This may seem like a dumb idea, but is there anyway to serve a mercurial repository over http without any of the webinterface features bundled in hgweb.cgi .
I would like users to be able to clone/push the repository over http:// but I do not want them to be able to view the repositories or files through a web interface.
Static HTTP is an option, but the official mercurial docs claim that this is very slow.
If this is not trivial, is anyone aware of a example code that serves an hg repository over http, without any support for a browser interface preferrably?
Thanks in advance.
I did a quick check of the hgweb files and found this:
Find the hgweb/webcommands.py file of your mercurial installation, and open it in an editor. Change the following code at the top of the file:
__all__ = [
'log', 'rawfile', 'file', 'changelog', 'shortlog', 'changeset', 'rev',
'manifest', 'tags', 'bookmarks', 'branches', 'summary', 'filediff', 'diff',
'annotate', 'filelog', 'archive', 'static', 'graph', 'help',
]
to this:
__all__ = [
]
This disables all web commands; you can still view the list of repos, but not any more infos about them.
I did check hg clone and hg pull, but not hg push.
I don't know why you want to restrict access to the UI part since any information provided here is accessible if they can access the files, but so be it :P
If you want some clean solution, I think taking the code of hgweb.cgi and rewrite it won't be too difficult, but I think you can also do something quicker : hg serve -t /dev/null
This will use /dev/null as the template for the UI part, so the users will receive an "Internal Server Error" page when connecting to the server but will be able to access the repository just fine through hg.
Only downside, the log will be field with errors if there's access through a browser.
PS: if you're not on a Unix system, just use any empty directory as a source for the templates.
Related
I'm moving the Mercurial repositories for all my open-source projects to OSDN (OSDN.net) from Bitbucket because Bitbucket will soon drop support for Mercurial. However, OSDN only supports SSH, not HTTPS, as a file exchange protocol, and ReadTheDocs does not support SSH URLs. The ReadTheDocs public API allows builds to be triggered, but does not support any way to provide the source files with the build trigger.
Or any documented way, at least. Does anybody know of a way to either push document source files to RTD with a build trigger, or connect an OSDN repository to RTD so that RTD can clone the source files itself?
Thanks.
OSDN does support both SSH & HTTP(S), for "writing" the only option is ssh. However, read-the-docs needs only to 'read'; https is fine (And supported, although a bit hard to find).
On OSDN, toggle the "RO|r/w" button, to see the other-URL. It's not a button, nor trigger; but it looks like it --The UX/UI design isn't very great ...
Copy that RO value (again: ignore the UI-feedback. You can copy the https-URL. And past it on RTfD.
Note: for now, I could get webhooks/integration working. So, you have to go read-the-docs to rebuild, after a push. Or use the curl webhook from e.g a Makefile locally, see: https://docs.readthedocs.io/en/stable/webhooks.html#parameters
In our current Java project we want to compare the local with the remote revision number of an alreay cloned mercurial repository, especially we want to get the latest revision number from the server. We are using javahg to access mercurial functions. But we can't find any command in the javahg library to achieve that.
Normally, you would use the identity command, but this is not supported in this library. Another way could be to use the incoming command, which is supported, but it seems not to work for us. We tried to execute the following code line:
IncomingCommand.on(localRepo).execute(serverURL)
and the resulting bundle returns "-1". After a quick look into the source code of the execution function we found out that this method operates only on local repositories.
Has anybody an idea how the incoming command could be used to get the latest revision from the remote repository? Or is there another way to do this?
Any help is appreciated. Thanks!
The incoming command downloads a 'bundle file' containing the remote changesets not present locally. From the Bundle instance you can use getOverlayRepository() to get a Repository instance that any other command can be invoked on.
Here's an example of using Incoming with a remote repository:
Repository repoB = ..;
Bundle bundle = IncomingCommand.on(repoB).execute("http://localhost:" + port);
List<Changeset> changesets = bundle.getChangesets();
List<Changeset> heads = bundle.getOverlayRepository().heads();
I'm not sure the precise semantics of 'identify' but maybe a similar effect could be achieved by listing heads of the bundle overlay repository.
Identify seems much more efficient if you're just interested in the node id and not the changes themselves. Feel free to post a feature request here: https://bitbucket.org/aragost/javahg
I have a centos server with code maintained using a mercurial repo.
To allow a new person to commit code to mercurial, I create a new user, add them to the webdev group, and they can push / pull code by
hg pull ssh://name#server.com.
However, there are some files (config files) that I would not like new users to have access to. Mercurial has been asked not to track these files, so the only way to access them is to ssh into the system and look at the files. Which I dont want new users to be able to do.
In essence, I want my new developers to only pull/push files through hg and disallow ssh-ing directly into the system. What the best way to do this? Can I provide hg access to a repo without providing ssh access to the files?
(or is my approach to the problem flawed?)
Thanks!
This can be really easily done by taking advantage of the command option available in .ssh\authorized_keys files. When you're granting their key access in that file you can prepend a "command=...." argument to their key and that's the only command they can run.
Mercurial ships with a handy script for doing exactly that. It has instructions inside:
https://www.mercurial-scm.org/repo/hg/file/tip/contrib/hg-ssh
In term of an authorization layer (similar to Gitolite for Git), you have mercurial-server (not to be mixed up with the Mercurial light-weight web server hgserve)
mercurial-server gives your developers remote read/write access to centralized Mercurial repositories using SSH public key authentication; it provides convenient and fine-grained key management and access control.
See its repository here.
It is based on the same SSH forced-command mechanism than the script mentioned by Ry4an in his answer (+1 on his answer, because it is already packaged with Mercurial).
See for illustration the "mercurial-server" source of refreshauth.py.
I have a shared web host and I am trying to figure out a way to download the latest copy of a private project from bitbucket onto the server.
The server does not have any versioning tools installed, but it does have scp and ssh with a jailshell level of access. It also has wget and curl...
Can I can do something like this?
scp ssh://hg#bitbucket.org/jespern/testrepo ~/public_html
I don't have a problem setting up the identity files / DSA keys, but I'm not exactly sure how the protocols are put together here so I need some help with the basic syntax.
Or, if scp is not the way to go, does ssh have an option for doing this? or is it possible to use CURL or wGet to grab the latest version of the repository and then reconstruct it on the server?
I am sure there is a way to do this, so please don't respond saying "it can't be done."
Thanks!
You can download from bitbucket using either http with URL like this:
http://bitbucket.org/jespern/rewsfeed/get/tip.tar.bz2
Notice how tip can be used in place of a revision ID in that URL form to always get the latest snapshot.
Alternately, you can just install Mercurial in your home directory on the shared web host -- people have succeeded in doing that on almost every webhost out there no matter how locked down they are.
Then you can just do: /home/me/bin hg clone ssh://hg#bitbucket.org/jespern/testrepo ~/public_html
This is probably a simple problem and I'm feeling exceptionally dumb because I can't find a any kind of documentation.
I've just installed TeamCity 5 and I want to get files from my Mercurial hosting and there is two fields I just can't figure out.
HG Command path. What should I put here? The path to a file containing what? Can I get an example of that file somewhere?
The host is using Mercurial over SSH where do I define my private key?
Pull changes from? Should I put the address I'm cloning from i.e. ssh://username#myhost.something/project
I figured this out for my TeamCity 5 server last week.
HG Command path: HG
Pull changes from: https://bitbucket.org/.../.../
Don't put the username# in the URL. This is specificed as in the Username/Password fields. If you include the username in the URL it'll fail as there is a bug in the configuration tool. You'll also see a screenshot of the configuration attached to the thread:
http://www.jetbrains.net/devnet/message/5254640#5254640
I'd suggest getting things working with HTTPS and then moving to SSH if possible. This breaks things down into two easier to solve configuration problems. I used the following tutorial to get SSH going on my Windows client machine.
http://www.codza.com/mercurial-with-ssh-setup-on-windows
I've not set this up on my TeamCity server yet. However I did get TeamCity to pick up my Mercurial.ini settings by putting the ini file in \Documents and Settings\TeamCity, which is the account the service runs under.
I've not used team city, but I think hg command path is probably the full path to your local mercurial executable. For me (on linux) that's:
$ type hg
hg is /usr/bin/hg
On windows it's where the 'hg' executable in your system path was placed by whichever (of the many) windows installers for mercurial you used.
Pull changes from sounds like the URL to the repo, so:
ssh://username#myhost.something/project
or
ssh://username#myhost.something//project # note the _two_ double slashes
if you're using absolute paths on the server side.
Your private key location/specification depends on what you're using for ssh and whether or not you're running ssh-agent, but here's a links that explicitly points from within mercurial.ini, which seems sound:
http://dev.openttdcoop.org/projects/home/wiki/Configuring_TortoiseHg_(Windows)#Pointing-to-you-Private-key