Changes between Version 12 and Version 13 of UsingPidginMercurial

07/12/12 23:19:25 (7 years ago)

Added more information about the notification repo works


  • UsingPidginMercurial

    v12 v13  
    120120Additionally, there is a safety net built into the mercurial-server configuration.  In `/etc/mercurial-server` on is a default ACL (`access.conf`) and a `keys` directory structure.  This default ACL is what grants "root" users their privileges, and the `keys` directory structure contains the relevant keys in the `keys/root` directory. These keys are located here in the server's filesystem instead of in the hgadmin repository as a safety net.  When building the files used by mercurial-server, the tools ''always'' read from `/etc/mercurial-server` ''before'' reading from `hgadmin`; this allows access to the hgadmin repo in the event that it is damaged either through accidental or intentional means.  This safety net means that at least two people will ''always'' have access to our repositories.
     122=== How the email and CIA notification works ===
     123As detailed below, we use slightly modified versions of the notify and hgcia hooks that are distributed with hg.  They are modified in order to support notification for multiple repositories without triggering duplicate notifications as the same revisions are pushed between various repositories on the server.
     125The way it works is that there is a special repository that isn't served publicly (`/srv/mercurial-server/notification-repo/`) which is used to trigger the notifications as new revisions are enter it.  A hook is set up for the `hg` user and mercurial-server (`'changegroup.notify_sync'` - see below) so that revisions pushed into any repository will automatically be pulled into the notification repo.  This can be disabled on a per repository basis by overriding and disabling the hook in the appropriate repository-specific `.hg/hgrc` file:
     128changegroup.notify_sync =
     131In order to trigger notifications for a new repository that is not related (has no shared history) to any repository that has already been synced to the notification repo  (e.g. the first time that the repository containing the pidgin website was synced to the notification repo), an initial manual pull must be made with the `--force` parameter specified:
     133/srv/mercurial-server/repos/util/hg_hooks/ /absolute/path/to/new/repo --force
     136In order to avoid triggering notifications for revisions that aren't already in the notification repo (e.g. when the website was converted from mtn to hg), the hooks can be disabled as the relevant revisions are pulled into the notification repo.  Note, this should only be done when notifications have already been sent out for these revisions in some other way.
     138hg --cwd /srv/mercurial-server/notification-repo pull /path/to/source/repo \
     139    --config hooks.changegroup.cia= \
     140    --config hooks.incoming.notify= \
     141    --config hooks.changegroup.pushlog= \
     142    --config hooks.pretxnchangegroup.authorcheck= \
     143    --config hooks.changegroup.notify_sync= 
    122146== Hooks / Extensions ==
    123147There are a number of hooks, extensions and other configuration in place for the various repositories:
    130154 * [] trigger a sync in the background with the notification repo to trigger email and cia notifications
    131155  * This is registered globally as `'changegroup.notify_sync'` for both the `hg` user and mercurial-server
    132   * Note: an initial manual pull may be necessary for new repos
    133156 * [] slightly tweaked version of the built-in hg hook to facilitate using a separate repo for driving the notifications
    134157  * This is registered in the `/srv/mercurial-server/notification-repo/` (which isn't served anywhere)
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!