nbp / git-hg-bridge Goto Github PK
View Code? Open in Web Editor NEWMulti-users and multi-repositories bi-directional git interface for mercurial repositories.
Multi-users and multi-repositories bi-directional git interface for mercurial repositories.
This directory contains tools used to transparently push to a mercurial repository through a git-hg bridge. This tool is setup inside a mercurial repository which is called the hg-bridge. g1 h1 \ / \ / g2 ------ g ------- h ------ h2 / \ / \ g3 h3 «g1», «g2» and «g3» are _git-repositories_ which master branches are clones of _hg-repositories_ «h1», «h2» and «h3» tips. «h» is the _hg-bridge_ which is used to export and import commits to the _git-bridge_ labeled «g». «1», «2» and «3» are the edge names. * Bridge Account Layout A user account is used to hold the bridge taken by multiple people using ssh. The layout of the user should be: ~/ -- user account hg/ -- hg-bridge .hg/ bridge/ -- (This directory) pull.sh push.sh git/ -- git-bridge repos/ <edge names> -- git-repo (g1, g2 and g3) sync.lock sync.lock.<edge names> git-shell-commands/ -- commands for the git-shell changeset-to-commit -- return the commit corresponding to a changeset commit-to-changeset -- return the changeset corresponding to a commit hg-fetch -- start fetching all repositories mapfile -- cat the git-mapfile <edge names>.git -- symbolic link to ~/hg/.hg/repos/<edge name> * Mercurial Configuration Edge names are listed inside the hg-bridge configuration file (namely project-bridge/.hg/hgrc) and are stored in the path section. [paths] try-pushonly = ssh://hg.mozilla.org/try mozilla-inbound = ssh://hg.mozilla.org/integration/mozilla-inbound mozilla-central = ssh://hg.mozilla.org/mozilla-central ionmonkey = ssh://hg.mozilla.org/projects/ionmonkey Edges names are the name on the left hand side of the equals. If it ends with «-pushonly», no data would be pulled into hg-bridge, but a git-repo would be created to enable pushes. Git repositories are created from the list of paths and configured automatically to handle pushes. This bridge script are relying on hg-git project to map repositories from one to another. To enable it you will need to install python-dulwich (dependency of hg-git) and add the following lines to hg-bridge configuration file. [extensions] hgext.bookmarks = hggit = <path to hg-git> * Security Concerns This bridge does not have any knowledge of the rights of each user. To ensure that the user which is pushing has the right to do so, we need to ask mercurial. Once mercurial has accepted the changes, we mirror the push in Git by accepting the push to the master branch of the git repository. To enable authentification from mercurial we have to transfer the credentials of the user across the connection. Thus bridge user should accept to forward their agent such as it can be used by mercurial servers. ~client/.ssh/config Host git-hg-mirror.company.name User bridge ForwardAgent yes Forwarding the agent implies that if not restricted, any bridge user (or root) may steal the agent of another. To avoid this, we isolate each connection to the bridge account by using the git-shell. The user name needed to establish a connection to the mercurial repository is extarcted by sshd when the connection is established. The ~/.ssh/authorized_keys allow to change the environment, and thus to set a different environment variable based on the key used for the connection. ~/.ssh/authorized_keys no-port-forwarding,no-X11-forwarding,environment="[email protected]" key This HGUSER name is used in the mercurial configuration file as the login used to connect to the remote repository: ~/hg/.hg/hgrc ... [ui] ssh = ssh -l "$HGUSER" ... Pushing to the git-bridge is prevented by setting an environment variable which is always at «no» at the beginning of the ssh session and is set to «yes» when the update hooks of each edge is going to push to the git-bridge. git-bridge hooks are used to only accept pushes is the user «CAN_CROSS» environment variable is set to «yes». To reset the environment at the beginning of the session, you should use ~/.ssh/environment file. ~/.ssh/environment CAN_CROSS=no *** This model is not fully secured yet. ***
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.