mercurial-server gives your developers remote read/write access to centralized Mercurial repositories using SSH public key authentication; it provides convenient and fine-grained key management and access control.
Though mercurial-server is currently targeted at Debian-based systems such as Ubuntu, other users have reported success getting it running on other Unix-based systems such as Red Hat. Running it on a non-Unix system such as Windows is not supported, though there are now experimental patches to run it on Cygwin under Windows. You will need root privileges to install it.
- mercurial-server version 1.3 sources
- Changes in each release
- Source code repository
- Debian page
- Blog posts
All of the repositories controlled by mercurial-server are owned by a single user (the “
hg” user in what follows), but many remote users can act on them, and different users can have different permissions. We don’t use file permissions to achieve that – instead, developers log in as the “
hg” user when they connect to the repository host using SSH, using SSH URLs of the form “
ssh://hg@repository-host/repository-name“. A restricted shell prevents them from using this access for unauthorized purposes. Developers are authenticated only using SSH keys; no other form of authentication is supported.
To give a user access to the repository, place their key in an appropriately-named subdirectory of “
/etc/mercurial-server/keys” and run “
/usr/local/share/mercurial-server/refresh-auth” (or “
/usr/share/mercurial-server/refresh-auth” if you installed the .deb). You can then control what access they have to what repositories by editing the control file “
/etc/mercurial-server/access.conf“, which can match the names of these keys against a glob pattern.
For convenient remote control of access, you can instead (if you have the privileges) make changes to a special repository called “
hgadmin“, which contains its own “
access.conf” file and “
keys” directory. Changes pushed to this repository take effect immediately. The two “
access.conf” files are concatenated, and the keys directories merged.
Are you an official Debian Developer? mercurial-server needs
a long-term Debian sponsor. If you can fulfil this role, please get in touch – thanks!
For Git users, “gitosis” provides similar functionality.
Contact us at firstname.lastname@example.org.