##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

debian: support building a single deb for multiple py3 versions...
debian: support building a single deb for multiple py3 versions Around transitions from one python minor version to another (such as 3.7 to 3.8), the current packaging can be slightly problematic - it produces a `control` file that requires that the version of `python3` that's installed be exactly the one that was used on the build machine for the `mercurial` package, by containing a line like: Depends: sensible-utils, libc6 (>= 2.14), python3 (<< 3.8), python3 (>= 3.7~), python3:any (>= 3.5~) This is because it "knows" we only built for v3.7, which is the current default on my system. By building the native components for multiple versions, we can make it produce a line like this, which is compatible with 3.7 AND 3.8: Depends: sensible-utils, libc6 (>= 2.14), python3 (<< 3.9), python3 (>= 3.7~), python3:any (>= 3.5~) This isn't *normally* required, so I'm not making it the default. For those that receive their python3 and mercurial packages from their distro, and/or don't have to worry about a situation where the team that manages the python3 installation isn't the same as the team that manages the mercurial installation, this is probably not necessary. I chose the names `DEB_HG_*` because `DEB_*` is passed through `debuild` automatically (otherwise we'd have to explicitly allow the options through, which is a nuisance), and the `HG` part is to make it clear that this isn't a "standard" debian option that other packages might respect. Test Plan: 1. "nothing changed": - built a deb without these changes - built a deb with these changes but everything at the default - used diffoscope to compare, all differences were due to timestamps 2. "explicit is the same as implicit" (single version) - built a deb with everything at the default - built a deb with DEB_HG_PYTHON_VERSIONS=3.7 - used diffoscope to compare, all differences were due to timestamps 3. "explicit is the same as implicit" (multi version) - built a deb with DEB_HG_MULTI_VERSION=1 - built a deb with DEB_HG_PYTHON_VERSIONS=3.7 - used diffoscope to compare, all differences were due to timestamps 4. (single version, 3.7) doesn't work with python3.8 - `/usr/bin/python3.7 /usr/bin/hg debuginstall` works - `/usr/bin/python3.8 /usr/bin/hg debuginstall` crashes 5. (multi version, 3.7 + 3.8) - `/usr/bin/python3.7 /usr/bin/hg debuginstall` works - `/usr/bin/python3.8 /usr/bin/hg debuginstall` works Differential Revision: https://phab.mercurial-scm.org/D8642
Gregory Szorc - - Load All Authors

File last commit:

r44058:99e231af default
r45543:36178b5c default
Show More
hg-ssh
111 lines | 3.2 KiB | text/plain | TextLexer
/ contrib / hg-ssh
History | Annotation | Raw |Copy content |Copy permalink
#!/usr/bin/env python
#
# Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de>
#
# Author(s):
# Thomas Arendsen Hein <thomas@intevation.de>
#
# This software may be used and distributed according to the terms of the
# GNU General Public License version 2 or any later version.
"""
hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):
command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ...
(probably together with these other useful options:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding)
This allows pull/push over ssh from/to the repositories given as arguments.
If all your repositories are subdirectories of a common directory, you can
allow shorter paths with:
command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"
You can use pattern matching of your normal shell, e.g.:
command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}"
You can also add a --read-only flag to allow read-only access to a key, e.g.:
command="hg-ssh --read-only repos/*"
"""
from __future__ import absolute_import
import os
import shlex
import sys
# enable importing on demand to reduce startup time
import hgdemandimport
hgdemandimport.enable()
from mercurial import (
dispatch,
pycompat,
ui as uimod,
)
def main():
# Prevent insertion/deletion of CRs
dispatch.initstdio()
cwd = os.getcwd()
readonly = False
args = sys.argv[1:]
while len(args):
if args[0] == '--read-only':
readonly = True
args.pop(0)
else:
break
allowed_paths = [
os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
for path in args
]
orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?')
try:
cmdargv = shlex.split(orig_cmd)
except ValueError as e:
sys.stderr.write('Illegal command "%s": %s\n' % (orig_cmd, e))
sys.exit(255)
if cmdargv[:2] == ['hg', '-R'] and cmdargv[3:] == ['serve', '--stdio']:
path = cmdargv[2]
repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
if repo in allowed_paths:
cmd = [b'-R', pycompat.fsencode(repo), b'serve', b'--stdio']
req = dispatch.request(cmd)
if readonly:
if not req.ui:
req.ui = uimod.ui.load()
req.ui.setconfig(
b'hooks',
b'pretxnopen.hg-ssh',
b'python:__main__.rejectpush',
b'hg-ssh',
)
req.ui.setconfig(
b'hooks',
b'prepushkey.hg-ssh',
b'python:__main__.rejectpush',
b'hg-ssh',
)
dispatch.dispatch(req)
else:
sys.stderr.write('Illegal repository "%s"\n' % repo)
sys.exit(255)
else:
sys.stderr.write('Illegal command "%s"\n' % orig_cmd)
sys.exit(255)
def rejectpush(ui, **kwargs):
ui.warn((b"Permission denied\n"))
# mercurial hooks use unix process conventions for hook return values
# so a truthy return means failure
return True
if __name__ == '__main__':
main()