mercurial-server gives your developers remote read/write access to centralized

Mercurial repositories using SSH public key authentication; it provides convenient and fine-grained key management and access control. All of the repositories controlled by mercurial-server are owned by a single user (the "hg" user in what follows), but many remote users can act on them, and different users can have different permissions. We don't use file permissions to achieve that - instead, developers log in as the "hg" user when they connect to the repository host using SSH, using SSH URLs of the form "ssh://hg@repository-host/repository-name". A restricted shell prevents them from using this access for unauthorized purposes. Developers are authenticated only using SSH keys; no other form of authentication is supported. To give a user access to the repository, place their key in an appropriately-named subdirectory of "/usr/lcoal/etc/mercurialserver/keys" and run "refresh-auth". You can then control what access they have to what repositories by editing the control file "/usr/local/etc/mercurialserver/access.conf", which can match the names of these keys against a glob pattern. For convenient remote control of access, you can instead (if you have the privileges) make changes to a special repository called "hgadmin", which contains its own "access.conf" file and "keys" directory. Changes pushed to this repository take effect immediately. The two "access.conf" files are concatenated, and the keys directories merged. WWW: http://www.lshift.net/mercurial-server.html PR: ports/151993 Submitted by: Aldis Berjoza <aldis at bsdroot.lv>
svn path=/head/; revision=265236
2010-11-27 02:07:50 +00:00 · 2010-11-27 02:07:50 +00:00 · f54bf3ba06 · 2021-03-31 03:12:20 +00:00
commit f54bf3ba06
parent 4c98aad15d
7 changed files with 186 additions and 0 deletions
--- a/devel/Makefile
+++ b/devel/Makefile
@ -2803,6 +2803,7 @@
    SUBDIR += py-logilab-common
    SUBDIR += py-lxml
    SUBDIR += py-magic
+    SUBDIR += py-mercurialserver
    SUBDIR += py-mez_xml
    SUBDIR += py-mock
    SUBDIR += py-mongoengine
--- a/devel/py-mercurialserver/Makefile
+++ b/devel/py-mercurialserver/Makefile
@ -0,0 +1,62 @@
+# New ports collection Makefile for:	mercurialserver
+# Date Created:				12 Sep 2010
+# Whom:					Aldis Berjoza <aldis@bsdroot.lv>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	mercurialserver
+PORTVERSION=	1.0.1
+CATEGORIES=	devel python
+MASTER_SITES=	http://dev.lshift.net/paul/mercurial-server/
+PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
+DISTNAME=	${SNAME}_${PORTVERSION}
+
+MAINTAINER=	aldis@bsdroot.lv
+COMMENT=	Software for hosting mercurial repositories
+
+RUN_DEPENDS=	hg:${PORTSDIR}/devel/mercurial
+
+WRKSRC=		${WRKDIR}/${SNAME}_${PORTVERSION}.orig
+LICENSE=	GPLv2
+SNAME=		mercurial-server
+
+HGUSER=		hg
+HGGROUP=	hg
+
+USE_PYTHON=	2.6+
+USE_PYDISTUTILS=YES
+PYDISTUTILS_PKGNAME=${SNAME}
+
+CONF_FILES=	access.conf \
+		remote-hgrc.d/access.rc \
+		remote-hgrc.d/logging.rc
+
+.include <bsd.port.pre.mk>
+pre-patch:
+	${SED} -I .orig -e "s#/etc/mercurial-server/#${PREFIX}/etc/${PORTNAME}/#" ${WRKSRC}/src/init/dot-mercurial-server
+
+pre-su-install:
+	@${SETENV} PKG_PREFIX=${PREFIX} GITUSER=${HGUSER} \
+		GITGROUP=${HGGROUP} GITHOME=${HGHOME} \
+		${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
+
+post-install:
+	${MKDIR} ${PREFIX}/etc/${PORTNAME}/remote-hgrc.d
+	${MKDIR} ${PREFIX}/etc/${PORTNAME}/keys/users
+	${MKDIR} ${PREFIX}/etc/${PORTNAME}/keys/root
+.for i in ${CONF_FILES}
+	${INSTALL_DATA} ${WRKSRC}/src/init/conf/${i} ${PREFIX}/etc/${PORTNAME}/${i}
+.endfor
+	${MV} ${PREFIX}/hg/dot-mercurial-server ${PREFIX}/hg/.mercurial-server
+	${MV} ${PREFIX}/hg/hgadmin-hgrc ${PREFIX}/hg/.hgadmin-hgrc
+	${RM} ${PREFIX}/hg/hginit
+	${MKDIR} ${PREFIX}/hg/.ssh
+	${MKDIR} ${PREFIX}/hg/repos
+	${CHOWN} -R ${HGUSER}:${HGGROUP} ${PREFIX}/hg
+	@${ECHO_MSG}
+	@${ECHO_MSG} "NOTE: ${PORTNAME} has been patched to use ${PREFIX}/etc/${PORTNAME}"
+	@${ECHO_MSG} "      instead of /etc/mercurial-server"
+	@${ECHO_MSG}
+
+.include <bsd.port.post.mk>
--- a/devel/py-mercurialserver/distinfo
+++ b/devel/py-mercurialserver/distinfo
@ -0,0 +1,2 @@
+SHA256 (mercurial-server_1.0.1.tar.gz) = 6d67b8584730883c83972d35cf77bd1b45e7d2222458c5c3ac4ae94b3ec8f1ee
+SIZE (mercurial-server_1.0.1.tar.gz) = 20302
--- a/devel/py-mercurialserver/files/patch-setup.py
+++ b/devel/py-mercurialserver/files/patch-setup.py
@ -0,0 +1,11 @@
+--- ./setup.py.orig	2010-11-06 17:40:20.926497770 +0200
+++ ./setup.py	2010-11-06 17:40:39.706412807 +0200
+@@ -13,7 +13,7 @@
+     requires = ["mercurial"], # FIXME: what version?
+     scripts = ['src/hg-ssh', 'src/refresh-auth'],
+     data_files = [
+-        ('init', [
+        ('hg', [
+             'src/init/hginit', 
+             'src/init/dot-mercurial-server', 
+             'src/init/hgadmin-hgrc'
--- a/devel/py-mercurialserver/pkg-descr
+++ b/devel/py-mercurialserver/pkg-descr
@ -0,0 +1,28 @@
+mercurial-server gives your developers remote read/write access to centralized
+Mercurial repositories using SSH public key authentication; it provides
+convenient and fine-grained key management and access control.
+
+All of the repositories controlled by mercurial-server are owned by a single
+user (the "hg" user in what follows), but many remote users can act on them,
+and different users can have different permissions. We don't use file
+permissions to achieve that - instead, developers log in as the "hg" user
+when they connect to the repository host using SSH, using SSH URLs of the
+form "ssh://hg@repository-host/repository-name". A restricted shell prevents
+them from using this access for unauthorized purposes. Developers
+are authenticated only using SSH keys; no other form of authentication is
+supported.
+
+To give a user access to the repository, place their key in an
+appropriately-named subdirectory of "/usr/lcoal/etc/mercurialserver/keys"
+and run "refresh-auth". You can then control what access they have to what
+repositories by editing the control file 
+"/usr/local/etc/mercurialserver/access.conf", which can match the names of
+these keys against a glob pattern.
+
+For convenient remote control of access, you can instead (if you have the
+privileges) make changes to a special repository called "hgadmin", which
+contains its own "access.conf" file and "keys" directory. Changes pushed to
+this repository take effect immediately. The two "access.conf" files are
+concatenated, and the keys directories merged.
+
+WWW: http://www.lshift.net/mercurial-server.html
--- a/devel/py-mercurialserver/pkg-install
+++ b/devel/py-mercurialserver/pkg-install
@ -0,0 +1,43 @@
+#!/bin/sh
+
+# $FreeBSD: /tmp/pcvs/ports/devel/py-mercurialserver/Attic/pkg-install,v 1.1 2010-11-27 02:07:50 pgollucci Exp $
+
+PATH=/bin:/usr/bin:/usr/sbin
+
+case $2 in
+PRE-INSTALL)
+	HGUSER=${HGUSER:-hg}
+	HGGROUP=${HGGROUP:-hg}
+	HGHOME=${HGHOME:-${PKG_PREFIX}/${HGUSER}}
+	UID=212
+	GID=212
+
+	if pw group show "${HGGROUP}" 2>/dev/null; then
+		echo "You already have a group \"${HGGROUP}\", so I will use it."
+	else
+		if pw groupadd ${HGGROUP} -g ${GID}; then
+			echo "Added group \"${HGGROUP}\"."
+		else
+			echo "Adding group \"${HGGROUP}\" failed..."
+			exit 1
+		fi
+	fi
+
+	if pw user show "${HGUSER}" 2>/dev/null; then
+		echo "You already have a user \"${HGUSER}\", so I will use it."
+	else
+		if pw useradd ${HGUSER} -u ${UID} -g ${HGGROUP} -h - -d ${HGHOME} \
+			-c "mercurial-server user"
+		then
+			echo "Added user \"${HGUSER}\"."
+		else
+			echo "Adding user \"${HGUSER}\" failed..."
+			exit 1
+		fi
+	fi
+
+	if ! [ -x ~${HGUSER} ] ; then
+		install -m 755 -o ${HGUSER} -g ${HGGROUP} -d ${HGHOME}
+	fi
+	;;
+esac
--- a/devel/py-mercurialserver/pkg-plist
+++ b/devel/py-mercurialserver/pkg-plist
@ -0,0 +1,39 @@
+%%PYTHON_SITELIBDIR%%/mercurialserver/__init__.py
+%%PYTHON_SITELIBDIR%%/mercurialserver/__init__.pyc
+%%PYTHON_SITELIBDIR%%/mercurialserver/__init__.pyo
+%%PYTHON_SITELIBDIR%%/mercurialserver/access.py
+%%PYTHON_SITELIBDIR%%/mercurialserver/access.pyc
+%%PYTHON_SITELIBDIR%%/mercurialserver/access.pyo
+%%PYTHON_SITELIBDIR%%/mercurialserver/changes.py
+%%PYTHON_SITELIBDIR%%/mercurialserver/changes.pyc
+%%PYTHON_SITELIBDIR%%/mercurialserver/changes.pyo
+%%PYTHON_SITELIBDIR%%/mercurialserver/config.py
+%%PYTHON_SITELIBDIR%%/mercurialserver/config.pyc
+%%PYTHON_SITELIBDIR%%/mercurialserver/config.pyo
+%%PYTHON_SITELIBDIR%%/mercurialserver/refreshauth.py
+%%PYTHON_SITELIBDIR%%/mercurialserver/refreshauth.pyc
+%%PYTHON_SITELIBDIR%%/mercurialserver/refreshauth.pyo
+%%PYTHON_SITELIBDIR%%/mercurialserver/ruleset.py
+%%PYTHON_SITELIBDIR%%/mercurialserver/ruleset.pyc
+%%PYTHON_SITELIBDIR%%/mercurialserver/ruleset.pyo
+%%PYTHON_SITELIBDIR%%/mercurialserver/servelog.py
+%%PYTHON_SITELIBDIR%%/mercurialserver/servelog.pyc
+%%PYTHON_SITELIBDIR%%/mercurialserver/servelog.pyo
+bin/hg-ssh
+bin/refresh-auth
+etc/mercurialserver/access.conf
+etc/mercurialserver/remote-hgrc.d/access.rc
+etc/mercurialserver/remote-hgrc.d/logging.rc
+hg/.hgadmin-hgrc
+hg/.mercurial-server
+
+@dirrm %%PYTHON_SITELIBDIR%%/mercurialserver
+
+@dirrmtry hg/repos
+@dirrmtry hg/.ssh
+@dirrmtry hg
+@dirrmtry etc/mercurialserver/remote-hgrc.d
+@dirrmtry etc/mercurialserver/keys/users
+@dirrmtry etc/mercurialserver/keys/root
+@dirrmtry etc/mercurialserver/keys
+@dirrmtry etc/mercurialserver