I'm essentially seeking for a way to manage write permissions to specific branches.
This can be either before committing (local), or after committing but before pushing (remote).
I need to protect certain branches from being written to in order to enforce a workflow where the release branch can only be edited by some.
Enabled and properly configured ACL Extension can be an answer in your case
ACL Extension would do it
regarding branches however:
You cannot limit read access to a subset of a repository with a read rule and a file condition: any user who has access to a repository can read all of it and its full history.
But you can disallow push.
Related
Recently I have rewrote a lot of history (Forgive me Father, for I have sinned). Our old repository had a lot of sensitive information as well as unnecessary merges (up to 20 anonymous branches running simultaneously and being merged back indiscriminately), so I have striped several commits, pruned dead branches, rebased / squashed commits, rolled back unnecessary merges, created bookmarks, etc.
We now have a clean repo. I have also run unitary tests along several revisions to make sure that I haven't broke anything import. Yesterday I've forked the old repo (for backup purposes) and pushed the clean repository upstream. We are a small team and synchronizing changes was not a problem, every developer in my team is already working with the new repo.
Anyway, my local repository now have a .hg/strip-backup folder of around 2 Gigabytes.
From what I was able to understand, this folder contains backup bundles for every one of the destructive commands that I have run. I no longer need those.
My question is: Is it safe to remove the bundles inside .hg/strip-backup? Or will I corrupt my local repository if I delete those files?
Bonus question: Is there a built-in mercurial command to remove backups or should I just use rm .hg/strip-backup/*?
Yes, it is safe to remove the whole folder. The information contained in the folder is not relevant to the repo.
As a bonus answer, your best option to clean-up the cache folders is to simply re-clone the repo. Doing so allows you to start fresh and all the temporary files will be left on the base repo. Replace the original repo with a cloned repo and you won't have to bother with this history of temporary files for a while.
My scenario:
A set of shared repositories needs to be locked for a given time so a process can run for a given time. After this process is done, I want to unlock the repositories. It's a process not on the repositories, but on a different system.
The repositories are not what the process is working on. I just need a time frame where the repositories are "protected". I just need to make sure the repositories don't change while this process is running.
I want a simple way to lock a repository, so no one can push to it.
If I manually create a .hg/store/lock file with a dummy content, do you see any problem with it?
Initial testing shows it works, but I'm concerned that I might not be aware of the implications.
If you just need to generally deny access to the repos for a given period, then you can do it that way. There shouldn't be any side-effects or other consequences.
Clone the repository and then run your process against the cloned repo.
I'm setting up multiple Mercurial repositories for all of our different projects, probably close to 50. Is there a way to search across multiple repos for a specific file or string? For example, say that a database column is renamed, how would I search each repository for any reference to the old column name? I know that I can do this for each repository individually, but if you've got 50 repositories, that can be quite time consuming?
If it's not possible, are there any best practices then for structuring your repositories to minimize this pain?
It's not possible -- repositories are entirely independent.
If you wanted to set up a global search one way to do it would be to push all your 50 repositories into a single repository that can be searched. Something like this:
hg init everything
for therepo in /path/to/repos/* ; do
hg -R everything pull -f $therepo
done
Then you can search in everything. You could keep everything current using a cron job or changegroup hooks on your other repos that do a push to everything.
I want to keep Mercurial servers at four different locations, and want them to be identical at any given time. Meaning, any change to any of them must be propagated to all other servers. How to do that?
You can add an action on the server with an incoming hook.
Hooks allow you to automate tasks when events happen on the repository. Whenever you get a push into the repository, you can push to your mirrors as well.
More on hooks: http://hgbook.red-bean.com/read/handling-repository-events-with-hooks.html
If I want to set up a smallish Mercurial repository for some internal work among a few developers, can I just navigate to a network share and create a repository there, and then just clone that down locally? Or do I need to set up a server (I know, it's easy to do).
This is Windows by the way.
Specifically, I'm wondering if there will be concurrency issues, like abandoned transactions, etc. if multiple users work push/pull simultaneously.
So long as folks are interacting with the repo using only 'clone', 'push', and 'pull', you're in fine shape. What you can't do is have multiple people committing directly from a shared working directory. However, push, pull, and clone are safe to use to a shared folder from a user's personal repository. All changes end up effectively atomic, and no aborted work should cause anyone any problems.
When creating that clone consider using clone -U so it's created without a working directory so folks aren't tempted to edit and commit there.
There's no reason I can think of why you wouldn't be able to do so. I do something similar, only I don't use CIFS, but ssh to access the files. No server setup to speak of in either case.
The only thing that came to mind as a possible problem was concurrent access, but you can see for yourself that Mercurial takes care not to allow users to step on each other's toes.