Changes between Version 17 and Version 18 of UsingPidginMercurial


Ignore:
Timestamp:
09/24/12 09:32:58 (7 years ago)
Author:
datallah
Comment:

pet peeve - apostrophes for plurals

Legend:

Unmodified
Added
Removed
Modified
  • UsingPidginMercurial

    v17 v18  
    99}}}
    1010
    11 == !Read/Write Access for Developers/CPW's/SoC Students ==
     11== !Read/Write Access for Developers/CPWs/SoC Students ==
    1212
    1313=== Configure Mercurial ===
     
    4040Pidgin's Mercurial repositories are served by the [http://www.lshift.net/mercurial-server.html mercurial-server] package.  This relies entirely upon SSH key-based authentication, providing access control and a layer of accountability.
    4141
    42 If you wish, you can simplify Mercurial ssh: URL's by adding the following to `~/.ssh/config`:
     42If you wish, you can simplify Mercurial ssh: URLs by adding the following to `~/.ssh/config`:
    4343{{{
    4444Host hg.pidgin.im
     
    6868
    6969=== Access Control ===
    70 Access control on Pidgin's Mercurial server is such that all developers can write to our master repositories, but each developer and CPW has their own repositories that anyone can read but only they can write to.  The repositories are structured like so (developers/CPW's listed here are for the purpose of example):
     70Access control on Pidgin's Mercurial server is such that all developers can write to our master repositories, but each developer and CPW has their own repositories that anyone can read but only they can write to.  The repositories are structured like so (developers/CPWs listed here are for the purpose of example):
    7171
    7272{{{
     
    9797
    9898Access control is as follows:
    99   * Developers and CPW's have write access to `pidgin/*`
     99  * Developers and CPWs have write access to `pidgin/*`
    100100  * Developers can create and modify repositories in `dev/$NICKNAME/`
    101101  * Crazy Patch Writers can create and modify repositories in `cpw/$NICKNAME/*`
     
    109109
    110110  1. Check out the `hgadmin` repo: `hg clone ssh://hg@hg.pidgin.im/hgadmin pidgin-hgadmin`
    111   1. `cd pidgin-hgadmin/keys`.  Inhere  is a series of directories.  The format is self-explaining.  Developers go in `devs/$NICKNAME`, CPW's in `cpws/$NICKNAME`, SoC students in `soc/$NICKNAME`.  This is to allow a single developer, CPW, or SoC student to have multiple SSH keys, perhaps for multiple machines.
     111  1. `cd pidgin-hgadmin/keys`.  Inhere  is a series of directories.  The format is self-explaining.  Developers go in `devs/$NICKNAME`, CPWs in `cpws/$NICKNAME`, SoC students in `soc/$NICKNAME`.  This is to allow a single developer, CPW, or SoC student to have multiple SSH keys, perhaps for multiple machines.
    112112  1. Create the appropriate directory.
    113113  1. Within this directory create a file named for the SSH key being added, for example `user@somehost`.
     
    120120
    121121=== A Special Note About "root" Access ===
    122 As indicated above, people who have "root" access to mercurial-server have the ability to configure the server via the `hgadmin` repo.  They also have the ability to bypass all ACL's, and thus can write to any repository, including developers', CPWs', and SoC students' repositories.
     122As indicated above, people who have "root" access to mercurial-server have the ability to configure the server via the `hgadmin` repo.  They also have the ability to bypass all ACLs, and thus can write to any repository, including developers', CPWs', and SoC students' repositories.
    123123
    124124Additionally, there is a safety net built into the mercurial-server configuration.  In `/etc/mercurial-server` on rock.pidgin.im is a default ACL (`access.conf`) and a `keys` directory structure.  This default ACL is what grants "root" users their privileges, and the `keys` directory structure contains the relevant keys in the `keys/root` directory. These keys are located here in the server's filesystem instead of in the hgadmin repository as a safety net.  When building the files used by mercurial-server, the tools ''always'' read from `/etc/mercurial-server` ''before'' reading from `hgadmin`; this allows access to the hgadmin repo in the event that it is damaged either through accidental or intentional means.  This safety net means that at least two people will ''always'' have access to our repositories.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!