Re: [Savannah-hackers-public] mercurial ssh access issues

[Sylvain Beucler]

Hi,

Good idea. Try to see if you can modify backend/account/sv_membersh.in
in this regard.

"cd /srv/hg/project" is a good idea, it permits to avoid the /srv/hg
path. Too bad I didn't think of this for SVN and Git at Savannah ;)

-- 
Sylvain

On Tue, Apr 15, 2008 at 08:42:25PM +0200, Aleix Conchillo Flaqué wrote:
> Hi,
>
> I have been trying the limited Mercurial pull/push access using the hg- 
> ssh script and it works fine. The authorized_keys file must look like  
> this:
>
> command="cd /srv/hg/project && hg-ssh . *" ssh-rsa .....
>
> With "." we solve a single repo and with "*" we also solve multiple  
> subrepos.
>
> So, what's the problem? The problem is that now only mercurial commands 
> are allowed. With the options available, the hg-ssh script seems the 
> cleanest way to solve the ssh access, so I think it would be great to use 
> it.
>
> How? I've been thinking on creating a general ssh script, let's say  
> sv_ssh_access. So in the authorized_keys we would have:
>
> command="sv_ssh_access" ssh-rsa ....
>
> The script would need to check for the command passed via ssh  
> (SSH_ORIGINAL_COMMAND) and do whatever (e.g. call hg-ssh). It would also 
> be useful to display "Out of service" messages or anything else we could 
> imagine.
>
> I have tried it with a simple python script that calls hg-ssh:
>
> -----------
>
> #!/usr/bin/env python
>
> import os
>
> os.chdir("/var/srv/hg/sources/test_project")
> os.system("hg-ssh . *")
>
> -----------
>
> Now, the script could be just (which also works fine):
>
> -----------
> !/bin/sh
>
> exec $SSH_ORIGINAL_COMMAND
> -----------
>
> It's just an idea.