mercurial-server
mercurial-server gives your developers remote read/write access to centralized Mercurial repositories using SSH public key authentication; it provides convenient and fine-grained key management and access control.
Though mercurial-server is currently targeted at Debian-based systems such as Ubuntu, other users have reported success getting it running on other Unix-based systems such as Red Hat. Running it on a non-Unix system such as Windows is not supported. You will need root privileges to install it.
- mercurial-server version 1.0.1 sources
- Documentation
- Changes in each release
- Source code repository
- Debian page
- Blog posts
All of the repositories controlled by mercurial-server are owned by a
single user (the "hg" user in what follows), but many remote users can act
on them, and different users can have different permissions. We don't use
file permissions to achieve that - instead, developers log in as the "hg"
user when they connect to the repository host using SSH, using SSH URLs of
the form "ssh://hg@repository-host/repository-name". A restricted shell
prevents them from using this access for unauthorized purposes. Developers
are authenticated only using SSH keys; no other form of authentication is
supported.
To give a user access to the repository, place their key in an
appropriately-named subdirectory of "/etc/mercurial-server/keys" and run
"/usr/local/share/mercurial-server/refresh-auth" (or "/usr/share/mercurial-server/refresh-auth" if you installed the .deb). You can then control what
access they have to what repositories by editing the control file
"/etc/mercurial-server/access.conf", which can match the names of these keys
against a glob pattern.
For convenient remote control of access, you can instead (if you have the
privileges) make changes to a special repository called "hgadmin", which
contains its own "access.conf" file and "keys" directory. Changes pushed to
this repository take effect immediately. The two "access.conf" files are
concatenated, and the keys directories merged.
Paul Crowley, paul@lshift.net, 2009