I've got a mercurial repository, which pulls in dependencies using the subrepository functionality (as defined in the .hgsub file), but I'm struggling to get this working in TeamCity.
I've enabled the mercurial_keyring extension in order to save credentials (so when TeamCity provides authentication details for the root repository, it remembers them for the subrepositories). I've added an [auth] section to mercurial.ini too:
[auth]
bitbucket.schemes = https
bitbucket.prefix = https://bitbucket.org/xyz
bitbucket.username = xyz
If I run hg clone from the command line, I get prompted for a password once, and all is good. But the initial checkout when run via TeamCity fails with
VCS root: mercurial: https://bitbucket.org/xyz/projectA {instance id=23, parent id=1}, due to error: 'cmd /c hg update -C -r 4a08f587bb1f' command failed. stderr: abort: http authorization required stdout: pulling subrepo src\Common.Library from https://bitbucket.org/xyz/common.library
What am I missing, or am I going about this in completely the wrong way? Many thanks!
It seems that passing in credentials directly from TeamCity doesn't work with mercurial_keyring, but if I specify both username and password in plaintext in the mercurial.ini file (making sure it's accessible under the account the TeamCity build agent is running under), then this works.
The mercurial.ini file can be placed under <mercurial install path>\mercurial.ini if it does not work under user path.
Not ideal, but a solution... if anyone else finds a better one, please let me know.
May be it got fixed in last versions of TeamCity, but the following works for me:
Configure build agent service to run under domain account with
access to HG repositories (both root and subrepos)
Enable mercurial_keyring on build agent and add [auth] section
to mercurial config
Try to clone repository manually, enter
password. No need to wait until the whole repo is cloned -- it could
be terminated when "requesting all changes" message is shown.
Have fun -- now service will use keyring.
Probably the [auth] section shouldn't be added at all to the mercurial.ini for the TC agent. Team City uses --config auth... options to hg. I would also recommend not to use the mercurial_keyring but to set the username and password in VCS root - this is both secure and shared between different TC agents.
Not sure about the bitbucket, but in other cases usage of https scheme can require certificates configuration. This can be configured in mercurial.ini:
[web]
cacerts =
[hostfingerprints]
# hides mercurial warnings
domain-name = ab:cd:...:01
And last part: depending on .hgsub it might be needed to use VCS checkout mode "Automatically on agent" in Team City Version Control Settings.
Related
When I try to clone a https-authenticated Mercurial repository (e.g. from kiln), it asks me for my user name
C:\temp\test>hg clone https://<my-login-name>.kilnhg.com/Code/Repositories/Group/test
http authorization required
realm: kiln
user:
We want to invoke the hg clone command from our GUI application with any URL provided by the user and ask the user on demand for the user name and password, if they are required.
How can I configure Mercurial to invoke an arbitrary script which returns the user name/password, similar to scripts whose paths are defined in the environment variables GIT_ASKPASS or SSH_ASKPASS for Git?
You can configure your credentials in your user-wide hgrc (mercurial.ini in the user profile directory, on Windows):
[auth]
foo.prefix = example.com/path
foo.username = user
foo.password = password
Afterwards, the requests for this server will silently use the credentials provided in the hgrc file.
See the docs on hgrc for more information.
Update: After studying the TortoiseHg sources a little (the code in question being the SyncWidget.inclicked and SyncWidget.pullclicked methods in sync.py), I've found out that TortoiseHg, which does precisely what you're trying to achieve, apparently first tries the URL for the auth request, and, if it's been given, asks the user for the login and password, to rebuild a full URL (with credentials) and supply it to hg pull.
I guess you can do the same.
What about
hg clone https://user:password#host:port
Is such solution not workable for you?
I'm using hgweb to publish my local repositories.
/project_path/project_name/.hg/.hgrc have:
[hooks]
changegroup.bitbucket = hg push ssh://hg#bitbucket.org/user/repo
When i'm use hg serve, all changegroup hooks working fine, but when i'm using hgweb through nginx with fcgi it's not working at all. I need those functionality to have some kind of backups.
It's mostly like Trust.
Mercurial needs to trust a hgrc file before it will parse/run it. If your /project_path/project_name/.hg/.hgrc file is owned by you then when you run hg serve with Mercurial running as you it's parsed/used. However, nginx runs as its own user, probably nginx which doesn't trust files owned by you, so when it invokes Mercurial those files are ignored (see Note).
That Mercurial trust link gives a better explanation and talks about how to say "nginx trusts X", but if it's a single-user system or you want everyone to trust you you can just throw a trust block in the system-global /etc/mercurial/hgrc file saying everyone trusts X.
Note: It doesn't actually just ignore those files it puts a warning on STDERR which in apache-land you'd find in your error.log, but in nginx land no one ever seems to find those warnings so I've no idea where nginx puts them.
I assume you have some kind of authentication issue here. When running hg serve from the command line, your ssh credentials are provided by an ssh-agent running in the background.
However, this does not work when running hgweb as a service, because there is no ssh-agent running in the background. If you would start an ssh-agent, there would be no possibility to enter the password for your ssh key.
Bitbucket uses ssh keys to authenticate you, so you can't just add your password to the above hg push command.
One possible solution would be to not use bitbucket as your backup, but a different mercurial server that let's you provide a simple password on the command line.
I'm afraid I can't help you further with this.
I have been browsing SO and Google for a solution to my basic problem, and so far I have had no luck.
I am brand new to Mercurial and have just installed it on my Mac. I am using it for personal version control and will not be communicating with a central server (yet).
When I try to commit files, I get abort: no username supplied (see "hg help config"). The common solution to this problem is putting the following in ~/.hgrc
[ui]
username = Firstname Lastname <firstname.lastname#example.net>
which I have done, but the error remains. It just won't read the file. Any suggestions?
For future reference: use
$ hg showconfig ui --debug
to see the settings from the [ui] section and to see the files Mercural reads for configuration settings. That should help you along if you ever have to debug such a case again.
I set up a http central Mercurial repository and try to send emails on every push. I follow instructions from mercurial page and from http://morecode.wordpress.com/2007/08/03/setting-up-mercurial-to-e-mail-on-a-commit/.
Push works fine, but I don't see any notify message at all. Please help me.
My .hg/hgrc in my repository folder of my client looks like this
[extensions]
hgext.notify=
[hooks]
changegroup.notify = python:hgext.notify.hook
[email]
from = what#gmail.com
[smtp]
host = smtp.gmail.com
username = what#gmail.com
password = ohyea
port = 587
tls = true
[web]
baseurl = http://1.1.1.1/repo_name
[notify]
sources = serve push pull bundle
# set this to False when you're ready for mail to start sending
test = False
config = /home/myhome/something/subscription.conf
template = \ndetails: {baseurl}{webroot}/rev/{node|short}\nchangeset:{rev}:node|short}\nuser: {author}\ndate: {date|date}\ndescription:\n{desc}\n
maxdiff = 300
My /home/myhome/something/subscription.conf looks like
[reposubs]
# key is glob pattern, value is comma-separated list of subscriber emails
* = sometestemail#gmail.com
I save and my result looks like below, if you notice I don't see any notify message at all
pushing to http://1.1.1.1/repo_name
searching for changes
remote: adding changesets
remote: adding manifests
remote: adding file changes
remote: added 2 changesets with 7376 changes to 7376 files
[Update:]
I found that there was no hgext folder in my system. So I manually downloaded the source matching my hg version and updated my hgrc as below, and still it does not work. Any help please.
[extensions]
notify= /path/to/notify.py
[Update 2:]
Thanks Ry4an - I tried it, still no luck.
In my webserver
Under /var/www and /var/www/hg
I created .hgrc files, just not sure which one is my webroot, so I did at both places with contents
[trusted]
users=user_name
this user name is the username in my client from where I'm trying to push to the repo.
on my client
in the .hg/hgrc of my repo, I added trusted section
[trusted]
users=user_name
The above procedure did not help
Second approach
on my client,
under my repo's .hg, I did
chown www-data:www-data hgrc
and when I tried to push I got some message while pushing saying
sending capabilities command
capabilities: changegroupsubset stream lookup pushkey unbundle=HG10GZ,HG10BZ,HG10UN branchmap
sending heads command
searching for changes
common changesets up to 6ef19c49143a
sending branchmap command
ignoring untrusted configuration option hooks.changegroup.notify = python:hgext.notify.hook
This ignoring command does not appear during the first approach, only after I change the ownership of hgrc, this pops up.
It's likely a trust issue, but let's hit a few other things first:
A) Switch the extension load to:
[extensions]
notify=
The hgext part is no longer necessary, but doesn't hurt. Giving the full path to the extension is more fragile in the case of future updates. The raw notify= syntax is sufficient for extensions that come with Mercurial and notify always does.
B) Switch the test = false to test = true it will help you debug this -- it sends the email to Stdout, which is handy.
Okay, those two done, let's look at trust. Mercurial's trust system is built around the idea that not just anyone should be able to get you to run code. Imagine if your repo's .hg/hgrc file had a section in it like:
[hooks]
pre-push = rm -rf ~
When I pushed to it it would delete my home directory. That would bum me out. To avoid that happening Mercurial will only load/run hgrc files that it trusts, and you tell it what to trust with [trusted] sections in your hgrc. When you're pushing over ssh you're effectively logging into the remote machine and it's your own ~/.hgrc that probably states what other hgrc files you're willing to execute.
HTTP is special though. Even though you may be authenticating you're probably not running Mercurial on the remote system as yourself. It's probably some some non-user user like www-data, www, apache, or noone depending on how your web server is configured, so... you need to make that repo's .hg/hgrc' owned (or group-owned) by an user (or group) that the webserver user trusts. To achieve that you can eitherchwownthe.hg/hgrcfile over to the web server user, or find the web server's home directory (often/var/www) and create a.hgrcfile in there with a[trusted]block saying that the web server user trusts whomever it is that owns the repo's.hg/hgrc` file.
If I'm right about what's going on the tell tale sign would be in your webserver's errors log where you'd see a lot of messages like "Not trusting /path/to/repo/.hg/hgrc owned by someuser".
TL;DR: Make sure your web server user trusts (in the hgrc sense) the owner of the .hg/hgrc that's specifying the hook.
This worked for me when communicating with an Exchange Server:
[hostfingerprints]
<my exchange FQDN> = 2a:f3:89:69:13:b2:1e:3a:c2:fe:f9:7f:de:b3:39:e7:82:8e:99:93
[extensions]
notify =
[hooks]
changegroup.notify = python:hgext.notify.hook
[email]
from = Mercurial Notification <noreply#mydomain>
[smtp]
host = <exchange FQDN>
tls = true
[notify]
sources = serve push pull bundle
test = False
maxdiff = 300
[reposubs]
* = Cameron Rich <cameron.rich#mydomain.com>
Put the above in the hgrc file in your repository.
e.g. C:\repositories\test.hg\hgrc
I want to create a hgrc file to set the username and password for all paths on some machine, e.g no matter in which directory I am in, hg clone some_path will always work without prompting for a username and a password (this is for an auto-deploy script). Also, it should work for several repos, not just one.
I followed the instructions and created a file: /etc/mercurial/hgrc.d/deploy.rc
it's contents:
[auth]
default.prefix= http://myrepo
default.username = myuname
default.password = pwd
But when I do
hg clone some_path I get abort: error: Connection refused.
What Am i doing wrong?
It should work. You can use hg showconfig to verify that it really is reading the config and that you don't just have a connection problem or something.
What version of hg are you using?
Also, it could be that your .hg/hgrc file is taking precedence over your global config.
Could you get the log of the server you try to connecgt to?
It should be listed there if at least the server address is correct.
And perhaps a hg clone -v something