Mercurial Mercurial > mercurial / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
contrib/hg-ssh
author Mads Kiilerich <mads@kiilerich.com>
Thu, 08 Dec 2011 16:28:18 +0100
changeset 15897 cc021114fc98
parent 14462 f6a433671c06
child 16606 19379226dc67
permissions -rwxr-xr-x
hg-ssh: use shlex for shell-like parsing of SSH_ORIGINAL_COMMAND The Mercurial ssh protocol is defined as if it was ssh-ing to a shell account on an ordinary ssh server, and where hg was available in $PATH and it executed the command "hg -R REPOPATH serve --stdio". The Mercurial ssh client can in most cases just pass REPOPATH to the shell, but if it contains unsafe characters the client will have to quote it so the shell will pass the right -R value to hg. Correct quoting of repopaths was introduced in d8fa35c28335 and tweaked in 86fc364ca5f8. hg-ssh doesn't create the command via a shell and used a simple parser instead. It worked fine for simple paths without any quoting, but if any kind of quoting was used it failed to parse the command like the shell would do it. This makes hg-ssh behave more like a normal shell with hg in the path would do.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset 
     1
 
#!/usr/bin/env python
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset 
     2
 
#
5191
831ebc408ffb Adjust contrib/hg-ssh for moved dispatch() function.
Thomas Arendsen Hein <thomas@intevation.de>
parents: 1640
diff changeset 
     3
 
# Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de>
8228
eee2319c5895 add blank line after copyright notices and after header
Martin Geisler <mg@lazybytes.net>
parents: 8225
diff changeset 
     4
 
#
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset 
     5
 
# Author(s):
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset 
     6
 
# Thomas Arendsen Hein <thomas@intevation.de>
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset 
     7
 
#
8225
46293a0c7e9f updated license to be explicit about GPL version 2
Martin Geisler <mg@lazybytes.net>
parents: 5197
diff changeset 
     8
 
# This software may be used and distributed according to the terms of the
10263
25e572394f5c Update license to GPLv2+
Matt Mackall <mpm@selenic.com>
parents: 8228
diff changeset 
     9
 
# GNU General Public License version 2 or any later version.
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset 
    10
 












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    11


"""












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    12


hg-ssh - a wrapper for ssh access to a limited set of mercurial repos












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    13














583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    14


To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    15


command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ...












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    16


(probably together with these other useful options:












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    17


 no-port-forwarding,no-X11-forwarding,no-agent-forwarding)












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    18









13996






1cafa0426a1a
hg-ssh: fix duplicate word in docstring



Andreas Freimuth <andreas.freimuth@united-bits.de>


parents: 
10263

diff
changeset




    19


This allows pull/push over ssh from/to the repositories given as arguments.







1537






583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    20














583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    21


If all your repositories are subdirectories of a common directory, you can












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    22


allow shorter paths with:












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    23


command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"







1640






9a5b778f7e2d
Added hint to hg-ssh that you can use shell pattern matching.



Thomas Arendsen Hein <thomas@intevation.de>


parents: 
1537

diff
changeset




    24














9a5b778f7e2d
Added hint to hg-ssh that you can use shell pattern matching.



Thomas Arendsen Hein <thomas@intevation.de>


parents: 
1537

diff
changeset




    25


You can use pattern matching of your normal shell, e.g.:












9a5b778f7e2d
Added hint to hg-ssh that you can use shell pattern matching.



Thomas Arendsen Hein <thomas@intevation.de>


parents: 
1537

diff
changeset




    26


command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}"







1537






583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    27


"""












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    28









5197






55860a45bbf2
Enable demandimport only in scripts, not in importable modules (issue605)



Thomas Arendsen Hein <thomas@intevation.de>


parents: 
5191

diff
changeset




    29


# enable importing on demand to reduce startup time












55860a45bbf2
Enable demandimport only in scripts, not in importable modules (issue605)



Thomas Arendsen Hein <thomas@intevation.de>


parents: 
5191

diff
changeset




    30


from mercurial import demandimport; demandimport.enable()












55860a45bbf2
Enable demandimport only in scripts, not in importable modules (issue605)



Thomas Arendsen Hein <thomas@intevation.de>


parents: 
5191

diff
changeset




    31









5191






831ebc408ffb
Adjust contrib/hg-ssh for moved dispatch() function.



Thomas Arendsen Hein <thomas@intevation.de>


parents: 
1640

diff
changeset




    32


from mercurial import dispatch







1537






583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    33









15897






cc021114fc98
hg-ssh: use shlex for shell-like parsing of SSH_ORIGINAL_COMMAND



Mads Kiilerich <mads@kiilerich.com>


parents: 
14462

diff
changeset




    34


import sys, os, shlex







1537






583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    35














583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    36


cwd = os.getcwd()












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    37


allowed_paths = [os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    38


                 for path in sys.argv[1:]]












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    39


orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?')







15897






cc021114fc98
hg-ssh: use shlex for shell-like parsing of SSH_ORIGINAL_COMMAND



Mads Kiilerich <mads@kiilerich.com>


parents: 
14462

diff
changeset




    40


try:












cc021114fc98
hg-ssh: use shlex for shell-like parsing of SSH_ORIGINAL_COMMAND



Mads Kiilerich <mads@kiilerich.com>


parents: 
14462

diff
changeset




    41


    cmdargv = shlex.split(orig_cmd)












cc021114fc98
hg-ssh: use shlex for shell-like parsing of SSH_ORIGINAL_COMMAND



Mads Kiilerich <mads@kiilerich.com>


parents: 
14462

diff
changeset




    42


except ValueError, e:












cc021114fc98
hg-ssh: use shlex for shell-like parsing of SSH_ORIGINAL_COMMAND



Mads Kiilerich <mads@kiilerich.com>


parents: 
14462

diff
changeset




    43


    sys.stderr.write("Illegal command %r: %s\n" % (orig_cmd, e))












cc021114fc98
hg-ssh: use shlex for shell-like parsing of SSH_ORIGINAL_COMMAND



Mads Kiilerich <mads@kiilerich.com>


parents: 
14462

diff
changeset




    44


    sys.exit(-1)







1537






583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    45









15897






cc021114fc98
hg-ssh: use shlex for shell-like parsing of SSH_ORIGINAL_COMMAND



Mads Kiilerich <mads@kiilerich.com>


parents: 
14462

diff
changeset




    46


if cmdargv[:2] == ['hg', '-R'] and cmdargv[3:] == ['serve', '--stdio']:












cc021114fc98
hg-ssh: use shlex for shell-like parsing of SSH_ORIGINAL_COMMAND



Mads Kiilerich <mads@kiilerich.com>


parents: 
14462

diff
changeset




    47


    path = cmdargv[2]







1537






583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    48


    repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    49


    if repo in allowed_paths:







14462






f6a433671c06
hg-ssh: fix dispatch call to use dispatch.request()



Idan Kamara <idankk86@gmail.com>


parents: 
13996

diff
changeset




    50


        dispatch.dispatch(dispatch.request(['-R', repo, 'serve', '--stdio']))







1537






583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    51


    else:












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    52


        sys.stderr.write("Illegal repository %r\n" % repo)












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    53


        sys.exit(-1)












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    54


else:












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    55


    sys.stderr.write("Illegal command %r\n" % orig_cmd)












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    56


    sys.exit(-1)












583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos



Thomas Arendsen Hein <thomas@intevation.de>


parents: 

diff
changeset




    57
















mercurial