I basically have the folder structure like this:
Is it safe to share the folder (Optimate) or will it compromise the push username/password I have stored for this repository?
It looks as though you've stored the username and password as part of the bitbucket repository path in .hg/hgrc's [paths] section. Since you said you deleted the .hg directory in the version you're sharing, it won't be a problem, as the hgrc file is gone now.
However, for other situations you might want to put your username and password in an [auth] section in your mercurial.ini (or global hgrc) instead of in each bitbucket path. Your [paths] section of some repository's hgrc would look like this:
[paths]
default = https://bitbucket.org/myusername/myreponame
While your global config would have this section, telling it to use the specified username and password with any bitbucket urls:
[auth]
bb.prefix = bitbucket.org
bb.username = myusername
bb.password = mypassword
bb.schemes = https
Be aware that the keyring extension suggested by Lucero is more secure, as it stores the password securely rather than in plaintext. I purposely leave mine plaintext since it is work-related. If something should happen to me, somebody else should be able to take over as admin.
It probably does compromise it, since the repo-specific information is stored in the .hg\hgrc file.
You may want to enable and use the keyring exstension though, which solves this issue by saving credentials outside of the repositories.
Related
I have a repository where I want to undo all local commits on my branch since the most recent commit pulled down. I do not want to save any work.
After doing some research I found the following on SuperUser:
hg --config "extensions.strip = " strip "roots(outgoing())"
Note that I have added --config "extensions.strip = " because I do not have the strip extension enabled.
After executing this command it then appears to already know my remote username (which is not in my mercurial.ini) and prompts for my remote password - this then appears to function exactly as I want it to.
My question is how does it know my username already if it is not stored in my mercurial.ini? And more importantly how can I pass both my username and password directly into my command so I could give a different username and have it also not prompt me for the password?
Thanks!
Can you check the repo's .hg/hgrc to confirm if it doesn't have any credential? If you have cloned using your username (eg: http://username:password#ip:port/reponame), it will stay in the repo's config.
You can create a new named path in .hg/hgrc and pass it to "roots(outgoing(newpath))". That will do what you are expecting.
When I try to clone a https-authenticated Mercurial repository (e.g. from kiln), it asks me for my user name
C:\temp\test>hg clone https://<my-login-name>.kilnhg.com/Code/Repositories/Group/test
http authorization required
realm: kiln
user:
We want to invoke the hg clone command from our GUI application with any URL provided by the user and ask the user on demand for the user name and password, if they are required.
How can I configure Mercurial to invoke an arbitrary script which returns the user name/password, similar to scripts whose paths are defined in the environment variables GIT_ASKPASS or SSH_ASKPASS for Git?
You can configure your credentials in your user-wide hgrc (mercurial.ini in the user profile directory, on Windows):
[auth]
foo.prefix = example.com/path
foo.username = user
foo.password = password
Afterwards, the requests for this server will silently use the credentials provided in the hgrc file.
See the docs on hgrc for more information.
Update: After studying the TortoiseHg sources a little (the code in question being the SyncWidget.inclicked and SyncWidget.pullclicked methods in sync.py), I've found out that TortoiseHg, which does precisely what you're trying to achieve, apparently first tries the URL for the auth request, and, if it's been given, asks the user for the login and password, to rebuild a full URL (with credentials) and supply it to hg pull.
I guess you can do the same.
What about
hg clone https://user:password#host:port
Is such solution not workable for you?
I set up a http central Mercurial repository and try to send emails on every push. I follow instructions from mercurial page and from http://morecode.wordpress.com/2007/08/03/setting-up-mercurial-to-e-mail-on-a-commit/.
Push works fine, but I don't see any notify message at all. Please help me.
My .hg/hgrc in my repository folder of my client looks like this
[extensions]
hgext.notify=
[hooks]
changegroup.notify = python:hgext.notify.hook
[email]
from = what#gmail.com
[smtp]
host = smtp.gmail.com
username = what#gmail.com
password = ohyea
port = 587
tls = true
[web]
baseurl = http://1.1.1.1/repo_name
[notify]
sources = serve push pull bundle
# set this to False when you're ready for mail to start sending
test = False
config = /home/myhome/something/subscription.conf
template = \ndetails: {baseurl}{webroot}/rev/{node|short}\nchangeset:{rev}:node|short}\nuser: {author}\ndate: {date|date}\ndescription:\n{desc}\n
maxdiff = 300
My /home/myhome/something/subscription.conf looks like
[reposubs]
# key is glob pattern, value is comma-separated list of subscriber emails
* = sometestemail#gmail.com
I save and my result looks like below, if you notice I don't see any notify message at all
pushing to http://1.1.1.1/repo_name
searching for changes
remote: adding changesets
remote: adding manifests
remote: adding file changes
remote: added 2 changesets with 7376 changes to 7376 files
[Update:]
I found that there was no hgext folder in my system. So I manually downloaded the source matching my hg version and updated my hgrc as below, and still it does not work. Any help please.
[extensions]
notify= /path/to/notify.py
[Update 2:]
Thanks Ry4an - I tried it, still no luck.
In my webserver
Under /var/www and /var/www/hg
I created .hgrc files, just not sure which one is my webroot, so I did at both places with contents
[trusted]
users=user_name
this user name is the username in my client from where I'm trying to push to the repo.
on my client
in the .hg/hgrc of my repo, I added trusted section
[trusted]
users=user_name
The above procedure did not help
Second approach
on my client,
under my repo's .hg, I did
chown www-data:www-data hgrc
and when I tried to push I got some message while pushing saying
sending capabilities command
capabilities: changegroupsubset stream lookup pushkey unbundle=HG10GZ,HG10BZ,HG10UN branchmap
sending heads command
searching for changes
common changesets up to 6ef19c49143a
sending branchmap command
ignoring untrusted configuration option hooks.changegroup.notify = python:hgext.notify.hook
This ignoring command does not appear during the first approach, only after I change the ownership of hgrc, this pops up.
It's likely a trust issue, but let's hit a few other things first:
A) Switch the extension load to:
[extensions]
notify=
The hgext part is no longer necessary, but doesn't hurt. Giving the full path to the extension is more fragile in the case of future updates. The raw notify= syntax is sufficient for extensions that come with Mercurial and notify always does.
B) Switch the test = false to test = true it will help you debug this -- it sends the email to Stdout, which is handy.
Okay, those two done, let's look at trust. Mercurial's trust system is built around the idea that not just anyone should be able to get you to run code. Imagine if your repo's .hg/hgrc file had a section in it like:
[hooks]
pre-push = rm -rf ~
When I pushed to it it would delete my home directory. That would bum me out. To avoid that happening Mercurial will only load/run hgrc files that it trusts, and you tell it what to trust with [trusted] sections in your hgrc. When you're pushing over ssh you're effectively logging into the remote machine and it's your own ~/.hgrc that probably states what other hgrc files you're willing to execute.
HTTP is special though. Even though you may be authenticating you're probably not running Mercurial on the remote system as yourself. It's probably some some non-user user like www-data, www, apache, or noone depending on how your web server is configured, so... you need to make that repo's .hg/hgrc' owned (or group-owned) by an user (or group) that the webserver user trusts. To achieve that you can eitherchwownthe.hg/hgrcfile over to the web server user, or find the web server's home directory (often/var/www) and create a.hgrcfile in there with a[trusted]block saying that the web server user trusts whomever it is that owns the repo's.hg/hgrc` file.
If I'm right about what's going on the tell tale sign would be in your webserver's errors log where you'd see a lot of messages like "Not trusting /path/to/repo/.hg/hgrc owned by someuser".
TL;DR: Make sure your web server user trusts (in the hgrc sense) the owner of the .hg/hgrc that's specifying the hook.
This worked for me when communicating with an Exchange Server:
[hostfingerprints]
<my exchange FQDN> = 2a:f3:89:69:13:b2:1e:3a:c2:fe:f9:7f:de:b3:39:e7:82:8e:99:93
[extensions]
notify =
[hooks]
changegroup.notify = python:hgext.notify.hook
[email]
from = Mercurial Notification <noreply#mydomain>
[smtp]
host = <exchange FQDN>
tls = true
[notify]
sources = serve push pull bundle
test = False
maxdiff = 300
[reposubs]
* = Cameron Rich <cameron.rich#mydomain.com>
Put the above in the hgrc file in your repository.
e.g. C:\repositories\test.hg\hgrc
I'm a Mercurial newbie and I just started to use it.
I work in local repository and when I commit changes I use hg <command> ssh://user#host/usr/www/site.com/project for pushing, pulling and see the incoming/outgoing changes.
But every time ssh ask me the password. Is there a way for remember my ssh password for this purpose? Also, how can I don't write every time the full command (ssh://user etc etc)?
You have to setup your ssh with public keys. There are many tutorials on the web e.g. see Getting started with SSH
Once you have the keys in place you can either use ssh-agent to only enter your local private-key password once per session. There are also GUI tools that act as ssh-agent (e.g. SSHKeychain on a Mac)
Or if you have low security requirements you can also generate your key without password.
But please don't store cleartext passwords in config files.
There are two possibilities to avoid typing the url on each command:
From hg help urls
These URLs can all be stored in your hgrc with path aliases under the
[paths] section like so:
[paths]
alias1 = URL1
alias2 = URL2
...
The other possibility is using the default paths:
default:
When you create a repository with hg clone, the clone command saves the
location of the source repository as the new repository's 'default'
path. This is then used when you omit path from push- and pull-like
commands (including incoming and outgoing).
Thats what I often use, since usually you get your working directory bay cloning from somewhere and from then on I just don't specify the url and use the default.
I want to create a hgrc file to set the username and password for all paths on some machine, e.g no matter in which directory I am in, hg clone some_path will always work without prompting for a username and a password (this is for an auto-deploy script). Also, it should work for several repos, not just one.
I followed the instructions and created a file: /etc/mercurial/hgrc.d/deploy.rc
it's contents:
[auth]
default.prefix= http://myrepo
default.username = myuname
default.password = pwd
But when I do
hg clone some_path I get abort: error: Connection refused.
What Am i doing wrong?
It should work. You can use hg showconfig to verify that it really is reading the config and that you don't just have a connection problem or something.
What version of hg are you using?
Also, it could be that your .hg/hgrc file is taking precedence over your global config.
Could you get the log of the server you try to connecgt to?
It should be listed there if at least the server address is correct.
And perhaps a hg clone -v something