tags:

views:

231

answers:

2
+3  Q: 

hg access control to central repository

We come from a subversion background where we have a QA manager who gives commit rights to the central repository once he has verified that all QC activities have been done.

Me and a couple of colleagues are starting to use mercurial, and we want to have a shared repository that would contain our QC-ed changes. Each of the developers hg clones the repository and pushes his changes back to the shared repository. I've read the HG init tutorial and skimmed through the red bean book, but could not find how to control who is allowed to push changes to the shared repository.

How would our existing model of QA-manager controlled commits translate to a mercurial 'central' repository?

A: 

serverfault.com has a relevant question and links to the Publishing Repositories Mercurial Wiki page. The first shows how to configure per-repository access when using hgweb on the server. I get a feeling that you're using ssh which the wiki page labels as "private" and am therefore inclined to believe you would have to fall back to file-system access control, i.e. make all the files in the repository belong to the group "commiters", give group members write access and everyone else read/only.

Tomislav Nakic-Alfirevic  2010-04-05 09:18:26
ssh works fine with the access control directives _IF_ everyone has their own ssh account. It's only if everyone is sharing a ssh account that you need to get tricker about key-selected access via something like hg-ssh or (yuck) mercurial-server.
Ry4an  2010-04-05 13:01:59
+1  A: 

HenriW's comment asking how you are serving up the repositories is exactly the right question. How you set up authentication depends entirely on how you're serving your repo (HTTP via Apache, HTTP via hg-serve,, ssh, etc.). The transport mechanism provides the authentication and then mercurial uses that with the commands from Mr. Cat's link (useless in and of themselves) to handle access control.

Since you didn't mention how you're serving the repo, it was probably someting easy to set up (you'd have remembered to mention the hassle fo an apache or ssh setup :). So I'll ugess those two:

If you're using hg serve then you don't have authentication setup. You need to use apache, lighttp, or nginx in front of hgweb or hgwebdir to provide authentication. Until you do the allow_* and deny_* options are strictly everyone or no one.

If you're using ssh then you're already getting your authentication fromm ssh (and probably your OS), so you can use the allow_* and deny_* directives (and file system access controls if you'd like).

Ry4an  2010-04-05 13:02:03

related questions

Downgrading from ClearCase to SVN/Mercurial
Using Mercurial, is there an easy way to diff my working copy with the tip file in the default remote repository
Can I commit only parts of my code using SVN or Mercurial?
Using mercurial, what's the easiest way to commit and push a single file while leaving other modifications alone?
Using mercurial's mq for managing local changes
How can I integrate a bitbucket repository with the hosted on-demand version of FogBugz?
Can Mercurial be integrated into VS2008?
What are some GUI clients available for Mercurial?
BitBucket or freeHg?
Setting Environment Variables for Mercurial Hook
What are the relative strengths and weaknesses of Git, Mercurial, and Bazaar?
Which is the most useful Mercurial hook for programming in a loosely connected team?
Kenai invites: where to get them?
How to repeatedly merge branches in Mercurial
Why is branching and merging easier in Mercurial than in Subversion?
How to use p4merge as the merge/diff tool for Mercurial?
HgTortoise in Vista 64-bit not showing the context menu
What is the Difference Between Mercurial and Git?
Mercurial .hgignore for Visual Studio 2008 projects
Good Mercurial repository viewer for Mac
Is there a bug/issue tracking system which integrates with Mercurial?
how to allow files starting with period and no extension in windows 2003 server?
Mercurial stuck "waiting for lock"
How to combine two projects in Mercurial?
What is a good Mercurial usage pattern for this setup?