upstream/mercurial-mirror Files · contrib/hg-ssh

configitems: declare items in a TOML file...

configitems: declare items in a TOML file Mercurial ships with Rust code that also needs to read from the config. Having a way of presenting `configitems` to both Python and Rust is needed to prevent duplication, drift, and have the appropriate devel warnings. Abstracting away from Python means choosing a config format. No single format is perfect, and I have yet to come across a developer that doesn't hate all of them in some way. Since we have a strict no-dependencies policy for Mercurial, we either need to use whatever comes with Python, vendor a library, or implement a custom format ourselves. Python stdlib means using JSON, which doesn't support comments and isn't great for humans, or `configparser` which is an obscure, untyped format that nobody uses and doesn't have a commonplace Rust parser. Implementing a custom format is error-prone, tedious and subject to the same issues as picking an existing format. Vendoring opens us to the vast array of common config formats. The ones being picked for most modern software are YAML and TOML. YAML is older and common in the Python community, but TOML is much simpler and less error-prone. I would much rather be responsible for the <1000 lines of `tomli`, on top of TOML being the choice of the Rust community, with robust crates for reading it. The structure of `configitems.toml` is explained inline.

Gregory Szorc - - Load All Authors

File last commit:

r49730:6000f5b2 default


                r51655:c51b178b

default

Download file

             hg-ssh
        
                    117 lines
            
             | 3.5 KiB
            
                | text/plain
            
             |
                TextLexer

/ contrib / hg-ssh

History | Annotation | Raw |Copy content |Copy permalink

				#!/usr/bin/env python3
				#
				# Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de>
				#
				# Author(s):
				# Thomas Arendsen Hein <thomas@intevation.de>
				#
				# This software may be used and distributed according to the terms of the
				# GNU General Public License version 2 or any later version.

				"""
				hg-ssh - a wrapper for ssh access to a limited set of mercurial repos

				To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):
				command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ...
				(probably together with these other useful options:
				no-port-forwarding,no-X11-forwarding,no-agent-forwarding)

				This allows pull/push over ssh from/to the repositories given as arguments.

				If all your repositories are subdirectories of a common directory, you can
				allow shorter paths with:
				command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"

				You can use pattern matching of your normal shell, e.g.:
				command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}"

				You can also add a --read-only flag to allow read-only access to a key, e.g.:
				command="hg-ssh --read-only repos/*"
				"""

				import os
				import re
				import shlex
				import sys

				# enable importing on demand to reduce startup time
				import hgdemandimport

				hgdemandimport.enable()

				from mercurial import (
				dispatch,
				pycompat,
				ui as uimod,
				)


				def main():
				# Prevent insertion/deletion of CRs
				dispatch.initstdio()

				cwd = os.getcwd()
				if os.name == 'nt':
				# os.getcwd() is inconsistent on the capitalization of the drive
				# letter, so adjust it. see https://bugs.python.org/issue40368
				if re.match('^[a-z]:', cwd):
				cwd = cwd[0:1].upper() + cwd[1:]

				readonly = False
				args = sys.argv[1:]
				while len(args):
				if args[0] == '--read-only':
				readonly = True
				args.pop(0)
				else:
				break
				allowed_paths = [
				os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
				for path in args
				]
				orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?')
				try:
				cmdargv = shlex.split(orig_cmd)
				except ValueError as e:
				sys.stderr.write('Illegal command "%s": %s\n' % (orig_cmd, e))
				sys.exit(255)

				if cmdargv[:2] == ['hg', '-R'] and cmdargv[3:] == ['serve', '--stdio']:
				path = cmdargv[2]
				repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
				if repo in allowed_paths:
				cmd = [b'-R', pycompat.fsencode(repo), b'serve', b'--stdio']
				req = dispatch.request(cmd)
				if readonly:
				if not req.ui:
				req.ui = uimod.ui.load()
				req.ui.setconfig(
				b'hooks',
				b'pretxnopen.hg-ssh',
				b'python:__main__.rejectpush',
				b'hg-ssh',
				)
				req.ui.setconfig(
				b'hooks',
				b'prepushkey.hg-ssh',
				b'python:__main__.rejectpush',
				b'hg-ssh',
				)
				dispatch.dispatch(req)
				else:
				sys.stderr.write('Illegal repository "%s"\n' % repo)
				sys.exit(255)
				else:
				sys.stderr.write('Illegal command "%s"\n' % orig_cmd)
				sys.exit(255)


				def rejectpush(ui, **kwargs):
				ui.warn((b"Permission denied\n"))
				# mercurial hooks use unix process conventions for hook return values
				# so a truthy return means failure
				return True


				if __name__ == '__main__':
				main()

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages