##// END OF EJS Templates
debian: support building a single deb for multiple py3 versions...
debian: support building a single deb for multiple py3 versions Around transitions from one python minor version to another (such as 3.7 to 3.8), the current packaging can be slightly problematic - it produces a `control` file that requires that the version of `python3` that's installed be exactly the one that was used on the build machine for the `mercurial` package, by containing a line like: Depends: sensible-utils, libc6 (>= 2.14), python3 (<< 3.8), python3 (>= 3.7~), python3:any (>= 3.5~) This is because it "knows" we only built for v3.7, which is the current default on my system. By building the native components for multiple versions, we can make it produce a line like this, which is compatible with 3.7 AND 3.8: Depends: sensible-utils, libc6 (>= 2.14), python3 (<< 3.9), python3 (>= 3.7~), python3:any (>= 3.5~) This isn't *normally* required, so I'm not making it the default. For those that receive their python3 and mercurial packages from their distro, and/or don't have to worry about a situation where the team that manages the python3 installation isn't the same as the team that manages the mercurial installation, this is probably not necessary. I chose the names `DEB_HG_*` because `DEB_*` is passed through `debuild` automatically (otherwise we'd have to explicitly allow the options through, which is a nuisance), and the `HG` part is to make it clear that this isn't a "standard" debian option that other packages might respect. Test Plan: 1. "nothing changed": - built a deb without these changes - built a deb with these changes but everything at the default - used diffoscope to compare, all differences were due to timestamps 2. "explicit is the same as implicit" (single version) - built a deb with everything at the default - built a deb with DEB_HG_PYTHON_VERSIONS=3.7 - used diffoscope to compare, all differences were due to timestamps 3. "explicit is the same as implicit" (multi version) - built a deb with DEB_HG_MULTI_VERSION=1 - built a deb with DEB_HG_PYTHON_VERSIONS=3.7 - used diffoscope to compare, all differences were due to timestamps 4. (single version, 3.7) doesn't work with python3.8 - `/usr/bin/python3.7 /usr/bin/hg debuginstall` works - `/usr/bin/python3.8 /usr/bin/hg debuginstall` crashes 5. (multi version, 3.7 + 3.8) - `/usr/bin/python3.7 /usr/bin/hg debuginstall` works - `/usr/bin/python3.8 /usr/bin/hg debuginstall` works Differential Revision: https://phab.mercurial-scm.org/D8642

File last commit:

r44058:99e231af default
r45543:36178b5c default
Show More
hg-ssh
111 lines | 3.2 KiB | text/plain | TextLexer
Thomas Arendsen Hein
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...
r1537 #!/usr/bin/env python
#
Thomas Arendsen Hein
Adjust contrib/hg-ssh for moved dispatch() function.
r5191 # Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de>
Martin Geisler
add blank line after copyright notices and after header
r8228 #
Thomas Arendsen Hein
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...
r1537 # Author(s):
# Thomas Arendsen Hein <thomas@intevation.de>
#
Martin Geisler
updated license to be explicit about GPL version 2
r8225 # This software may be used and distributed according to the terms of the
Matt Mackall
Update license to GPLv2+
r10263 # GNU General Public License version 2 or any later version.
Thomas Arendsen Hein
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...
r1537
"""
hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):
command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ...
(probably together with these other useful options:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding)
Andreas Freimuth
hg-ssh: fix duplicate word in docstring
r13996 This allows pull/push over ssh from/to the repositories given as arguments.
Thomas Arendsen Hein
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...
r1537
If all your repositories are subdirectories of a common directory, you can
allow shorter paths with:
command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"
Thomas Arendsen Hein
Added hint to hg-ssh that you can use shell pattern matching.
r1640
You can use pattern matching of your normal shell, e.g.:
command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}"
David Schleimer
hg-ssh: read-only flag...
r16836
You can also add a --read-only flag to allow read-only access to a key, e.g.:
command="hg-ssh --read-only repos/*"
Thomas Arendsen Hein
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...
r1537 """
Augie Fackler
contrib: update hg-ssh to conform with import style checks
r33892 from __future__ import absolute_import
import os
import shlex
import sys
Thomas Arendsen Hein
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...
r1537
Thomas Arendsen Hein
Enable demandimport only in scripts, not in importable modules (issue605)...
r5197 # enable importing on demand to reduce startup time
Gregory Szorc
black: blacken scripts...
r44058 import hgdemandimport
hgdemandimport.enable()
Thomas Arendsen Hein
Enable demandimport only in scripts, not in importable modules (issue605)...
r5197
Augie Fackler
contrib: update hg-ssh to conform with import style checks
r33892 from mercurial import (
dispatch,
Pulkit Goyal
py3: use pycompat.fsencode to convert path to bytes...
r38121 pycompat,
Augie Fackler
contrib: update hg-ssh to conform with import style checks
r33892 ui as uimod,
)
Thomas Arendsen Hein
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...
r1537
Gregory Szorc
black: blacken scripts...
r44058
David Schleimer
hg-ssh: refactor to have main() method...
r16779 def main():
Yuya Nishihara
sshserver: do setbinary() by caller (API)...
r37963 # Prevent insertion/deletion of CRs
dispatch.initstdio()
David Schleimer
hg-ssh: refactor to have main() method...
r16779 cwd = os.getcwd()
David Schleimer
hg-ssh: read-only flag...
r16836 readonly = False
args = sys.argv[1:]
while len(args):
if args[0] == '--read-only':
readonly = True
args.pop(0)
else:
break
Gregory Szorc
black: blacken scripts...
r44058 allowed_paths = [
os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
for path in args
]
David Schleimer
hg-ssh: refactor to have main() method...
r16779 orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?')
try:
cmdargv = shlex.split(orig_cmd)
FUJIWARA Katsunori
misc: use modern exception syntax...
r28047 except ValueError as e:
David Schleimer
hg-ssh: refactor to have main() method...
r16779 sys.stderr.write('Illegal command "%s": %s\n' % (orig_cmd, e))
sys.exit(255)
Thomas Arendsen Hein
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...
r1537
David Schleimer
hg-ssh: refactor to have main() method...
r16779 if cmdargv[:2] == ['hg', '-R'] and cmdargv[3:] == ['serve', '--stdio']:
path = cmdargv[2]
repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
if repo in allowed_paths:
Pulkit Goyal
py3: use pycompat.fsencode to convert path to bytes...
r38121 cmd = [b'-R', pycompat.fsencode(repo), b'serve', b'--stdio']
Augie Fackler
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
r32050 req = dispatch.request(cmd)
David Schleimer
hg-ssh: read-only flag...
r16836 if readonly:
Augie Fackler
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
r32050 if not req.ui:
req.ui = uimod.ui.load()
Gregory Szorc
black: blacken scripts...
r44058 req.ui.setconfig(
b'hooks',
b'pretxnopen.hg-ssh',
b'python:__main__.rejectpush',
b'hg-ssh',
)
req.ui.setconfig(
b'hooks',
b'prepushkey.hg-ssh',
b'python:__main__.rejectpush',
b'hg-ssh',
)
Augie Fackler
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
r32050 dispatch.dispatch(req)
David Schleimer
hg-ssh: refactor to have main() method...
r16779 else:
sys.stderr.write('Illegal repository "%s"\n' % repo)
sys.exit(255)
Thomas Arendsen Hein
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...
r1537 else:
David Schleimer
hg-ssh: refactor to have main() method...
r16779 sys.stderr.write('Illegal command "%s"\n' % orig_cmd)
Mads Kiilerich
hg-ssh: exit with 255 instead of -1 on error...
r16607 sys.exit(255)
Thomas Arendsen Hein
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos...
r1537
Gregory Szorc
black: blacken scripts...
r44058
David Schleimer
hg-ssh: read-only flag...
r16836 def rejectpush(ui, **kwargs):
Pulkit Goyal
py3: add b'' prefixes in contrib/hg-ssh...
r38119 ui.warn((b"Permission denied\n"))
David Schleimer
hg-ssh: read-only flag...
r16836 # mercurial hooks use unix process conventions for hook return values
# so a truthy return means failure
return True
Gregory Szorc
black: blacken scripts...
r44058
David Schleimer
hg-ssh: refactor to have main() method...
r16779 if __name__ == '__main__':
main()