Unable to https push (or push at all by http)

Tim Boudreau tboudreau at sun.com
Sun Jun 21 15:52:47 CDT 2009 


Matt Mackall wrote:
> 
> On Sat, 2009-06-20 at 23:35 -0700, Tim Boudreau wrote:
>> > [web]
>> > push_ssl = False
>> > allow_push = *
>> > 
>> > Does it work? Great, turn SSL back on. Does it still work? Great, turn
>> > on .htaccess. If it fails at that point, you can say with confidence
>> > that everything except auth is working fine.
>> > 
>> > All that said, you probably need to specify a username in your URL.
>> > 
>> 
>> Okay, I've completely disabled SSL for apache, removed all .htaccess and
>> .htpasswd files.  My hgweb.config file now looks as follows:
>> 
> [snip...] 
>> And here is the output I get from trying to do a straight push using http
>> (with or without username in the URL).  Is there some other place
>> push_ssl
>> can be being set to true?  I tried both "false" and "False" just in
>> case...
> 
> Progress. Despite similarity of syntax, hgwebdir.conf does not take all
> of the config options that .hg/hgrc does (at least not pre-1.3). The
> allow_push and push_ssl bits must go in .hg/hgrc.
> 

Bingo!  At last, http push works!

One thing I notice - if I run hg addremove on the root repository, I get:
timboudreau main # hg addremove -n
Not trusting file /home/www/hg_root/content/main/.hg/hgrc from untrusted
user www, group www

Adding 
[trusted]
users = www
groups = hgusers www

to $HG_ROOT/.hg/hgrc

does not help.  Neither does adding the same to $HG_CONFIG/hgweb.config

So, a few quick questions:
1.  Do I *want* to add .hg/hgrc into the repository at all?
2.  Where is it getting its user/group list from?  "www" is the unix user
that owns the repository dir and all files in it, yet it seems to be
unrecognized even when listed in [trusted].  Unix users/groups?  .htpassword
(which I'm not using at present)?  Somewhere else?
3.  If I do add it to the repository, doesn't that give any committer the
ability to open the repository wide up simply by changing the push_ssl
directive to true and changing trusted users/groups to *?
4.  If I don't add it to the repository, but some remote user does and tries
to push it, what happens?

I notice in the NetBeans repository, you do get $ROOT/.hg/hgrc as part of
your checkout, but there are no defintions of push_ssl, allow_push or
[trusted] in it.  So, is there some other way of doing this I'm missing?

Thanks for all your help,

Tim
-- 
View this message in context: http://www.nabble.com/Unable-to-https-push-%28or-push-at-all-by-http%29-tp24129115p24138713.html
Sent from the Mercurial mailing list archive at Nabble.com.

More information about the Mercurial mailing list