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [extensions] posixgetuser=$TESTTMP/posixgetuser.py [acl.allow.branches] * = george """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 4 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 48 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 48 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 48 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae add changeset e8fc755d4d82 adding manifests adding file changes adding abc.txt revisions adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 4 changesets with 4 changes to 4 files (+1 heads) calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "astro" acl: acl.allow.branches enabled, 0 entries for user astro acl: acl.deny.branches not enabled acl: acl.allow not enabled acl: acl.deny not enabled error: pretxnchangegroup.acl hook failed: acl: user "astro" not allowed on branch "default" (changeset "ef1ea85a6374") bundle2-input-part: total payload size 2068 bundle2-input-part: total payload size 48 bundle2-input-bundle: 4 parts total transaction abort! rollback completed abort: acl: user "astro" not allowed on branch "default" (changeset "ef1ea85a6374") no rollback information available 2:fb35475503ef $ do_push george Pushing as user george hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [extensions] posixgetuser=$TESTTMP/posixgetuser.py [acl.allow.branches] * = george """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 4 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 48 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 48 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 48 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae add changeset e8fc755d4d82 adding manifests adding file changes adding abc.txt revisions adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 4 changesets with 4 changes to 4 files (+1 heads) calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "george" acl: acl.allow.branches enabled, 1 entries for user george acl: acl.deny.branches not enabled acl: acl.allow not enabled acl: acl.deny not enabled acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" acl: path access granted: "f9cafe1212c8" acl: branch access granted: "911600dab2ae" on branch "default" acl: path access granted: "911600dab2ae" acl: branch access granted: "e8fc755d4d82" on branch "foobar" acl: path access granted: "e8fc755d4d82" bundle2-input-part: total payload size 2068 bundle2-input-part: "phase-heads" supported bundle2-input-part: total payload size 48 bundle2-input-bundle: 4 parts total updating the branch cache bundle2-output-bundle: "HG20", 1 parts total bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload bundle2-input-bundle: no-transaction bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported bundle2-input-bundle: 0 parts total listing keys for "phases" repository tip rolled back to revision 2 (undo push) 2:fb35475503ef Branch acl conflicting allow asterisk ends up applying to all branches and allowing george to push foobar into the remote $ init_config $ echo "[acl.allow.branches]" >> $config $ echo "foobar = astro" >> $config $ echo "* = george" >> $config $ do_push george Pushing as user george hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [extensions] posixgetuser=$TESTTMP/posixgetuser.py [acl.allow.branches] foobar = astro * = george """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 4 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 48 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 48 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 48 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae add changeset e8fc755d4d82 adding manifests adding file changes adding abc.txt revisions adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 4 changesets with 4 changes to 4 files (+1 heads) calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "george" acl: acl.allow.branches enabled, 1 entries for user george acl: acl.deny.branches not enabled acl: acl.allow not enabled acl: acl.deny not enabled acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" acl: path access granted: "f9cafe1212c8" acl: branch access granted: "911600dab2ae" on branch "default" acl: path access granted: "911600dab2ae" acl: branch access granted: "e8fc755d4d82" on branch "foobar" acl: path access granted: "e8fc755d4d82" bundle2-input-part: total payload size 2068 bundle2-input-part: "phase-heads" supported bundle2-input-part: total payload size 48 bundle2-input-bundle: 4 parts total updating the branch cache bundle2-output-bundle: "HG20", 1 parts total bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload bundle2-input-bundle: no-transaction bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported bundle2-input-bundle: 0 parts total listing keys for "phases" repository tip rolled back to revision 2 (undo push) 2:fb35475503ef Branch acl conflicting deny $ init_config $ echo "[acl.deny.branches]" >> $config $ echo "foobar = astro" >> $config $ echo "default = astro" >> $config $ echo "* = george" >> $config $ do_push george Pushing as user george hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [extensions] posixgetuser=$TESTTMP/posixgetuser.py [acl.deny.branches] foobar = astro default = astro * = george """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 4 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 48 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 48 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 48 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae add changeset e8fc755d4d82 adding manifests adding file changes adding abc.txt revisions adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 4 changesets with 4 changes to 4 files (+1 heads) calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "george" acl: acl.allow.branches not enabled acl: acl.deny.branches enabled, 1 entries for user george acl: acl.allow not enabled acl: acl.deny not enabled error: pretxnchangegroup.acl hook failed: acl: user "george" denied on branch "default" (changeset "ef1ea85a6374") bundle2-input-part: total payload size 2068 bundle2-input-part: total payload size 48 bundle2-input-bundle: 4 parts total transaction abort! rollback completed abort: acl: user "george" denied on branch "default" (changeset "ef1ea85a6374") no rollback information available 2:fb35475503ef User 'astro' must not be denied $ init_config $ echo "[acl.deny.branches]" >> $config $ echo "default = !astro" >> $config $ do_push astro Pushing as user astro hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [extensions] posixgetuser=$TESTTMP/posixgetuser.py [acl.deny.branches] default = !astro """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 4 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 48 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 48 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 48 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae add changeset e8fc755d4d82 adding manifests adding file changes adding abc.txt revisions adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 4 changesets with 4 changes to 4 files (+1 heads) calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "astro" acl: acl.allow.branches not enabled acl: acl.deny.branches enabled, 0 entries for user astro acl: acl.allow not enabled acl: acl.deny not enabled acl: branch access granted: "ef1ea85a6374" on branch "default" acl: path access granted: "ef1ea85a6374" acl: branch access granted: "f9cafe1212c8" on branch "default" acl: path access granted: "f9cafe1212c8" acl: branch access granted: "911600dab2ae" on branch "default" acl: path access granted: "911600dab2ae" acl: branch access granted: "e8fc755d4d82" on branch "foobar" acl: path access granted: "e8fc755d4d82" bundle2-input-part: total payload size 2068 bundle2-input-part: "phase-heads" supported bundle2-input-part: total payload size 48 bundle2-input-bundle: 4 parts total updating the branch cache bundle2-output-bundle: "HG20", 1 parts total bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload bundle2-input-bundle: no-transaction bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported bundle2-input-bundle: 0 parts total listing keys for "phases" repository tip rolled back to revision 2 (undo push) 2:fb35475503ef Non-astro users must be denied $ do_push george Pushing as user george hgrc = """ [hooks] pretxnchangegroup.acl = python:hgext.acl.hook prepushkey.acl = python:hgext.acl.hook [acl] sources = push [extensions] posixgetuser=$TESTTMP/posixgetuser.py [acl.deny.branches] default = !astro """ pushing to ../b query 1; heads searching for changes all remote heads known locally listing keys for "phases" checking for updated bookmarks listing keys for "bookmarks" listing keys for "bookmarks" 4 changesets found list of changesets: ef1ea85a6374b77d6da9dcda9541f498f2d17df7 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd 911600dab2ae7a9baff75958b84fe606851ce955 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01 bundle2-output-bundle: "HG20", 5 parts total bundle2-output-part: "replycaps" 205 bytes payload bundle2-output-part: "check:phases" 48 bytes payload bundle2-output-part: "check:heads" streamed payload bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload bundle2-output-part: "phase-heads" 48 bytes payload bundle2-input-bundle: with-transaction bundle2-input-part: "replycaps" supported bundle2-input-part: total payload size 205 bundle2-input-part: "check:phases" supported bundle2-input-part: total payload size 48 bundle2-input-part: "check:heads" supported bundle2-input-part: total payload size 20 bundle2-input-part: "changegroup" (params: 1 mandatory) supported adding changesets add changeset ef1ea85a6374 add changeset f9cafe1212c8 add changeset 911600dab2ae add changeset e8fc755d4d82 adding manifests adding file changes adding abc.txt revisions adding foo/Bar/file.txt revisions adding foo/file.txt revisions adding quux/file.py revisions added 4 changesets with 4 changes to 4 files (+1 heads) calling hook pretxnchangegroup.acl: hgext.acl.hook acl: checking access for user "george" acl: acl.allow.branches not enabled acl: acl.deny.branches enabled, 1 entries for user george acl: acl.allow not enabled acl: acl.deny not enabled error: pretxnchangegroup.acl hook failed: acl: user "george" denied on branch "default" (changeset "ef1ea85a6374") bundle2-input-part: total payload size 2068 bundle2-input-part: total payload size 48 bundle2-input-bundle: 4 parts total transaction abort! rollback completed abort: acl: user "george" denied on branch "default" (changeset "ef1ea85a6374") no rollback information available 2:fb35475503ef