technology from back to front

mercurial-server

mercurial-server gives your developers remote read/write access to centralized Mercurial repositories using SSH public key authentication; it provides convenient and fine-grained key management and access control.

Though mercurial-server is currently targeted at Debian-based systems such as Ubuntu, other users have reported success getting it running on other Unix-based systems such as Red Hat. Running it on a non-Unix system such as Windows is not supported, though there are now experimental patches to run it on Cygwin under Windows. You will need root privileges to install it.

All of the repositories controlled by mercurial-server are owned by a single user (the “hg” user in what follows), but many remote users can act on them, and different users can have different permissions. We don’t use file permissions to achieve that – instead, developers log in as the “hg” user when they connect to the repository host using SSH, using SSH URLs of the form “ssh://hg@repository-host/repository-name“. A restricted shell prevents them from using this access for unauthorized purposes. Developers are authenticated only using SSH keys; no other form of authentication is supported.

To give a user access to the repository, place their key in an appropriately-named subdirectory of “/etc/mercurial-server/keys” and run “/usr/local/share/mercurial-server/refresh-auth” (or “/usr/share/mercurial-server/refresh-auth” if you installed the .deb). You can then control what access they have to what repositories by editing the control file “/etc/mercurial-server/access.conf“, which can match the names of these keys against a glob pattern.

For convenient remote control of access, you can instead (if you have the privileges) make changes to a special repository called “hgadmin“, which contains its own “access.conf” file and “keys” directory. Changes pushed to this repository take effect immediately. The two “access.conf” files are concatenated, and the keys directories merged.

Are you an official Debian Developer? mercurial-server needs
a long-term Debian sponsor
. If you can fulfil this role, please get in touch – thanks!

For Git users, “gitosis” provides similar functionality.

Contact us at opensource@lshift.net.

 
2000-14 LShift Ltd, 1st Floor, Hoxton Point, 6 Rufus Street, London, N1 6PE, UK+44 (0)20 7729 7060   Contact us