nbp / git-hg-bridge Goto Github PK
View Code? Open in Web Editor NEWMulti-users and multi-repositories bi-directional git interface for mercurial repositories.
git-hg-bridge's Introduction
This directory contains tools used to transparently push to a mercurial
repository through a git-hg bridge. This tool is setup inside a mercurial
repository which is called the hg-bridge.
g1 h1
\ /
\ /
g2 ------ g ------- h ------ h2
/ \
/ \
g3 h3
«g1», «g2» and «g3» are _git-repositories_ which master branches are clones of
_hg-repositories_ «h1», «h2» and «h3» tips. «h» is the _hg-bridge_ which is
used to export and import commits to the _git-bridge_ labeled «g». «1», «2» and
«3» are the edge names.
* Bridge Account Layout
A user account is used to hold the bridge taken by multiple people using ssh.
The layout of the user should be:
~/ -- user account
hg/ -- hg-bridge
.hg/
bridge/ -- (This directory)
pull.sh
push.sh
git/ -- git-bridge
repos/
<edge names> -- git-repo (g1, g2 and g3)
sync.lock
sync.lock.<edge names>
git-shell-commands/ -- commands for the git-shell
changeset-to-commit -- return the commit corresponding to a changeset
commit-to-changeset -- return the changeset corresponding to a commit
hg-fetch -- start fetching all repositories
mapfile -- cat the git-mapfile
<edge names>.git -- symbolic link to ~/hg/.hg/repos/<edge name>
* Mercurial Configuration
Edge names are listed inside the hg-bridge configuration file (namely
project-bridge/.hg/hgrc) and are stored in the path section.
[paths]
try-pushonly = ssh://hg.mozilla.org/try
mozilla-inbound = ssh://hg.mozilla.org/integration/mozilla-inbound
mozilla-central = ssh://hg.mozilla.org/mozilla-central
ionmonkey = ssh://hg.mozilla.org/projects/ionmonkey
Edges names are the name on the left hand side of the equals. If it ends with
«-pushonly», no data would be pulled into hg-bridge, but a git-repo would be
created to enable pushes.
Git repositories are created from the list of paths and configured automatically
to handle pushes.
This bridge script are relying on hg-git project to map repositories from one to
another. To enable it you will need to install python-dulwich (dependency of
hg-git) and add the following lines to hg-bridge configuration file.
[extensions]
hgext.bookmarks =
hggit = <path to hg-git>
* Security Concerns
This bridge does not have any knowledge of the rights of each user. To ensure
that the user which is pushing has the right to do so, we need to ask mercurial.
Once mercurial has accepted the changes, we mirror the push in Git by accepting
the push to the master branch of the git repository.
To enable authentification from mercurial we have to transfer the credentials of
the user across the connection. Thus bridge user should accept to forward their
agent such as it can be used by mercurial servers.
~client/.ssh/config
Host git-hg-mirror.company.name
User bridge
ForwardAgent yes
Forwarding the agent implies that if not restricted, any bridge user (or root)
may steal the agent of another. To avoid this, we isolate each connection to
the bridge account by using the git-shell.
The user name needed to establish a connection to the mercurial repository is
extarcted by sshd when the connection is established. The
~/.ssh/authorized_keys allow to change the environment, and thus to set a
different environment variable based on the key used for the connection.
~/.ssh/authorized_keys
no-port-forwarding,no-X11-forwarding,environment="[email protected]" key
This HGUSER name is used in the mercurial configuration file as the login used
to connect to the remote repository:
~/hg/.hg/hgrc
...
[ui]
ssh = ssh -l "$HGUSER"
...
Pushing to the git-bridge is prevented by setting an environment variable which
is always at «no» at the beginning of the ssh session and is set to «yes» when
the update hooks of each edge is going to push to the git-bridge. git-bridge
hooks are used to only accept pushes is the user «CAN_CROSS» environment
variable is set to «yes». To reset the environment at the beginning of the
session, you should use ~/.ssh/environment file.
~/.ssh/environment
CAN_CROSS=no
*** This model is not fully secured yet. ***
git-hg-bridge's People
Contributors
Stargazers
Watchers
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.