upstream/mercurial-mirror Files · contrib/hg-ssh

grep: warn on censored revisions instead of erroring out...

grep: warn on censored revisions instead of erroring out We need most of the grep logic to go through in case we encounter a censored revision, so we just return a None body for a censored node, and we stop just short of trying to record matches with the contents of that censored body. The other parts such as recording that the censored file has been considered at this revision needs to go into the proper dicts. I have also gotten weary of all the abbreviations, so while I did a small refactor to move the file-data-getting operation into a common function, I also expanded the abbreviations of the relevant variables within this little function. Hopefully some day this helps someone figure out what all the abbreviations mean. Although the censoring docs currently state that some commands error out or are ignored depending on the `censor.policy` config, I cannot see a benefit for grep to ever stop dead in its tracks when a censored revision is encountered. I will also amend the docs to indicate that some commands, such as grep, unconditionally ignore censored revisions.

Pulkit Goyal - - Load All Authors

File last commit:

r38121:666d90ac default


                r43622:13b8097d

default

Download file

             hg-ssh
        
                    97 lines
            
             | 3.2 KiB
            
                | text/plain
            
             |
                TextLexer

/ contrib / hg-ssh

History | Annotation | Raw |Copy content |Copy permalink

				#!/usr/bin/env python
				#
				# Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de>
				#
				# Author(s):
				# Thomas Arendsen Hein <thomas@intevation.de>
				#
				# This software may be used and distributed according to the terms of the
				# GNU General Public License version 2 or any later version.

				"""
				hg-ssh - a wrapper for ssh access to a limited set of mercurial repos

				To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):
				command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ...
				(probably together with these other useful options:
				no-port-forwarding,no-X11-forwarding,no-agent-forwarding)

				This allows pull/push over ssh from/to the repositories given as arguments.

				If all your repositories are subdirectories of a common directory, you can
				allow shorter paths with:
				command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"

				You can use pattern matching of your normal shell, e.g.:
				command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}"

				You can also add a --read-only flag to allow read-only access to a key, e.g.:
				command="hg-ssh --read-only repos/*"
				"""
				from __future__ import absolute_import

				import os
				import shlex
				import sys

				# enable importing on demand to reduce startup time
				import hgdemandimport ; hgdemandimport.enable()

				from mercurial import (
				dispatch,
				pycompat,
				ui as uimod,
				)

				def main():
				# Prevent insertion/deletion of CRs
				dispatch.initstdio()

				cwd = os.getcwd()
				readonly = False
				args = sys.argv[1:]
				while len(args):
				if args[0] == '--read-only':
				readonly = True
				args.pop(0)
				else:
				break
				allowed_paths = [os.path.normpath(os.path.join(cwd,
				os.path.expanduser(path)))
				for path in args]
				orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?')
				try:
				cmdargv = shlex.split(orig_cmd)
				except ValueError as e:
				sys.stderr.write('Illegal command "%s": %s\n' % (orig_cmd, e))
				sys.exit(255)

				if cmdargv[:2] == ['hg', '-R'] and cmdargv[3:] == ['serve', '--stdio']:
				path = cmdargv[2]
				repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
				if repo in allowed_paths:
				cmd = [b'-R', pycompat.fsencode(repo), b'serve', b'--stdio']
				req = dispatch.request(cmd)
				if readonly:
				if not req.ui:
				req.ui = uimod.ui.load()
				req.ui.setconfig(b'hooks', b'pretxnopen.hg-ssh',
				b'python:__main__.rejectpush', b'hg-ssh')
				req.ui.setconfig(b'hooks', b'prepushkey.hg-ssh',
				b'python:__main__.rejectpush', b'hg-ssh')
				dispatch.dispatch(req)
				else:
				sys.stderr.write('Illegal repository "%s"\n' % repo)
				sys.exit(255)
				else:
				sys.stderr.write('Illegal command "%s"\n' % orig_cmd)
				sys.exit(255)

				def rejectpush(ui, **kwargs):
				ui.warn((b"Permission denied\n"))
				# mercurial hooks use unix process conventions for hook return values
				# so a truthy return means failure
				return True

				if __name__ == '__main__':
				main()

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages