Allows you to restrict a ssh key to have read-only access to a set of
repos by passing the --read-only flag to hg-ssh.
This is useful in an environment where the number of unix users you
can or are willing to create is limited. In such an environment,
multiple users or applications will share a single unix account. Some
of those applications will likely need read-only access to the
repository. This change makes it possible to grant them such access
without requiring that they use a separate unix account.
The Mercurial ssh protocol is defined as if it was ssh-ing to a shell account on
an ordinary ssh server, and where hg was available in $PATH and it executed
the command "hg -R REPOPATH serve --stdio".
The Mercurial ssh client can in most cases just pass REPOPATH to the shell, but
if it contains unsafe characters the client will have to quote it so the shell
will pass the right -R value to hg. Correct quoting of repopaths was introduced
in 7bec00a7d7a6 and tweaked in c3194121de6c.
hg-ssh doesn't create the command via a shell and used a simple parser instead.
It worked fine for simple paths without any quoting, but if any kind of quoting
was used it failed to parse the command like the shell would do it.
This makes hg-ssh behave more like a normal shell with hg in the path would do.
To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):
command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ...
(probably together with these other useful options:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding)
This allows pull/push over ssh to to the repositories given as arguments.
If all your repositories are subdirectories of a common directory, you can
allow shorter paths with:
command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"