# HG changeset patch # User Pierre-Yves David # Date 2015-05-10 11:39:11 # Node ID 2b9cda9040f777554220944a0a7eaec488e5f48b # Parent 00e4c5601c7491e94837347c374eb01bf065e3d8 hg-ssh: reject push earlier (on pretxnopen) We now have a lock triggered for any transaction. We use it to ensure no-read are made in read-only mode. We need more that just "no changegroup is added", since bundle2 allows for more than just changegroup to be exchanged. We still protect pushkey as it may write data without opening a transaction. diff --git a/contrib/hg-ssh b/contrib/hg-ssh --- a/contrib/hg-ssh +++ b/contrib/hg-ssh @@ -64,7 +64,7 @@ def main(): if readonly: cmd += [ '--config', - 'hooks.prechangegroup.hg-ssh=python:__main__.rejectpush', + 'hooks.pretxnopen.hg-ssh=python:__main__.rejectpush', '--config', 'hooks.prepushkey.hg-ssh=python:__main__.rejectpush' ] diff --git a/tests/test-ssh.t b/tests/test-ssh.t --- a/tests/test-ssh.t +++ b/tests/test-ssh.t @@ -398,7 +398,7 @@ Test hg-ssh in read-only mode: pushing to ssh://user@dummy/*/remote (glob) searching for changes remote: Permission denied - remote: abort: prechangegroup.hg-ssh hook failed + remote: abort: pretxnopen.hg-ssh hook failed remote: Permission denied remote: pushkey-abort: prepushkey.hg-ssh hook failed updating 6c0482d977a3 to public failed!