##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

contrib: update hg-ssh to conform with import style checks
Augie Fackler -
r33892:42bc7f39 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,87 +1,93 b''
1 1 #!/usr/bin/env python
2 2 #
3 3 # Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de>
4 4 #
5 5 # Author(s):
6 6 # Thomas Arendsen Hein <thomas@intevation.de>
7 7 #
8 8 # This software may be used and distributed according to the terms of the
9 9 # GNU General Public License version 2 or any later version.
10 10
11 11 """
12 12 hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
13 13
14 14 To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):
15 15 command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ...
16 16 (probably together with these other useful options:
17 17 no-port-forwarding,no-X11-forwarding,no-agent-forwarding)
18 18
19 19 This allows pull/push over ssh from/to the repositories given as arguments.
20 20
21 21 If all your repositories are subdirectories of a common directory, you can
22 22 allow shorter paths with:
23 23 command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"
24 24
25 25 You can use pattern matching of your normal shell, e.g.:
26 26 command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}"
27 27
28 28 You can also add a --read-only flag to allow read-only access to a key, e.g.:
29 29 command="hg-ssh --read-only repos/*"
30 30 """
31 from __future__ import absolute_import
32
33 import os
34 import shlex
35 import sys
31 36
32 37 # enable importing on demand to reduce startup time
33 from mercurial import demandimport; demandimport.enable()
38 import hgdemandimport ; hgdemandimport.enable()
34 39
35 from mercurial import dispatch, ui as uimod
36
37 import sys, os, shlex
40 from mercurial import (
41 dispatch,
42 ui as uimod,
43 )
38 44
39 45 def main():
40 46 cwd = os.getcwd()
41 47 readonly = False
42 48 args = sys.argv[1:]
43 49 while len(args):
44 50 if args[0] == '--read-only':
45 51 readonly = True
46 52 args.pop(0)
47 53 else:
48 54 break
49 55 allowed_paths = [os.path.normpath(os.path.join(cwd,
50 56 os.path.expanduser(path)))
51 57 for path in args]
52 58 orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?')
53 59 try:
54 60 cmdargv = shlex.split(orig_cmd)
55 61 except ValueError as e:
56 62 sys.stderr.write('Illegal command "%s": %s\n' % (orig_cmd, e))
57 63 sys.exit(255)
58 64
59 65 if cmdargv[:2] == ['hg', '-R'] and cmdargv[3:] == ['serve', '--stdio']:
60 66 path = cmdargv[2]
61 67 repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
62 68 if repo in allowed_paths:
63 69 cmd = ['-R', repo, 'serve', '--stdio']
64 70 req = dispatch.request(cmd)
65 71 if readonly:
66 72 if not req.ui:
67 73 req.ui = uimod.ui.load()
68 74 req.ui.setconfig('hooks', 'pretxnopen.hg-ssh',
69 75 'python:__main__.rejectpush', 'hg-ssh')
70 76 req.ui.setconfig('hooks', 'prepushkey.hg-ssh',
71 77 'python:__main__.rejectpush', 'hg-ssh')
72 78 dispatch.dispatch(req)
73 79 else:
74 80 sys.stderr.write('Illegal repository "%s"\n' % repo)
75 81 sys.exit(255)
76 82 else:
77 83 sys.stderr.write('Illegal command "%s"\n' % orig_cmd)
78 84 sys.exit(255)
79 85
80 86 def rejectpush(ui, **kwargs):
81 87 ui.warn(("Permission denied\n"))
82 88 # mercurial hooks use unix process conventions for hook return values
83 89 # so a truthy return means failure
84 90 return True
85 91
86 92 if __name__ == '__main__':
87 93 main()
General Comments 0
You need to be logged in to leave comments. Login now