Installing mercurial-server over ssh from source

    Universal installation of mercurial-server over ssh, from zero to 100%.


    I constantly use the aivus topic , but unfortunately it is usually not enough.

    I’ll configure it for mercurial-server 1.3, fedora 16. If you have errors while trying to use the post, write in the comments the system and the essence of the error, we will solve it.

    Training


    Install and configure yourself
    • wget
    • nano
    • python
    • mercuial


    Installation


    Get the source:
    wget http://dev.lshift.net/paul/mercurial-server/mercurial-server_1.3.tar.gz
    tar -xf mercurial-server_1.3.tar.gz
    cd mercurial-server-1.3
    

    Install mercurial-server
    python setup.py build
    python setup.py install
    

    I prefer to transfer all scripts to one place.
    cp scripts*/* /var/lib/mercurial-server/
    

    Sshd setup


    We need to activate public key authorization
    nano /etc/ssh/sshd_config 
    

    Uncomment or add lines
    RSAAuthentication yes
    PubkeyAuthentication yes
    

    We will also make a single key storage center
    AuthorizedKeysFile /etc/ssh/keys/%u.pub
    
    mkdir /etc/ssh/keys
    

    Key translation in sshd


    All user keys of mercurial-server are stored at
    / etc / mercurial-server / keys / during refresh-auth startup (must be run each time a user is added), all keys are recorded in /var/lib/mercurial-server/.ssh/authorized_keys
    To make sshd accept these keys, do the following
    touch /var/lib/mercurial-server/.ssh/authorized_keys
    chmod 644  /var/lib/mercurial-server/.ssh/authorized_keys
    ln  /var/lib/mercurial-server/.ssh/authorized_keys /etc/ssh/keys/hg.pub
    

    Finishing touch


    It does not need to be done if you are going to manage keys only through hgadmin!
    touch /usr/bin/hg-update-users
    chmod 744 /usr/bin/hg-update-users
    nano /usr/bin/hg-update-users
    

    chown hg -R /etc/mercurial-server/keys/
    chmod 444 -R /etc/mercurial-server/keys/
    sudo -u hg /var/lib/mercurial-server/refresh-auth
    

    Check


    Create the mercurial-server admin key (on the client)
    ssh-keygen
    scp ~/.ssh/id_rsa.pub root@ваш_сервер:/etc/mercurial-server/keys/root/
    ssh root@ваш_сервер 'hg-update-users'
    

    If you missed the finishing touch, go through ssh and execute all the commands manually.
    Be sure to enter a complex password for the ssh key! Eliminate the possibility of leakage of the ~ / .ssh / id_rsa file to third parties!
    Now check the access:
    $ ssh hg@ваш_сервер
    PTY allocation request failed on channel 0
    mercurial-server: direct logins on the hg account prohibited
    Connection to ваш_сервер closed.
    

    If you received exactly these lines, then sshd accepts your keys, now try:
    ssh hg@ваш_сервер 'hg -R hgadmin serve --stdio'
    

    If within 30 seconds you did not receive any errors, then the connection is configured and you can use your server.

    Troubleshooting


    For me, the most common mistake (out of three installations: ubuntu 10.04 server, linux mint 12, fedora 16) was the following:
    $ssh hg@ваш_сервер 'hg -R hgadmin serve --stdio'
    Traceback (most recent call last):
      File "/var/lib/mercurial-server/hg-ssh", line 86, in 
        dispatch.dispatch(['-R', repo, 'serve', '--stdio'])
      File "/usr/lib64/python2.7/site-packages/mercurial/dispatch.py", line 31, in dispatch
        if req.ferr:
    AttributeError: 'list' object has no attribute 'ferr'
    

    A solution to this problem can be found at stackoverflow.com/questions/6730735/troubles-with-mercurial-1-9-and-ssh
    Especially lazy can use the patch (patch hg-ssh patch_file):
    --- hg-ssh_old	2012-12-27 00:49:04.764989364 +0300
    +++ hg-ssh	2012-12-27 00:50:16.173113572 +0300
    @@ -83,7 +83,7 @@
         repo = getrepo("read", cmd[6:-14])
         if not os.path.isdir(repo + "/.hg"):
             fail("no such repository %s" % repo)
    -    dispatch.dispatch(['-R', repo, 'serve', '--stdio'])
    +    dispatch.dispatch(dispatch.request(['-R', repo, 'serve', '--stdio']))
     elif cmd.startswith('hg init '):
         repo = getrepo("init", cmd[8:])
         if os.path.exists(repo):
    @@ -91,7 +91,7 @@
         d = os.path.dirname(repo)
         if d != "" and not os.path.isdir(d):
             os.makedirs(d)
    -    dispatch.dispatch(['init', repo])
    +    dispatch.dispatch(dispatch.request(['init', repo]))
     else:
         fail("illegal command %r" % cmd)
    

    Also popular now: